Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
litespeed_wiki:nf_conntrack_table_full [2015/07/17 19:31] Jackson Zhang |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== How to fix “nf_conntrack: table full, dropping packet.” issue ===== | ||
| - | during high traffic time, web site become much slower while low traffic is ok. a typical case is a download server, when there are many concurrent connections to download, many or all users feel much slower. one cause may be the linux conntrack table is full. | ||
| - | ==== Check ==== | ||
| - | #dmesg | tail | ||
| - | nf_conntrack: table full, dropping packet. | ||
| - | nf_conntrack: table full, dropping packet. | ||
| - | nf_conntrack: table full, dropping packet. | ||
| - | |||
| - | if you see above, then the issue of conntrack table full is confirmed. | ||
| - | |||
| - | #sysctl -a | grep conntrack | ||
| - | ... | ||
| - | net.netfilter.nf_conntrack_max = 65536 | ||
| - | net.netfilter.nf_conntrack_count = 68999 | ||
| - | net.netfilter.nf_conntrack_buckets = 16384 | ||
| - | ... | ||
| - | | ||
| - | #cat /sys/module/nf_conntrack/parameters/hashsize | ||
| - | 16384 | ||
| - | |||
| - | if nf_conntrack_count is close to nf_conntrack_max or even larger, the problem will occur. | ||
| - | |||
| - | ==== Action ==== | ||
| - | #sysctl -w net.netfilter.nf_conntrack_max=655360 | ||
| - | net.netfilter.nf_conntrack_max = 655360 | ||
| - | #echo 163840 > /sys/module/nf_conntrack/parameters/hashsize | ||
| - | |||
| - | ==== Permanent Change ==== | ||
| - | edit /etc/sysctl.conf, add following line: | ||
| - | net.netfilter.nf_conntrack_max=655360 | ||
| - | edit /etc/rc.local, add following line: | ||
| - | echo 163840 > /sys/module/nf_conntrack/parameters/hashsize | ||