836f79e7b7
We have a problem with SNAT with too many connections using the
same source and destination on the network nodes.
In addition we can see in the conntrack table that the who
"instert_failed" increases.
This might be a generic problem with conntrack and linux.
We suspect that we encounter the following "limitation / bug"
in the kernel.
There seems to be a workaround to alleviate this behavior by
setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to
the SNAT rules.
Conflicts:
neutron/agent/linux/iptables_manager.py
neutron/common/constants.py
neutron/tests/unit/agent/l3/test_agent.py
Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19
Closes-Bug: #1814002
(cherry picked from commit
|
||
---|---|---|
.. | ||
__init__.py | ||
_deprecate.py | ||
cache_utils.py | ||
config.py | ||
constants.py | ||
eventlet_utils.py | ||
exceptions.py | ||
ipv6_utils.py | ||
profiler.py | ||
rpc.py | ||
test_lib.py | ||
topics.py | ||
utils.py |