Re: Conntrackd issue with bonding

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero <aborrero@cica.es>
Cc: netfilter@vger.kernel.org
Subject: Re: Conntrackd issue with bonding
Date: Fri, 10 Aug 2012 11:19:27 +0200	[thread overview]
Message-ID: <20120810091927.GB1729@1984> (raw)
In-Reply-To: <5024B38E.1060200@cica.es>

On Fri, Aug 10, 2012 at 09:09:02AM +0200, Arturo Borrero wrote:
> Hi there!
> 
> It's seem that there is a issue with Conntrackd using a bonding as
> dedicated interface.
> 
> The log:
> 
> [Thu Aug  9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode --
> [Thu Aug  9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
> [Thu Aug  9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
> [Thu Aug  9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
> [Thu Aug  9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ----
> 
> 
> Or maybe i'm missing something important in the configuration:
> 
> /etc/conntrackd/conntrackd.conf
> 
> Sync {
>         Mode ALARM {
>                 RefreshTime 15
>                 CacheTimeout 180
>         }
>         Multicast {
>                 IPv4_address 225.0.0.50
>                 Group 3780
>                 IPv4_interface 172.16.0.1
>                 Interface bond2
>                 SndSocketBuffer 1249280
>                 RcvSocketBuffer 1249280
>                 Checksum on
>         }
> }
> General {
>     HashSize 8192
>     HashLimit 65535
>     LogFile on
>     Syslog on
>     LockFile /var/lock/conntrackd.lock
>     UNIX {
>         Path /var/run/conntrackd.sock
>         Backlog 20
>     }
>     SocketBufferSize 262142
>     SocketBufferSizeMaxGrown 655355
>     Filter {
>         Protocol Accept {
>             TCP
>         }
>         Address Ignore
>         {
>             IPv4_address 127.0.0.1 # loopback
>             IPv4_address 172.16.0.1 # cluster link
>             IPv4_address 172.16.0.2 # cluster link
>             IPv4_address xx.40
>             IPv4_address xx.41
>             IPv6_address xx::40
>             IPv6_address xx::41
>             IPv6_address xx::41
>         }
>     }
> }
> 
> Bond2 is up and running:
> 
> bond2     Link encap:Ethernet  HWaddr 00:xx:xx:57:b8:xx
>           inet addr:172.16.0.1  Bcast:172.16.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::215:xx::/64 Scope:Link
>           UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
>           RX packets:7405527 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:3935915 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:7812500663 (7.2 GiB)  TX bytes:651422232 (621.2 MiB)
> 
> 
> Any idea?

Somoething is wrong with the link state checking.

Please, get a working copy of libnfnetlink:

git clone git://git.netfilter.org/libnfnetlink
autoreconf -fi
./configure --prefix=/usr
make
make check

[no need to make install]

Then go to utils/ directory, run ./iftest and get back to the list to
report what it says.

> I'm using this version (Debian amd64)

You didn't mention kernel version, I guess it is standalone Linux
kernel in Debian? (2.6.32). Using a recent Linux kernel version of the
3.x branch is really recommended to run conntrackd.

> :~$ conntrackd -v
> Connection tracking userspace daemon v1.2.1. Licensed under GPLv2.

BTW, it's a good idea if you upgrade to 1.2.2. There was a bug in the
commit operation that is resolved in lastest version.

next prev parent reply	other threads:[~2012-08-10  9:19 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-10  7:09 Conntrackd issue with bonding Arturo Borrero
2012-08-10  9:19 ` Pablo Neira Ayuso [this message]
2012-08-10 10:02   ` Arturo Borrero
2012-08-12 19:05     ` Pablo Neira Ayuso
2012-08-13  7:14       ` Arturo Borrero
2012-08-13  9:46         ` Pablo Neira Ayuso
2012-08-13 10:35           ` Jan Engelhardt
2012-08-13 18:01             ` Pablo Neira Ayuso
2012-08-14  7:54               ` Arturo Borrero
2012-08-13 12:00           ` Arturo Borrero

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120810091927.GB1729@1984 \
    --to=pablo@netfilter.org \
    --cc=aborrero@cica.es \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).