We recently had a problem with one of our servers (Debian Squeeze) becoming unresponsive during heavy-ish load. Looking at the kernel logs, I think this is the cause:
kernel: nf_conntrack: table full, dropping packet
As I understand it, this is the conntrack module, which does some stateful tracking of connection, reporting that the table used to store the connection details is full.
From the research I have done, there seem to be two ways to mitigate this:
Increase size of the table.
Remove the module from the system altogether.
However, neither /proc/sys/net/ipv4/ip_conntrack_max
nor /proc/sys/net/ipv4/netfilter/ip_conntrack_max
exist on this machine (there is no ipv4
catalogue under net
).
If I do lsmod
I get no results.
So, I'm a bit confused - perhaps someone could clarify the situation for me?
- Is conntrack installed? If so, where are the settings? And why doesn't it show up in lsmod?
- If conntrack is not installed, what is issuing the table full messages?
Thank you