packet loss *please help, sites down*

I_AM · 06-11-2008, 02:12 PM

Having issues on my Centos / cpanel box.

Code:

root@server [~]# ps -auxf |grep httpd
 Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
 root     21816  0.0  0.0  4756  724 pts/1    S+   14:05   0:00                      \_ grep httpd
 root     19702  0.0  0.3 46800 14580 ?       SNs  13:53   0:00 /usr/local/apache/bin/httpd -k start -DSSL
 root     19709  0.0  0.1 22804 7784 ?        SN   13:53   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   20418  0.6  0.4 48184 18908 ?       SN   14:01   0:01  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   20420  0.2  0.4 48292 17792 ?       SN   14:01   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   20427  0.3  0.4 48296 18192 ?       SN   14:01   0:01  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21663  0.6  0.5 48728 21880 ?       SN   14:02   0:01  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21667  0.2  0.4 48216 19304 ?       SN   14:02   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21668  0.1  0.3 47828 15048 ?       SN   14:02   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21669  0.4  0.4 48208 17756 ?       SN   14:02   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21674  0.1  0.3 47948 15904 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21686  0.4  0.5 48548 21208 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21688  0.1  0.3 47824 15028 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21689  0.4  0.5 48604 21996 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21701  0.2  0.3 47824 15036 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21702  0.3  0.4 48092 17732 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21703  0.2  0.3 47824 15520 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21704  0.2  0.3 47908 15340 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21705  0.5  0.4 48052 18624 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21707  0.1  0.3 47824 15036 ?       SN   14:03   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21724  0.6  0.3 47824 15400 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21732  0.1  0.3 47824 15396 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21733  0.1  0.3 47832 15380 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21736  0.1  0.3 47824 15028 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21738  0.1  0.3 47824 15380 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21739  0.5  0.4 48320 19424 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21740  1.2  0.4 48532 20252 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21741  0.2  0.5 51992 22108 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21742  0.6  0.3 47832 15384 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21743  0.1  0.3 47824 15020 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21744  1.1  0.3 47824 15352 ?       SN   14:04   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21805  0.8  0.4 48312 17692 ?       SN   14:05   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL
 nobody   21814  0.2  0.3 47824 14932 ?       SN   14:05   0:00  \_ /usr/local/apache/bin/httpd -k start -DSSL

Code:

root@server [~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
      14 84.254.189.64
       8 76.229.163.66
       5 74.6.18.251
       4 80.248.176.136
       4 24.106.187.61
       4 216.215.213.86
       4 213.42.21.61
       4 208.27.123.54
       4 
       3 89.231.204.143
       3 68.155.200.108
       3 200.201.164.26
       3 192.156.52.34
       3 166.102.162.250
       2 89.111.228.127
       2 88.89.134.212
       2 87.14.100.98
       2 79.72.133.105
       2 74.6.22.125
       2 72.189.166.163
       2 71.72.140.14
       2 68.16.225.194
       2 67.195.37.94
       2 65.80.23.104
       2 63.64.53.2
       2 63.240.134.230
       2 205.178.190.97
       2 202.1.192.10
       1 servers)
       1 Address
       1 98.211.4.230
       1 98.20.163.65
       1 89.108.2.162

root@server [~]# wc -l /proc/net/ip_conntrack
wc: /proc/net/ip_conntrack: No space left on device
1878 /proc/net/ip_conntrack

Code:

root@server [~]# df -h
 Filesystem            Size  Used Avail Use% Mounted on
 /dev/sda3             273G   60G  200G  23% /
 /dev/sda1              99M   51M   43M  55% /boot
 none                  2.0G     0  2.0G   0% /dev/shm
 /dev/sdb1             276G   59G  203G  23% /backup
 /usr/tmpDSK           2.5G   43M  2.3G   2% /tmp
 /tmp                  2.5G   43M  2.3G   2% /var/tmp

Code:

root@server [~]# tail -f /var/log/messages
Jun 11 14:09:35 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:12:3f:20:e0:e8:00:14:f2:c7:f1:80:08:00 SRC=97.102.167.110 DST=147.202.66.19 LEN=80 TOS=0x00 PREC=0x00 TTL=114 ID=2369 PROTO=UDP SPT=500 DPT=500 LEN=60 
Jun 11 14:09:39 server kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:12:3f:20:e0:e8:00:14:f2:c7:f1:80:08:00 SRC=97.102.167.110 DST=147.202.66.19 LEN=80 TOS=0x00 PREC=0x00 TTL=114 ID=2418 PROTO=UDP SPT=500 DPT=500 LEN=60 
Jun 11 14:09:40 server kernel: printk: 150 messages suppressed.
Jun 11 14:09:40 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:09:45 server kernel: printk: 151 messages suppressed.
Jun 11 14:09:45 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:09:50 server kernel: printk: 119 messages suppressed.
Jun 11 14:09:50 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:09:55 server kernel: printk: 163 messages suppressed.
Jun 11 14:09:55 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:10:00 server kernel: printk: 124 messages suppressed.
Jun 11 14:10:00 server kernel: ip_conntrack: table full, dropping packet.
Jun 11 14:10:05 server kernel: printk: 168 messages suppressed.
Jun 11 14:10:05 server kernel: ip_conntrack: table full, dropping packet.

root@server [~]# uname -a
Linux server.domain.com 2.6.9-67.0.15.ELsmp #1 SMP Thu May 8 10:52:19 EDT 2008 i686 i686 i386 GNU/Linux

root@server [~]# wc -l /proc/net/ip_conntrack
wc: /proc/net/ip_conntrack: No space left on device
1883 /proc/net/ip_conntrack

root@server [~]# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 75000

TB0ne · 06-11-2008, 02:38 PM

From a quick Google search:
-------------------------------------------------------
# This tell you how many sessions are open right now.

cat /proc/net/ip_conntrack | wc -l

# This tells you the maximum number of conntrack entries you can have in
total

cat /proc/sys/net/ipv4/ip_conntrack_max

Once the previous number hits beyond the latter, you should start seeing
these messages. I would increase the latter number by calling:

echo "<some_bigger_number>" > /proc/sys/net/ipv4/ip_conntrack_max

or if you want it to span reboots, you can place the following in
/etc/sysctl.conf

sys.net.ipv4.ip_conntrack_max = <some_big_number>
-------------------------------------------------------