安全连接网关:桥接网络 MTU 更改后升级失败

Summary: 在 docker 桥接网络上更改 MTU 后,升级后用户界面将不可用。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

由于网络限制,sae-srs-bridge 的 MTU 会根据安全连接网关虚拟版本(虚拟设备/SCG-VE)进行更改:由于互联网提供商不允许默认 MTU 大小连接到 Dell Enterprise 服务器,因此无法注册安全连接网关

执行版本更新后,安全连接网关的用户界面不可用: 
docker container ls -all
它仅报告 saede-app 容器: 
# docker container ls --all
CONTAINER ID   IMAGE        COMMAND                  CREATED         STATUS          PORTS                                                                          NAMES
0f6a3732c9ef   sae:latest   "/usr/lib/systemd/sy…"   15 months ago   Up 48 seconds   0.0.0.0:162->162/tcp, 0.0.0.0:5700-5704->5700-5704/tcp, 0.0.0.0:162->162/udp   saede-app
  
srs.docker.service
它显示以下内容: 
# journalctl -u srs.docker.service
-- Logs begin at Wed 2024-01-31 15:46:57 UTC, end at Wed 2024-01-31 15:53:37 UTC. --
Jan 31 15:50:24 e2ecntscgvmwlab01 systemd[1]: Starting SRS Container Service...
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3615]: The Compose file './cfg.yml' is invalid because:
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3615]: networks.main_net.ipam.config.subnet is invalid: should use the CIDR format
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3632]: The Compose file './cfg.yml' is invalid because:
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3632]: networks.main_net.ipam.config.subnet is invalid: should use the CIDR format
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3636]: Network "sae-srs-bridge" needs to be recreated - option "com.docker.network.driver.mtu" has changed
Jan 31 15:50:26 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Main process exited, code=exited, status=1/FAILURE
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Start-post operation timed out. Stopping.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: Failed to start SRS Container Service.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Unit entered failed state.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Failed with result 'timeout'.

Cause

sae-srs-bridge 在更新期间重新创建,MTU 恢复为原始值 (1500),以前连接的容器拒绝开机。

Resolution

  1. 恢复到升级之前的快照,可以在 MTU 更改之后进行。
  2. 请仅下载升级,请勿安装。
  3. 运行以下命令: 
    1. zypper refresh

    2. zypper --non-interactive up container-orchestration
  4. 修改以下文件,插入突出显示的行,确保 MTU 与当前使用的 MTU 匹配。 
    # vi /opt/esrsve/container-orchestration/cfg.yml
    networks:
    main_net:
        name: sae-srs-bridge
        driver: bridge
        driver_opts:
            com.docker.network.bridge.name: sae-srs-bridge
            com.docker.network.driver.mtu: 1454
        enable_ipv6: true
        ipam:
            driver: default
            config:
                - subnet: ${BridgeSubnet}
                - subnet: fd00:d311:e3c:5c6::/64
  5. 启动 saede-app 容器 
    docker start saede-app
  6. 等待用户界面恢复(5-10 分钟)并执行升级。
     

Affected Products

Secure Connect Gateway - Virtual Edition
Article Properties
Article Number: 000221680
Article Type: Solution
Last Modified: 23 Apr 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.