REALLY slow internet when states reaches 7000

dkjumper

As subject, our internet connection goes from stable and responsive to slow and timeouts when state-count reaches approximately 7000 connections.

When the problems arises, 40-50 computers are connected doing everything from playing online games to browsing.

Hardware:
CPU: 2 x Xeon 3,4 GHz
RAM: 12Gb

Dual WAN connection
1. WAN - Http / https (100/30 Mbit)
2. WAN - Everything but http(s) (100/100 Mbit)

Settings:
Firewall Maximum States: 1177000 (system default)

Captive portal active with freeradius (mysql) authentication
5120/5120 Kbit/s per-user bandwidth restriction

Top dump:
CPU:  0.0% user,  0.0% nice,  0.9% system,  0.7% interrupt, 98.4% idle
Mem: 126M Active, 34M Inact, 308M Wired, 132K Cache, 173M Buf, 11G Free
Swap: 32G Total, 32G Free

Traffic:
WAN 1 - Average over 8 hours - 19,21Mbit
WAN 2 - Average over 8 hours - 1,38Mbit

The problem comes when a (few) computers have more than 400 connections, making the total number in the firewall rise above 7000 states, "everything" dies until states fall below 7000….. Hardware should be capable of handling it???

Please, any advice is welcome...

Thx in advance :-)
/Johnny

cmb

More than capable. Usually it's the next device upstream that starts choking out. Crappy DSL modems commonly, especially if they're not in bridge mode but sometimes when they are. What are your WANs and how are they configured?