查看/var/log/messages日志,提示“ip_conntrack: table full, dropping packet”

ip_conntrack: table full, dropping packet的问题

新上的一台服务器在有大量连接的时候出现如下提示
Oct 22 22:11:59 ha2 kernel: printk: 160 messages suppressed.
Oct 22 22:11:59 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:11:59 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:03 ha2 kernel: printk: 514 messages suppressed.
Oct 22 22:12:03 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:08 ha2 kernel: printk: 255 messages suppressed.
Oct 22 22:12:08 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:12 ha2 kernel: printk: 498 messages suppressed.
Oct 22 22:12:12 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:17 ha2 kernel: printk: 876 messages suppressed.
Oct 22 22:12:17 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:22 ha2 kernel: printk: 924 messages suppressed.
Oct 22 22:12:22 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:27 ha2 kernel: printk: 936 messages suppressed.
Oct 22 22:12:27 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:32 ha2 kernel: printk: 959 messages suppressed.
Oct 22 22:12:32 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:37 ha2 kernel: printk: 898 messages suppressed.
Oct 22 22:12:37 ha2 kernel: ip_conntrack: table full, dropping packet.

查看系统ip_conntrack_max大小
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536

这个值太小了

增大其值

vi /etc/sysctl.conf

net.ipv4.ip_conntrack_max=6553600
net.ipv4.netfilter.ip_conntrack_max=6553600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120

sysctl -p

让其生效

 

您可以选择一种方式赞助本站

支付宝转账赞助

支付宝扫一扫赞助

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

图片 表情