We need to monitor somehow the number of active connections in the connection track table.
Just to give context we are talking about CCRs(Tilera and ARM64) being used as CGNAT boxes.
Several sizes of scenario: Since 2-3GbpS/ 5-6k subscribers, until 20-22 Gbps and 20-25K subscribers.
It’s not uncommon to reach multimillion simultaneous connections.
The easiest e most obvious way would be using “/ip firewall connection print count-only” through some way (API/Rest-API/SSH/Telnet).
But when using this command, one or two of the CPU-Cores stays on 100% for several seconds…
And it affects a bit the forwarding with jitter, or even some packet-loss (we check it using several methods…).
- In RouterOSv6 it suffers a bit more, affecting 2 simultaneous cores, taking 30-40 seconds, and more prominent forwarding affectation.
- In RouterOSv7 it is not that shocking. Just one core, and no more than 10 seconds.
But in both versions, it affects a bit the forwarding.
So, due to this impact on traffic, we can’t get this info cyclically.
We just get this during specific troubleshooting jobs.
But it is important to get that info and keep historically.
Any idea of how to get that without shocking the box?