安全連線閘道:橋接網路 MTU 變更後升級失敗

Summary: 在 docker 橋接網路上進行 MTU 變更後,升級後將無法使用使用者介面。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

由於網路限制,每個安全連線閘道虛擬版本 (Virtual Appliance/SCG-VE) 的 sae-srs-bridge 的 MTU 已變更:由於網際網路提供商不允許預設 MTU 大小連線至 Dell Enterprise 伺服器,因此無法註冊安全連線閘道

執行版本更新後,安全連線閘道的使用者介面無法使用: 
docker container ls -all
它只報告 saede-app 容器: 
# docker container ls --all
CONTAINER ID   IMAGE        COMMAND                  CREATED         STATUS          PORTS                                                                          NAMES
0f6a3732c9ef   sae:latest   "/usr/lib/systemd/sy…"   15 months ago   Up 48 seconds   0.0.0.0:162->162/tcp, 0.0.0.0:5700-5704->5700-5704/tcp, 0.0.0.0:162->162/udp   saede-app
  
srs.docker.service
它顯示以下內容: 
# journalctl -u srs.docker.service
-- Logs begin at Wed 2024-01-31 15:46:57 UTC, end at Wed 2024-01-31 15:53:37 UTC. --
Jan 31 15:50:24 e2ecntscgvmwlab01 systemd[1]: Starting SRS Container Service...
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3615]: The Compose file './cfg.yml' is invalid because:
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3615]: networks.main_net.ipam.config.subnet is invalid: should use the CIDR format
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3632]: The Compose file './cfg.yml' is invalid because:
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3632]: networks.main_net.ipam.config.subnet is invalid: should use the CIDR format
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3636]: Network "sae-srs-bridge" needs to be recreated - option "com.docker.network.driver.mtu" has changed
Jan 31 15:50:26 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Main process exited, code=exited, status=1/FAILURE
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Start-post operation timed out. Stopping.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: Failed to start SRS Container Service.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Unit entered failed state.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Failed with result 'timeout'.

Cause

sae-srs-bridge 會在更新期間重新建立,MTU 會還原為原始值 (1500),先前連接的容器會拒絕開啟電源。

Resolution

  1. 可在 MTU 變更之後,還原至升級前的快照。
  2. 僅下載升級,請勿安裝。
  3. 執行下列命令: 
    1. zypper refresh

    2. zypper --non-interactive up container-orchestration
  4. 修改以下檔案,插入反白顯示的行,確定 MTU 與目前使用的行相符。 
    # vi /opt/esrsve/container-orchestration/cfg.yml
    networks:
    main_net:
        name: sae-srs-bridge
        driver: bridge
        driver_opts:
            com.docker.network.bridge.name: sae-srs-bridge
            com.docker.network.driver.mtu: 1454
        enable_ipv6: true
        ipam:
            driver: default
            config:
                - subnet: ${BridgeSubnet}
                - subnet: fd00:d311:e3c:5c6::/64
  5. 啟動 saede-app 容器 
    docker start saede-app
  6. 等待使用者介面復原 (5-10 分鐘),然後執行升級。
     

Affected Products

Secure Connect Gateway - Virtual Edition
Article Properties
Article Number: 000221680
Article Type: Solution
Last Modified: 23 Apr 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.