Neutron need to add a configuration item to control the maximum size of the netfilter connection tracking table
Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall. Refer: https:/
openstack security group implementation relies on Connection tracking, the Linux kernel parameter "nf_conntrack_max" is used to set the maximum track entry, and the default value of "nf_conntrack_max" on centos7 is 262144, which is not appropriate on some occasions. So I think Neutron need to add a configuration item to allow administrators to custom this value
openstack-ansibleļ¼https:/
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- jython
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Slawek Kaplonski
Related branches
Related bugs
Sprints
Whiteboard
(slaweq) I don't think this should be controlled by Neutron API. IMO deployment tools are good place to do that.