Too many UDP connections kill router

[Konst13]

I noticed that after just a few hours of uTorrent working my Internet connection slows down to practically unusable. I investigated the issue and found that my NAT router (D-link DIR-655) become almost unresponsive. Looking further into the router status (active connections table) it seems that there are more than 15000 (!!) UDP connections simultaneously opened (or half-opened?) originating from the machine where uTorrent runs and that brings the router to its knees. I have uTorrent Version 2.0 RC5 (build 17920) and got a feeling that this problem appeared with one of the recent 2.0 release candidates. Maximum number of connections is configured as 600.

Can this problem be the result of the bug or misconfiguration of uTorrent 2.0 RC?

What troubleshooting steps can I take to gather more information and eventually fix the problem?

I'm proficient with computers so don't be afraid to give me techincally challenging advice. :-)

Thank you!

Konstantin

[Firon]

How long is the router tracking connections for? A day or something?

[Konst13]

Well it gets toast as soon as in two hours, but when I stopped uTorrent and let it stay overnight those UDP connections were still in the active connections list in the morning, so it is possible that the router stores UDP connections for too long (and I don't see how it can be configured).

On completely different note I got the idea what could cause the problem. Those UDP connections are originated from the port 500 which is "IPsec Internet Security Association and Key Management Protocol (ISAKMP)'. It is possible that IPSec tries to establish secure connection for every other connection happening on the box and because of uTorrent the number of those connections is huge. I'm going to try to fix the issue by changing IPSec policy to establish secure connections for "Remote only". We'll see if it helps. Worst case I can just disable IKEEXT service (which is the one originating those UDP connections from port 500).

[Switeck]

The router is retaining UDP ips that have long since timed out, and choking on that. It's a piece of junk.

Can you install Tomato or DD-WRT on it? (And then reduce TCP and UDP timeout delays.)

You can disable most if not all UDP-generating traffic by uTorrent...but you may be unable to connect as well to other peers/seeds.

DHT, maybe Local Peer Discovery, Bandwidth regulation (uTP peers/seeds!), Resolve IPs, Teredo/IPv6 uses UDP.

[Konst13]

So I see two separate problems happening at the same time here:

1. Huge UDP traffic most probably generated not by uTorrent directly, but by misconfigured IPSec (IKEEXT service). I will try to fix it tonight and if possible get rid of extra UDP traffic. Will let you know how it goes.

2. D-link DIR-655 router is not good enough and does not allow to configure UDP timeout. I don't mind to go ahead and buy another router if I would only know which one should I get. "Tomato" does not say much to me. Is it custom firmware? Which router shall I buy to be able to use it?

==== updated 2/3/2010 ====

Just to conclude this thread - proper configuration (or just disabling) of IKEEXT service indeed stops that UDP flood from port 500 and with that uTorrent works fine and NAT table in the router doesn't grow above 2500 entries which it handles easily.

On the other hand GOOD router should be able to survive that anyway, so I'm seriously looking towards DD-WRT, but so far cannot find 802.11n (with Gigabit Ethernet) router compatible with DD-WRT. If somebody can recommend a good capable router I can purchase - please do.

Thank you!

Konstantin