The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ip_conntrack: table full

Discussion in 'General Discussion' started by oderland, Nov 1, 2003.

  1. oderland

    oderland Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2002
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Kungsbacka, Sweden
    Hi everyone

    One of our servers is taking down whole network, the router is like a x-mas three :-(

    The last message we see is this:
    Nov 1 22:23:40 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:23:43 bounty last message repeated 9 times
    Nov 1 22:23:45 bounty kernel: NET: 4 messages suppressed.
    Nov 1 22:23:45 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:23:50 bounty kernel: NET: 24 messages suppressed.
    Nov 1 22:23:50 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:23:55 bounty kernel: NET: 54 messages suppressed.
    Nov 1 22:23:55 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:24:00 bounty kernel: NET: 45 messages suppressed.
    Nov 1 22:24:00 bounty kernel: ip_conntrack: table full, dropping packet.
    Nov 1 22:24:05 bounty kernel: NET: 60 messages suppressed.
    Nov 1 22:24:05 bounty kernel: ip_conntrack: table full, dropping packet.

    any clue?
     
  2. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    The maximum number of connections the state table can contain is stored in /proc/sys/net/ipv4/ip_conntrack_max. This value is determined initially by how much physical memory you have (on my 512 Mb machine, ip_conntrack_max = 32760 by default).


    You might try google next time. I found this answer in about 15 seconds :P
     
  3. oderland

    oderland Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2002
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Kungsbacka, Sweden
    i know that :)
    We are running this every hour to have some stats for connections to this server

    cat /proc/net/ip_conntrack | wc -l

    I found it that that the server had 5500 conections just before the network went down. The average is 100 -300

    What I was looking for is some solutions to prevent it from happning
     
  4. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16

    You might want to figure out what was causing the huge increase in connections to the server. Once you have that piece of information you can figure out a solution from preventing it in the future.
     
  5. inertz

    inertz Member

    Joined:
    Nov 24, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oklahoma City, Oklahoma, United States
    I face the same issue...
    If you ping... it will give you time out...
    If you stop the httpd the ping just fine....

    However i manage to solve it by restarting the server..

    I compare between before and after restart...

    [root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l
    34346

    [root@svr6 ~]# cat /proc/net/ip_conntrack | wc -l
    899
     
  6. bazzii

    bazzii Member

    Joined:
    Jun 17, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!

    To print current limit type:
    # sysctl net.ipv4.netfilter.ip_conntrack_max

    Output:

    8192

    To increase this limit to e.g. 12000, type:
    # sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000

    Alternatively, add the following line to /etc/sysctl.conf file:
    net.ipv4.netfilter.ip_conntrack_max=12000

    The following will tell you how many sessions are open right now:
    # wc -l /proc/net/ip_conntrack

    Output:

    5000 /proc/net/ip_conntrack
     
  7. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    I have also faced the same type of issues. I have just installed configserver firewall on server which has fixed the issue.
     
Loading...

Share This Page