How to Fix “nf_conntrack: table full, dropping packet”
Issue
Your server might be seeing a large number of
nf_conntrack: table full, dropping packet
In /var/log/messages.
This indicates that there are a large number of connections that are coming into the server.
The default maximum nf_conntrack_max value for CentOS is 65536.
While this is normally OK for a lightly used server, servers that experience a heavy amount of traffic may need to increase this value.
How To Fix
You may need to temporarily or permanently increase this value. You should consult with a qualified systems administrator before making these changes.
Check how many active connections are being tracked.
cat /proc/sys/net/netfilter/nf_conntrack_count
Check the current max value of nf_conntrack
cat /proc/sys/net/netfilter/nf_conntrack_max
Change the value temporarily to something higher (please note, that increasing this number will likely increase the system resource usage and load as it will be handling more connections at a time)
echo 524288 > /proc/sys/net/netfilter/nf_conntrack_max
To make this change permanent, please add the following line to the end /etc/sysctl.conf
net.netfilter.nf_conntrack_max = 524288
To help lessen the issues with a large number of connections, you may want to consider reducing the amount of time the server waits until it closes/timeouts the connections.
To do this, add the following lines to the end /etc/sysctl.conf
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
Still need help to apply the fix this issue Contact Us, Kodeslogic experts will be happy to help you…