We are still gettign the random timeouts. I have been looking at the cacti graphs and noticed that we are getting blank spots on the graph during periods of high use. I am starting to wonder if we are hitting a limit on the number of connections and the router simply quits responding.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name Block_BitTorrent {
default-action accept
description ""
rule 1 {
action drop
log enable
p2p {
all
}
protocol all
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
duplex auto
mtu 1526
speed auto
traffic-policy {
out fair-queue-out
}
vif 205 {
address 192.168.205.21/24
address x.x.x.193/28
address x.x.x.194/28
address x.x.x.195/28
address x.x.x.196/28
address x.x.x.197/28
address x.x.x.198/28
address x.x.x.199/28
address x.x.x.200/28
address x.x.x.201/28
address x.x.x.202/28
address x.x.x.203/28
address x.x.x.204/28
address x.x.x.205/28
address x.x.x.206/28
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-multipoint
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1526
}
}
ethernet eth1 {
duplex auto
speed auto
vif 2 {
address 100.64.1.1/24
description Client
}
vif 200 {
address 10.30.0.1/24
description Management
}
vif 1502 {
address 172.15.2.1/24
description Office
}
}
ethernet eth2 {
duplex auto
speed auto
}
ethernet eth3 {
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
ethernet eth6 {
duplex auto
speed auto
}
ethernet eth7 {
duplex auto
speed auto
}
loopback lo {
}
}
protocols {
ospf {
area 0.0.0.0 {
network 100.64.1.0/24
network 192.168.205.0/24
network x.x.x.192/28
network 172.15.2.0/24
network 10.30.0.0/24
}
parameters {
abr-type cisco
router-id 192.168.205.21
}
}
static {
route 0.0.0.0/0 {
next-hop 192.168.205.1 {
distance 1
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name 2 {
authoritative enable
subnet 100.64.1.0/24 {
default-router 100.64.1.1
dns-server x.x.x.138
dns-server 4.2.2.3
lease 86400
start 100.64.1.20 {
stop 100.64.1.254
}
}
}
shared-network-name 3 {
authoritative enable
subnet 172.15.2.0/24 {
default-router 172.15.2.1
dns-server x.x.x.138
dns-server 4.2.2.3
lease 86400
start 172.15.2.20 {
stop 172.15.2.254
}
}
}
gui {
http-port 80
https-port 443
listen-address 192.168.205.21
older-ciphers enable
}
nat {
rule 5002 {
log disable
outbound-interface eth0.205
outside-address {
address x.x.x.194-x.x.x.206
}
protocol all
source {
address 100.64.1.0/24
}
type source
}
rule 5502 {
log disable
outbound-interface eth0.205
outside-address {
address x.x.x.193
}
protocol all
source {
address 172.15.2.0/24
}
type source
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 393216
hash-size 3145728
table-size 3145728
}
host-name Router1
name-server x.x.x.138
name-server 4.2.2.3
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
dpi disable
export enable
}
}