[Mainline-Build 2704]: Fat flow is created for DNS query even when there is no Fat flow config for the local port but remote port matches local Fat configured port
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Juniper Openstack |
Won't Fix
|
High
|
Naveen N | ||
| Trunk |
Won't Fix
|
High
|
Naveen N | ||
Bug Description
consider a DNS server (10.204.
I'm doing nslookup from 10.204.220.195 to 8.8.8.8:
ubuntu@public:~$ nslookup juniper.net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: juniper.net
Address: 174.129.25.170
Flow created as Fat flow, however local port was not 53.
root@nodec12:~# flow -l| grep 10.204.220.195 -A2 -B2
6960<=>75112 8.8.8.8:53 17 (1)
(K(nh):29, Action:F, Flags:, S(nh):17, Statistics:1/73 UdpSrcPort 58094
75112<=>6960 10.204.220.195:0 17 (1)
(K(nh):29, Action:F, Flags:, S(nh):29, Statistics:1/71 UdpSrcPort 53129
tcpdump for the DNS query/response:
13:44:06.071558 IP 10.204.
13:44:06.184707 IP 8.8.8.8.53 > 10.204.
| Naveen N (naveenn) wrote | #1 |
| Changed in juniperopenstack: | |
| status: | New → Won't Fix |
| information type: | Proprietary → Public |
If a VM has port 53 set for fat flow, ideally in this scenario it means service hosted on
VM should be treated as fat flow and packet originated from VM should not be treated
as fat-flow.
There is no easy way to determine if packet is source or destination of source considering
service chaining scenario.
For now this is expected behavior.