"kernel: nf_conntrack: table full, dropping packets" on Oracle Linux 5 with UEK

Last updated on AUGUST 01, 2017

Applies to:

Symptoms

Under high user load of around 5000 users (and above), the following error messages can be seen in /var/log/messages:

...
Sep 11 23:30:26 vm-db-node1 kernel: __ratelimit: 567 callbacks suppressed
Sep 11 23:30:26 vm-db-node1 kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:26 vm-db-node1 last message repeated 9 times
Sep 11 23:30:31 vm-db-node1 kernel: __ratelimit: 925 callbacks suppressed
Sep 11 23:30:31 vm-db-node1 kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:31 vm-db-node1 last message repeated 9 times
Sep 11 23:30:36 vm-db-node1 kernel: __ratelimit: 733 callbacks suppressed
Sep 11 23:30:36 vm-db-node1 kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:36 vm-db-node1 last message repeated 9 times
Sep 11 23:30:41 vm-db-node1 kernel: __ratelimit: 1435 callbacks suppressed
Sep 11 23:30:41 vm-db-node1 kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:41 vm-db-node1 last message repeated 9 times
Sep 11 23:30:46 vm-db-node1 kernel: __ratelimit: 1135 callbacks suppressed
Sep 11 23:30:46 vm-db-node1 kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:46 vm-db-node1 last message repeated 9 times
Sep 11 23:30:51 vm-db-node1 kernel: __ratelimit: 902 callbacks suppressed
Sep 11 23:30:51 vm-db-node1 kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:51 vm-db-node1 last message repeated 9 times
Sep 11 23:30:56 vm-db-node1 kernel: __ratelimit: 1019 callbacks suppressed
...

Even though both iptables and ip6tables were switched off and ipt_MASQUERADE is an iptables module, lsmod output shows:

Cause