ip_conntrack: table full, dropping packet的问题
新上的一台服务器在有大量连接的时候出现如下提示
Oct 22 22:11:59 ha2 kernel: printk: 160 messages suppressed.
Oct 22 22:11:59 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:11:59 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:03 ha2 kernel: printk: 514 messages suppressed.
Oct 22 22:12:03 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:08 ha2 kernel: printk: 255 messages suppressed.
Oct 22 22:12:08 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:12 ha2 kernel: printk: 498 messages suppressed.
Oct 22 22:12:12 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:17 ha2 kernel: printk: 876 messages suppressed.
Oct 22 22:12:17 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:22 ha2 kernel: printk: 924 messages suppressed.
Oct 22 22:12:22 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:27 ha2 kernel: printk: 936 messages suppressed.
Oct 22 22:12:27 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:32 ha2 kernel: printk: 959 messages suppressed.
Oct 22 22:12:32 ha2 kernel: ip_conntrack: table full, dropping packet.
Oct 22 22:12:37 ha2 kernel: printk: 898 messages suppressed.
Oct 22 22:12:37 ha2 kernel: ip_conntrack: table full, dropping packet.
查看系统ip_conntrack_max大小
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536
这个值太小了
增大其值
vi /etc/sysctl.conf
net.ipv4.ip_conntrack_max=6553600
net.ipv4.netfilter.ip_conntrack_max=6553600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
sysctl -p
让其生效
您可以选择一种方式赞助本站
支付宝转账赞助
