Version
Cb Response 6.X (Large Clusters)
Issue
In 6.1, the sensor check-in pipeline was greatly improved allowing for an increase check-in interval. Many additional improvements were that also increased inter-node communications. This increase in communications (connections) required the OS to manage more connections. In certain scenarios and in larger deployments, the OS Netfilter connection tracking were getting maxed out. This is causing connection to be dropped, which is causing issues loading UI pages, resulting in the perception of slow UI performance.
Symptoms
/var/log/messages
kernel: nf_conntrack: table full, dropping packet |
Solution
Workaround
Increase nf_conntrack_max setting:
- Check current settings
| cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max |
or
| /sbin/sysctl -a|grep -i nf_conntrack_max |
- Check current connections tracked
| /sbin/sysctl net.netfilter.nf_conntrack_count |
- If connection max are met or close:
- Increase connection tracking max to 262144
| sysctl -w net.netfilter.nf_conntrack_max=262144 |
- Update hashsize proportionally with nf_conntrack_max change (new value should be nf_conntrack_max/4)
| echo 65536 > /sys/module/nf_conntrack/parameters/hashsize |
- Save changes permanently
- Modify or add the following line item to /etc/sysctl.conf:
| net.netfilter.nf_conntrack_count = 262144 |
