Hello, in the last few days the border router has been showing me an alert that the connection tracking table is full. Could this cause the router to experience packet loss? This is because for the past few days this packet loss problem has been occurring even with directly connected routers that work with static routes. Since it is a border router that does not use NAT or packet or connection marking, could tracking be disabled?
AFAIK if firewall filter config is empty, then connection tracking is omitted. Raw firewall rules don’t affect it, they don’t rely on connection state.
Check this nice article/guide:
https://www.daryllswer.com/edge-router-bng-optimisation-guide-for-isps/
In OS 7.18.0 mikrotik increased the number of entries from 1048576 to as many as you have RAM 1GB = 1028096 example 8GB = 8224768 entries. As many entries as you have memory.
try lowering tcp established timeout
tcp-established-timeout=1h
Too low time for tcp-established-timeout=1h causes problems with some VPN tunnels I recommend tcp-established-timeout=3h.
only if the aforementioned tunnel does not have any packets in that amount of time, a simple keep-alive heartbeat will be enough to avoid that connection to fall on timeout
I suggest setting “tcp-established-timeout” to 7440 seconds (2 hours 4 minutes) at a minimum due to RFC 5382 (NAT Behavioral Requirements for TCP).
https://datatracker.ietf.org/doc/html/rfc5382#section-5
Quoting from it:
[…] Some end-hosts can be configured to send keep-alive packets on such idle connections; by default, such keep-alive packets are sent every 2 hours if enabled [RFC1122]. […]
[…] In such cases, the value of the “established connection idle-timeout” MUST NOT be less than 2 hours 4 minutes. […]