1dd35515d4
We have a problem with SNAT with too many connections using the
same source and destination on the network nodes.
In addition we can see in the conntrack table that the who
"instert_failed" increases.
This might be a generic problem with conntrack and linux.
We suspect that we encounter the following "limitation / bug"
in the kernel.
There seems to be a workaround to alleviate this behavior by
setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to
the SNAT rules.
Conflicts:
neutron/agent/linux/iptables_manager.py
neutron/common/constants.py
neutron/tests/unit/agent/l3/test_agent.py
Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19
Closes-Bug: #1814002
(cherry picked from commit
|
||
---|---|---|
.. | ||
__init__.py | ||
moved_globals_code1.py | ||
moved_globals_code2.py | ||
moved_globals_target.py | ||
test__deprecate.py | ||
test_cache_utils.py | ||
test_ipv6_utils.py | ||
test_rpc.py | ||
test_utils.py |