IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

6.1.0 CD UI Performance and Sensor Comms Issues due to OS Netfilter Connection Tracking Max Reached

6.1.0 CD UI Performance and Sensor Comms Issues due to OS Netfilter Connection Tracking Max Reached


Cb Response 6.X (Large Clusters)


In 6.1, the sensor check-in pipeline was greatly improved allowing for an increase check-in interval. Many additional improvements were that also increased inter-node communications. This increase in communications (connections) required the OS to manage more connections. In certain scenarios and in larger deployments, the OS Netfilter connection tracking were getting maxed out. This is causing connection to be dropped, which is causing issues loading UI pages, resulting in the perception of slow UI performance.



kernel: nf_conntrack: table full, dropping packet



Increase nf_conntrack_max setting:

  1. Check current settings
    cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
    /sbin/sysctl -a|grep -i nf_conntrack_max
  2. Check current connections tracked
    /sbin/sysctl net.netfilter.nf_conntrack_count
  3. If connection max are met or close:
    1. Increase connection tracking max to 262144
      sysctl -w net.netfilter.nf_conntrack_max=262144
    2. Update hashsize proportionally with nf_conntrack_max change (new value should be nf_conntrack_max/4)
      echo 65536 > /sys/module/nf_conntrack/parameters/hashsize
  4. Save changes permanently
    1. Modify or add the following line item to /etc/sysctl.conf:
      net.netfilter.nf_conntrack_count = 262144
Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: