DNS解析偶尔延迟,发生的时间都在早高峰上班时间。
看系统日志报错如下:
May 18 11:04:54 it-aa kernel: [3390259.778899] nf_conntrack: table full, dropping packet.
May 18 11:04:54 it-aa kernel: [3390259.836110] nf_conntrack: table full, dropping packet.
May 18 11:04:54 it-aa kernel: [3390259.838981] nf_conntrack: table full, dropping packet.
May 18 11:04:54 it-aa kernel: [3390259.838988] nf_conntrack: table full, dropping packet.
May 18 11:04:54 it-aa kernel: [3390259.856867] nf_conntrack: table full, dropping packet.
May 18 11:04:54 it-aa kernel: [3390259.857409] nf_conntrack: table full, dropping packet
原因:
状态防火墙的session表满了的error
解决方法:
echo ‘655360‘ > /proc/sys/net/nf_conntrack_max
sysctl.conf添加
net.nf_conntrack_max = 655360
执行sysctl -p
参考:http://blog.sina.com.cn/s/blog_541a3cf10101b3bj.html
原文地址:http://tenderrain.blog.51cto.com/9202912/1774656
