Recently 1 of the server under my responsibility very slow. The ping is always timeout. When i type “dmesg” it show;

Nov 1 22:23:40 bounty kernel: ip_conntrack: table full, dropping packet.
Nov 1 22:23:43 bounty last message repeated 9 times
.
.
.
.

I run this command to know how many connection on the server:

[root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l
34346

It can be fixed by restarting the server. After restart, the ping seem ok and no timeout. Run back the command:

[root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l
899

You might want to check this link also:

http://www.networksecurityarchive.org/html/Firewalls/2005-04/msg00098.html

http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

http://support.imagestream.com/Resolving_ip_conntrack_table_full_Errors.html

If you dont want to restart the server, you can run this command:

echo 65536 > /proc/sys/net/ipv4/ip_conntrack_max

Please note that:
– default CONNTRACK_MAX value will not be inferior to 128
– for systems with more than 1GB of RAM, default CONNTRACK_MAX value is
limited to 65536 (but can of course be set to more manually).

Leave a Reply

Your email address will not be published. Required fields are marked *

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.
Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock