Reviewed: https://review.opendev.org/636473 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=30f35e08f92e5262e7a9108684da048d11402b07 Submitter: Zuul Branch: master
commit 30f35e08f92e5262e7a9108684da048d11402b07 Author: Swaminathan Vasudevan <email address hidden> Date: Tue Feb 12 11:27:51 2019 -0800
Packets getting lost during SNAT with too many connections
We have a problem with SNAT with too many connections using the same source and destination on the network nodes.
In addition we can see in the conntrack table that the who "instert_failed" increases.
This might be a generic problem with conntrack and linux. We suspect that we encounter the following "limitation / bug" in the kernel.
There seems to be a workaround to alleviate this behavior by setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to the SNAT rules.
Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19 Closes-Bug: #1814002
Reviewed: https:/ /review. opendev. org/636473 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=30f35e08f92 e5262e7a9108684 da048d11402b07
Committed: https:/
Submitter: Zuul
Branch: master
commit 30f35e08f92e526 2e7a9108684da04 8d11402b07
Author: Swaminathan Vasudevan <email address hidden>
Date: Tue Feb 12 11:27:51 2019 -0800
Packets getting lost during SNAT with too many connections
We have a problem with SNAT with too many connections using the
same source and destination on the network nodes.
In addition we can see in the conntrack table that the who failed" increases.
"instert_
This might be a generic problem with conntrack and linux.
We suspect that we encounter the following "limitation / bug"
in the kernel.
There seems to be a workaround to alleviate this behavior by
setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to
the SNAT rules.
Change-Id: I246c1f56df889b ad9c7e140b56c36 14124d80a19
Closes-Bug: #1814002