Configuring router for large amount of connections (EA8500)

Hello.
I am trying to figure out how I have to configure the router for reliable work with a large number of active connections. Now I have approximately 60-70K of connections, and the internet works badly: according to the collected data, the ICMP drop rate often equals 50%, see screenshot attached.

CPU and RAM shouldn't be the bottleneck, I haven't reached the limit of them:

The kernel log looks fine, no issues were there during the abnormal ICMP drop rate.

Oh, yes, sorry.
My internet is 1Gbps in/out, fibre optic.
My application needs for a lot of connections, that's why I did some search and I've already increased

net.core.wmem_max
net.core.wmem_default
net.core.rmem_max
net.core.rmem_default
net.netfilter.nf_conntrack_max = 249856
net.netfilter.nf_conntrack_buckets = 62464

I have a swap at external HDD connected by eSATA, load average smaller than 2 (2-core CPU), but why packets are dropping?

@eduperez @OldNavyGuy @kt368 @flygarn12 @pavelgl

2 Likes

@kt368 - I think it best if you didn't state your reason or intents here. However, your request for technical assistance is reasonable. Please consider editing your posting to remove any political leanings.

2 Likes

Just for your reference, my ea8500 only connected <20 devices as my ISP router, I have already removed all unnecessary modules from the build, likes DDNS/QOS/SQM/statistics/Adblock/nlbwon/openvpn/collectd/....all removed to lower the cpu usages.

you have 60000 more connections, too heave loading.....drop something is normal, and lucky is not hangup.

You have 60.000 - 70.000 active connections, and TCP has 65.536 ports... Perhaps you have reached the limit of what NAT can do?

The OP originally admitted that he wants to launch a DDoS attack on Russian propaganda sites.

This ^^^^ persuaded him to remove it.

Thread should be deleted.

1 Like

Completely agree.. I just got here after the political comment has been removed.

Even if the DDOS statement has been removed: The OpenWrt forum doesn't endorse, condone or support abuse of the internet for DDOS against anybody. Closing this topic now.

3 Likes