Apache connections dropped by Haproxy

Many times on RHEL, haproxy is not reliable it gives an errors while connecting to apache backend, at that time it logs the following errors into /var/log/messages

kernel: ip_conntrack: table full, dropping packet

this is related to ip_conntrack kernel module.

If found this error message into /var/log/messages need to apply following steps

1)

[root@sandbox ~]# sysctl -w net.ipv4.netfilter.ip_conntrack_max = 8388608

Now before applying the 2nd step, place the ip_conntrack_max setting is into /etc/sysctl.conf

grep ip_conntrack /etc/sysctl.conf

if its found then apply 2nd step or edit the /etc/sysctl.conf and add the below line at the end of file and save it then go for 2nd step

(the value is compare to your RAM and set it to below)

net.ipv4.netfilter.ip_conntrack_max = 8388608

2) To apply the sysctl parameters run ‘sysctl -p’

[root@sandbox ~]# sysctl -p

3) Now check the ip_conntrack is logging the connections and not dropping any more

[root@sandbox ~]# cat /proc/slabinfo | grep connip_conntrack_expect 0 0 136 28 1 : tunables 120 60 8 : slabdata 0 0 0

ip_conntrack 216053 231335 304 13 1 : tunables 54 27 8 : slabdata 17795 17795 216

Below are the sysctl settings which can be used on RHEL server. Add the below in /etc/sysctl.conf so these survive the reboots. Also, after adding it run ‘sysctl -p’ to activate these

#Recommended Settings by Mohan

# Reuse sockets in the time-wait state
net.ipv4.tcp_tw_reuse = 1

# Widen local port range
net.ipv4.ip_local_port_range = 1024 65023

# Bump up TCP socket queuer to help with syn floods
net.ipv4.tcp_max_syn_backlog = 20480

# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 40000

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 400000

# Increase number of incoming connections backlog
net.core.somaxconn = 40000

# Increase TCP performance
net.ipv4.neigh.default.unres_qlen = 6
net.ipv4.neigh.default.proxy_qlen = 96

# Increase size of socket buffers
net.ipv4.tcp_mem = 4096 87380 8388608

# Set the minimum, initial, and maximum sizes for the write buffer.
#Note that this maximum should be less than or equal to the value set in net.core.wmem_max.
net.ipv4.tcp_wmem = 4096 87380 8388608

# Set the minimum, initial, and maximum sizes for the read buffer.
#Note that this maximum should be less than or equal to the value set in net.core.rmem_max.
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.rmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.netfilter.ip_conntrack_max = 8388608

Be the first to comment

Leave a Reply

Your email address will not be published.


*


CommentLuv badge