需要明确的是,nf_conntrack 模块并不是所有 Linux 内核都会加载,最常见的导致加载该模块的原因是使用了 iptables、lvs 等内核态 NAT/防火墙导致内核需要对连接表进行追踪,iptable_nat、ip_vs 等多个内核模块都依赖 nf_conntrack, 但是 nf_conntrack 的存在会影响高并发下的内核收包性能。 对于一个新收到的数据包...
# sysctl -a | grep nf_conntrack_tcp_timeout_established By reducing this value, we can keep the tracking table lean which is faster for a high-traffic node. It should be noted here that lowering this valuemight also break long running idle TCP connections. ...
Sep 10 08:05:58 iZj6cbfmkgkw74ryinmu3uZ systemd-sysctl[259]: Couldn't write '86400' to 'net/netfilter/nf_conntrack_tcp_timeout_established', ignoring: No such file or directory file is exist cat it /proc/sys/net/netfilter/nf_conntrack_max ...