On 12/27/2009 06:56 PM, Thomas Rieschl wrote:
Hello!
Sometimes I get a lot of those lines in my syslog:
ip_conntrack: table full, dropping packet
And sometimes my server hangs because of that.
I want to prevent those system downtimes, and I want to track the source
of this error.
apache, postfix,... don't cause that much connections, so I thought of NTP.
The /proc/sys/net/ipv4/ip_conntrack_max is set to 16896.
Is it possible that I get more than 16896 connections from my NTP?
I tried logging the state count relating to ntp:
http://n1.taur.dk/ntpscan.png
It reaches 18000 sometimes with a state lifetime of 240 seconds, so yes
it is possible.
17000 of those are turk telecom.
The figure for peak packets per second found on pool.ntp.org is a bit
out of date - I now get regular 300-500 pps peaks.
http://n1.taur.dk/ntppool.png
I'm having the state-count problem myself, which is why I have the above
monitoring going; The firewall (monowall) between the internet and my
free rackspace and power sometimes hits the limit, affecting other
things. And putting a dumb stateless router in front of it is
non-trivial, since the outside wan address is used for pptp and 6to4.
/Kasper Pedersen
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
