ip_conntrack_max table full dropping packets

If you notice the above message in syslog, it looks like the conntrack database doesn’t have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system’s maximum memory size.

Some symptoms can be:

  • Slow web-interface, or cannot connect at all to web interface
  • Slowing transfer of data, e.g. browsing, after a reboot
  • Not responding to ping

When this ‘slowdown’ occurs and the machine doesn’t respond to pings nor Web Interface requests, you still can check what’s going on:

Login to machine and check if your problem is caused by TCP or UDP connections.
From the Console:

# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
# grep -c ^tcp /proc/net/ip_conntrack
# grep -c ^udp /proc/net/ip_conntrack

You may also view syslog messages:

# cat /var/log/messages

  1. First, you’ll see ‘full, dropping packet.’ messages followed by ‘messages suppressed.’
  2. Eventually, it will get verbose and you’ll see logs similar to the following :

kernel: ip_conntrack: table full, dropping packet.
kernel: NET: 15 messages suppressed.
kernel: ip_conntrack: table full, dropping packet.
kernel: NET: 12 messages suppressed.

You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!
To increase this limit to e.g. 12000, type:

sysctl -w net.ipv4.netfilter.ip_conntrack_max=12000

Alternatively, add the following line to /etc/sysctl.conf file:


The following will tell you how many sessions are open right now:

# wc -l /proc/net/ip_conntrack


5000 /proc/net/ip_conntrack

Be the first to comment

Leave a Reply

Your email address will not be published.


CommentLuv badge