78603681cc
This sets the values of nf_conntrack_max and nf_conntrack_expect_max to sensible values. Previously, the default values set by the kernel were used, which limited net.netfilter.nf_conntrack_max to 32768. On the other hand, Octavia sets nf_conntrack_buckets to 125000. A value of nf_conntrack_max lower than half of that makes no sense. The new values are calculated using the formula for the default value in the kernel [1]: nf_conntrack_max = nf_conntrack_buckets nf_conntrack_expect_max = nf_conntrack_buckets / 256 [1]: https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.rst Story: 2010050 Task: 45460 Change-Id: Id1dd029995d41e6913a07eeb120c889d71d583eb (cherry picked from commit 3d3e38afe9f0186f45e9800090afecc3aa434846)
16 lines
711 B
YAML
16 lines
711 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The fix that updates the Netfilter Conntrack Sysfs variables requires
|
|
rebuilding the amphora image in order to be effective.
|
|
fixes:
|
|
- |
|
|
Netfilter Conntrack Sysfs variables net.netfilter.nf_conntrack_max and
|
|
nf_conntrack_expect_max get set to sensible values on the amphora now.
|
|
Previously, kernel default values were used which were much too low for the
|
|
configured net.netfilter.nf_conntrack_buckets value. As a result packets
|
|
could get dropped because the conntrack table got filled too quickly. Note
|
|
that this affects only UDP and SCTP protocol listeners.
|
|
Connection tracking is disabled for TCP-based connections on the
|
|
amphora including HTTP(S).
|