Bjørnar Ness <bjornar.ness@xxxxxxxxx> wrote: > 2017-06-26 15:16 GMT+02:00 Florian Westphal <fw@xxxxxxxxx>: > > perf top might help pinpoint the source. Leaving this here, this info would help. > > What kernel is this, exactly? > > > > 4.10 (and 4.9.14 and later) has a change to make gc worker use less > > cycles. > > We see the behavior in 4.11.0 and 4.12.0-rc6 as well > > > But I don't see the NAT connection. > > Not sure what you mean here. We do not eed to have rules in the > postrouting chain for it > to tear down the server. I mean that presence of NAT postrouting hook has, to the best of my knowledge, no effect on the ct gc worker. But perhaps this isn't the gc worker after all, perf top would help. The only effect that the postrouting hook has is bringing rhashtables 'rhlist' interface into the mix, as we use that for the nat bysource table. > Monitoring conntrack entries also shows me > this is stable around 120k What does that mean? Do you mean you run into problems after 120k entries? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
