This issue happens when too many connections are being traced by the firewall to check the error do a simple “dmesg” and you should be able to find the following:
nf_conntrack: table full, dropping packet.
To get the current connection tracking number use the following commands
/sbin/sysctl -a|grep -i nf_conntrack_max
To Count the current connection tracking use the following command
cat /proc/net/nf_conntrack | wc -l
Note this wont give you the actual result when applied to the network node itself because every router is self contained you need to execute this command inside exec command see the example below
ip net exec qrouter-764f663e-db21-4ddb-8fbe-044826f6267f cat /proc/net/nf_conntrack | wc -l
To increase the connection tracking use the command below
echo 1656360 > /proc/sys/net/nf_conntrack_max
All commands above can be executed inside any openstack router
Information you should know about this article
Openstack Version : Havana
Operating System : Centos 6.5