Hi, Thanks for your response, answers below.
----- Mail original ----- > > From what I know and have read on the Internet, this usually > happens when your Linux NAT box hits the IPtables connection > tracking limit. This limit is set via /proc. > > A quick search on the web reveals many sites that tell > you how to increase the conntrack limits. Yes, but every tunning I'll do will be lost when VirtualRouter VM will be re-instanciated. As all monitoring we could manually had on this VM. I've heard there's are request for enhancement concerning VirtualRouter VM real-life monitoring (and not juste, it's ok, I'm running :)). I will try to +1 them. > > However, what would be interesting to know why you hit the limit > in the first place. Any signs of network abuse? Lots of connections > in TIME_WAIT state? Yes, and the only way to find it was to tcpdump on VirtualRouter VM. 2 hosts were making accidentaly to much DNS requests (hundred by seconds). As soon as the "DoS" on the VirtualRouter VM was stopped, we could again create/start virtual machines on cloudstack. Regards, -- Laurent Steff DSI/SESI INRIA Tél. : +33 1 39 63 50 81 Port. : +33 6 87 66 77 85 http://www.inria.fr/
