Question about MT ROS connection tracking... help.

Ive noticed that some of our MT ROS devices show at the connection tracking table entries like this (“x” replaces its current IP numbers):

528 0 xxx.xx.xxx.xxx xxx.xx.xxx.xx 23h59m22s
529 0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 1d8h29m22s

So, some other MT ROS devices does not ever show anything higher than one day (tcp-established-timeout default). “1d8h29m22s” its the routers current uptime on these devices that “aparently” have not a working properly connection tracking.

The main difference we noticed points that devices with its current uptime as timeout for some conn track entries show about ten thousand times more entries than the other one. After a reboot still happening, but you just notice after its higher timeout period has passed. We just didnt understand whats the meaning of this or how much bad it is. Help?

I got it.

When “/ip neighbor discovery” has any of its interface enabled and working, there will be “wierd” entries on connection tracking table with a timeout equal the router uptime. Also, the conntrack table goes up to ten thousand entries easy with about 40 customers.

By disabling all interfaces under “/ip neighbor discovery” and rebooting the router, conntrack table get back to normal, working smoothly and it is holding about two hundred entries for the same 40 customers. Thats all, unfortunately.