[Openstack-operators] mitigating issues with kernel-level connection tracking

Marcus Furlong furlongm at gmail.com
Mon Jul 21 02:04:54 UTC 2014


Hi Arne,

We run into this problem with swift regularly. We use the conntrack
tools previously mentioned to increase the limits via puppet:

https://github.com/NeCTAR-RC/puppet-swift/commit/20f9eb753198bf1624e0691b4f0ebbc70c3dd3de

The swift deployment guide also recommends increasing this value:

http://docs.openstack.org/developer/swift/deployment_guide.html

Regards,
Marcus.

On 9 July 2014 18:42, Arne Wiebalck <Arne.Wiebalck at cern.ch> wrote:
> Hi,
>
> We recently had a case of the kernel dropping packets due to a full connection tracking table ("kernel: nf_conntrack: table full, dropping packet.”).
>
> How do people usually deal with this:
>
> - increase the buffer size (which is what I did for now)?
> - reduce tracking timeouts?
> - remove connection tracking altogether?
>
> The settings we were using so far are the defaults that come with the OS.
>
> Thanks!
>  Arne
>
> --
> Arne Wiebalck
> CERN IT
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators



-- 
Marcus Furlong



More information about the OpenStack-operators mailing list