diff options
| author | Ante Karamatic <ante.karamatic@canonical.com> | 2013-04-20 10:50:14 +0200 |
|---|---|---|
| committer | Ante Karamatic <ante.karamatic@canonical.com> | 2013-04-26 09:06:20 +0200 |
| commit | 5fb947208e7141e572d7e2e95165c715f23b5fda (patch) | |
| tree | 2cb2dfa17bdeb3dbc4637b0eb28118b1798b570a /etc | |
| parent | b17715174e8cdd98fe336ee79660860890cf6dce (diff) | |
| download | nova-5fb947208e7141e572d7e2e95165c715f23b5fda.tar.gz nova-5fb947208e7141e572d7e2e95165c715f23b5fda.tar.xz nova-5fb947208e7141e572d7e2e95165c715f23b5fda.zip | |
Destroy conntrack table on source host during migration
If a VM migrates from hostA to hostB, there will still be connections
in the conntrack table of the hostA. If, for any reason, VM is migrated back
to the hostA, while those connections are still in conntrack table, persistent
connections (such is ssh) to VM, from outside, will get dropped. They get
dropped cause hostA was expecting different packets and cause of that requires
establishing new connection. By dropping conntrack table entries for VM
we make sure that connection flow is not interupted by old packets.
Change-Id: If8e146e05914e9febd6fc40a1d8085306c1244ea
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/nova/rootwrap.d/network.filters | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/nova/rootwrap.d/network.filters b/etc/nova/rootwrap.d/network.filters index c58bc77e7..f29bd16d2 100644 --- a/etc/nova/rootwrap.d/network.filters +++ b/etc/nova/rootwrap.d/network.filters @@ -76,3 +76,6 @@ brctl: CommandFilter, brctl, root # nova/network/linux_net.py: 'sysctl', .... sysctl: CommandFilter, /sbin/sysctl, root + +# nova/network/linux_net.py: 'conntrack' +conntrack: CommandFilter, conntrack, root |