This article discusses conntrack ("connection tracking") sessions: what they are, why they are important, and how to monitor them on your server.
The Linux kernel includes a networking feature called conntrack (connection tracking). Conntrack is essentially a table that maintains information about all incoming and outgoing connections (also known as sessions) to the host.
Maintaining a reasonable number of conntrack sessions is important. If the number of conntrack sessions becomes too high, a server can suffer performance issues, as well as negatively impact other servers on the node. To avoid this scenario, A2 Hosting suspends servers that have a sustained high number of conntrack sessions. Doing this helps ensure that all customer servers remain functional and responsive.
A typical VPS should not need to use more than about 10,000 sessions at once. However, there may be times during peak usage when servers can briefly exceed this number.
To determine the current number of conntrack sessions on a server, follow these steps:
cat /proc/net/nf_conntrack | wc -l
If the number of conntrack sessions on your server is more than 10,000, you should take proactive steps to prevent server suspension. In many cases, a high number of conntrack sessions indicates that a server has been compromised. If you think your server may be compromised, you should immediately do the following steps:
If your server has already been suspended due to excessive conntrack sessions, please open a support ticket at https://my.a2hosting.com and we will work with you to resolve the issue.