Description
Summary of Article
If AO has too many connections it may reject other TCP connection. This article will describe how to increase max connection value in AO in order to increase the amount of connections AO can take.
If you have this issue, you will see many error messages "kernel: ip_conntrack: table full, dropping packet.” in /var/log/messages file.
Steps
- Check the current connections:
CentOS 5 (VA 3.7.x)
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count (current number of iptable’s connection table)
cat /proc/sys/net/ipv4/ip_conntrack_max (max number connection table)
CentOS 6 (VA 4.x)
cat /proc/sys/net/netfilter/nf_conntrack_count
cat /proc/sys/net/netfilter/nf_conntrack_max
Our configuration default value is 65536
- To change this value, add following parameters:
CentOS 5
# emacs /etc/sysctl.conf
net.ipv4.netfilter.ip_conntrack_max = 131072
CentOS 6
# emacs /etc/sysctl.conf
net.nf_conntrack_max = 131072
Then, modify following file too.
# emacs /etc/sysconfig/iptables-config
IPTABLES_MODULES_UNLOAD="no"
VA executes phProvision script in init.d. Then, need to modify following files too. (e.g. for CentOS5 - VA version - 3.7.x)
/opt/phoenix/config/sys/etc/etc_sysctl.conf.el5x32
/opt/phoenix/config/sys/etc/etc_sysctl.conf.el5x64
- Perform the following to have the changes take effect:
service iptables restart
/sbin/sysctl -p
Additional Information
This should only be applied if you have run out of TCP connections
Version Application
ALL
