Site icon

ip_conntrack: table full

Recently 1 of the server under my responsibility very slow. The ping is always timeout. When i type “dmesg” it show;

Nov 1 22:23:40 bounty kernel: ip_conntrack: table full, dropping packet.
Nov 1 22:23:43 bounty last message repeated 9 times

I run this command to know how many connection on the server:

[root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l

It can be fixed by restarting the server. After restart, the ping seem ok and no timeout. Run back the command:

[root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l

You might want to check this link also:

If you dont want to restart the server, you can run this command:

echo 65536 > /proc/sys/net/ipv4/ip_conntrack_max

Please note that:
– default CONNTRACK_MAX value will not be inferior to 128
– for systems with more than 1GB of RAM, default CONNTRACK_MAX value is
limited to 65536 (but can of course be set to more manually).

Exit mobile version