Hi!
Since I upgraded to PVE 9 I have had several complaints from our OS Admin customers saying that they get periodic network disconnects on their VMs.
This happens on isolated VMs, not necessarily to all the VMs on a bridge.
I correlated these events to these messages:
Sep 25 05:52:56 pxmx-host kernel: net_ratelimit: 534 callbacks suppressed
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
it is during these periods they say they cannot ping some of their machines.
Anyone else seen similar? Any way to fix it?
Is it a good idea (or even possible) to increase the table size or will I just be shooting myself in the foot?
Thanks
Since I upgraded to PVE 9 I have had several complaints from our OS Admin customers saying that they get periodic network disconnects on their VMs.
This happens on isolated VMs, not necessarily to all the VMs on a bridge.
I correlated these events to these messages:
Sep 25 05:52:56 pxmx-host kernel: net_ratelimit: 534 callbacks suppressed
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
Sep 25 05:52:56 pxmx-host kernel: nf_conntrack: nf_conntrack: table full, dropping packet
it is during these periods they say they cannot ping some of their machines.
Anyone else seen similar? Any way to fix it?
Is it a good idea (or even possible) to increase the table size or will I just be shooting myself in the foot?
Thanks