[ovs-discuss] Packets drops in OVS switch

openvswitch.org at siimnet.dk openvswitch.org at siimnet.dk
Fri Jun 3 23:44:03 UTC 2016


> On 2. jun. 2016, at 15.52, openvswitch.org at siimnet.dk wrote:
> 
> 
>> On 2. jun. 2016, at 15.46, O'Reilly, Darragh <darragh.oreilly at hpe.com> wrote:
>> 
>> It's not clear that your problem is to do with dropped packets. Your ifconfig is
>> showing dropped packets for interface vmbr1. This is the internal interface on
>> bridge vmbr1 - I don't think you are using it. I see the same on my systems that
> No I don’t, this IF is not even UP, just wondering why packets flow to this IF then.
> That they are dropped would be naturally I think, when there’s no place to flow on a non active IF.
> 
> But wondering how to detect why connectivity fluctuates specially under higher traffic, when most resources seems lightly loaded.
Stupid me :] it’s not openvswitch that’s dropping my packets.

Totally missed out events like these in our HA proxy VM at peak traffic time:

May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
May 31 12:10:00 hapA kernel: nf_conntrack: table full, dropping packet
...

Will try to better tune the VM netfilter, eg. initially with these settings:

Add to /etc/sysctl.conf:
# tune net filter to track more connections than default
# nf_conntrack_max => also raise hashsize in rc.local
net.netfilter.nf_conntrack_max = 262144
net.netfilter.nf_conntrack_generic_timeout = 180
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 60

Add to /etc/rc.local:
# increase netfilter hash table size as we do netfilter_tune in sysctl
echo 24576 > /sys/module/nf_conntrack/parameters/hashsize
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160604/bdaebb6e/attachment-0002.html>


More information about the discuss mailing list