Hello!

Mikrotik has a Stateful Firewall like a Feature, right?

There are any method to shutdown this feature?

A Stateful Firewalls can cause instability in multihomed networks...

Best regards,

disable connection-tracking if you dont need nat or stateful tracking. it will save cpu, etc.

By default there are no firewall rules.

An Stateful Firewall not depend any active rule. If the firewall has the State module active you have an Stateful Firewall. In Linux work like this, but I don't know about Mikrotik.

Thanks,

disable connection-tracking if you dont need nat or stateful tracking. it will save cpu, etc.

Can you explain more about your answer? Where are I disable the connection-tracking?

Thanks,

/ip firewall connection tracking
set enabled=no

things that depends on conntrack that I know of -

nat
simple queues
(queue tree? - not sure)
certain selections in firewall rules

things that depends on conntrack that I know of -

nat
simple queues
(queue tree? - not sure)
certain selections in firewall rules

full list here: http://wiki.mikrotik.com/wiki/Manual:Co ... n_tracking

Is PCQ requiring conntrack at all? It seems like the burst time isnt working properly without it.

anyway, "multihomed" or as we know it - multi-path network and ECMP can be unstable if you are using NAT, if you are using global IP addresses - you are good to go.

Also, to overcome this drawback MikroTik has introduced PCC:
http://wiki.mikrotik.com/wiki/PCC

so you can use multi-path in your network and still have everything working.

anyway, "multihomed" or as we know it - multi-path network and ECMP can be unstable if you are using NAT, if you are using global IP addresses - you are good to go.

Also, to overcome this drawback MikroTik has introduced PCC:
http://wiki.mikrotik.com/wiki/PCC

so you can use multi-path in your network and still have everything working.

OSPF can make this only (PCC)...

http://en.wikipedia.org/wiki/Multihoming - Multiple Links, Multiple IP address