OpenVZ Forum: Support » IP Conntrack /DST Cache Overflow issue

Home » General » Support » IP Conntrack /DST Cache Overflow issue

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: IP Conntrack /DST Cache Overflow issue [message #50821 is a reply to message #50818]

Sun, 10 November 2013 22:30

pavel.odintsov
Messages: 24
Registered: February 2010

Junior Member

Hello, KevinH!

I will recommend you to enlarge a buffer for conntrack buckets up to 1-3 millions (it's ok for modern systems).

You can do it by a following commands:
edit /etc/sysctl.conf and fix:

net.ipv4.netfilter.ip_conntrack_max=1548576

Apply changes:

sysctl -p

You can entirely disable connnection tracking for certain CT with following commands:

iptables -t raw -A PREROUTING -d VPS_IP -j NOTRACK
iptables -t raw -A PREROUTING -s VPS_IP -j NOTRACK

Be aware about using last command, it result to completely disable RELATED/ESTABLISHED flags to working inside container.

In addition I recommend you to upgrade from pretty old kernels 2.6.18 to modern 2.6.32 kernel series. Oh, sorry, I forgot to specify link, it's here https://openvz.org/028_to_042_kernel_upgrade

http://ru.linkedin.com/pub/pavel-odintsov/35/154/575/
My blog is: http://stableit.ru

[Updated on: Sun, 10 November 2013 22:30]

Report message to a moderator

[Message index]

		IP Conntrack /DST Cache Overflow issue By: KevinH on Mon, 04 November 2013 21:24
		Re: IP Conntrack /DST Cache Overflow issue By: Paparaciz on Sun, 10 November 2013 14:12
		Re: IP Conntrack /DST Cache Overflow issue By: KevinH on Sun, 10 November 2013 15:04
		Re: IP Conntrack /DST Cache Overflow issue By: pavel.odintsov on Sun, 10 November 2013 22:30

Previous Topic:	yum update of openvz server
Next Topic:	Possible Bug

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Jul 18 01:37:39 GMT 2025

Total time taken to generate the page: 0.04018 seconds