eded5d2d6a
We have a problem with SNAT with too many connections using the
same source and destination on the network nodes.
In addition we can see in the conntrack table that the who
"instert_failed" increases.
This might be a generic problem with conntrack and linux.
We suspect that we encounter the following "limitation / bug"
in the kernel.
There seems to be a workaround to alleviate this behavior by
setting the -random-fully flag in iptables for port consumption.
This patch fixes the problem by adding the --random-fully to
the SNAT rules.
Conflicts:
neutron/agent/linux/iptables_manager.py
neutron/common/constants.py
neutron/tests/unit/agent/l3/test_agent.py
Change-Id: I246c1f56df889bad9c7e140b56c3614124d80a19
Closes-Bug: #1814002
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| extensions | ||
| __init__.py | ||
| test_agent.py | ||
| test_dvr_fip_ns.py | ||
| test_dvr_local_router.py | ||
| test_dvr_snat_ns.py | ||
| test_fip_rule_priority_allocator.py | ||
| test_ha_router.py | ||
| test_item_allocator.py | ||
| test_l3_agent_extension_api.py | ||
| test_legacy_router.py | ||
| test_link_local_allocator.py | ||
| test_namespace_manager.py | ||
| test_router_info.py | ||