found that ECS Linux Server intermittent packet loss, through Tracert, MTR and other means to troubleshoot, the external network has not seen an exception.
June 15:20:23 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:24 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:24 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
June 15:20:25 web3 kernel:nf_conntrack:table full, dropping packet.
ip_conntrack is a module that tracks connection entries for NAT within a Linux system. The Ip_conntrack module uses a hash table to record the established connection records of the TCP protocol, which results in nf_conntrack:table full when the hash table fills up, dropping Packet error.
Users can try to adjust the ip_conntrack limit by modifying the following kernel parameters. The operating methods are summarized as follows:
1. under Terminal, enter the following command to edit the system kernel configuration:
# vi/etc/sysctl.conf
2. Set or modify the following parameters:
#哈希表项最大值
net.ipv4.netfilter.ip_conntrack_max = 655350
#超时时间, by default timeout is 5 days (432,000 seconds)
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 1200
3. enter the following command under terminal to make the above configuration effective:
#sysctl-P
in centos 6.x is
1. Under Terminal, enter the following command to edit the system kernel configuration:
# vi/etc/sysctl.conf
2. Set or modify the following parameters:
#哈希表项最大值
net.netfilter.nf_conntrack_max = 655350
#超时时间, by default timeout is 5 days (432,000 seconds)
net.netfilter.nf_conntrack_tcp_timeout_established = 1200
3. enter the following command under terminal to make the above configuration effective:
Linux NAT Hash table full causes server to drop packets