i think yes, now we will show frr logs for unhandled exceptions and normal short messages for others e.g. route-reflector-client only supported for iBGP peers
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 10 2024
I gave it a go due to similarities between this and https://vyos.dev/T6123.
Apr 9 2024
Started on a PR: https://github.com/vyos/vyos-1x/pull/3288
My specific use case is a container that requires --sysctl=net.ipv4.conf.all.forwarding=1
Mark it as resolved, reopen the task if required.
Was it fixed?
@MattK Could you re-check and close it?
@tjh Any updates?
By the way there is a new option
vyos@r4# set service conntrack-sync disable-syslog [edit] vyos@r4#
https://conntrack-tools.netfilter.org/manual.html#sync-aa
conntrackd allows you to deploy an symmetric Active-Active setup based on a static approach. For example, assume that you have two virtual IPs, vIP1 and vIP2, and two firewall replicas, FW1 and FW2. You can give the virtual vIP1 to the firewall FW1 and the vIP2 to the FW2.
@trae32566 Can you provide the next output?
sudo conntrackd -C /run/conntrackd/conntrackd.conf -s && echo "conntrack_count: " && sudo conntrack -C sudo conntrackd -C /run/conntrackd/conntrackd.conf -s network sudo conntrackd -C /run/conntrackd/conntrackd.conf -s cache sudo conntrackd -C /run/conntrackd/conntrackd.conf -s runtime sudo conntrackd -C /run/conntrackd/conntrackd.conf -s link sudo conntrackd -C /run/conntrackd/conntrackd.conf -s queue
PR https://github.com/vyos/vyos-1x/pull/3280
vyos@r15-left:~$ show conntrack statistics CPU Found Invalid Insert Insert fail Drop Early drop Errors Search restart ----- ------- --------- -------- ------------- ------ ------------ -------- ---------------- -- -- 0 0 280 0 1 1 0 1 0 2 0 1 0 73 0 0 0 0 126 0 1 0 vyos@r15-left:~$
Apr 8 2024
In T6099#182627, @Viacheslav wrote:@Giggum Can you check it in 1.5?
Yeah sure thing I can do that. Will I be able to roll back from the latest 1.5 to the version of 1.4 rolling I’m on after testing is complete or will the config mess up?
Rechecked - The issue exists.
After deleting and adding the firewall, it looks good
So, for some reason, the rule 10 and default action accept were applied 2 times to the firewall
chain VYOS_FORWARD_filter { type filter hook forward priority filter; policy accept; counter packets 928376 bytes 1800341472 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-10" counter packets 928376 bytes 1800341472 accept comment "FWD-filter default-action accept" counter packets 0 bytes 0 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-10" ct state { established, related } counter packets 0 bytes 0 flow add @VYOS_FLOWTABLE_FLOWTABLE comment "ipv4-FWD-filter-20" counter packets 0 bytes 0 accept comment "FWD-filter default-action accept" }
probably related task T5660
Apr 7 2024
@Daya @trae32566 Any updates?