Secure Connect Gateway: Upgrade fails after bridge network MTU change

Summary: User Interface will be unavailable after upgrading following an MTU change on the docker bridge network.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

MTU of sae-srs-bridge is changed due to network restriction, per Secure Connect Gateway Virtual Edition (Virtual Appliance/SCG-VE): Unable to register Secure Connect Gateway due to default MTU size not allowed by Internet provider to connect to the Dell Enterprise servers.

After performing version update, the User Interface of the Secure Connect Gateway is unavailable:

docker container ls -all

Reports only the saede-app container:

# docker container ls --all
CONTAINER ID   IMAGE        COMMAND                  CREATED         STATUS          PORTS                                                                          NAMES
0f6a3732c9ef   sae:latest   "/usr/lib/systemd/sy…"   15 months ago   Up 48 seconds   0.0.0.0:162->162/tcp, 0.0.0.0:5700-5704->5700-5704/tcp, 0.0.0.0:162->162/udp   saede-app

 

journalctl -u srs.docker.service

Shows the following:

# journalctl -u srs.docker.service
-- Logs begin at Wed 2024-01-31 15:46:57 UTC, end at Wed 2024-01-31 15:53:37 UTC. --
Jan 31 15:50:24 e2ecntscgvmwlab01 systemd[1]: Starting SRS Container Service...
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3615]: The Compose file './cfg.yml' is invalid because:
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3615]: networks.main_net.ipam.config.subnet is invalid: should use the CIDR format
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3632]: The Compose file './cfg.yml' is invalid because:
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3632]: networks.main_net.ipam.config.subnet is invalid: should use the CIDR format
Jan 31 15:50:25 e2ecntscgvmwlab01 docker-compose[3636]: Network "sae-srs-bridge" needs to be recreated - option "com.docker.network.driver.mtu" has changed
Jan 31 15:50:26 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Main process exited, code=exited, status=1/FAILURE
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Start-post operation timed out. Stopping.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: Failed to start SRS Container Service.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Unit entered failed state.
Jan 31 15:52:35 e2ecntscgvmwlab01 systemd[1]: srs.docker.service: Failed with result 'timeout'.

Cause

Network sae-srs-bridge is re-created during update, its MTU is reverted to the original value (1500), the previously connected containers refuse to power on.

Resolution

  1. Revert to a snapshot before the upgrade, can be before or after MTU change.
  2. Download the upgrade only, DO NOT install.
  3. Run the following command: 
    1. zypper refresh

    2. zypper --non-interactive up container-orchestration
  4. Modify the below file, insert the highlighted line, make sure the MTU matches the one currently being used. 
    # vi /opt/esrsve/container-orchestration/cfg.yml
    networks:
    main_net:
        name: sae-srs-bridge
        driver: bridge
        driver_opts:
            com.docker.network.bridge.name: sae-srs-bridge
            com.docker.network.driver.mtu: 1454
        enable_ipv6: true
        ipam:
            driver: default
            config:
                - subnet: ${BridgeSubnet}
                - subnet: fd00:d311:e3c:5c6::/64
  5. Start saede-app container 
    docker start saede-app
  6. Wait for the user interface to recover (5-10 minutes) and perform upgrade.
     

Affected Products

Secure Connect Gateway - Virtual Edition
Article Properties
Article Number: 000221680
Article Type: Solution
Last Modified: 23 Apr 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.