>>or dynamic value with number of vms ?) Maybe, allowing something like 32000 connections by vm, (350byte of memory by connection, around 10mb) and net.netfilter.nf_conntrack_max = numberofvms x 32000.
----- Mail original ----- De: "Alexandre DERUMIER" <[email protected]> À: "Dietmar Maurer" <[email protected]> Cc: [email protected] Envoyé: Samedi 1 Mars 2014 08:53:42 Objet: Re: pvefw: using ctmark to associacte connections to VMs Yes, it should work, at least for tcp. (I'm not sure it's working for udp ?) about nf_conntrack, I think we should also tune /sbin/sysctl -w net.netfilter.nf_conntrack_max (maybe around 200000 ? or dynamic value with number of vms ?) to avoid this kind of messages for high number of guest and high number of connections vms " nf_conntrack: table full, dropping packet." ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: [email protected], "Alexandre DERUMIER ([email protected])" <[email protected]> Envoyé: Vendredi 28 Février 2014 18:46:54 Objet: pvefw: using ctmark to associacte connections to VMs I wonder if we can use ctmark to associate connections with VMs? So that we can parse /proc/net/nf_conntrack to list open connections for a VM. Is that reasonable, or are there some hidden disadvantages? Or are there other ways to do that? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
