Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ip_conntrack: table full

Discussion in 'General Discussion' started by oderland, Nov 1, 2003.

  1. oderland

    oderland Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2002
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Kungsbacka, Sweden
    Hi everyone

    One of our servers is taking down whole network, the router is like a x-mas three :-(

    The last message we see is this:
    Nov 1 22:23:40 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:23:43 bounty last message repeated 9 times
    Nov 1 22:23:45 bounty kernel: NET: 4 messages suppressed.
    Nov 1 22:23:45 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:23:50 bounty kernel: NET: 24 messages suppressed.
    Nov 1 22:23:50 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:23:55 bounty kernel: NET: 54 messages suppressed.
    Nov 1 22:23:55 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:24:00 bounty kernel: NET: 45 messages suppressed.
    Nov 1 22:24:00 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:24:05 bounty kernel: NET: 60 messages suppressed.
    Nov 1 22:24:05 bounty kernel: ip_conntrack: table full, dropping packet.

    any clue?
     
  2. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    166
    The maximum number of connections the state table can contain is stored in /proc/sys/net/ipv4/ip_conntrack_max. This value is determined initially by how much physical memory you have (on my 512 Mb machine, ip_conntrack_max = 32760 by default).


    You might try google next time. I found this answer in about 15 seconds :P
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. oderland

    oderland Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2002
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Kungsbacka, Sweden
    i know that :)
    We are running this every hour to have some stats for connections to this server

    cat /proc/net/ip_conntrack | wc -l

    I found it that that the server had 5500 conections just before the network went down. The average is 100 -300

    What I was looking for is some solutions to prevent it from happning
     
  4. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    166

    You might want to figure out what was causing the huge increase in connections to the server. Once you have that piece of information you can figure out a solution from preventing it in the future.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. inertz

    inertz Member

    Joined:
    Nov 24, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Oklahoma City, Oklahoma, United States
    I face the same issue...
    If you ping... it will give you time out...
    If you stop the httpd the ping just fine....

    However i manage to solve it by restarting the server..

    I compare between before and after restart...

    [root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l
    34346

    [root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l
    899
     
  6. bazzii

    bazzii Member

    Joined:
    Jun 17, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!

    To print current limit type:
    # sysctl net.ipv4.netfilter.ip_conntrack_max

    Output:

    8192

    To increase this limit to e.g. 12000, type:
    # sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000

    Alternatively, add the following line to /etc/sysctl.conf file:
    net.ipv4.netfilter.ip_conntrack_max=12000

    The following will tell you how many sessions are open right now:
    # wc -l /proc/net/ip_conntrack

    Output:

    5000 /proc/net/ip_conntrack
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    68
    I have also faced the same type of issues. I have just installed configserver firewall on server which has fixed the issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice