Page MenuHomeVyOS Platform
Create Task
Maniphest T1244

Add support for StartupResync in conntrack-sync
Closed, ResolvedPublic
Actions

Description

As seen in https://manpages.debian.org/testing/conntrackd/conntrackd.conf.5.en.html (conntrackd version 1:1.4.5-1)

StartupResync <on|off>

Order conntrackd to request a complete conntrack table resync against the other node at startup. A single request will be made.
This is useful to get in sync with another node which has been running while we were down.
Example: StartupResync on
By default, this clause is set off.

(The command-line "-n" does the same if we want to trigger it on some events: https://manpages.debian.org/stretch/conntrackd/conntrackd.8.en.html -- that could be a RFE as well to be put as a command-line)

The use-cases are for rolling upgrade/restarts of firewalls in VRRP configuration:

Worst-Case:
1- You have a long-lived TCP connection going thru the firewall.
2- You restart the VRRP BACKUP appliance, all is well. It goes back online and does not learn all the previous connections.
3- You restart the VRRP MASTER appliance, long-living pre-maintenance TCP connections do break.

Or Best-Case:
1- You have a long-lived TCP connection going thru the firewall.
2- You restart the VRRP MASTER appliance, all is well as the BACKUP has your connection state. It goes back online, becomes BACKUP and does not learn all the previous connections.
3- You restart the VRRP (BACKUP but now) new MASTER appliance, all is well as the BACKUP has your connection state.
4- In any event the VRRP state flips (backup now master, master now backup), long-living TCP connections do break.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Event Timeline

malaiwah created this task.Feb 12 2019, 6:16 PM
malaiwah triaged this task as Wishlist priority.
malaiwah created this object in space S1 VyOS Public.

Found the wishlist priority.

malaiwah added a comment.Feb 12 2019, 6:20 PM

dpkg -l | grep conntrackd

ii conntrackd 1:1.4.2-2+vyos2+current1 amd64 Connection tracking daemon

The version used in VyOS 1.2.0 is unfortunate enough to not have a recent enough version available to support this option.

lsb_release -a

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.11 (jessie)
Release: 8.11
Codename: jessie

syncer assigned this task to hagbard.Feb 12 2019, 6:22 PM
hagbard removed hagbard as the assignee of this task.Nov 14 2020, 3:14 PM
hagbard subscribed.
dmbaturin added a project: VyOS 1.3 Equuleus.May 29 2021, 7:02 AM
dmbaturin set Is it a breaking change? to Unspecified (possibly destroys the router).
dmbaturin added a project: VyOS 1.4 Sagitta.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:05 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:44 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:31 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:38 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:18 AM
natali-rs1985 claimed this task.Mar 13 2024, 9:21 AM
natali-rs1985 set Issue type to Unspecified (please specify).
natali-rs1985 changed Issue type from Unspecified (please specify) to Feature (new functionality).Mar 13 2024, 1:08 PM
natali-rs1985 changed the task status from Open to In progress.Apr 5 2024, 10:47 AM
c-po edited projects, added VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.4 Sagitta.Apr 6 2024, 9:13 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.7) board.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.
pasik subscribed.Apr 6 2024, 9:43 AM
Viacheslav closed this task as Resolved.Apr 7 2024, 3:15 PM
dmbaturin renamed this task from Support for StartupResync in conntrackd to Add support for StartupResync in conntrack-sync.May 10 2024, 7:42 PM
dmbaturin removed a project: VyOS 1.5 Circinus.
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.May 11 2024, 5:56 PM
dmbaturin changed Issue type from Feature (new functionality) to Improvement (missing useful functionality).