cloud-images

nf_conntrack_max too small in EKS AMI

Bug #2063538 reported by Raoni Timo de Castro Cambiaghi on 2024-04-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	cloud-images	Fix Released	Undecided	Jess Jang

Bug Description

The default net.netfilter.nf_conntrack_max value is not sufficient for cloud servers, EKS nodes specifically. Large deployments will see the error message "nf_conntrack: table full, dropping packet".

My suggestion is to set it to a larger default value (bottlerocket uses 1048576 - 1M) and add 'nf_conntrack' to /etc/modules.

See following references:
https://bugs.launchpad.net/cloud-images/+bug/2060001
https://www.dzombak.com/blog/2024/03/Setting-net-netfilter-nf-conntrack-max-on-Ubuntu-22-04.html
https://tuyencbq.wordpress.com/2018/05/19/persisting-nf_conntrack_max-across-reboots/
https://bugs.launchpad.net/charm-nova-compute/+bug/1922778 with the fix: https://review.opendev.org/c/openstack/charm-nova-compute/+/915910.

Tags:

Robby Pocase (rpocase) on 2024-04-26

tags:

added: cpc-4292

Jess Jang (jessica-youjeong) on 2024-05-06

Changed in cloud-images:
assignee:	nobody → Jess Jang (jessica-youjeong)

Revision history for this message

Jess Jang (jessica-youjeong) wrote on 2024-05-07:

EKS images with serial 20240506 or newer have default nf_conntrack_max value as 1048576.

Changed in cloud-images:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.