Ask Your Question
0

Juniper Contrail Host IP displayed in tracepath

asked 2016-10-03 01:49:44 -0500

Bipin gravatar image

Hi All,

We are having an environment where MOS8 deployed with Juniper Contrail 3 as SDN. 3 Controllers, and 100 Compute nodes. 3 Contrail controllers. When we tracepath from a Virtual machine to its Gateway IP, surprisingly the host IP is displayed as first hope. Technically its right, compute hosts are the GW for virtual machines using linux kernel routing moduel (vRouter forwarding plane).

Our question here, is this a security risk ? Because one who know the Compute host IP address, can make a L2 attack on the IP address and bring the interface of this host Down.

root@testing-gw-traffic:~# tracepath 192.168.1.1
 1?: [LOCALHOST]                                         pmtu 1500
 1:  10.10.10.20                                         0.648ms 
 1:  10.10.10.20                                         0.647ms 
 2:  no reply
 3:  no reply
 4:  no reply

In the above 192.168.1.1 is GW for the subnet and 10.10.10.20 is the Compute host IP Address.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-10-04 07:18:13 -0500

VSR gravatar image

updated 2016-10-04 07:18:40 -0500

I am expecting that 10.10.10.20 the private address on the Compute, In that case this network is isolated between the computes, controllers and the Gateway, there should not be much of an issue knowing that IP address. -VJ

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-10-03 01:49:44 -0500

Seen: 61 times

Last updated: Oct 04 '16