lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

Showing posts with label nf_conntrack: table full. Show all posts
Showing posts with label nf_conntrack: table full. Show all posts

CentOS 6.3 64bit : nf_conntrack: table full, dropping packet.


# cat /etc/centos-release ; uname -ri
CentOS release 6.3 (Final)
2.6.32-279.11.1.el6.x86_64 x86_64

# dmesg
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.


You can check how many sessions are opend from /proc/net/nf_conntrack.
# head -1 /proc/net/nf_conntrack
ipv4     2 udp      17 171 src=192.168.11.1 dst=192.168.11.2 sport=45669 dport=53 src=192.168.11.2 dst=192.168.11.1 sport=53 dport=45669 [ASSURED] mark=0 secmark=0 use=2

# wc -l /proc/net/nf_conntrack
34775 /proc/net/nf_conntrack


increase # of nf_conntrack_max. ( default is 65535 )
# cat /proc/sys/net/nf_conntrack_max
65535


Please note that the directory path to “nf_conntrack_max” would differ from Linux distributions , versions.

increase the # of  “nf_conntrack_max”
# echo 100000 > /proc/sys/net/nf_conntrack_max
# cat /proc/sys/net/nf_conntrack_max
100000


permanently set the value.
# tail -1 /etc/sysctl.conf
net.nf_conntrack_max = 100000
No comments:
Labels: ,

kernel error : nf_conntrack: table full, dropping packet.


# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 10.10"

# uname -a
2.6.35-25-server #44-Ubuntu SMP Fri Jan 21 19:09:14 UTC 2011 x86_64 GNU/Linux


I saw the following errors on my DNS Server runnning unbound.

/var/log/message
kernel: [96324.941657] nf_conntrack: table full, dropping packet.

or you can also see same messages via dmesg
# dmesg | tail -1
[96324.941657] nf_conntrack: table full, dropping packet.


This seems to be caused by a full “iptables connection_table” due to DDoS , a huge amount of traffic.
You may solve this by increasing “ip_conntrack_max” if you have enough Memory available.

the default value is:
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536


This value is 32bit integer.

increase this value w/ sysctl command
# sysctl -w net.netfilter.nf_conntrack_max=131072
net.netfilter.nf_conntrack_max = 131072


or edit sysctl.conf to reflect permanently
# egrep conntrack /etc/sysctl.conf
net.netfilter.nf_conntrack_max=131072


In my case , after increasing that value from 65536 to 131072 , I haven’t seen above errors :)
2 comments:
Labels: , ,
Subscribe to: Posts (Atom)