sysctl improvements. 1. ip_nonlocal_bind for smooth transition in case of a keepalived failover. 2. panic settings so that a vm dies in a way that ACS understands it's down. 3. also up the nf_conntrack limits.

Signed-off-by: Daan Hoogland <daan@onecht.net>
(cherry picked from commit 45deade1df)

Conflicts:
	systemvm/patches/debian/config/etc/sysctl.conf

(cherry picked from commit c4d1bf7f24)

systemvm/patches/debian/config/etc/sysctl.conf

@@ -27,6 +27,9 @@ net.ipv4.conf.default.send_redirects = 0
 net.ipv4.conf.all.secure_redirects = 0
 net.ipv4.conf.default.secure_redirects = 0
 
+# For smooth transition of the vip address in case of a keepalived failover
+net.ipv4.ip_nonlocal_bind = 1
+
 # Controls the System Request debugging functionality of the kernel
 kernel.sysrq = 0
 
@@ -34,13 +37,20 @@ kernel.sysrq = 0
 # Useful for debugging multi-threaded applications.
 kernel.core_uses_pid = 1
 
+# A better way for the instance to die
+kernel.panic = 10
+kernel.panic_on_oops = 1
+vm.panic_on_oom = 1
+
 # Controls the use of TCP syncookies
 net.ipv4.tcp_syncookies = 1
 
-net.ipv4.netfilter.ip_conntrack_max=1000000
-net.ipv4.tcp_tw_reuse=1
-net.ipv4.tcp_max_tw_buckets=1000000
-net.core.somaxconn=1000000
+net.ipv4.netfilter.ip_conntrack_max = 1000000
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_max_tw_buckets = 1000000
+net.core.somaxconn = 1000000
+net.nf_conntrack_max = 1000000
+net.netfilter.nf_conntrack_max = 1000000
 
 # Disable IPv6
 net.ipv6.conf.all.disable_ipv6 = 1