RHEL: TCP sockets are gone but nf_conntrack entry remains

Solution In Progress - Updated -

Issue

  • The nf_conntrack table is getting filled and “kernel: nf_conntrack: table full" messages are observed in /var/log/messages.
  • Because of this, call drops are observed – It was recovered by performing node switch over. But still net.netfilter.nf_conntrack_count is still increasing at high rate.

Environment

  • Red Hat Enterprise Linux
    • RHEL6 and RHEL7
  • nf_conntrack
  • Ipv4 or Ipv6
  • TCP

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content