From: Paolo Valerio
Date: 2022-01-12 18:19:25
To: we...@ucloud.cn,i.maxim...@ovn.org
Cc: d...@openvswitch.org
Subject: Re: [PATCH v8 3/3] conntrack: limit port clash resolution
attempts>Hello wenxu,
>
>I tested a bit more the patch, and it seems to effectively limit the
>number of atte
Hello wenxu,
I tested a bit more the patch, and it seems to effectively limit the
number of attempts. There is a case with a sufficiently large port range
that will always tries the same ports.
E.g. (incresing the IPs you can reduce the port range):
actions=ct(commit,nat(dst=10.1.1.100-10.1.1.101
From: wenxu
In case almost or all available ports are taken, clash resolution can
take a very long time, resulting in pmd hang in conntrack.
This can happen when many to-be-natted hosts connect to same
destination:port (e.g. a proxy) and all connections pass the same SNAT.
Pick a random offset
