solved!
Creator: Wu Zishan
When checking the server log #tailf /var/log/message, I found that there are many such errors:
kernel: nf_conntrack: table full, dropping packet
The connection of the service is abnormal, and the connection between the client and the server cannot be established.
Cause of packet loss: The server has too many visits, and the related parameters of the kernel iptables tracking table nf_conntrack are unreasonably configured, resulting in the loss of IP packets and the failure to establish tcp connections
Solution:
①Packet loss first consider the firewall problem, check that the firewall is closed;
②Consider the current number of tracking connections and the maximum number of tracking connections of the netfilter module in the iptables tracking table (packet loss is mostly related to the number of tracking connections), and see if the limit is exceeded:
Use the command to view: sysctl -a | grep conntrack
compare
net.netfilter.nf_conntrack_count 和 net.netfilter.nf_conntrack_max
net.netfilter.nf_conntrack_max The maximum number of tracked connections defaults to 65536
I found that the number of connections on my 133 machine reached 260,000, but the maximum number of connections was only set to 80,000. The
best hash range is 262144 ~ 1048576