Over the Christmas holidays I decided to rework my home network to segregate some equipment and generally improve my firewall / dmz pass-through. I switched from running my Superhub to my old Netgear WRT54G2 with DD-WRT running on top in order to separate lan routing and pass through to secondary firewall and wifi equipment channels.
I've been after an upgrade to my Juniper firewall unit for a while ( itself having issues of number of concurrent IP connections to the outside world on this firmare ) but since having some Netgear units at hand in my spares box, I decided to just go ahead to reconfigure those.
For a few days after configuring the equipment I didn't notice any significant issues as I was in the middle of reconfiguring other equipment and segregating channels. Around the third day of using the configuration I realised that something was amis.
My throughput on the network to the outside world had considerably reduced, which I initially considered to be an issue of cabling or port speed. Verifying this wasn't the case I ran some tests with speedtest and saturating lines on my direct and extended star networks. The results were grim.
On my 100Mbps line ( normally achieving around 75Mbps down / 6Mbps up asynchronous ) I was only managing a lethargic 30Mbps down. Something had to be significantly causing issues in my configuration or the equipment.
I ran the interface on the unit up to check for excessive CPU utilisation ( initially worrying the older kit was having trouble keeping up with all of the devices on my network ) to realise that I'd exceeded the maximum TCP connections available for the unit. My word - what was causing this? A quick dig around using my machine and watching the connection counter and I realised websites such as eBay were grabbing as many connections simultaneously as they possibly could. With all of the devices on my network ( phones, tablets, laptops, servers ) acting in some capacity to undertake data transit, my limit was consistently topping-out.
A quick drop-down of units and a Google search session later I realised that indeed there were hard-limits to the older equipment and versions of DD-WRT that run on it. A hideous reminder to me that I am still too heavy a user for home-grade equipment.
The solution until time is available to build a hardware solution or purchase some enterprise equipment was to switch back to router mode instead of modem mode on my superhub and remove the old Netgear from my chain.
In all, yes it caused some frustration over a week ( and subsequent couple of weeks scouring eBay for something that would do what I wanted as a hardware unit and not break the piggy bank ) but some valuable lessons were learned:
Plex Media Server and NAS SMB Mount
AWS Ephemeral Data re-instating