Reviewed: https://review.opendev.org/655790 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=eded5d2d6ae7c1281ef868a193de67ac52d6daac Submitter: Zuul Branch: stable/stein
commit eded5d2d6ae7c1281ef868a193de67ac52d6daac Author: Swaminathan Vasudevan <email address hidden> Date: Tue Feb 12 11:27:51 2019 -0800
Packets getting lost during SNAT with too many connections
We have a problem with SNAT with too many connections using the same source and destination on the network nodes.
In addition we can see in the conntrack table that the who "instert_failed" increases.
This might be a generic problem with conntrack and linux. We suspect that we encounter the following "limitation / bug" in the kernel.
There seems to be a workaround to alleviate this behavior by setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to the SNAT rules.
Conflicts: neutron/agent/linux/iptables_manager.py neutron/common/constants.py neutron/tests/unit/agent/l3/test_agent.py
Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19 Closes-Bug: #1814002 (cherry picked from commit 30f35e08f92e5262e7a9108684da048d11402b07)
Reviewed: https:/ /review. opendev. org/655790 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=eded5d2d6ae 7c1281ef868a193 de67ac52d6daac
Committed: https:/
Submitter: Zuul
Branch: stable/stein
commit eded5d2d6ae7c12 81ef868a193de67 ac52d6daac
Author: Swaminathan Vasudevan <email address hidden>
Date: Tue Feb 12 11:27:51 2019 -0800
Packets getting lost during SNAT with too many connections
We have a problem with SNAT with too many connections using the
same source and destination on the network nodes.
In addition we can see in the conntrack table that the who failed" increases.
"instert_
This might be a generic problem with conntrack and linux.
We suspect that we encounter the following "limitation / bug"
in the kernel.
There seems to be a workaround to alleviate this behavior by
setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to
the SNAT rules.
Conflicts:
neutron/ agent/linux/ iptables_ manager. py
neutron/ common/ constants. py
neutron/ tests/unit/ agent/l3/ test_agent. py
Change-Id: I246c1f56df889b ad9c7e140b56c36 14124d80a19 2e7a9108684da04 8d11402b07)
Closes-Bug: #1814002
(cherry picked from commit 30f35e08f92e526