For busy servers, ip_conntrack can fill up quickly and must be monitored or you will get intermittent packet drops. Check var/log/messages for these error messages. Couple values can be adjusted to the kernel:
more /proc/sys/net/ipv4/netfilter/ip_conntrack_count more /proc/sys/net/ipv4/netfilter/ip_conntrack_max => count should be less than max, if it's near the maximum value, increase max more /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established => default 5 days, might want to lower it echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose
Leave a Reply