"kernel: nf_conntrack: table full, dropping packets" on Oracle Linux 5 with UEK (Doc ID 1600601.1)

Last updated on OCTOBER 25, 2020

Applies to:

Symptoms

Under high user load of around 5000 users (and above), the following error messages can be seen in /var/log/messages:

...
Sep 11 23:30:26 <HOSTNAME> kernel: __ratelimit: 567 callbacks suppressed
Sep 11 23:30:26 <HOSTNAME> kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:26 <HOSTNAME> last message repeated 9 times
Sep 11 23:30:31 <HOSTNAME> kernel: __ratelimit: 925 callbacks suppressed
Sep 11 23:30:31 <HOSTNAME> kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:31 <HOSTNAME> last message repeated 9 times
Sep 11 23:30:36 <HOSTNAME> kernel: __ratelimit: 733 callbacks suppressed
Sep 11 23:30:36 <HOSTNAME> kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:36 <HOSTNAME> last message repeated 9 times
Sep 11 23:30:41 <HOSTNAME> kernel: __ratelimit: 1435 callbacks suppressed
Sep 11 23:30:41 <HOSTNAME> kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:41 <HOSTNAME> last message repeated 9 times
Sep 11 23:30:46 <HOSTNAME> kernel: __ratelimit: 1135 callbacks suppressed
Sep 11 23:30:46 <HOSTNAME> kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:46 <HOSTNAME> last message repeated 9 times
Sep 11 23:30:51 <HOSTNAME> kernel: __ratelimit: 902 callbacks suppressed
Sep 11 23:30:51 <HOSTNAME> kernel: nf_conntrack: table full, dropping packet.
Sep 11 23:30:51 <HOSTNAME> last message repeated 9 times
Sep 11 23:30:56 <HOSTNAME> kernel: __ratelimit: 1019 callbacks suppressed
...

Even though both iptables and ip6tables were switched off and ipt_MASQUERADE is an iptables module, lsmod output shows:

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.