Having slow network performances, packet loss and noticed this message in the logs or dmesg output under heavy load on your Linux box?
ip_conntrack: table full, dropping packet
This is because you reach the limit set for connection tracking.
To display the current usage, use the following command :
wc -l /proc/net/ip_conntrack
In such case, you might want to increase the value (default is 65536) :
echo 131072 > /proc/sys/net/ipv4/ip_conntrack_max
This will make the value increased instantaneously on your system. It won’t survive to the next reboot, so you need to add this new setting to sysctl :
sysctl -w net.ipv4.netfilter.ip_conntrack_max=131072
CAUTION : Do not play blindly applying this setting. Each connection take around 350 Bytes of memory on your system. Make sure to have enough available memory before doing it.