Attending

iFX EXPO International 2022Meet our Forex Hosting Specialists

Book a Meeting
How To Fix Error nf_conntrack table full dropping packet in Linux Servers

How To Fix Error nf_conntrack table full dropping packet in Linux Servers

NetShop ISP

NetShop ISP · Blog Author

Jan 20, 2022 · Tutorials

In this article we will help you resolve an issue which can come up on Linux CentOS servers that creates network flapping and packet loss.

Issue

During network monitoring of one of our customers’ servers we detected a network flapping. Accessing the server via ssh was not possible (due to the heavy network usage) so we connected to it via iDRAC.

The following messages were seen in /var/log/messages (they may also appear in /var/log/kern):

$ tail -f /var/log/messages
Jan  14 02:11:05 centos kernel: : nf_conntrack: table full, dropping packet
Jan  14 02:11:09 centos kernel: : nf_conntrack: table full, dropping packet

A server can enter this panic state in cases that it’s under a DDoS attack or very likely to happen when there are a lot of network connections. Our client’s server was used for virtualization so one or more Virtual machines happened to generate a lot of network packets.

CentOS servers, by default, allow 65,536 connections. This limit is enough for lightly loaded servers, but it can be exhausted on high traffic servers.

How To Fix

During a disaster it is important to remain calm. Below you can read how to mitigate this issue and resolve the network flapping. We provide the solution for both CentOS 6 and CentOS 7 environments.

Solution for CentOS 6

Step 1: Check value of nf_conntrack_max

Run the following command to check the value of nf_conntrack_max:

$ sysctl net.netfilter.nf_conntrack_max

Step 2: Check number of active connections

$ cat /proc/sys/net/netfilter/nf_conntrack/count

If the value of nf_conntrack_max is reached, then the server is dropping packets already.

Step 3: Increase value for nf_conntrack_max *

$ sysctl -w net.netfilter.nf_conntrack_max=2097152

To make the above change persistent after reboot, do this:

$ echo "net.netfilter.nf_conntrack_max=2097152" >> /etc/sysctl.conf

* To properly calculate the ideal nf_conntrack_max value, use the following formula:

CONNTRACK_MAX = RAM_MEMORY_SIZE (in bytes) / 16384 / 2

Step 4: Restart Iptables

$ service iptables restart && service iptables save

Solution for CentOS 7

Step 1: Increase size of has table for conntrack connections *

$ echo "options nf_conntrack expect_hashsize=131072 hashsize=131072" >> /etc/modprobe.d/firewalld-sysctls.conf

* To calculate the new hash value use this formula:

HASHSIZE = CONNTRACK_MAX / 4

Step 2: Restart Firewalld

$ systemctl restart firewalld

Step 3: Verify new nf_conntrack_max value

$ sysctl -a | grep nf_conntrack_max

Related Articles

Categories

Backup
6
Business Continuity
4
Cloud Hosting
9
Colocation
4
Company Updates
1
Cryptocurrencies
1
Data Centers
11
Dedicated Servers
3
Disaster Recovery
2
Forex
15
Gaming
1
iGaming
29
Industry News
31
Interviews
7
Joomla
9
Magento
4
Managed Services
1
Press Releases
48
Product News
6
Resellers
1
Security
22
Streaming
1
Tech Startups
12
Tutorials
34
Uncategorized
390
Vps Hosting
9
Web Design & Development
3
Web Hosting
41
Webinars
1
Wordpress
14

Free VPS Trial

No Credit Card Required.

Recent Posts

Forex Broker Latency Results Published: Scandinavian Capital Markets

Forex Broker Latency Results Published: Scandinavian Capital Markets

16 May, 2022

NetShop ISP named Best iGaming Hosting Provider in the Baltics 2022

NetShop ISP named Best iGaming Hosting Provider in the Baltics 2022

13 May, 2022

Celebrating Titanium SSL Partner Status with Huge Discounts

Celebrating Titanium SSL Partner Status with Huge Discounts

05 May, 2022

NetShop ISP Launch One-click Deployment for cTrader VPS

NetShop ISP Launch One-click Deployment for cTrader VPS

02 May, 2022

7 Best Practices to Prevent a DDoS Attack in 2022

7 Best Practices to Prevent a DDoS Attack in 2022

20 April, 2022

Products

Bare Metal Dedicated Servers

Virtual Servers (VPS / VDS)

Rack Space & Colocation Hosting

Fast Web Hosting

Cloud Backup

Premium DNS Hosting

Resources

Blog

Videos

Events

APIConnect

WhitepapersNew

Company

About Us

CareersNew

Awards & Honours

Become a Partner

Contact Us

#letushostyou

Award Winning Hosting Provider with a Customer-centric approach to Business and an Open Source Mindset regarding Solutions and Products Development.

Est. 2004, Larnaca – Cyprus


About

Legal Address: 2A, Marathonos, Livadhia, 7060, Cyprus

Operations Office: 120, Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca, 6031, Cyprus

Company Reg: HE 217340
EU VAT Number: CY10217340J
ISO 9001:2015: No. QS.21.038

International Phone: +357 2425 0808