diff options
| author | Nataliia Solomko <natalirs1985@gmail.com> | 2024-04-05 22:15:20 +0300 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-04-07 16:26:30 +0200 |
| commit | 318c7134b26531d0a8676029381ddf0ded0966ca (patch) | |
| tree | 00edd7952a1dbf93e05ad4211d4babf99579fd8e | |
| parent | 0c86955013f27759c84e3e7bca507e4c8dcc6f88 (diff) | |
| download | vyos-documentation-318c7134b26531d0a8676029381ddf0ded0966ca.tar.gz vyos-documentation-318c7134b26531d0a8676029381ddf0ded0966ca.zip | |
conntrack-sync: T1244: Support for StartupResync in conntrackd
(cherry picked from commit 2b32a2e134ec4dcb1a574fd405147aeb9644abdb)
| -rw-r--r-- | docs/configuration/service/conntrack-sync.rst | 45 |
1 files changed, 19 insertions, 26 deletions
diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index ccaaefff..cebaa07c 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -39,36 +39,36 @@ Configuration .. cfgcmd:: set service conntrack-sync accept-protocol - Accept only certain protocols: You may want to replicate the state of flows - depending on their layer 4 protocol. + Accept only certain protocols: You may want to replicate the state of flows + depending on their layer 4 protocol. - Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. + Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp. .. cfgcmd:: set service conntrack-sync event-listen-queue-size <size> - The daemon doubles the size of the netlink event socket buffer size if it - detects netlink event message dropping. This clause sets the maximum buffer - size growth that can be reached. + The daemon doubles the size of the netlink event socket buffer size if it + detects netlink event message dropping. This clause sets the maximum buffer + size growth that can be reached. - Queue size for listening to local conntrack events in MB. + Queue size for listening to local conntrack events in MB. .. cfgcmd:: set service conntrack-sync expect-sync <all|ftp|h323|nfs|sip|sqlnet> - Protocol for which expect entries need to be synchronized. + Protocol for which expect entries need to be synchronized. .. cfgcmd:: set service conntrack-sync failover-mechanism vrrp sync-group <group> - Failover mechanism to use for conntrack-sync. + Failover mechanism to use for conntrack-sync. - Only VRRP is supported. Required option. + Only VRRP is supported. Required option. .. cfgcmd:: set service conntrack-sync ignore-address <x.x.x.x> - IP addresses or networks for which local conntrack entries will not be synced + IP addresses or networks for which local conntrack entries will not be synced .. cfgcmd:: set service conntrack-sync interface <name> - Interface to use for syncing conntrack entries. + Interface to use for syncing conntrack entries. .. cfgcmd:: set service conntrack-sync interface <name> port <port> @@ -80,36 +80,29 @@ Configuration .. cfgcmd:: set service conntrack-sync mcast-group <x.x.x.x> - Multicast group to use for syncing conntrack entries. + Multicast group to use for syncing conntrack entries. - Defaults to 225.0.0.50. + Defaults to 225.0.0.50. .. cfgcmd:: set service conntrack-sync interface <name> peer <address> - Peer to send unicast UDP conntrack sync entires to, if not using Multicast - configuration from above above. + Peer to send unicast UDP conntrack sync entires to, if not using Multicast + configuration from above above. .. cfgcmd:: set service conntrack-sync sync-queue-size <size> - Queue size for syncing conntrack entries in MB. + Queue size for syncing conntrack entries in MB. .. cfgcmd:: set service conntrack-sync disable-external-cache This diable the external cache and directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall. -<<<<<<< HEAD -======= -.. cfgcmd:: set service conntrack-sync disable-syslog - - Disable connection logging via Syslog. - -.. cfgcmd:: set service conntrack-sync enable-startup-resync +.. cfgcmd:: set service conntrack-sync startup-resync Order conntrackd to request a complete conntrack table resync against the other node at startup. ->>>>>>> f4e6d33a (conntrack-sync: T1244: Support for StartupResync in conntrackd) ********* Operation ********* @@ -134,7 +127,7 @@ Operation 1006239392 10.35.101.221 172.31.120.21 icmp [1] 29 .. note:: - + If the table is empty and you have a warning message, it means conntrack is not enabled. To enable conntrack, just create a NAT or a firewall rule. :cfgcmd:`set firewall state-policy established action accept` |