From be51e864e7559a71885d5bc7900df3b991366999 Mon Sep 17 00:00:00 2001 From: Tim Harman Date: Wed, 4 Nov 2020 16:42:00 +1300 Subject: Update conntrack.rst to document Unicast sync Make it clear that it's possible to use the "peer" statement after the interface command, to enable UDP mode instead of Multicast mode. --- docs/services/conntrack.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/services/conntrack.rst b/docs/services/conntrack.rst index 90f062e8..c361d293 100644 --- a/docs/services/conntrack.rst +++ b/docs/services/conntrack.rst @@ -26,6 +26,12 @@ tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented. +It is possible to use either Multicast or Unicast to sync conntrack traffic. +Most examples below show Multicast, but unicast can be specified by using the +"peer" keywork after the specificed interface, as in the following example: + +set service conntrack-sync interface eth0 peer 192.168.0.250 + Configuration ^^^^^^^^^^^^^ @@ -51,9 +57,12 @@ Configuration # Interface to use for syncing conntrack entries [REQUIRED] set service conntrack-sync interface - + # Multicast group to use for syncing conntrack entries set service conntrack-sync mcast-group + + # Peer to send Unicast UDP conntrack sync entires to, if not using Multicast above + set service conntrack-sync interface peer # Queue size for syncing conntrack entries (in MB) set service conntrack-sync sync-queue-size -- cgit v1.2.3