Overcloud compute nodes reject connection and logs show "kernel: nf_conntrack: table full, dropping packet"

Solution Verified - Updated -

Issue

  • We detected that a compute node was rejecting connections due to excessive connections that were having 2 instances on the platform which caused the services of other instances to be affected.

  • The following errors are seen in /var/log/messages:

    Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet
Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet
Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet
Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet
Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet
Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet
Jul 10 17:39:27 overcloud-compute-0 kernel: nf_conntrack: table full, dropping packet

  • The following nf_conntrack_max values are set :

    [root@overcloud-compute-0 ~]# cat /proc/sys/net/netfilter/nf_conntrack_max
262144
[root@overcloud-compute-0 ~]# cat /proc/sys/net/netfilter/nf_conntrack_count
262144

Environment

  • Red Hat OpenStack Platform 10 (RHOSP)
  • Red Hat OpenStack Platform 13 (RHOSP)
  • Red Hat OpenStack Platform 16 (RHOSP)
  • Red Hat OpenStack Platform 17 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content