Open Stack

Hi All,

I have a very busy VM (well one of my users does I don't have access
but do have cooperative and copentent admin to interact with on th
eother end).

At peak times it *sometimes* misses packets.  I've been didding in for
a bit ant it looks like they get dropped in OVS land.

The VM's main function in life is to pull down webpages from other
sites and analyze as requested.  During peak times ( EU/US working
hours ) it sometimes hangs some requests and sometimes fails.

Looking at traffic the out bound SYN request from VM is always good
and returning ACK always gets to physical interface of the hypervisosr
(on a provider vlan).

When packets get dropped they do not make it to the qvoXXXXXXXX-XX on
the integration bridge.

My suspicion is that OVS isn't keeping up eth1-br flow rules remaping
from external to internal vlan-id but neither quite sure how to prove
that or what to do about it.

My initial though had been to blame contrack but drops are happening
before the iptables rules and while there's a lot of connections on
this hypervisor: 

net.netfilter.nf_conntrack_count = 351880

There should be plent of overhead to handle:

net.netfilter.nf_conntrack_max = 1048576

Anyone have thought son where to go with this?

version details:
Ubuntu 14.04
OpenStack Mitaka
ovs-vsctl (Open vSwitch) 2.5.0

Thanks,
-Jon

--