How conntrack handles [UNREPLIED] streams in OpenShift OVS
Issue
When looking at conntrack entries in OpenShift we see these [UNREPLIED] entries in OVS
udp 17 29 src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=8504 dport=8504 [UNREPLIED] src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=8504 dport=8504 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=8504 dport=8504 [UNREPLIED] src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=8504 dport=8504 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=41307 dport=8504 [UNREPLIED] src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=8504 dport=41307 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
udp 17 29 src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=41307 dport=8504 [UNREPLIED] src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=8504 dport=41307 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1
tcp 6 431999 ESTABLISHED src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=58504 dport=6443 src=100.xx.xx.xxx dst=100.xx.xx.xxx sport=6443 dport=58504 [ASSURED] mark=0
- How does OVS handle these streams?
- Could they possible lead to connection limit exhaustion?
Environment
- Red Hat OpenShift Container Platform 4
- OpenvSwitch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
