Ask Your Question

Juniper Contrail Host IP displayed in tracepath

asked 2016-10-03 01:49:44 -0600

Bipin gravatar image

Hi All,

We are having an environment where MOS8 deployed with Juniper Contrail 3 as SDN. 3 Controllers, and 100 Compute nodes. 3 Contrail controllers. When we tracepath from a Virtual machine to its Gateway IP, surprisingly the host IP is displayed as first hope. Technically its right, compute hosts are the GW for virtual machines using linux kernel routing moduel (vRouter forwarding plane).

Our question here, is this a security risk ? Because one who know the Compute host IP address, can make a L2 attack on the IP address and bring the interface of this host Down.

root@testing-gw-traffic:~# tracepath
 1?: [LOCALHOST]                                         pmtu 1500
 1:                                         0.648ms 
 1:                                         0.647ms 
 2:  no reply
 3:  no reply
 4:  no reply

In the above is GW for the subnet and is the Compute host IP Address.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-10-04 07:18:13 -0600

VSR gravatar image

updated 2016-10-04 07:18:40 -0600

I am expecting that the private address on the Compute, In that case this network is isolated between the computes, controllers and the Gateway, there should not be much of an issue knowing that IP address. -VJ

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-10-03 01:49:44 -0600

Seen: 79 times

Last updated: Oct 04 '16