Sysctl and ip_conntrack_max optimization

On a busy webserver, you have to be very careful that you don’t run out of connection tracking buckets.

Check how many you have set as your max:

/sbin/sysctl net.ipv4.ip_conntrack_max

Check how many you’re using:

wc -l /proc/net/ip_conntrack

A good maximum setting for most web servers with at least 2Gb RAM is 65536. Change the setting and lock it in (Redhat variants):

echo "net.ipv4.ip_conntrack_max = 65535" >> /etc/sysctl.conf
/sbin/sysctl -w

3 Responses to Sysctl and ip_conntrack_max optimization

  1. amir says:

    please note:
    running the command: echo “net.ipv4.ip_conntrack_max = 65535” > /etc/sysctl.conf
    will overwrite any other settings in sysctl.conf file.
    should be :
    echo “net.ipv4.ip_conntrack_max = 65535” >> /etc/sysctl.conf

    1. Randy says:

      Thanks for the catch! Post updated.

  2. Sosh says:

    wc -l /proc/net/ip_conntrack
    On debian 8 gives me:
    wc: /proc/net/ip_conntrack: No such file or directory

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Anti-Spam Quiz: