[pve-devel] nf_conntrack: table full, dropping packet error
Dietmar Maurer
dietmar at proxmox.com
Tue Oct 11 10:55:32 CEST 2011
Please can you open a bug at bugzilla.openvz.org - I guess that is interesting for the openvz team too.
- Dietmar
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Dienstag, 11. Oktober 2011 10:03
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] nf_conntrack: table full, dropping packet error
>
> Each morning .....(when we have big activity and a lot of connections in vm
> (65000).
>
> and packets are really dropped. (I have tried a ping from vm to outside, 50%
> packet loss).
>
> tunning sysctl.conf correct the problem, conntrack is not empty, but around
> 1000 connections.
>
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-iptables = 0
> net.bridge.bridge-nf-call-arptables = 0
>
>
>
> ----- Mail original -----
>
> De: "Dietmar Maurer" <dietmar at proxmox.com>
> À: "Dietmar Maurer" <dietmar at proxmox.com>, "Alexandre DERUMIER"
> <aderumier at odiso.com>
> Cc: pve-devel at pve.proxmox.com
> Envoyé: Mardi 11 Octobre 2011 09:39:40
> Objet: RE: [pve-devel] nf_conntrack: table full, dropping packet error
>
> > > but I don't use iptables and i don't why nf_conntrack is loaded with
> > > 2.6.32-6-pve ....
> > >
> > > kernel option is CONFIG_BRIDGE_NETFILTER
> >
> > But that is also enabled on all our other kernel , and its also
> > enabled in the debian and RHEL kernels!
>
> And there seems no real conclusion on bugzilla.readhat.com. Also, it is still
> enabled in upstream 3.1 kernel.
>
> not sure how to proceed. How often do you run into that?
>
>
>
>
> --
>
> --
>
>
>
>
>
> Alexandre Derumier
> Ingénieur système
> e-mail : aderumier at odiso.com
> Tél : +33 (0)3 20 68 88 90
> Fax : +33 (0)3 20 68 90 81
> 45 Bvd du Général Leclerc
> 59100 ROUBAIX - FRANCE
>
>
>
>
>
>
>
>
>
>
>
>
More information about the pve-devel
mailing list