REALLY slow internet when states reaches 7000

  • As subject, our internet connection goes from stable and responsive to slow and timeouts when state-count reaches approximately 7000 connections.

    When the problems arises, 40-50 computers are connected doing everything from playing online games to browsing.

    CPU: 2 x Xeon 3,4 GHz
    RAM: 12Gb

    Dual WAN connection
    1. WAN - Http / https (100/30 Mbit)
    2. WAN - Everything but http(s) (100/100 Mbit)

    Firewall Maximum States: 1177000 (system default)

    Captive portal active with freeradius (mysql) authentication
    5120/5120 Kbit/s per-user bandwidth restriction

    Top dump:
    CPU:  0.0% user,  0.0% nice,  0.9% system,  0.7% interrupt, 98.4% idle
    Mem: 126M Active, 34M Inact, 308M Wired, 132K Cache, 173M Buf, 11G Free
    Swap: 32G Total, 32G Free

    WAN 1 - Average over 8 hours - 19,21Mbit
    WAN 2 - Average over 8 hours - 1,38Mbit

    The problem comes when a (few) computers have more than 400 connections, making the total number in the firewall rise above 7000 states, "everything" dies until states fall below 7000….. Hardware should be capable of handling it???

    Please, any advice is welcome...

    Thx in advance :-)

  • More than capable. Usually it's the next device upstream that starts choking out. Crappy DSL modems commonly, especially if they're not in bridge mode but sometimes when they are. What are your WANs and how are they configured?

