REALLY slow internet when states reaches 7000
As subject, our internet connection goes from stable and responsive to slow and timeouts when state-count reaches approximately 7000 connections.
When the problems arises, 40-50 computers are connected doing everything from playing online games to browsing.
CPU: 2 x Xeon 3,4 GHz
Dual WAN connection
1. WAN - Http / https (100/30 Mbit)
2. WAN - Everything but http(s) (100/100 Mbit)
Firewall Maximum States: 1177000 (system default)
Captive portal active with freeradius (mysql) authentication
5120/5120 Kbit/s per-user bandwidth restriction
CPU: 0.0% user, 0.0% nice, 0.9% system, 0.7% interrupt, 98.4% idle
Mem: 126M Active, 34M Inact, 308M Wired, 132K Cache, 173M Buf, 11G Free
Swap: 32G Total, 32G Free
WAN 1 - Average over 8 hours - 19,21Mbit
WAN 2 - Average over 8 hours - 1,38Mbit
The problem comes when a (few) computers have more than 400 connections, making the total number in the firewall rise above 7000 states, "everything" dies until states fall below 7000….. Hardware should be capable of handling it???
Please, any advice is welcome...
Thx in advance :-)
More than capable. Usually it's the next device upstream that starts choking out. Crappy DSL modems commonly, especially if they're not in bridge mode but sometimes when they are. What are your WANs and how are they configured?