diff options
author | Christian Breunig <christian@breunig.cc> | 2024-04-07 16:27:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-07 16:27:06 +0200 |
commit | 91fdd1b81ab4f1bd17b5f58d6c3947eaa2bc8c24 (patch) | |
tree | 00edd7952a1dbf93e05ad4211d4babf99579fd8e /docs/configuration/service/conntrack-sync.rst | |
parent | 7bdf71e13ae11194fc1cd76f80cd023f57c31d8b (diff) | |
parent | 318c7134b26531d0a8676029381ddf0ded0966ca (diff) | |
download | vyos-documentation-91fdd1b81ab4f1bd17b5f58d6c3947eaa2bc8c24.tar.gz vyos-documentation-91fdd1b81ab4f1bd17b5f58d6c3947eaa2bc8c24.zip |
Merge pull request #1361 from vyos/mergify/bp/equuleus/pr-1352
conntrack-sync: T1244: Support for StartupResync in conntrackd (backport #1352)
Diffstat (limited to 'docs/configuration/service/conntrack-sync.rst')
-rw-r--r-- | docs/configuration/service/conntrack-sync.rst | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index c95cadc9..cebaa07c 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -39,36 +39,36 @@ Configuration .. cfgcmd:: set service conntrack-sync accept-protocol - Accept only certain protocols: You may want to replicate the state of flows - depending on their layer 4 protocol. + Accept only certain protocols: You may want to replicate the state of flows + depending on their layer 4 protocol. - Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. + Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. .. cfgcmd:: set service conntrack-sync event-listen-queue-size <size> - The daemon doubles the size of the netlink event socket buffer size if it - detects netlink event message dropping. This clause sets the maximum buffer - size growth that can be reached. + The daemon doubles the size of the netlink event socket buffer size if it + detects netlink event message dropping. This clause sets the maximum buffer + size growth that can be reached. - Queue size for listening to local conntrack events in MB. + Queue size for listening to local conntrack events in MB. .. cfgcmd:: set service conntrack-sync expect-sync <all|ftp|h323|nfs|sip|sqlnet> - Protocol for which expect entries need to be synchronized. + Protocol for which expect entries need to be synchronized. .. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group <group> - Failover mechanism to use for conntrack-sync. + Failover mechanism to use for conntrack-sync. - Only VRRP is supported. Required option. + Only VRRP is supported. Required option. .. cfgcmd:: set service conntrack-sync ignore-address <x.x.x.x> - IP addresses or networks for which local conntrack entries will not be synced + IP addresses or networks for which local conntrack entries will not be synced .. cfgcmd:: set service conntrack-sync interface <name> - Interface to use for syncing conntrack entries. + Interface to use for syncing conntrack entries. .. cfgcmd:: set service conntrack-sync interface <name> port <port> @@ -80,24 +80,29 @@ Configuration .. cfgcmd:: set service conntrack-sync mcast-group <x.x.x.x> - Multicast group to use for syncing conntrack entries. + Multicast group to use for syncing conntrack entries. - Defaults to 225.0.0.50. + Defaults to 225.0.0.50. .. cfgcmd:: set service conntrack-sync interface <name> peer <address> - Peer to send unicast UDP conntrack sync entires to, if not using Multicast - configuration from above above. + Peer to send unicast UDP conntrack sync entires to, if not using Multicast + configuration from above above. .. cfgcmd:: set service conntrack-sync sync-queue-size <size> - Queue size for syncing conntrack entries in MB. + Queue size for syncing conntrack entries in MB. .. cfgcmd:: set service conntrack-sync disable-external-cache This diable the external cache and directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. +.. cfgcmd:: set service conntrack-sync startup-resync + + Order conntrackd to request a complete conntrack table resync against + the other node at startup. + ********* Operation ********* @@ -122,7 +127,7 @@ Operation 1006239392 10.35.101.221 172.31.120.21 icmp [1] 29 .. note:: - + If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. :cfgcmd:`set firewall state-policy established action accept` |