Questions about Connections Max Entries:
Posted: Sat Jan 02, 2021 9:32 am
I have found Max Entries under connections and know
"* max-entries (integer) Max amount of entries that connection tracking table can hold. This value depends on installed amount of RAM.
Note that system does not create maximum size connection tracking table when it starts, maximum entry amount can increase if situation
demands it and router still has free ram left."
As written on the MikroTik help page manual, it makes sense and sounds correct. My question is how does additional WAN IP Addresses play into this? I am courting MikroTik CHR currently as a contender to replace a NOMADIX box and so far it looks like MikroTik can do this with no issue at all, especially being able to have 500+ VLANS without choking like the *ense variants that choke at 100+ VLANS. So on the NOMADIX we have to provide an additional WAN IP Address per 50k connections/states/entries as you will regardless of having enough RAM. As I know but cannot confirm an ip address has a hard limit of around 65k connections/states/entries so it makes sense this a requirement of the NOMADIX but cannot find this requirement for MikroTik and have no way to easily test this need as I can not put MikroTik into place until we test it and can assure it meets the needs. Should I assume the same is required of MikroTik let alone basically any firewall because of these limits notwithstanding to MikroTik or NOMADIX? I know I can probably alter the connection tracking time just as in the NOMADIX however it is imperative I do not as this setup is for devices in a year long use at a time and not the typical hotspot for minutes/hours use. Can anyone who knows about this elaborate please and provide reference material if possible for further reading. Thank you in advance.
My apologies I did not know where to place this question.
"* max-entries (integer) Max amount of entries that connection tracking table can hold. This value depends on installed amount of RAM.
Note that system does not create maximum size connection tracking table when it starts, maximum entry amount can increase if situation
demands it and router still has free ram left."
As written on the MikroTik help page manual, it makes sense and sounds correct. My question is how does additional WAN IP Addresses play into this? I am courting MikroTik CHR currently as a contender to replace a NOMADIX box and so far it looks like MikroTik can do this with no issue at all, especially being able to have 500+ VLANS without choking like the *ense variants that choke at 100+ VLANS. So on the NOMADIX we have to provide an additional WAN IP Address per 50k connections/states/entries as you will regardless of having enough RAM. As I know but cannot confirm an ip address has a hard limit of around 65k connections/states/entries so it makes sense this a requirement of the NOMADIX but cannot find this requirement for MikroTik and have no way to easily test this need as I can not put MikroTik into place until we test it and can assure it meets the needs. Should I assume the same is required of MikroTik let alone basically any firewall because of these limits notwithstanding to MikroTik or NOMADIX? I know I can probably alter the connection tracking time just as in the NOMADIX however it is imperative I do not as this setup is for devices in a year long use at a time and not the typical hotspot for minutes/hours use. Can anyone who knows about this elaborate please and provide reference material if possible for further reading. Thank you in advance.
My apologies I did not know where to place this question.