Nf_conntrack: table full, dropping packet solution

Nf_conntrack: table full, dropping packet solution

After the magent agent is added, the memcached test finds that if the concurrency is high and the number of connections to the database remains high, it is reasonable to say that as the key is saved to the cache, the number of connections should be gradually reduced, however, it is normal when the concurrency is low.

When memcached is started, the-vvv parameter is added to print the internal status information and view the log:

29: going from conn_parse_cmd to conn_write
29: going from conn_write to conn_new_cmd
29: going from conn_new_cmd to conn_waiting
29: going from conn_waiting to conn_read
28: going from conn_new_cmd to conn_waiting
28: going from conn_waiting to conn_read
28: going from conn_read to conn_closing

From the log, we can see that memcached closes the connection without accepting the command.

Then, the following information is displayed in the/var/log/messages log:

Kernel: nf_conntrack: table full, dropping packet

This is the error message of iptables. "The connection trace table is full and packet loss starts." Then, you can change the memcached connection to a short connection on the website. Because iptables records the tracking information of each connection, too frequently closed connections lead to full connection tracking tables and packet loss.

Solution:

First, change the connection method of memcached to persistent link, and then modify nf_conntrack. The following methods are used:

1. Disable Firewall

Chkconfig iptables off
Chkconfig ip6tables off
Service iptables stop
Service ip6tables stop

Note: Do not use iptables-L-vnx to view the status when the firewall is disabled! This causes the firewall to be started and the rule is empty. Although there will be no interception effect, all connection statuses will be recorded, which wastes resources and affects performance and may cause firewall packet loss!

2. Increase the size of the iptables tracking table and adjust the corresponding system parameters.

3. Use a bare table with no trace flag added

4. Delete the connection tracking module

For details about the modification process, refer to here.

This article permanently updates the link address: