 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] Networking issue with "conntracking" after upgrade Xen 3.2 >
| To: | xen-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-devel] Networking issue with "conntracking" after upgrade Xen 3.2 > 4.0 |
| From: | Olivier Hanesse <olivier.hanesse@xxxxxxxxx> |
| Date: | Fri, 17 Dec 2010 16:48:44 +0100 |
| Delivery-date: | Fri, 17 Dec 2010 07:49:43 -0800 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=9rBxMkM/2SYuwCBfZooFVytvLJEcTCteUyFTWEXfQ8M=; b=NWOjzYYNXbIc7/OYsVrjZFQ2qmNWW3eF7uuzhlUTQTBDbs2nsSGUbUeSuAY7cbqpo0 8HI/yxFI9Ox+Eleqw8LEP3Kv11y8lIPE2xwAtXh5WtkUN3FjZ69xFtqg/+ACSCjH0xTF gl/FbdXdS9dTCu0QpFBxxkGtk/g0jm+Qd09s0= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=FpXvS4FAD3ZLvimMIjEQoWT4s2oiVRPe2D49m3PA+vcAroJnbApSVKUfdAM6v6On04 d9Ieo5Zk2VA7cZCOBLfttuJsy+x5F6LvpBSOqtFD6yxlvEMYhTeiW/dSHly5l6CixGUz 5iIUqaGV2ffkE+3ivLUI1Oua0Zej8xyLxKGfE= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
Hi, I recently upgraded a debian xen 3.2 system to xen 4. Then I started to see some strange kernel logs : "nf_conntrack: table full, dropping packet." I was pretty sure not to have enable conntracking in my dom0. I find out that it was the revision "19540" of the "vif-common.sh" script that load the nf_conntrack module. So now my dom0 logs every connection my domU are doing. With a few domUs, I am reaching the limit of conntrack table very quickly. On debian the default "net.netfilter.nf_conntrack_max" is set to "16400". I set it to "65536" to temporary resolve my network issue but that's not the point. Is it possible to add an option in the xend-config.sxp configuration files, something like (handle_iptable yes/no), if we want to handle iptable or not ? Moreover, for example on on debian, FORWARD policy is set to ACCEPT by default. So adding theses rules are useless BUT they are loading some modules which can lead to a network issue :( Regards Olivier _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Re: [xen-unstable test] 4041: regressions - FAIL, Keir Fraser |
|---|---|
| Next by Date: | Re: [Xen-devel] Networking issue with "conntracking" after upgrade Xen 3.2 > 4.0, Fajar A. Nugraha |
| Previous by Thread: | [Xen-devel] [linux test] 4048: regressions - FAIL, xen . org |
| Next by Thread: | Re: [Xen-devel] Networking issue with "conntracking" after upgrade Xen 3.2 > 4.0, Fajar A. Nugraha |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
