|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Networking issue with "conntracking" after upgrade Xen 3.2 > 4.0
Hi, I recently upgraded a debian xen 3.2 system to xen 4. Then I started to see some strange kernel logs : "nf_conntrack: table full, dropping packet." I was pretty sure not to have enable conntracking in my dom0. I find out that it was the revision "19540" of the "vif-common.sh" script that load the nf_conntrack module. So now my dom0 logs every connection my domU are doing. With a few domUs, I am reaching the limit of conntrack table very quickly. On debian the default "net.netfilter.nf_conntrack_max" is set to "16400". I set it to "65536" to temporary resolve my network issue but that's not the point. Is it possible to add an option in the xend-config.sxp configuration files, something like (handle_iptable yes/no), if we want to handle iptable or not ? Moreover, for example on on debian, FORWARD policy is set to ACCEPT by default. So adding theses rules are useless BUT they are loading some modules which can lead to a network issue :( Regards Olivier _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |