In T1641#125443, @Viacheslav wrote:@trae32566 Extentd conntrack table and reduce timeouts:
for example
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jun 30 2022
Jun 30 2022
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
Viacheslav added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
@trae32566 Extentd conntrack table and reduce timeouts:
for example
set system sysctl parameter net.netfilter.nf_conntrack_generic_timeout value 60 set system sysctl parameter net.netfilter.nf_conntrack_icmp_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_icmpv6_timeout value 10 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_close_wait value 20 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_established value 1800 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_fin_wait value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_recv value 30 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_syn_sent value 60 set system sysctl parameter net.netfilter.nf_conntrack_tcp_timeout_time_wait value 120 set system sysctl parameter net.netfilter.nf_conntrack_udp_timeout_stream value 60
trae32566 added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
This seems to be an issue in 1.4 as well, I have the exact same symptoms, and removing the accept-protocol fixes the issue.
Sep 10 2021
Sep 10 2021
dmbaturin removed a project from T1378: Embed Git commit ID of vyos-build repo in resulting image: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1390: Extend bgp config for bestpath as-path multipath-relax: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1454: Reading deprecated /etc/frr/daemons.conf: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1309: allow duplicate ip adresses on different interfaces: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1464: FRR: Set explicit OSPFv3 network type for specified interface: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1343: do not remove trailing zeroes from subnets in DHCP static route config: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1355: rsyslog stopped after reboot or clean start: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1345: Specify RADIUS source IP for system login command: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1379: Deprecated functions in /sbin/dhclient-script: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1400: iBGP: remote-as and router AS can't be the same value: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1387: Disabling a DHCP interface with no address displays an error: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1433: "show dhcpv6 server leases" shows leases from wrong file: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1471: Wireguard interfaces have no firewall subtree: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1419: Can't delete multiple OSPF passive-interfaces in single commit: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1475: Enable Kernel Data Center Bridging (CONFIG_DCB) support: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1516: [wireguard] config changes cause an error: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1504: DHCP-provided DNS servers are not propagated to resolv.conf: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1484: OSPF md5 key not removed in strip-private: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1357: Wrong exit code produced by dhcp-server migration script: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1370: Webproxy with ldap authentication don't start: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1461: Deleting 'firewall options' causes Python TypeError: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1371: Arguments of VRRP health check scripts are ignored: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1422: Add a utility for querying values in config files: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1453: Warning: nss-myhostname is not installed: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1446: Raid install with efi can generate some warning output.: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1477: Intel i40evf fails to load - unknown symbol: VyOS 1.3 Equuleus.
dmbaturin removed a project from T1242: Error when setting 'pppoe 0 ipv6 address autoconf': VyOS 1.3 Equuleus.
dmbaturin removed a project from T1505: vyos.config return_effective_values does not convert the output to a list: VyOS 1.3 Equuleus.
dmbaturin renamed T41: Include bgpq3 for BGP policy creation from Feature Request: Include bgpq3 for BGP policy creation to Include bgpq3 for BGP policy creation.
Sep 3 2021
Sep 3 2021
dmbaturin removed a project from T314: Unable to apply MSS Clamp with VyOS configuration: VyOS 1.3 Equuleus.
Nov 16 2019
Nov 16 2019
dmbaturin edited projects for T1509: Support for BGP replace-as option, added: VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux (VyOS 1.2.4).
Sep 8 2019
Sep 8 2019
Thanks for that, What I am suspecting is once the maximum value is reached the router is starting to drop packets, rather clearing the stale connections.
Unknown Object (User) added a comment to T1641: VRRP conntrack-sync dropping packets passing through the router.
Hello @Daya , you can set custom kernel params for nf_conntrack
set system sysctl custom net.netfilter.nf_conntrack_max value 786432 set system sysctl custom net.nf_conntrack_max value 786432
Daya renamed T1641: VRRP conntrack-sync dropping packets passing through the router from VRRP conntrack-sync dropping packet to VRRP conntrack-sync dropping packets passing through the router.
Aug 31 2019
Aug 31 2019
syncer moved T1366: Update Linux Kernel to v4.19.40 from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1371: Arguments of VRRP health check scripts are ignored from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer added a project to T1371: Arguments of VRRP health check scripts are ignored: VyOS 1.3 Equuleus.
syncer moved T1422: Add a utility for querying values in config files from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer added a project to T1422: Add a utility for querying values in config files: VyOS 1.3 Equuleus.
syncer moved T1400: iBGP: remote-as and router AS can't be the same value from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1446: Raid install with efi can generate some warning output. from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer added a project to T1446: Raid install with efi can generate some warning output.: VyOS 1.3 Equuleus.
syncer moved T1455: Update Intel i40e driver to 2.9.21 from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1010: improper pid file handling of webgui from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T1010: improper pid file handling of webgui from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1051: Update openvpn to support TLS 1.2 from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T1051: Update openvpn to support TLS 1.2 from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer edited projects for T1051: Update openvpn to support TLS 1.2, added: VyOS 1.3 Equuleus; removed VyOS-1.2.0-GA.
syncer moved T1473: Update Kernel from 4.19.52 to 4.19.54 from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1474: Update WireGuard to 0.0.20190601 from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1475: Enable Kernel Data Center Bridging (CONFIG_DCB) support from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1477: Intel i40evf fails to load - unknown symbol from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1504: DHCP-provided DNS servers are not propagated to resolv.conf from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T1504: DHCP-provided DNS servers are not propagated to resolv.conf from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer added a project to T1504: DHCP-provided DNS servers are not propagated to resolv.conf: VyOS 1.3 Equuleus.
syncer moved T1505: vyos.config return_effective_values does not convert the output to a list from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer edited projects for T1255: /usr/libexec/vyos/conf_mode/host_name.py needs to add an additional newline char, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.
syncer moved T1329: support installation on SD cards fix from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T1329: support installation on SD cards fix from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer edited projects for T1329: support installation on SD cards fix, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.
syncer moved T1355: rsyslog stopped after reboot or clean start from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1355: rsyslog stopped after reboot or clean start from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer edited projects for T1355: rsyslog stopped after reboot or clean start, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.
syncer moved T1379: Deprecated functions in /sbin/dhclient-script from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer moved T1379: Deprecated functions in /sbin/dhclient-script from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer edited projects for T1379: Deprecated functions in /sbin/dhclient-script, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.
syncer moved T1516: [wireguard] config changes cause an error from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer edited projects for T1516: [wireguard] config changes cause an error, added: VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.
syncer moved T1461: Deleting 'firewall options' causes Python TypeError from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved T1461: Deleting 'firewall options' causes Python TypeError from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.2) board.
syncer edited projects for T1461: Deleting 'firewall options' causes Python TypeError, added: VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.2); removed VyOS 1.2 Crux.