High amounts of nf_conntrack: table full, dropping packet

Overview

Log files are showing high amounts of the following message

Nov 30 14:45:09 kernel: [9606158.589811] nf_conntrack: table full, dropping packet
Nov 30 14:45:09 kernel: [9606158.969265] nf_conntrack: table full, dropping packet
Nov 30 14:45:09 kernel: [9606158.969283] nf_conntrack: table full, dropping packet

Cause

Message is caused when the appliance has more connections then it can process and can be caused by multiple issues;

1 - This could be symptoms of a SYN flood on the network.
2 - The license on the appliance may be incorrect

Resolution

1 - Verify with TCPDump if there is an active SYN flood and perform actions to mitigate traffic from the IP(s) in question
2 - Verify that the license on the appliance is licensed for the correct number of Max Connection sold to client

Internal Notes

- there was an issue with the 3062s where the license had a typo
- max connections were set to 15,000 and should have been 150,000
- this has been updated in the license database and most devices will get the update when the check for a new license next time