Is nf_conntrack respects network namespaces? Does it creates a separate table for each network namespace based on its sysctl limits, or does it share memory (and limits) between different network namespaces?
I've searched a lot, but wasn't able to find anything definitive.
I found a video [1] from 2015 with discussion of openvswitch and namespaces, and there was a rather strong confirmation that each namespace got a separate conntrack table with separate limits.
[1] Linux network namespaces support in OVS - OVS Conference 2015 https://www.youtube.com/watch?v=_xH3hyWGI6k
