[pve-devel] nf_conntrack: table full, dropping packet error
Alexandre DERUMIER
aderumier at odiso.com
Tue Oct 11 10:02:56 CEST 2011
Each morning .....(when we have big activity and a lot of connections in vm (65000).
and packets are really dropped. (I have tried a ping from vm to outside, 50% packet loss).
tunning sysctl.conf correct the problem, conntrack is not empty, but around 1000 connections.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Dietmar Maurer" <dietmar at proxmox.com>, "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 11 Octobre 2011 09:39:40
Objet: RE: [pve-devel] nf_conntrack: table full, dropping packet error
> > but I don't use iptables and i don't why nf_conntrack is loaded with
> > 2.6.32-6-pve ....
> >
> > kernel option is CONFIG_BRIDGE_NETFILTER
>
> But that is also enabled on all our other kernel , and its also enabled in the
> debian and RHEL kernels!
And there seems no real conclusion on bugzilla.readhat.com. Also, it is still enabled in upstream 3.1 kernel.
not sure how to proceed. How often do you run into that?
--
--
Alexandre Derumier
Ingénieur système
e-mail : aderumier at odiso.com
Tél : +33 (0)3 20 68 88 90
Fax : +33 (0)3 20 68 90 81
45 Bvd du Général Leclerc
59100 ROUBAIX - FRANCE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aderumier.vcf
Type: text/x-vcard
Size: 183 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20111011/7f2d253b/attachment.vcf>
More information about the pve-devel
mailing list