> today I'd like to share a severe problem we've found (and fixed) on our Ceph > cluster. We're running 48 OSDs (8 per host). While restarting all OSDs on a > host, the kernel's nf_conntrack table was overflown. This rendered all OSDs on > that machine unusable. It is also possible to specifically not conntrack certain connections. e.g. iptables -t raw -A PREROUTING -p tcp --dport 6789 -j CT --notrack Note that you will have to make the rules in both traffic flows since the connections are no longer tracked it does not automatically accepts the return packets... Cheers, Robert van Leeuwen
 |