MikroTik

What is faster: to mark a connection with the same mark on every packet flow or to mark it only once but every time check if it already has a mark?

I.e. what does consume less CPU cycles from these two:

Both of your rules are basically going to be the same. To save resources add in connection-state=new. This way the rule only fires when a new connection is being set up and not on subsequent packets after that. Every packet coming through as part of that connection will still receive the same packet mark.

Both of your rules are basically going to be the same. To save resources add in connection-state=new. This way the rule only fires when a new connection is being set up and not on subsequent packets after that. Every packet coming through as part of that connection will still receive the same packet mark.

What is the difference in resource consumption between the conditions "connection-mark=no-mark" and "connection-state=new"? In both cases the rule will fire only once per connection.

My understanding is this.

The no-mark needs to check every packet to make sure if it has a mark or not, so each packet is still being processed against the rule. The connect-state=new will only fire for packets that start a connection and no subsequent packets are checked against the rule.

My understanding is this.

The no-mark needs to check every packet to make sure if it has a mark or not, so each packet is still being processed against the rule. The connect-state=new will only fire for packets that start a connection and no subsequent packets are checked against the rule.

+1

Sorry, but I don't believe it. An explanation from MK support would be good.