so the dropping of fragments has been fixed since the early 3.x betas? Previously without conn-track it was dropping them.
Anyone who can confirm this?
I have a customer who is just about to implement a new HA network and do BGP peering with two ISP and are considering buying two Juniper M7i routers. I'm now looking into if it would be possible to use a couple of RB1000s instead as boarder routers.
They will be pushing about a 200-300 Mbps (aggregated halvduplex) traffic through these routers, and they might have to cope with full BGP tables for minimum 2 peers each.
Would you say the RB1000s are stable enough for such a task?
I'm considering running them with connection tracking off then, as they should mainly work as pure routers. I should still be able to apply simple stateless iptables rules even without connection tracking if it becomes neccessary, right?
How about packet forwarding latency? Does that suffer much from running with full BGP routing tables? I would guess that it should only affect the first packet for a source/dest IP pair that has to be looked up in the big routing table, then it should go into the host routing table, which should be of the same size regardless of the size of the normal routing table, or am I wrong?
I'd be very happy to hear if somebody else is using RB1000 or RouterOS at all as full BGP table routers.