> >>That would use 288MB RAM?
>
> Yes. That why I have proposed to ajust dynamicly with number of vms.
>
> I have myself hosts with 256GB ram, so I really don't care about 288MB of
> ram.
> (I have around 50-60 guests, so worst case potential 60 x total 6
> connections)
What if we simply add
>>That would use 288MB RAM?
Yes. That why I have proposed to ajust dynamicly with number of vms.
I have myself hosts with 256GB ram, so I really don't care about 288MB of ram.
(I have around 50-60 guests, so worst case potential 60 x total 6
connections)
- Mail original -
De
> https://access.redhat.com/site/solutions/362174
> The OpenShift Deployment Guide recommends the following be added to
> the sysctl.conf file:
>
> net.netfilter.nf_conntrack_max = 1048576
That would use 288MB RAM?
___
pve-devel mailing list
pve-devel
kernel 3.10.
(don't have tried to apply it on 3.2)
- Mail original -
De: "Dietmar Maurer"
À: "Alexandre Derumier" , pve-devel@pve.proxmox.com
Envoyé: Mardi 4 Mars 2014 07:02:11
Objet: RE: [pve-devel] pve-kernel : kvm: x86: fix xsave cpuid exposing bug
This is for kernel 2.6.32 or
This is for kernel 2.6.32 or 3.10.0?
> -Original Message-
> From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf
> Of Alexandre Derumier
> Sent: Dienstag, 04. März 2014 06:52
> To: pve-devel@pve.proxmox.com
> Subject: [pve-devel] pve-kernel : kvm: x86: fix xsave cpuid expos
This fix freebsd boot on last opterons generation
(I'm not sure it's fixind boot problem on last intel generation too, I'll ask
help to users in forum to test)
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/l
This fix boot of freebsd on last opterons generation (61xx -> 63xx)
ref: http://www.spinics.net/lists/kvm/msg100398.html
Signed-off-by: Alexandre Derumier
---
Makefile|1 +
xsave.patch | 67 +++
2 files changed, 68 insertions(+)
Rebased on latest public master.
- Daniel Hunsaker
Owner / Developer
Lei's Genesis Experiment: Code For The Future!
On Mon, Mar 3, 2014 at 2:16 PM, Daniel Hunsaker wrote:
> As discussed in a previous thread, following is a patch to support
> container
> suspend (via vzctl chkpnt) and resume (vi
As discussed in a previous thread, following is a patch to support container
suspend (via vzctl chkpnt) and resume (via vzctl restore).
- Added /nodes/{node}/openvz/{vmid}/status/suspend to API
- Added /nodes/{node}/openvz/{vmid}/status/resume to API
- Adapted vm_suspend/vm_resume from PVE/QemuSer
for the ip_conntrack hashsize value,
the rule seem to be
nf_conntrack_max/4
also, I found this on redhat (about there pass cloud platform)
https://access.redhat.com/site/solutions/362174
The OpenShift Deployment Guide recommends the following be added to the
sysctl.conf file:
net.netfilter.
>>Seems syncookies are off by default?
Yesk, we should enable them !
- Mail original -
De: "Dietmar Maurer"
À: "Alexandre DERUMIER"
Cc: pve-devel@pve.proxmox.com
Envoyé: Lundi 3 Mars 2014 17:28:44
Objet: RE: pvefw: using ctmark to associacte connections to VMs
> > > I don't k
Thanks, I'll test that tomorrow
- Mail original -
De: "Dietmar Maurer"
À: "Alexandre DERUMIER (aderum...@odiso.com)" ,
pve-devel@pve.proxmox.com
Envoyé: Lundi 3 Mars 2014 15:26:39
Objet: pvefw: merged IN/OUT into a single RULES section
Hi Alexandre,
I finally merged IN/OUT int
> > > Does that mean that everybody can start a DOS attack by simply
> > > open(faking) 64000 tcp connections?
> >
> > http://tools.ietf.org/html/rfc4987
> >
> > So what can we do to prevent that?
>
> Seems syncookies are off by default?
>
> # cat /proc/sys/net/ipv4/tcp_syncookies
> 0
Also found
> > > I don't known if we can setup a really high value by default ?
> >
> > no idea, sorry.
> >
> > > Also, it's seem that another option must be tune,
> > >
> > > /etc/modprobe.conf:
> > >
> > > options ip_conntrack hashsize=32768
> > >
> > >
> > > I need to read a little more about it
> >
> > Do
> > I don't known if we can setup a really high value by default ?
>
> no idea, sorry.
>
> > Also, it's seem that another option must be tune,
> >
> > /etc/modprobe.conf:
> >
> > options ip_conntrack hashsize=32768
> >
> >
> > I need to read a little more about it
>
> Does that mean that everybo
> I don't known if we can setup a really high value by default ?
no idea, sorry.
> Also, it's seem that another option must be tune,
>
> /etc/modprobe.conf:
>
> options ip_conntrack hashsize=32768
>
>
> I need to read a little more about it
Does that mean that everybody can start a DOS attac
Hi Alexandre,
I finally merged IN/OUT into a single RULES section:
https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=92e976b302212feb038640009f43baaa0dd76650
Hope that works for you?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://
Daniel, That's exctly the idea. ;)
I'll be a bit busy this week attending some conferences, etc. But I will
work on a revised patch the next week so it can be reviewed by any
interested peers on this same list.
Regards
Pablo
On Sun, Mar 2, 2014 at 9:08 PM, Daniel Hunsaker wrote:
> > I might ha
Odd, I based it on the latest public master... Will do when I get home in
a few hours.
On Mar 2, 2014 11:57 PM, "Dietmar Maurer" wrote:
> Please can you rebase your patch?
>
> Applying: Add CT suspend/resume to PVE API
> error: patch failed: PVE/API2/OpenVZ.pm:1391
> error: PVE/API2/OpenVZ.pm: p
19 matches
Mail list logo
