v3.9 - 2GB RAM = 512MB RAM same maximum entries at Conntrack

yudhi · May 12, 2008, 12:22am

Hi All.
On my v3.3 system, I have 2 GB RAM installed, but only have 524288 maximum entries on conntrack, same as system with 512 MB RAM.
After upgrading both systems into v3.9, both systems still showing 524288 as maximum conntrack entries.

While on v.2.9.51 with 1 GB RAM have 2 million maximum entries.

Is this bug can’t get fixed since from v3.3 ???

Somebody could help me with this ?
Thanks.

hulk-bd · May 12, 2008, 6:56am

Dear yudhi,

It’s definitely a bug and I don’t know why MT haven’t fixed this bug yet.

Thanks

Chupaka · May 12, 2008, 12:16pm

the only question I have: DO you need more than 524288 entries on conntrack? =)

yudhi · May 12, 2008, 1:29pm

Doesn’t care I need it or not, bug is a bug need to be fixed !

Because in the future you or me or somebody else may need it.

Chupaka · May 12, 2008, 1:38pm

i have 256 Mb RAM on routers, and Max Entries is 475136 on first and 491520 on second - it doesn’t correlate with RAM, as I see. so call it ‘a feature’, not a bug =)

yudhi · May 12, 2008, 1:53pm

Don’t you see on the picture I attached ?
1 GB RAM have 2 million entries allowed on v2.9.51, 2 GB RAM only have 500k entries on v3.9…its not a feature…but its a backward.

hulk-bd · May 13, 2008, 9:01am

it doesn’t correlate with RAM, as I see. so call it ‘a feature’, not a bug =)

Dear Chupaka,

As far I know it’s correlated with RAM, and few guys from here said it too, search the forum.

Thanks n Peace

Chupaka · May 13, 2008, 10:44am

hulk-bd
64 Mb RAM = 96k entries
256 Mb RAM = 464k entries
512 Mb RAM = 512k(?) entries…

what correlation is there? =)

yudhi · May 13, 2008, 2:50pm

more RAM more entries you got…simple math

btw if you don’t rely on conntrack at all…then you don’t need to aware with this topic I think

changeip · May 13, 2008, 4:24pm

linux 2.4 vs 2.6 kernel does things differently. Here is a document that explains some algorithms. I’m not saying RouterOS uses this method or netfilter, just pointing out an explanation between the kernel versions.

http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

am

Chupaka · May 13, 2008, 9:21pm

yep…

for systems with more than 1GB of RAM, default CONNTRACK_MAX value is limited to 65536 (but can of course be set to more manually)

it’s like this, but 512 Mb and 524288 max =) so if you need more - email support

yudhi · May 16, 2008, 3:45pm

so no solution/answer yet from mikrotik crew

Chupaka · May 17, 2008, 2:15pm

… because it seems like it is hardcoded into ROS =)

gwzph · December 14, 2008, 5:30pm

No solution yet ?

normis · December 15, 2008, 8:14am

If you actually need more than the max entries, ask support and explain why

janisk · December 15, 2008, 11:19am

conn-track entry count is calculated differently between versions. that is all that there is. nothing to worry about.

dot-bot · December 15, 2008, 11:53am

My guess is that v3.x chews on packets longer before it spits 'em out, creating more CPU+RAM work per packet, leaving less resources and higher CPU usage statistics. Could be due to Layer 7 functionality or due to source code used not optimized enough.

janisk · December 15, 2008, 12:20pm

no, it is just the algorithm that calculates how much contrack entries you can support with current amount of RAM. it does not take longer, or shorter time - just the number is different.