Hello. I am studying again to refresh MTCINE and on the slides I encountered a sentence where it says that conntrack have to be disabled for best performances.
Well... the slides are from 2012 and now there is fastpath, fasttrack and so on.
On my ISP on the core router, we use conntrack with fast-track (rule for forward invalid, disabled).
I have seen that disabling the conntrack has no benefit since we lose some firewall functions, and also we see higher cpu usage because I assume that packet are going in slowpath.
What is the final suggestion here in 2020 ? I successfully use BGP with conntrack+fasttrack (invalid packet forwarding are not dropped since we are completely multihomed).
I Tried to add the raw rule NOTRACK for all the traffic that was not local, but cpu was higher so I reverted to the initial configuration of conntrack+fasttrack