Comment 9 for bug 1814002

Reviewed: https://review.opendev.org/655790
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=eded5d2d6ae7c1281ef868a193de67ac52d6daac
Submitter: Zuul
Branch: stable/stein

commit eded5d2d6ae7c1281ef868a193de67ac52d6daac
Author: Swaminathan Vasudevan <email address hidden>
Date: Tue Feb 12 11:27:51 2019 -0800

    Packets getting lost during SNAT with too many connections

    We have a problem with SNAT with too many connections using the
    same source and destination on the network nodes.

    In addition we can see in the conntrack table that the who
    "instert_failed" increases.

    This might be a generic problem with conntrack and linux.
    We suspect that we encounter the following "limitation / bug"
    in the kernel.

    There seems to be a workaround to alleviate this behavior by
    setting the -random-fully flag in iptables for port consumption.

    This patch fixes the problem by adding the --random-fully to
    the SNAT rules.

    Conflicts:
        neutron/agent/linux/iptables_manager.py
        neutron/common/constants.py
        neutron/tests/unit/agent/l3/test_agent.py

    Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19
    Closes-Bug: #1814002
    (cherry picked from commit 30f35e08f92e5262e7a9108684da048d11402b07)