Page 1 of 1

3.18 and BGP w/ full routing tables

Posted: Fri Jan 16, 2009 6:41 am
by changeip
Just a quick poll, is anyone using 3.18 with 150,000+ routes and 100-200mbps of traffic? I think I need to upgrade to get around a memory leak that just started popping up in 2.9.51.

I'm also curious if 3.x still has weird quirks with connection-track turned off... related to fragments, etc.

Sam

Re: 3.18 and BGP w/ full routing tables

Posted: Fri Jan 16, 2009 8:53 am
by janisk
AFAIK conn-track is the facility in routeros that "glues" fragmented packets together after they are received, then how that ("the glue process") would happen if you disable it? :shock:

Re: 3.18 and BGP w/ full routing tables

Posted: Fri Jan 16, 2009 1:58 pm
by ste
AFAIK conn-track is the facility in routeros that "glues" fragmented packets together after they are received, then how that ("the glue process") would happen if you disable it? :shock:
What I do not understand is why routers in the middle need conn-track on.
Why do they not just forward the fragments and let the router at the end
of the connection handle fragmentation? Esp when the whole Network can
forward Ethersized packets (1500bytes).

Stefan

Re: 3.18 and BGP w/ full routing tables

Posted: Fri Jan 16, 2009 9:03 pm
by changeip
exactly, conn-track is not necessary on every router on the internet is it ? I dont want to glue those fragments back together at the border, that can happen on the core routers that use conn-track. these border routers could care less what is being forwarded, it should just forward packets. So I assume it's still dropping fragments when conn-track is turned off ?

I hope this gets fixed sooner or later...

Re: 3.18 and BGP w/ full routing tables

Posted: Fri Jan 16, 2009 9:56 pm
by Mplsguy
You only need conntrack if you wish to use any of functions that require it - NAT, matching according to connection state, and such. In the rest of cases you do not need conntrack and can disable it e.g. for performance reasons, this will not cause fragmented packets to get dropped.

Re: 3.18 and BGP w/ full routing tables

Posted: Sat Jan 17, 2009 4:33 am
by changeip
so the dropping of fragments has been fixed since the early 3.x betas? Previously without conn-track it was dropping them.

Re: 3.18 and BGP w/ full routing tables

Posted: Fri Jan 23, 2009 10:57 am
by msundman
so the dropping of fragments has been fixed since the early 3.x betas? Previously without conn-track it was dropping them.
Anyone who can confirm this?

I have a customer who is just about to implement a new HA network and do BGP peering with two ISP and are considering buying two Juniper M7i routers. I'm now looking into if it would be possible to use a couple of RB1000s instead as boarder routers.

They will be pushing about a 200-300 Mbps (aggregated halvduplex) traffic through these routers, and they might have to cope with full BGP tables for minimum 2 peers each.

Would you say the RB1000s are stable enough for such a task?

I'm considering running them with connection tracking off then, as they should mainly work as pure routers. I should still be able to apply simple stateless iptables rules even without connection tracking if it becomes neccessary, right?

How about packet forwarding latency? Does that suffer much from running with full BGP routing tables? I would guess that it should only affect the first packet for a source/dest IP pair that has to be looked up in the big routing table, then it should go into the host routing table, which should be of the same size regardless of the size of the normal routing table, or am I wrong?

I'd be very happy to hear if somebody else is using RB1000 or RouterOS at all as full BGP table routers.

Re: 3.18 and BGP w/ full routing tables

Posted: Thu Feb 12, 2009 3:10 pm
by mhugo
Im very interested in knowing if it works too.

Anyone knows if the RAM can be upped from 512mb?

Re: 3.18 and BGP w/ full routing tables

Posted: Thu Feb 12, 2009 6:04 pm
by JJCinAZ
We run full BGP tables from multiple peers on ROS 3.13 though we don't use the RB1000. Instead we use an Intel 1U platform with multicore CPU's. Lots of memory available and lots of CPU cycles available for BGP work, filtering, and routing.

As for the fragment dropping, I believe I tested that with ROS 3.x and it was "fixed" but that was some time ago and I can't find my documentation on it. You can easily test that by running an IPSEC tunnel through the router with connection tracking disabled and then do a full 1500 byte, no fragment ping (ICMP) through the tunnel and see if it works. If I had time, I would redo the test for you, but alas, paying customers first.

Re: 3.18 and BGP w/ full routing tables

Posted: Tue Feb 17, 2009 4:25 pm
by Ajar
My router :

> system resource print
uptime: 2w6d15h32m3s
version: "3.13"
free-memory: 258740kB
total-memory: 497408kB
cpu: "Intel(R)" (C2D)
cpu-count: 2
cpu-frequency: 2400MHz
cpu-load: 7
free-hdd-space: 78634kB
total-hdd-space: 121215kB
write-sect-since-reboot: 1716
write-sect-total: 1716
architecture-name: "x86"
board-name: "x86"


> ip route print count-only
546367

2Ń…Full Table , Average CPU load ~6% ,
Average traffic ~ 25Mbit/s

Tested average speed ~ 100Mbit/s , CPU load - 25-30%

Conntrack&Bridge IP Firewall - disable

Re: 3.18 and BGP w/ full routing tables

Posted: Wed Feb 18, 2009 12:29 am
by Muqatil
Okay i'm having issues with Mikrotik BGP and full routing tables...
3x peer with full routing table (272k x3 )
If one of the peer goes down, the router goes to 25% CPU (Quad Core Xeon) then crashes.
ROS 3.20 with routing-test.