Increase size of connection tracking table

priteau · priteau · commit b33eedd403a3 · 2024-10-11T15:21:23.000+02:00
We have seen occurences of Cinder or Glance activity filling up the conntrack table. This has been seen on controllers and storage nodes (Ceph). We have also seen large amounts of traffic to an Octavia amphora causing the conntrack table of a compute host to fill up. Quadruple the maximum size of the table on these hosts (the default size is 262,144 for hosts with more than 4 GiB of memory [1]). Monitoring hosts are left unchanged since they are believed to be unaffected. [1] https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt
diff --git a/etc/kayobe/compute.yml b/etc/kayobe/compute.yml
@@ -106,7 +106,8 @@
 # Compute node sysctl configuration.
 
 # Dict of sysctl parameters to set.
-#compute_sysctl_parameters:
+compute_sysctl_parameters:
+  net.netfilter.nf_conntrack_max: 1048576
 
 ###############################################################################
 # Compute node tuned configuration.
diff --git a/etc/kayobe/controllers.yml b/etc/kayobe/controllers.yml
@@ -115,7 +115,8 @@
 # Controller node sysctl configuration.
 
 # Dict of sysctl parameters to set.
-#controller_sysctl_parameters:
+controller_sysctl_parameters:
+  net.netfilter.nf_conntrack_max: 1048576
 
 ###############################################################################
 # Controller node tuned configuration.
diff --git a/etc/kayobe/storage.yml b/etc/kayobe/storage.yml
@@ -111,7 +111,8 @@
 # Storage node sysctl configuration.
 
 # Dict of sysctl parameters to set.
-#storage_sysctl_parameters:
+storage_sysctl_parameters:
+  net.netfilter.nf_conntrack_max: 1048576
 
 ###############################################################################
 # Storage node tuned configuration.
diff --git a/releasenotes/notes/bump-conntrack-table-size-c2d08f2aac04d23f.yaml b/releasenotes/notes/bump-conntrack-table-size-c2d08f2aac04d23f.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Increases maximum size of connection tracking tables to 1,048,576 entries
+    on controllers, compute and storage hosts. This is to work around loss of
+    connectivity when the conntrack table becomes full under high Cinder/Glance
+    activity or high traffic to Octavia amphorae.
