TIcket: UEO-349-18906

Sometimes we receive server UP and DOWN alerts. In order to find out what is the root cause we need to perform the steps below:

1. Check switch, if there’s any limit for pps
2. Check server with nload -m command to see the current bandwidth usage (we may also refer to MRTG graph)
3. Check apache access log, – in our case we found a huge number of requests towards the server.
4. Check dmesg, in our case we found the limit on kernel:


[4645641.140418] nf_conntrack: table full, dropping packet.
[4645641.140538] nf_conntrack: table full, dropping packet.
[4645641.140646] nf_conntrack: table full, dropping packet.
[4645641.144392] nf_conntrack: table full, dropping packet.
[4645641.144682] nf_conntrack: table full, dropping packet.
[4645641.145782] nf_conntrack: table full, dropping packet.

5. In order to fix the issue, we need to increase the limit for nf_conntrack_max


root@localgh:~# cat /proc/sys/net/netfilter/nf_conntrack_max #see the current limit

root@localgh:~# echo 524288 > /proc/sys/net/netfilter/nf_conntrack_max #increase the limit


In order to make these changes permanent,we add the following line to /etc/rc.local:

echo 524288 > /proc/sys/net/netfilter/nf_conntrack_max

6. Check on the logs, the problem shouldn’t persist.