[pve-devel] nf_conntrack: table full, dropping packet error
Alexandre DERUMIER
aderumier at odiso.com
Tue Oct 11 11:00:34 CEST 2011
ok, and does it need conntrack on bridge ?
I never try vz, so i don't know how it's work .....
I'll try to simply disable /etc/init.d/vz as I don't use it.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 11 Octobre 2011 10:52:36
Objet: RE: [pve-devel] nf_conntrack: table full, dropping packet error
> yes, CONFIG_BRIDGE_NETFILTER is enabled, but depend on nf_conntrack
> module.
>
> so, the nf_conntrack is loaded , but I don't know why .....
>
> Maybe it was already loaded before with debian kernel ? (can you confirm me
> nf_conntrack was loaded with previous debian kernel ?)
>
> If nf_conntrack must really loaded (maybe some users need iptables), I think
> CONFIG_BRIDGE_NETFILTER must be disabled by default.
>
> Conntrack on bridge can be easily saturated on hosts with many vms.
ok, the modile is loaded in /etc/init.d/vz
# modinfo vzrst
filename: /lib/modules/2.6.32-6-pve/kernel/kernel/cpt/vzrst.ko
license: GPL
author: Alexey Kuznetsov <alexey at sw.ru>
srcversion: 173F9B166568B1B971BA164
depends: nf_conntrack,ipv6,nfs,lockd,nf_nat,vzmon
vermagic: 2.6.32-6-pve SMP mod_unload modversions
Obviously 'vzrst' depends on that.
--
--
Alexandre Derumier
Ingénieur système
e-mail : aderumier at odiso.com
Tél : +33 (0)3 20 68 88 90
Fax : +33 (0)3 20 68 90 81
45 Bvd du Général Leclerc
59100 ROUBAIX - FRANCE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aderumier.vcf
Type: text/x-vcard
Size: 183 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20111011/d448ff91/attachment.vcf>
More information about the pve-devel
mailing list