Hi All,
firstly I would like to apologize if my question regards yet covered topics, but even trying to dig into forum and wiki I didn't found nothing.
Scenario
Router Mikrotik RB750 GR3
PPPoE connection to my ISP
VPN connection (router act like a OPENVPN client)
In order to redirect traffic through the VPN I'm just trying to use connection marking and route marking.
Firstly I've created a static route with dedicated routing mark that acts as default GW.
After that I've modified the MANGLE table withing the firewall rules in order to mark new connection and then add a routing mark to that VPN GW.
The whole structure is just working fine but with orrible throughput.
If I decide to start inspecting what's going on, using packet sniffer tool, everithing starts working fine, and I can gain full throughput!
If then I switch off packet sniffing everithing fall back the orrible previous situation.
What the packet sniffer tool changes ?
I only saw that, according to fasttrack rules, all the dummy rules are just skipped (counters not incremented) while packet sniffer is enabled. Standard fasttrack REAL rules behave
in the same way, with or without packet sniffing running.
The packet sniffer configuration doesn't influence at all this strange behaviour, is just needed to be up and running regardless of interface or filtering (tried also with an unused ethernet interface...)
Any hints on this strange behaviour ?
Thank you
Re: Routing mark and packet sniffer issue
I have similar issue, did you manage to solve it?
Re: Routing mark and packet sniffer issue
Most likely this is the problem:
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
Mangle rules are not working due to FastTrack being enabled:
"Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. This is the reason why fasttrack-connection is usually followed by identical action=accept rule. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), IP accounting, IPSec, hotspot universal client, VRF assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;"
FastTrack is switched off when Sniffer is running:
"IPv4 FastTrack is active if following conditions are met:
no mesh, metarouter interface configuration;
sniffer, torch and traffic generator is not running;
no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
/tool mac-scan is not actively used;
/tool ip-scan is not actively used;"
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
Mangle rules are not working due to FastTrack being enabled:
"Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. This is the reason why fasttrack-connection is usually followed by identical action=accept rule. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), IP accounting, IPSec, hotspot universal client, VRF assignment, so it is up to administrator to make sure fasttrack does not interfere with other configuration;"
FastTrack is switched off when Sniffer is running:
"IPv4 FastTrack is active if following conditions are met:
no mesh, metarouter interface configuration;
sniffer, torch and traffic generator is not running;
no active mac-ping, mac-telnet or mac-winbox sessions restriction removed in 6.33;
/tool mac-scan is not actively used;
/tool ip-scan is not actively used;"