b3f59eeb73
conntrack is used in the amphora for LVS-based listeners (UDP and SCTP) and it's enabled by default. Add nft/iptable rules to disable conntrack for TCP flows, it reduces memory usage and prevents getting "nf_conntrack: table full, dropping packet" messages. Story: 2008979 Task: 42623 Change-Id: Ia15a110c6c5a9b83a29bab56538fa425d994d477
7 lines
186 B
YAML
7 lines
186 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Disable conntrack for TCP flows in the Amphora, it reduces memory usage for
|
|
HAProxy-based listeners and prevents some kernel warnings about dropped
|
|
packets.
|