Sysctl and ip_conntrack_max optimization

On a busy webserver, you have to be very careful that you don’t run out of connection tracking buckets.

Check how many you have set as your max:

/sbin/sysctl net.ipv4.ip_conntrack_max

Check how many you’re using:

wc -l /proc/net/ip_conntrack

A good maximum setting for most web servers with at least 2Gb RAM is 65536. Change the setting and lock it in (Redhat variants):

echo "net.ipv4.ip_conntrack_max = 65535" >> /etc/sysctl.conf
/sbin/sysctl -w

3 Responses to Sysctl and ip_conntrack_max optimization

  1. amir says:

    please note:
    running the command: echo “net.ipv4.ip_conntrack_max = 65535” > /etc/sysctl.conf
    will overwrite any other settings in sysctl.conf file.
    should be :
    echo “net.ipv4.ip_conntrack_max = 65535” >> /etc/sysctl.conf

    1. Randy says:

      Thanks for the catch! Post updated.

  2. Sosh says:

    wc -l /proc/net/ip_conntrack
    On debian 8 gives me:
    wc: /proc/net/ip_conntrack: No such file or directory