nf_conntrack: table full, dropping packet
-
jww - Member
- Posts: 22
- Joined: Wed Aug 12, 2015 12:32 pm
- Location: Marshall, NC
- Has thanked: 14 times
- Been thanked: 4 times
nf_conntrack: table full, dropping packet
We occasionally get nf_conntrack: table full, dropping packet log entries on our DC switches. What does this mean in the context of Netonix switches?
-
sirhc - Employee
- Posts: 7416
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: nf_conntrack: table full, dropping packet
Helps to know what firmware version your using?
Please always report firmware version.
Please always report firmware version.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
sirhc - Employee
- Posts: 7416
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: nf_conntrack: table full, dropping packet
This happens when your IPtables or CSF firewall is tracking too many connections.
This can happen when you are being attacked, or is also very likely to happen on a busy server even if there is no malicious activity.
Now keep in mind this is an error being reported by the Linux server running on the switch that handles the UI/CLI and some other daemons not the switch core itself.
This could be caused by a DOS attack or it could be that you have a very large flat network and one of the Discovery protocols is getting a large number of packets?
You could try disabling the discovery protocols and see if it goes away.
Is this switch on a non routable IP? If so and it was an attack on the IP of the switch it would be coming from somewhere inside your network.
This can happen when you are being attacked, or is also very likely to happen on a busy server even if there is no malicious activity.
Now keep in mind this is an error being reported by the Linux server running on the switch that handles the UI/CLI and some other daemons not the switch core itself.
This could be caused by a DOS attack or it could be that you have a very large flat network and one of the Discovery protocols is getting a large number of packets?
You could try disabling the discovery protocols and see if it goes away.
Is this switch on a non routable IP? If so and it was an attack on the IP of the switch it would be coming from somewhere inside your network.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
jww - Member
- Posts: 22
- Joined: Wed Aug 12, 2015 12:32 pm
- Location: Marshall, NC
- Has thanked: 14 times
- Been thanked: 4 times
Re: nf_conntrack: table full, dropping packet
Thanks, this doesn't happen often, but I was just curious. It's happened on every version of firmware we've used up to the latest RC.
4 posts
Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 64 guests