This issue happens when too many connections are being traced by the firewall to check the error do a simple “dmesg” and you should be able to find the following:

 

nf_conntrack: table full, dropping packet.

To get the current connection tracking number use the following commands

 /sbin/sysctl -a|grep -i nf_conntrack_max

To Count the current connection tracking use the following command

 cat /proc/net/nf_conntrack | wc -l

Note this wont give you the actual result when applied to the network node itself because every router is self contained you need to execute this command inside exec command see the example below

ip net exec qrouter-764f663e-db21-4ddb-8fbe-044826f6267f cat /proc/net/nf_conntrack | wc -l

To increase the connection tracking use the command below

echo 1656360 > /proc/sys/net/nf_conntrack_max

All commands above can be executed inside any openstack router

 

Information you should know about this article

Openstack Version : Havana

Operating System : Centos 6.5