From 270fbd5ea1f17f8d987b684b7f392b869d6540aa Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 15 May 2021 10:32:32 +0200 Subject: conntrack-sync: adjust to latest CLI changes --- docs/configuration/service/conntrack-sync.rst | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) (limited to 'docs/configuration/service') diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index 3c9f08e4..1d240f48 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -28,7 +28,7 @@ will be mandatorily defragmented. It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the -"peer" keywork after the specificed interface, as in the following example: +"peer" keywork after the specificed interface, as in the following example: set service conntrack-sync interface eth0 peer 192.168.0.250 @@ -53,14 +53,14 @@ Configuration set service conntrack-sync vrrp sync-group <1-255> # IP addresses for which local conntrack entries will not be synced - set service conntrack-sync ignore-address ipv4 + set service conntrack-sync ignore-address # Interface to use for syncing conntrack entries [REQUIRED] set service conntrack-sync interface - + # Multicast group to use for syncing conntrack entries set service conntrack-sync mcast-group - + # Peer to send Unicast UDP conntrack sync entires to, if not using Multicast above set service conntrack-sync interface peer @@ -112,22 +112,17 @@ Now configure conntrack-sync service on ``router1`` **and** ``router2`` .. code-block:: none - set service conntrack-sync accept-protocol 'tcp,udp,icmp' + set high-availablilty vrrp group internal virtual-address ... etc ... + set high-availability vrrp sync-group syncgrp member 'internal' + set service conntrack-sync accept-protocol 'tcp' + set service conntrack-sync accept-protocol 'udp' + set service conntrack-sync accept-protocol 'icmp' set service conntrack-sync event-listen-queue-size '8' - set service conntrack-sync failover-mechanism cluster group 'GROUP' + set service conntrack-sync failover-mechanism vrrp sync-group 'syncgrp' set service conntrack-sync interface 'eth0' set service conntrack-sync mcast-group '225.0.0.50' set service conntrack-sync sync-queue-size '8' -If you are using VRRP, you need to define a VRRP sync-group, and use -``vrrp sync-group`` instead of ``cluster group``. - -.. code-block:: none - - set high-availablilty vrrp group internal virtual-address ... etc ... - set high-availability vrrp sync-group syncgrp member 'internal' - set service conntrack-sync failover-mechanism vrrp sync-group 'syncgrp' - On the active router, you should have information in the internal-cache of conntrack-sync. The same current active connections number should be shown in -- cgit v1.2.3