Netonix Forums

We occasionally get nf_conntrack: table full, dropping packet log entries on our DC switches. What does this mean in the context of Netonix switches?

Helps to know what firmware version your using?


Please always report firmware version.

This happens when your IPtables or CSF firewall is tracking too many connections.

This can happen when you are being attacked, or is also very likely to happen on a busy server even if there is no malicious activity.

Now keep in mind this is an error being reported by the Linux server running on the switch that handles the UI/CLI and some other daemons not the switch core itself.

This could be caused by a DOS attack or it could be that you have a very large flat network and one of the Discovery protocols is getting a large number of packets?

You could try disabling the discovery protocols and see if it goes away.

Is this switch on a non routable IP? If so and it was an attack on the IP of the switch it would be coming from somewhere inside your network.

Thanks, this doesn't happen often, but I was just curious. It's happened on every version of firmware we've used up to the latest RC.