search

aws / aws-network-policy-agent

Apache License 2.0
42 stars 23 forks source link

Configure conntrack cache table size #280

Closed jayanthvn closed 2 weeks ago

jayanthvn commented 3 weeks ago

Issue #, if available: n/a

Description of changes: Provide a mechanism to increase conntrack cache size to match kernel conntrack table size

Note, this configuration should be made on new nodes before enabling network policy or if network policy is already enabled this would need a reload of the nodes. Dynamic update of conntrack map size would lead to traffic disruption hence we won't support it now..

5: lru_hash  flags 0x0
        key 20B  value 1B  max_entries 524288  memlock 50335744B

    --enable-ipv6=false
      --enable-network-policy=true
      --enable-cloudwatch-logs=false
      --enable-policy-event-logs=false
      --metrics-bind-addr=:8162
      --health-probe-bind-addr=:8163
      --conntrack-cache-cleanup-period=300
      --conntrack-cache-table-size=524288

Type : 9 ID : 5
Keysize 20 Valuesize 1 MaxEntries 524288
========================================================================================

We also have a floor and ceil for the configuration -

{"level":"info","ts":"2024-06-20T21:52:13.365Z","logger":"setup","caller":"workspace/main.go:149","msg":"Invalid conntrack cache table size, should be between 32K and 1024K"}{"level":"error","ts":"2024-06-20T21:52:13.365Z","logger":"setup","caller":"workspace/main.go:87","msg":"Controller flags validation failed"}

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

jayanthvn commented 2 weeks ago

PR updated..