From 5fb947208e7141e572d7e2e95165c715f23b5fda Mon Sep 17 00:00:00 2001 From: Ante Karamatic Date: Sat, 20 Apr 2013 10:50:14 +0200 Subject: Destroy conntrack table on source host during migration If a VM migrates from hostA to hostB, there will still be connections in the conntrack table of the hostA. If, for any reason, VM is migrated back to the hostA, while those connections are still in conntrack table, persistent connections (such is ssh) to VM, from outside, will get dropped. They get dropped cause hostA was expecting different packets and cause of that requires establishing new connection. By dropping conntrack table entries for VM we make sure that connection flow is not interupted by old packets. Change-Id: If8e146e05914e9febd6fc40a1d8085306c1244ea --- etc/nova/rootwrap.d/network.filters | 3 +++ 1 file changed, 3 insertions(+) (limited to 'etc') diff --git a/etc/nova/rootwrap.d/network.filters b/etc/nova/rootwrap.d/network.filters index c58bc77e7..f29bd16d2 100644 --- a/etc/nova/rootwrap.d/network.filters +++ b/etc/nova/rootwrap.d/network.filters @@ -76,3 +76,6 @@ brctl: CommandFilter, brctl, root # nova/network/linux_net.py: 'sysctl', .... sysctl: CommandFilter, /sbin/sysctl, root + +# nova/network/linux_net.py: 'conntrack' +conntrack: CommandFilter, conntrack, root -- cgit