Page MenuHomeVyOS Platform
Create Task
Maniphest T7208

Some sysctl options like nf_conntrack_buckets are diffrent between clean install and the first reboot
Open, Urgent!PublicBUG
Actions

Description

Some sysctl options like nf_conntrack_buckets are diffrent between a clean install and the first reboot of installed system
To reproduce, install a clean image, reboot the system, check the sysctl option, and reboot again.
After the reboot of loaded system, we got a different value for the net.netfilter.nf_conntrack_buckets

Before and after reboot:

vyos@vyos:~$ sysctl net.netfilter.nf_conntrack_buckets
net.netfilter.nf_conntrack_buckets = 65536
vyos@vyos:~$ 
vyos@vyos:~$ reboot now

vyos@vyos:~$ sysctl net.netfilter.nf_conntrack_buckets
net.netfilter.nf_conntrack_buckets = 32768
vyos@vyos:~$

In other cases, I saw even worse changes

# before reboot
net.netfilter.nf_conntrack_buckets = 262144

# after reboot
net.netfilter.nf_conntrack_buckets = 32768

There is no conntrack or sysctl configuration:

vyos@r14:~$ show conf com | match "sysctl|connt"
vyos@r14:~$

Details

Version
VyOS 1.5-rolling-202502280648, 1.4.1
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)
Story points
3

Event Timeline

Viacheslav created this task.Fri, Feb 28, 11:21 AM
Viacheslav triaged this task as High priority.
pasik subscribed.Fri, Feb 28, 1:43 PM
c-po raised the priority of this task from High to Urgent!.Fri, Feb 28, 1:44 PM
c-po added a project: VyOS 1.5 Circinus.
Apachez subscribed.Mon, Mar 3, 9:25 PM
c-po claimed this task.Wed, Mar 5, 10:54 AM
Fabse subscribed.Thu, Mar 6, 10:32 AM
syncer removed a project: VyOS 1.5 Circinus.Thu, Mar 6, 10:33 PM
dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.3), VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta (1.4.2).Wed, Mar 12, 5:51 PM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
Fabse added a comment.Thu, Mar 13, 7:29 AM

Hey guys. Is there any reason why this issue was changed from "possibly destroys the router" (which is true if using conntrack and rebooting the system) to => perfectly compatible?