I have an E3 1230 based system doing NAT for about 150 devices and I’m seeing entries in my log like this:
Jan 14 20:38:14 x kernel: [2056231.839942] nf_queue: full at 1024 entries, dropping packets(s)
They tend to appear most often during “high” traffic (200Mbps+) periods, but do appear during “normal” traffic (30-100Mbps) periods. I’ll see 4 or 5 entries over a period of a few minutes, a few groups of this. 6-7 events like this on a typical day.
I haven’t been able to find a whole lot of info, but I gather a packet queue is overflowing because it can’t be processed fast enough. However, I’ve never seen CPU usage over a few percent. It’s hard to fathom this load even remotely taxing the system.
No real-world problems reported by users, but still looks like something that shouldn’t be happening. The device count and traffic will only increase.
Config attached if anyone has any ideas. Maybe I’ve committed some firewall/NAT taboo . . .
Version: VyOS 1.1.6
Description: VyOS 1.1.6 (helium)
Copyright: 2015 VyOS maintainers and contributors
Built by: maintainers@vyos.net
Built on: Mon Aug 17 03:58:33 UTC 2015
Build ID: 1508170358-a3033d5
System type: x86 64-bit
Boot via: image
HW model: x
HW S/N: x
HW UUID: x
Uptime: 22:48:30 up 23 days, 21:54, 3 users, load average: 0.05, 0.04, 0.05