1dd35515d4
We have a problem with SNAT with too many connections using the
same source and destination on the network nodes.
In addition we can see in the conntrack table that the who
"instert_failed" increases.
This might be a generic problem with conntrack and linux.
We suspect that we encounter the following "limitation / bug"
in the kernel.
There seems to be a workaround to alleviate this behavior by
setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to
the SNAT rules.
Conflicts:
neutron/agent/linux/iptables_manager.py
neutron/common/constants.py
neutron/tests/unit/agent/l3/test_agent.py
Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19
Closes-Bug: #1814002
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| _deprecate.py | ||
| cache_utils.py | ||
| config.py | ||
| constants.py | ||
| eventlet_utils.py | ||
| exceptions.py | ||
| ipv6_utils.py | ||
| profiler.py | ||
| rpc.py | ||
| test_lib.py | ||
| utils.py | ||