Max Active Connections Reached

robert-nash · November 29, 2020, 8:48pm

Hello, I am still trying to work out what is going on here so sorry if this is a but vague. I'm looking for some help to point me in the right direction.

I have been experiencing some sluggishness with my internet connection over the last few months (more people at home than often!) and have recently started trying to trackdown the cause of this, whether it is a problem with some of my access points or my ISP.

In the course of my investigations I noticed in the system logs in LuCi for my main router there are a lot of "nf_conntrack: table full, dropping packet" messages. Further investigation showed that my active connections are hanging around the maximum which appears to be 16384 according to the interface. I am assuming that the table full, dropping packet message is a result of reaching the maximum number of connections. Is this a reasonable assumption?

I don't know if this is the cause of my sluggish connection but it doesn't sound like a good thing so presumably I should try to do something about this.

I am using a BT Homehub 5 as my router (https://openwrt.org/toh/bt/homehub_v5a) and I'm currently running LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.336.23170-d2dc32a). I also have SQM setup if it is relevant.

My household has six members and whilst we are quite heavy technology users, I would be surprised if we were maxing out the router itself. My searches don't seem to suggest that this is a particularly common problem either (if six heavy users can max out a router, I would have thought there would be more people talking about this).

I am therefore wondering what to do next. If it is unusual to reach this limit, is there something I can do to track down the cause of the problem? Perhaps there is a rogue/defective device on my network opening up a lot of connections for some reason? Otherwise, it would seem that my only option is to increase the maximum number of connections or buy a more substantial router. Is there any way of working out what is an appropriate figure for my hardware?

Thank you in advance for any help on the matter.

trendy · November 29, 2020, 9:04pm

Old, unsupported and vulnerable. Upgrade to a supported version as soon as possible.

Yes

Sounds like someone is torrenting a lot.

You can try to increase the available connections, but in my opinion that number should not have been reached by just 6 normal users.

hnyman · November 29, 2020, 9:13pm

+1 for that torrenting guess.

Torrenting or some similar P2P download/upload action that is badly configured, and causes unreasonable amount of connections.

Alternatively, some scanning app that makes lots of connections and leaves them active.

robert-nash · November 29, 2020, 9:21pm

Thank you for both of your replies. I am pretty sure it isn't torrenting specifically but now I know this is irregular I will investigate possible causes on the network. Is there any way I can analyse the active connections such as by device or port?

(I will also upgrade to a more recent OpenWrt version ASAP!)

trendy · November 29, 2020, 11:50pm

You can get them with cat /proc/net/nf_conntrack then I'd import them into a spreadsheet and sort/filter by field.

vgaetera · November 30, 2020, 12:48am

robert-nash · November 30, 2020, 10:44pm

Thank you everyone for your help. It turns out that you were completely correct and my NAS has been sitting seeding for what must be a number of years undetected. Scary really!

Thanks again!

tmomas · November 30, 2020, 10:50pm

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

system · December 10, 2020, 10:50pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.