Comment 8 for bug 1780348

Revision history for this message
James Troup (elmo) wrote : Re: [Bug 1780348] Re: default gc_thresh settings for Linux are too small

Pete Vander Giessen <email address hidden> writes:

> Added charm-neutron-openvswitch on advice from @icey.
>
> Also setting net.nf_conntrack_max and net.netfilter.nf_conntrack_max to
> one million, to address further potential issues.

If we're changing nf conntrack_max, we should also check that the
value of net.netfilter.nf_conntrack_buckets still makes sense.

And (as a much lower priority and likely to be much more
controversial) we should also consider reviewing the default
net.netfilter.nf_conntrack_tcp_timeout_established as, last I looked,
it's 5 days and that can negate a lot of the benefit of just raising
nf_conntrack_max.

--
James