How to increase nf_conntrack_max of One-APP VRouter

Dear all,

I am trying to increase net.netfilter.nf_conntrack_max on vrouters with the command:

echo "net.netfilter.nf_conntrack_max = 262144" > /etc/sysctl.d/99-conntrack.conf
sysctl --system

if I remote in via SSH and run the command everything works fine, but I am not sure why when deploying a new and when a failover happens (secondary router replaces the primary one). Even though I added the command to the start script, checking still shows the 99-conntrack.conf file.

I wonder if VRouter has a special way to set that parameter?

I am using OpenNebula 6.10.0.1

Thank you very much.

Hello,

Can you change the start script contents for this to not rely on sysctl?

echo 262144 > /proc/sys/net/netfilter/nf_conntrack_max 

The VRouter is based in Alpine (which uses openrc) and I have experienced that, in some cases, the commands at the start script have problems to run. A workaround that worked for me in this cases is creating a script under the local service restart it. In that case you can have this as start script:

#!/bin/bash

cat >> /etc/local.d/custom_netfilter << EOF
#!/bin/bash

echo 262144 > /proc/sys/net/netfilter/nf_conntrack_max 
EOF

chmod 744 /etc/local.d/custom_netfilter

service local restart

hi @brunorro

I will try your solution and feed back soon. Thank you very much.

In my case, I have found a workaround that powers off and powers on the vrouter VMs.