Pete Vander Giessen <email address hidden> writes:
> Added charm-neutron-openvswitch on advice from @icey.
>
> Also setting net.nf_conntrack_max and net.netfilter.nf_conntrack_max to
> one million, to address further potential issues.
If we're changing nf conntrack_max, we should also check that the
value of net.netfilter.nf_conntrack_buckets still makes sense.
And (as a much lower priority and likely to be much more
controversial) we should also consider reviewing the default
net.netfilter.nf_conntrack_tcp_timeout_established as, last I looked,
it's 5 days and that can negate a lot of the benefit of just raising
nf_conntrack_max.
Pete Vander Giessen <email address hidden> writes:
> Added charm-neutron- openvswitch on advice from @icey. conntrack_ max and net.netfilter. nf_conntrack_ max to
>
> Also setting net.nf_
> one million, to address further potential issues.
If we're changing nf conntrack_max, we should also check that the nf_conntrack_ buckets still makes sense.
value of net.netfilter.
And (as a much lower priority and likely to be much more nf_conntrack_ tcp_timeout_ established as, last I looked,
controversial) we should also consider reviewing the default
net.netfilter.
it's 5 days and that can negate a lot of the benefit of just raising
nf_conntrack_max.
--
James