nf_conntrack: table full, dropping packet
Issue
In kern.log, there are many logs like nf_conntrack: table full, dropping packets.
Check related parameter
sysctl -a | grep conntrack
cat /proc/net/nf_conntrack
# Check nf_conntrack_buckets hash table size
cat /proc/sys/net/netfilter/nf_conntrack_buckets
# Check how many active connections are being tracked
cat /proc/sys/net/netfilter/nf_conntrack_count
# Check the current max value of nf_conntrack
cat /proc/sys/net/netfilter/nf_conntrack_max
Fix
sysctl -w net.netfilter.nf_conntrack_max=1048576
echo 262144 > /sys/module/nf_conntrack/parameters/hashsize
echo 1048576 > proc/sys/net/netfilter/nf_conntrack_max
sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
and also add into /etc/sysctl.conf
net.netfilter.nf_conntrack_max = 1048576
net.netfilter.nf_conntrack_tcp_timeout_established = 3600
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60