summaryrefslogtreecommitdiff
path: root/docs/configuration/service
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-05-15 10:32:32 +0200
committerChristian Poessinger <christian@poessinger.com>2021-05-15 10:32:32 +0200
commit270fbd5ea1f17f8d987b684b7f392b869d6540aa (patch)
tree3303d296c5ce67a9d5f69822d9c18b3f76ad78af /docs/configuration/service
parent9be325f7370d955f252f3ea46a4c5689e6dc7017 (diff)
downloadvyos-documentation-270fbd5ea1f17f8d987b684b7f392b869d6540aa.tar.gz
vyos-documentation-270fbd5ea1f17f8d987b684b7f392b869d6540aa.zip
conntrack-sync: adjust to latest CLI changes
Diffstat (limited to 'docs/configuration/service')
-rw-r--r--docs/configuration/service/conntrack-sync.rst25
1 files changed, 10 insertions, 15 deletions
diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst
index 3c9f08e4..1d240f48 100644
--- a/docs/configuration/service/conntrack-sync.rst
+++ b/docs/configuration/service/conntrack-sync.rst
@@ -28,7 +28,7 @@ will be mandatorily defragmented.
It is possible to use either Multicast or Unicast to sync conntrack traffic.
Most examples below show Multicast, but unicast can be specified by using the
-"peer" keywork after the specificed interface, as in the following example:
+"peer" keywork after the specificed interface, as in the following example:
set service conntrack-sync interface eth0 peer 192.168.0.250
@@ -53,14 +53,14 @@ Configuration
set service conntrack-sync vrrp sync-group <1-255>
# IP addresses for which local conntrack entries will not be synced
- set service conntrack-sync ignore-address ipv4 <x.x.x.x>
+ set service conntrack-sync ignore-address <x.x.x.x>
# Interface to use for syncing conntrack entries [REQUIRED]
set service conntrack-sync interface <ifname>
-
+
# Multicast group to use for syncing conntrack entries
set service conntrack-sync mcast-group <x.x.x.x>
-
+
# Peer to send Unicast UDP conntrack sync entires to, if not using Multicast above
set service conntrack-sync interface <ifname> peer <remote IP of peer>
@@ -112,22 +112,17 @@ Now configure conntrack-sync service on ``router1`` **and** ``router2``
.. code-block:: none
- set service conntrack-sync accept-protocol 'tcp,udp,icmp'
+ set high-availablilty vrrp group internal virtual-address ... etc ...
+ set high-availability vrrp sync-group syncgrp member 'internal'
+ set service conntrack-sync accept-protocol 'tcp'
+ set service conntrack-sync accept-protocol 'udp'
+ set service conntrack-sync accept-protocol 'icmp'
set service conntrack-sync event-listen-queue-size '8'
- set service conntrack-sync failover-mechanism cluster group 'GROUP'
+ set service conntrack-sync failover-mechanism vrrp sync-group 'syncgrp'
set service conntrack-sync interface 'eth0'
set service conntrack-sync mcast-group '225.0.0.50'
set service conntrack-sync sync-queue-size '8'
-If you are using VRRP, you need to define a VRRP sync-group, and use
-``vrrp sync-group`` instead of ``cluster group``.
-
-.. code-block:: none
-
- set high-availablilty vrrp group internal virtual-address ... etc ...
- set high-availability vrrp sync-group syncgrp member 'internal'
- set service conntrack-sync failover-mechanism vrrp sync-group 'syncgrp'
-
On the active router, you should have information in the internal-cache of
conntrack-sync. The same current active connections number should be shown in