Page MenuHomePhabricator
Create Task
Maniphest T275483

neutron: introduce a mechanism for setting arbitrary sysctl on netns creating
Closed, ResolvedPublic
Actions

Description

Neutron implements virtual routers using linux network namespaces.

The failover can be improved by setting some nf_conntrack sysctl parameters, specifically:

  • nf_conntrack_tcp_loose (understand already established connections) (this is activated by default)
  • nf_conntrack_tcp_be_liberal (disable most TCP checks and improve chances that conntrack understand an already established connection as valid)

I ran some experiments and this directly affects the recovery of failovered NATed TCP connections in the other neutron router.

However, given the neutron virtual router runs in a netns, the sysctl configuration isn't shared with the host system. We need a way to ensure these sysctl parameters are always set up correctly in the auto-generated neutron netns.

My plan to introduce a small python daemon that watches netns creation events and sets proper sysctl parameters, hopefully before traffic starts flowing.

Details

SubjectRepoBranchLines +/-
openstack: neutron: add wmcs-netns-events.py daemonoperations/puppetproduction+292 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

aborrero created this task.Feb 23 2021, 11:05 AM
gerritbot added a comment.Feb 24 2021, 12:45 PM

Change 666616 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] openstack: neutron: add wmcs-neutron-netns-events.py daemon

https://gerrit.wikimedia.org/r/666616

gerritbot added a project: Patch-For-Review.Feb 24 2021, 12:45 PM
gerritbot added a comment.Feb 25 2021, 2:53 PM

Change 666616 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] openstack: neutron: add wmcs-netns-events.py daemon

https://gerrit.wikimedia.org/r/666616

Stashbot added a comment.Feb 25 2021, 2:56 PM

Mentioned in SAL (#wikimedia-cloud) [2021-02-25T14:56:28Z] <arturo> deployed wmcs-netns-events daemon to all cloudnet servers (T275483)

aborrero closed this task as Resolved.Feb 25 2021, 2:56 PM
aborrero triaged this task as Medium priority.
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
Maintenance_bot removed a project: Patch-For-Review.Feb 25 2021, 3:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL