Nasser Heidari


Packet Lost on Linux Server !

Filed under: Linux — Nasser Heidari @ 13:05

Today Our NOC team report packet lost on my Linux server, I start to check problem by pinging my server from connected router and got this result :

router#ping linux-server repeat 1000

Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to linux-server, timeout is 2 seconds:
Success rate is 97 percent (579/596), round-trip min/avg/max = 1/1/4 ms

as you can see Success rate is 97 percent , and i have 3% packet lost from Connected router !

after login to server , I saw this messages on syslog :

Feb 5 12:49:31 linux kernel: ip_conntrack: table full, dropping packet.

[root@linux ~]# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 65,536

It looks like the conntrack database doesn’t have enough entries for your environment. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system’s maximum memory size.

You can easily increase the number of maximal tracked connections, but be aware that each tracked connection eats about 350 bytes of non-swappable kernel memory!

To increase this limit :

[root@linux ~]# echo "net.ipv4.netfilter.ip_conntrack_max = 131072" >> /etc/sysctl.conf [root@linux ~]# sysctl -p

Create a free website or blog at