Connection TrackingΒΆ

The maximum number of connection tracking objects (used for IP filtering) is limited.

To change this limit, do:

vsr running config# system
vsr running system# network-stack
vsr running network-stack# conntrack
vsr running conntrack# max-entries 1000000
vsr running conntrack# commit

Warning

If the fast path is running, a similar change is required in fast path limits configuration.

To customize conntrack TCP/UDP timeouts:

vsr running config# system
vsr running system# network-stack
vsr running network-stack# conntrack
vsr running conntrack# tcp-timeout-close 20
vsr running conntrack# tcp-timeout-close-wait 70
vsr running conntrack# tcp-timeout-established 500000
vsr running conntrack# tcp-timeout-fin-wait 130
vsr running conntrack# tcp-timeout-last-ack 40
vsr running conntrack# tcp-timeout-max-retrans 400
vsr running conntrack# tcp-timeout-syn-recv 70
vsr running conntrack# tcp-timeout-syn-sent 130
vsr running conntrack# tcp-timeout-time-wait 130
vsr running conntrack# tcp-timeout-unacknowledged 400
vsr running conntrack# udp-timeout 40
vsr running conntrack# udp-timeout-stream 190
vsr running conntrack# commit

To display the conntrack state:

vsr> show state / system network-stack conntrack
conntrack
    max-entries 1000000
    tcp-timeout-close 20
    tcp-timeout-close-wait 70
    tcp-timeout-established 500000
    tcp-timeout-fin-wait 130
    tcp-timeout-last-ack 40
    tcp-timeout-max-retrans 400
    tcp-timeout-syn-recv 70
    tcp-timeout-syn-sent 130
    tcp-timeout-time-wait 130
    tcp-timeout-unacknowledged 400
    udp-timeout 40
    udp-timeout-stream 190
    ..

The same configuration can be made using this NETCONF XML configuration:

vsr running conntrack# show config xml absolute
<config xmlns="urn:6wind:vrouter">
  <system xmlns="urn:6wind:vrouter/system">
    <network-stack>
      <conntrack>
        <max-entries>1000000</max-entries>
        <tcp-timeout-close>20</tcp-timeout-close>
        <tcp-timeout-close-wait>70</tcp-timeout-close-wait>
        <tcp-timeout-fin-wait>130</tcp-timeout-fin-wait>
        <tcp-timeout-last-ack>40</tcp-timeout-last-ack>
        <tcp-timeout-max-retrans>400</tcp-timeout-max-retrans>
        <tcp-timeout-syn-recv>70</tcp-timeout-syn-recv>
        <tcp-timeout-syn-sent>130</tcp-timeout-syn-sent>
        <tcp-timeout-time-wait>130</tcp-timeout-time-wait>
        <tcp-timeout-unacknowledged>400</tcp-timeout-unacknowledged>
        <udp-timeout>40</udp-timeout>
        <udp-timeout-stream>190</udp-timeout-stream>
      </conntrack>
    </network-stack>
  </system>
</config>