Page MenuHomeVyOS Platform
Create Task
Maniphest T3076

Router reboot adds unwanted 'conntrack-sync mcast-group '225.0.0.50'' line to configuration
Closed, ResolvedPublicBUG
Actions

Description

I use conntrack-sync at home between my two Vyos routers, this gives great failover and all my sessions just keep working. I love it, it's a great Vyos feature.

I recently realised however that the multicast traffic it uses was also forwarding onto my Wireless APs creating a lot of unnecessary multicast traffic. So I moved to using the Unicast (UDP) conntrack-sync feature, which works just as well.

The problem is, if I reboot my router, the mcast config re-appears in the configuration.

Example:

tim@ferrari-backup:~$ show configuration commands | match mcast
tim@ferrari-backup:~$ reboot
Are you sure you want to reboot this system? [y/N] y
Connection to ferrari-sec.muppetz.com closed by remote host.
Connection to ferrari-sec.muppetz.com closed.
{13:08}~ ➭ fb
Welcome to VyOS

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Nov 20 13:07:11 2020 from radio.muppetz.com
tim@ferrari-backup:~$ show configuration commands | match mcast
set service conntrack-sync mcast-group '225.0.0.50'

You can see that after the reboot, the mcast-group command has re-appeared in the config.

The whole conntrack-sync config now looks like:

tim@ferrari-backup:~$ show configuration commands | match conntrack-sync
set service conntrack-sync accept-protocol 'tcp,udp,icmp'
set service conntrack-sync disable-external-cache
set service conntrack-sync event-listen-queue-size '8'
set service conntrack-sync expect-sync 'all'
set service conntrack-sync failover-mechanism vrrp sync-group 'failover-group'
set service conntrack-sync interface eth1 peer '192.168.0.250'
set service conntrack-sync mcast-group '225.0.0.50'
set service conntrack-sync sync-queue-size '8'

Conntrack sync is still using the UDP peer:

tim@ferrari-backup:~$ show conntrack-sync statistics

<snip snip>

UDP traffic (active device=eth1):
               57392 Bytes sent              3981432 Bytes recv
                1359 Pckts sent                49281 Pckts recv
                   0 Error send                    0 Error recv

so it appears that the bug is mostly cosmetic.

However, I don't think rebooting the router should cause additional lines of configuration to be added to the router.

Thanks!

Details

Version
1.2.6-S1
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

tjh created this task.Nov 20 2020, 12:20 AM
pasik subscribed.Nov 20 2020, 7:47 AM
Viacheslav subscribed.May 13 2021, 10:48 PM

Default value https://github.com/vyos/vyatta-conntrack-sync/blob/7a8827e0d72cf771b0551915d738abe4838c0915/templates-cfg/service/conntrack-sync/mcast-group/node.def#L2

Viacheslav edited projects, added VyOS 1.2 Crux (VyOS 1.2.8), VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.Jun 28 2021, 4:05 PM
Viacheslav added a subtask: T3045: Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP).Jun 28 2021, 4:45 PM
Viacheslav added a comment.Jun 28 2021, 5:46 PM

For 1.2.7 it adds unexpected multicast group per "save"
Configs for reproduce:

vrrp_sync_left.txt1 KBDownload

vrrp_sync_right.txt1 KBDownload

vyos@r-left# run show conf com | match -sync
set service conntrack-sync accept-protocol 'tcp,udp,icmp'
set service conntrack-sync event-listen-queue-size '8'
set service conntrack-sync failover-mechanism vrrp sync-group 'SGR'
set service conntrack-sync interface eth2 peer '10.0.0.2'
[edit]
vyos@r-left# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@r-left# sudo cat /config/config.boot | commands | match -sync
set service conntrack-sync accept-protocol 'tcp,udp,icmp'
set service conntrack-sync event-listen-queue-size '8'
set service conntrack-sync failover-mechanism vrrp sync-group 'SGR'
set service conntrack-sync interface eth2 peer '10.0.0.2'
set service conntrack-sync mcast-group '225.0.0.50'   <== was added after save
set service conntrack-sync sync-queue-size '1'        <== was added after save
[edit]
vyos@r-left#
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Jul 2 2021, 5:35 PM
Viacheslav added a comment.EditedJul 2 2021, 5:37 PM

Fixed for 1.3 in commit https://github.com/vyos/vyos-1x/commit/21527ef4551613fe9b7eed9e4b2ce33ad46fe540 and T3535

Viacheslav added a comment.Jul 5 2021, 10:48 AM

@tjh If you have a test lab, can you check conntrack-sync in the latest 1.3?

syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.9); removed VyOS 1.2 Crux (VyOS 1.2.8).Jul 19 2021, 8:51 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 12:14 PM
erkin removed a subscriber: Global Notifications.
syncer closed this task as Resolved.Oct 17 2021, 12:18 PM
syncer claimed this task.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed VyOS 1.2 Crux (VyOS 1.2.9), VyOS 1.3 Equuleus.
syncer closed subtask T3045: Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP) as Unknown Status.Oct 17 2021, 12:22 PM
Viacheslav changed the status of subtask T3045: Changes to Conntrack-Sync don't apply correctly (Mutlicast->UDP) from Unknown Status to Resolved.Jul 13 2023, 8:25 AM