I configured an EdgeRouter 8 to replace an old Imagestream for a small ISP.
We have two OSPF interfaces via wireless backhauls, a LAN, and a WISP AP facing interface with around 100 customers hanging off it. The Imagestream's uptime is measured in years.
We put EdgeOS 1.8.0 on the EdgeRouter, no firewall rules, no NAT. We installed it. Everything was hunky dorry after we manually set the OSPF MD5 key-id to 10. I don't know why it won't work with key-id 1, or why the GUI uses key-id 1.
Three hours later, the router was offline. The guy on-site moved the cables to the ImageStream, which we left running. Everything came back up. I finally got back in state to look at the still running EdgeRouter. The log is full of conntrack errors. A month after the blowup, I suspect all the entries have expired.
4 of the 8 EdgeRouters we've installed since Sept 2015 in this network have had conntrack issues which required power cycle when on-site or dedicated attempts to ssh in quickly when an opportunity presents to quickly verify that there are conntrack errors in the log file and hopefully still have time to issue a reboot command before the router stops responding again.
0 of the 100 MikroTik routers and 0 of the 5 ImageStream routers we've used have ever had connection tracking issues, even when we use connection tracking. Can we not figure out how to do as well as other Linux based routers with respect to managing connection tracking?
I have seen the thread where connection tracking is accidentally loaded by looking at the firewall / NAT UI. I don't even care about that. What I care about is not having the router fall on its face no matter whether you intended to use connection tracking or not. The defaults should be sane. We cannot be blowing out the tables with the number of clients we have and the lack of nuclear meltdown while using other linux based routers which are using connection tracking for even more customers.
Surprisingly, one EdgeRouter, a 8 Pro, which is handling BGP for the entire ISP and has intentional firewall rules and no connection tracking tweaks has not had a problem since September 2015, 257 days uptime, 300 Mbps. The routers which have blown up are backhaul or leaf routers behind that 8 Pro.
I have the config and the log files and the device is still running if anyone cares.