Page MenuHomeVyOS Platform
Create Task
Maniphest T1133

Confusing commit error message for non-existent VRRP sync-groups used in conntrack sync
Closed, InvalidPublic
Actions

Description

I am trining setup simple HA configuration in GNS3.

Vrrp working but i am no able to assign sync-grup for conntrack. I dont know if its bug or i am doing something wrong.

show configuration 

high-availability {
    vrrp {
        group lan {
            authentication {
                password ****************
                type plaintext-password
            }
            hello-source-address 192.168.10.253
            interface eth2
            peer-address 192.168.10.254
            priority 150
            virtual-address 192.168.10.1/24
            vrid 1
        }
        group wan {
            authentication {
                password ****************
                type plaintext-password
            }
            hello-source-address 192.168.122.20
            interface eth0
            peer-address 192.168.122.21
            priority 150
            virtual-address 192.168.122.22/24
            vrid 2
        }
    }
}
interfaces {
    ethernet eth0 {
        address 192.168.122.20/24
        duplex auto
        hw-id 0c:bd:a5:b4:2b:00
        smp-affinity auto
        speed auto
    }
    ethernet eth1 {
        address 10.0.0.5/30
        duplex auto
        hw-id 0c:bd:a5:b4:2b:01
        smp-affinity auto
        speed auto
    }
    ethernet eth2 {
        address 192.168.10.253/24
        duplex auto
        hw-id 0c:bd:a5:b4:2b:02
        smp-affinity auto
        speed auto
    }
    loopback lo {
    }
}
service {
    ssh {
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name vos01
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}
high-availability {
    vrrp {
        group lan {
            authentication {
                password ****************
                type plaintext-password
            }
            hello-source-address 192.168.10.254
            interface eth2
            peer-address 192.168.10.253
            priority 100
            virtual-address 192.168.10.1/24
            vrid 1
        }
        group wan {
            authentication {
                password ****************
                type plaintext-password
            }
            hello-source-address 192.168.122.21
            interface eth0
            peer-address 192.168.122.20
            priority 100
            virtual-address 192.168.122.22/24
            vrid 2
        }
    }
}
interfaces {
    ethernet eth0 {
        address 192.168.122.21/24
        duplex auto
        hw-id 0c:bd:a5:e8:cd:00
        smp-affinity auto
        speed auto
    }
    ethernet eth1 {
        address 10.0.0.6/30
        duplex auto
        hw-id 0c:bd:a5:e8:cd:01
        smp-affinity auto
        speed auto
    }
    ethernet eth2 {
        address 192.168.10.254/24
        duplex auto
        hw-id 0c:bd:a5:e8:cd:02
        smp-affinity auto
        speed auto
    }
    loopback lo {
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name vos02
    login {
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}

compare 

[edit service]
+conntrack-sync {
+    accept-protocol tcp,udp,icmp
+    event-listen-queue-size 8
+    failover-mechanism {
+        vrrp {
+            sync-group 2
+        }
+    }
+    interface eth1 {
+    }
+    mcast-group 225.0.0.50
+    sync-queue-size 1
+}
[edit]

commit

[ service conntrack-sync ]
conntrack-sync error: vrrp sync-group does not exist

[[service conntrack-sync]] failed
Commit failed

Details

Version
1.2.0-rc11

Event Timeline

xPakrikx created this task.Dec 21 2018, 2:20 PM
xPakrikx created this object in space S1 VyOS Public.
pasik subscribed.Dec 22 2018, 10:04 AM
xPakrikx changed Version from 1.2.0-rc11 to VyOS.Dec 27 2018, 7:29 AM
xPakrikx changed Version from VyOS to 1.2.0-rc11.
dmbaturin claimed this task.Dec 29 2018, 2:20 PM
dmbaturin added a project: VyOS-1.2.0-GA.
Merijn subscribed.Dec 30 2018, 9:31 AM

@dmbaturin I believe you forgot to create the Sync-Group. The following configuration is working, and it is really nice to see how this got created during migration from Vyos 1.1.8, and to finally have IPv6 in the VRRP configuration.

vrrp {
     group eth0-231 {
         advertise-interval 1
         interface eth0
         priority 120
         virtual-address ipv4-address
         vrid 231
     }
     group eth0-231-v6 {
         advertise-interval 1
         interface eth0
         priority 120
         virtual-address ipv6-address
         vrid 232
     }
     group eth1-231 {
         advertise-interval 1
         interface eth1
         priority 120
         virtual-address 10.0.231.1/32
         vrid 231
     }
     group eth1-231-v6 {
         advertise-interval 1
         interface eth1
         priority 120
         virtual-address fd00:10:0:231::1/64
         vrid 232
     }
     sync-group SyncGroup {
         member eth0-231
         member eth1-231
         member eth0-231-v6
         member eth1-231-v6
     }
}
service {
   conntrack-sync {
     event-listen-queue-size 8
     failover-mechanism {
         vrrp {
             sync-group SyncGroup
         }
     }
     interface eth1 {
     }
     mcast-group 225.0.0.50
     sync-queue-size 1
   }
}
dmbaturin closed this task as Invalid.Dec 31 2018, 7:25 AM

Yes, seems it's just forgotten sync-group. A sync-group is required for it to work, in the current implementation. The error message is confusing and bug-like though, as of me.

I've modified it to be more clear:

vyos@vyos-test-1# show service conntrack-sync 
+failover-mechanism {
+    vrrp {
+        sync-group Bar
+    }
+}
+interface eth1 {
+}
[edit]

vyos@vyos-test-1# commit
[ service conntrack-sync ]
conntrack-sync error: VRRP sync-group Bar is not configured

[[service conntrack-sync]] failed
Commit failed
dmbaturin renamed this task from Cannot assign sync-grup under conntrack over vrrp to Confusing commit error message for non-existent VRRP sync-groups used in conntrack sync.Dec 31 2018, 7:26 AM
xPakrikx added a comment.Dec 31 2018, 11:08 AM

Thanks, my mistake. Now it works