nf_conntrack schould be unloaded on swift object server
Bug #1441363 reported by
Bjoern
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Fix Released
|
Medium
|
Andy McCrae | ||
Juno |
Fix Released
|
Medium
|
Andy McCrae | ||
Kilo |
Fix Released
|
Medium
|
Andy McCrae | ||
Trunk |
Fix Released
|
Medium
|
Andy McCrae |
Bug Description
I did notice a lot of TCP sessions around port 6000/6001 in a TIME_WAIT state causing nf_conntrack to be violated.
Ideally we turn off connection tracking on the object servers altogether since we have currently no iptables rules running and the problem gets exaggerated by adding a new disk/devices in the object ring.
Also we should set net.ipv4.
To post a comment you must log in.
This also implies that we either turn off lxc-net (which adds iptables rules for non existing containers) or removing lxc altogether.