> On 2. jun. 2016, at 15.52, [email protected] wrote:
>
>
>> On 2. jun. 2016, at 15.46, O'Reilly, Darragh <[email protected]> wrote:
>>
>> It's not clear that your problem is to do with dropped packets. Your
>> ifconfig is
>> showing dropped packets for interface vmbr1. This is the internal interface
>> on
>> bridge vmbr1 - I don't think you are using it. I see the same on my systems
>> that
> No I don’t, this IF is not even UP, just wondering why packets flow to this
> IF then.
> That they are dropped would be naturally I think, when there’s no place to
> flow on a non active IF.
>
> But wondering how to detect why connectivity fluctuates specially under
> higher traffic, when most resources seems lightly loaded.
Stupid me :] it’s not openvswitch that’s dropping my packets.
Totally missed out events like these in our HA proxy VM at peak traffic time:
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
...
Will try to better tune the VM netfilter, eg. initially with these settings:
Add to /etc/sysctl.conf:
# tune net filter to track more connections than default
# nf_conntrack_max => also raise hashsize in rc.local
net.netfilter.nf_conntrack_max = 262144
net.netfilter.nf_conntrack_generic_timeout = 180
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 60
Add to /etc/rc.local:
# increase netfilter hash table size as we do netfilter_tune in sysctl
echo 24576 > /sys/module/nf_conntrack/parameters/hashsize
_______________________________________________
discuss mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/discuss
