Access official resources from Carbon Black experts
Cb Response 6.X (Large Clusters)
In 6.1, the sensor check-in pipeline was greatly improved allowing for an increase check-in interval. Many additional improvements were that also increased inter-node communications. This increase in communications (connections) required the OS to manage more connections. In certain scenarios and in larger deployments, the OS Netfilter connection tracking were getting maxed out. This is causing connection to be dropped, which is causing issues loading UI pages, resulting in the perception of slow UI performance.
/var/log/messages
kernel: nf_conntrack: table full, dropping packet
Increase nf_conntrack_max setting:
or
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
/sbin/sysctl -a|grep -i nf_conntrack_max
/sbin/sysctl net.netfilter.nf_conntrack_count
sysctl -w net.netfilter.nf_conntrack_max=262144
echo 65536 > /sys/module/nf_conntrack/parameters/hashsize
net.netfilter.nf_conntrack_count = 262144
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.