summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-11-04 18:08:43 +0100
committerGitHub <noreply@github.com>2020-11-04 18:08:43 +0100
commit7c6070360cb8e002ae6e587d00cd3894e0f9c8f8 (patch)
tree36f582d9fddca33eff8cb099dc43c2a65c22e080 /docs
parent168247e76ad1b03e4d1dab2631ee970afeb74549 (diff)
parentbe51e864e7559a71885d5bc7900df3b991366999 (diff)
downloadvyos-documentation-7c6070360cb8e002ae6e587d00cd3894e0f9c8f8.tar.gz
vyos-documentation-7c6070360cb8e002ae6e587d00cd3894e0f9c8f8.zip
Merge pull request #362 from tjharman/patch-1
Update conntrack.rst to document Unicast sync
Diffstat (limited to 'docs')
-rw-r--r--docs/services/conntrack.rst11
1 files changed, 10 insertions, 1 deletions
diff --git a/docs/services/conntrack.rst b/docs/services/conntrack.rst
index 90f062e8..c361d293 100644
--- a/docs/services/conntrack.rst
+++ b/docs/services/conntrack.rst
@@ -26,6 +26,12 @@ tunnels it can be their tunnel ID, but otherwise is just zero, as if it were
not part of the tuple. To be able to inspect the TCP port in all cases, packets
will be mandatorily defragmented.
+It is possible to use either Multicast or Unicast to sync conntrack traffic.
+Most examples below show Multicast, but unicast can be specified by using the
+"peer" keywork after the specificed interface, as in the following example:
+
+set service conntrack-sync interface eth0 peer 192.168.0.250
+
Configuration
^^^^^^^^^^^^^
@@ -51,9 +57,12 @@ Configuration
# Interface to use for syncing conntrack entries [REQUIRED]
set service conntrack-sync interface <ifname>
-
+
# Multicast group to use for syncing conntrack entries
set service conntrack-sync mcast-group <x.x.x.x>
+
+ # Peer to send Unicast UDP conntrack sync entires to, if not using Multicast above
+ set service conntrack-sync interface <ifname> peer <remote IP of peer>
# Queue size for syncing conntrack entries (in MB)
set service conntrack-sync sync-queue-size <size>