Bug #1729815 “IP-Spoofing for unallocated IPs " : Bugs : Juniper Openstack

Revision history for this message

Assen Tarlov (atarlov) wrote on 2017-11-03:

#1

Network Object Edit (105.0 KiB, image/png)

Revision history for this message

Assen Tarlov (atarlov) wrote on 2017-11-03:

#2

send (1) Edit (79.6 KiB, application/octet-stream)

PCAP

send: this will ping from 10.41.0.24 to 10.41.0.44

Revision history for this message

Assen Tarlov (atarlov) wrote on 2017-11-03:

#3

receive (1) Edit (143.4 KiB, application/octet-stream)

PCAP

receive: this is the instance that hosts 10.41.0.44, added by doing a "sudo ip addr a 10.41.0.44/32 dev eth0"

Revision history for this message

Assen Tarlov (atarlov) wrote on 2017-11-03:

#4

receive (1) Edit (143.4 KiB, application/octet-stream)

PCAP

receive: this is the instance that hosts 10.41.0.44, added by doing a "sudo ip addr a 10.41.0.44/32 dev eth0"

Rudra Rugge (rrugge) on 2017-11-17

information type:

Proprietary → Public

Assen Tarlov (atarlov) on 2018-02-14

Changed in juniperopenstack:
importance:	Undecided → Medium
importance:	Medium → High

Hari Prasad Killi (haripk) on 2018-02-23

tags:

added: vrouter

Revision history for this message

Hari Prasad Killi (haripk) wrote on 2018-03-07:

#5

Issue was seen when AAP configuration with the same subnet (/26) was configured on another interface present in a different compute node. An address from this subnet when used in a different VMI is being allowed. Needs to be investigated further.

Issue seen on 3.2.1-build 26.

Revision history for this message

Sivakumar Ganapathy (hotlava51) wrote on 2018-08-16:

#6

Download full text (15.5 KiB)

Adding the email thread for reference.

From: Sivakumar Ganapathy <email address hidden>
Date: Monday, August 13, 2018 at 9:27 AM
To: Dan Solis <email address hidden>, Assen Tarlov <email address hidden>, Raghunandan Srinivasan <email address hidden>, Jeba Paulaiyan <email address hidden>, Ganesha H V <email address hidden>, Michael Henkel <email address hidden>, Sreelakshmi Sarva <email address hidden>, DP Ayyadevara <email address hidden>
Cc: support-private <email address hidden>, contrail ebay <email address hidden>, Sudheendra Rao <email address hidden>, Antoine Sibout <email address hidden>, Vivekananda Shenoy <email address hidden>, eBay-Account-Team <email address hidden>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs

We have not been able to spend time on this due to multiple customer issues. We will get to it as soon as some cycles free up. Don’t have an ETA as of now.

Thanks,
Sivakumar

From: Dan Solis <email address hidden>
Date: Monday, 13 August 2018 at 9:16 PM
To: Assen Tarlov <email address hidden>, Raghunandan Srinivasan <email address hidden>, Jeba Paulaiyan <email address hidden>, Ganesha H V <email address hidden>, Michael Henkel <email address hidden>, Sreelakshmi Sarva <email address hidden>, DP Ayyadevara <email address hidden>
Cc: support-private <email address hidden>, contrail ebay <email address hidden>, Sudheendra Rao <email address hidden>, Sivakumar Ganapathy <email address hidden>, Antoine Sibout <email address hidden>, Vivekananda Shenoy <email address hidden>, eBay-Account-Team <email address hidden>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs

Hi Michael/Sree/DP,

Can we get help in resolving the patch issue, eBay has been waiting since last year, and since Manish left it lost traction. We need to close this case out soon.

Thanks

Dan

From: Assen Tarlov <email address hidden>
Date: Monday, August 13, 2018 at 5:27 AM
To: Raghunandan Srinivasan <email address hidden>, Jeba Paulaiyan <email address hidden>, Vivekananda Shenoy <email address hidden>, Ganesha H V <email address hidden>
Cc: support-private <email address hidden>, contrail ebay <email address hidden>, Sudheendra Rao <email address hidden>, Sivakumar Ganapathy <email address hidden>, Dan Solis <email address hidden>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs

+ Dan

From: Assen Tarlov
Sent: Monday, August 13, 2018 8:24 AM
To: Raghunandan Srinivasan <email address hidden>; Jeba Paulaiyan <email address hidden>; Vivekananda Shenoy <email address hidden>; Ganesha H V <email address hidden>
Cc: support-private <email address hidden>; contrail ebay <email address hidden>; Sudheendra Rao <email address hidden>; Sivakumar Ganapathy <email address hidden>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs

Raghu/Siva,

Can we provide the patched module ? as well the explanation of the changes.

In the call ...

Adding the email thread for reference.

From: Sivakumar Ganapathy <sganapathy@juniper.net>
Date: Monday, August 13, 2018 at 9:27 AM
To: Dan Solis <dsolis@juniper.net>, Assen Tarlov <atarlov@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Ganesha H V <ganeshahv@juniper.net>, Michael Henkel <mhenkel@juniper.net>, Sreelakshmi Sarva <ssarva@juniper.net>, DP Ayyadevara <dpayyadevara@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>, Sudheendra Rao <sudheendra@juniper.net>, Antoine Sibout <asibout@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, eBay-Account-Team <eBay-Account-Team@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
We have not been able to spend time on this due to multiple customer issues. We will get to it as soon as some cycles free up. Don’t have an ETA as of now.
 
Thanks,
Sivakumar 
 
From: Dan Solis <dsolis@juniper.net>
Date: Monday, 13 August 2018 at 9:16 PM
To: Assen Tarlov <atarlov@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Ganesha H V <ganeshahv@juniper.net>, Michael Henkel <mhenkel@juniper.net>, Sreelakshmi Sarva <ssarva@juniper.net>, DP Ayyadevara <dpayyadevara@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>, Sudheendra Rao <sudheendra@juniper.net>, Sivakumar Ganapathy <sganapathy@juniper.net>, Antoine Sibout <asibout@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, eBay-Account-Team <eBay-Account-Team@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Michael/Sree/DP,
 
Can we get help in resolving the patch issue, eBay has been waiting since last year, and since Manish left it lost traction. We need to close this case out soon.
 
Thanks

Dan
 
 
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Monday, August 13, 2018 at 5:27 AM
To: Raghunandan Srinivasan <RAGHUS@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>, Sudheendra Rao <sudheendra@juniper.net>, Sivakumar Ganapathy <sganapathy@juniper.net>, Dan Solis <dsolis@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
+ Dan 
 
From: Assen Tarlov 
Sent: Monday, August 13, 2018 8:24 AM
To: Raghunandan Srinivasan <RAGHUS@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>; Sudheendra Rao <sudheendra@juniper.net>; Sivakumar Ganapathy <sganapathy@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Raghu/Siva, 
 
Can we provide the patched module ? as well the explanation of the changes. 
 
In the call on 12/07 with eBay we said that we will provide a patch and explanation and now customer is waiting for that. 
 
Regards,
Assen 
 
From: Raghunandan Srinivasan 
Sent: Wednesday, August 1, 2018 10:04 AM
To: Assen Tarlov <atarlov@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>; Sudheendra Rao <sudheendra@juniper.net>; Sivakumar Ganapathy <sganapathy@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
+Sivakumar ( Manish has left the organization)
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Wednesday, 1 August 2018 at 1:26 PM
To: Manish Singh <manishs@junipernetworks.onmicrosoft.com>, Jeba Paulaiyan <jebap@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>, Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>, Sudheendra Rao <sudheendra@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
Is there any update for the patched module/behavior ? 
 
Regards, 
Assen
 
From: Assen Tarlov 
Sent: Friday, July 20, 2018 9:51 AM
To: Manish Singh <manishs@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>; Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>; Sudheendra Rao <sudheendra@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
As per our call last week with eBay they  asked me if there is an update for the patched module and the explanation. 
 
Regards, 
Assen
 
From: Manish Singh 
Sent: Thursday, July 12, 2018 8:42 AM
To: Assen Tarlov <atarlov@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>; Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>; Sudheendra Rao <sudheendra@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Ignore my rpf comment.
 
From: Manish Singh <manishs@juniper.net>
Date: Thursday, July 12, 2018 at 12:07 PM
To: Assen Tarlov <atarlov@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>, Ganesha H V <ganeshahv@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>, Sudheendra Rao <sudheendra@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
+Ganesha
 
Hey Assen,
 
Is the meeting on for today?
BTW Ganesha tested same and found that enabling RPF can block the traffic.
Anyways lets try it today.
 
Thanks,
Manish
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Tuesday, July 10, 2018 at 1:52 PM
To: Manish Singh <manishs@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Chhandak Mukherjee <chhandak@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
Let me know when would be possible to have the call to inform customer.

Thanks, 
Assen
 
From: Assen Tarlov 
Sent: Friday, July 6, 2018 8:38 AM
To: Manish Singh <manishs@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Chhandak Mukherjee <chhandak@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
Customer replied that is available each day except Wednesdays, preferably between 9-6AMCET for a call. 
 
Let me know when it suits best for you, so I can write to them and schedule the call 
 
Regards, 
Assen 
 
From: Manish Singh 
Sent: Tuesday, June 19, 2018 12:33 PM
To: Assen Tarlov <atarlov@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Chhandak Mukherjee <chhandak@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Sure we can have a call.
If you apply security rules for each destination IP, spoofing can be stopped. Will have to see how rule will look like. But I guess it will be lot and will have to be done for every VM. IMO maintaining it will be a challenge.
 
Thanks,
Manish
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Tuesday, June 19, 2018 at 3:43 PM
To: Manish Singh <manishs@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Chhandak Mukherjee <chhandak@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
Do security rules prevent this(bridging) since Contrail is aware of destination ip(s) of the instances ?
 
I will check again for the setup of the customer ( VMs or Baremetal). 
 
I think it’s good to make a call with Customer and explain the drawbacks if there are any regarding the fix. 
 
Let me know, your thoughts. 
 
Regards, 
Assen 
 
 
From: Manish Singh 
Sent: Monday, June 18, 2018 12:35 PM
To: Assen Tarlov <atarlov@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Chhandak Mukherjee <chhandak@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hey Assen,
 
Agree forwarding mode change is not catastrophic.
I can give you a fix for same but this will have to be thought upon. Reason being for contrail VM it will be fine but the check has always to be relaxed for BMS use-cases as they may not have IP (shared via evpn type-2/OVS).
And this check will cause that to break.
 
Thanks,
Manish
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Friday, June 15, 2018 at 4:29 PM
To: Manish Singh <manishs@juniper.net>, Jeba Paulaiyan <jebap@juniper.net>, Chhandak Mukherjee <chhandak@juniper.net>, Vivekananda Shenoy <vshenoy@juniper.net>, Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
-	Changing Default forwading from L2/l3 to only l3 will most likely cause havoc to current customer environment. 
 
-	Their  assumption is that security rules should normally prevent this(bridging) since contrail is aware of destination ip(s) of the instances.
 
-	bridging seems that only works when a certain "service engine" is active in the environment like mentioned earlier. From their perspective  this behaviour shouldn't be possible due to security rules being enforced by contrail.
 
Let me know your thoughts. 
 
Regards, 
Assen 
 
From: Assen Tarlov 
Sent: Tuesday, June 12, 2018 10:43 AM
To: Manish Singh <manishs@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Chhandak Mukherjee <chhandak@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
Thanks for the explanation. 
 
I have already a LP ticket open: https://bugs.launchpad.net/juniperopenstack/+bug/1729815 
 
I will check for the setup details with customer and the l3-only mode 
 
Regards, Assen 
 
From: Manish Singh 
Sent: Friday, June 8, 2018 1:32 PM
To: Assen Tarlov <atarlov@juniper.net>; Jeba Paulaiyan <jebap@juniper.net>; Chhandak Mukherjee <chhandak@juniper.net>; Vivekananda Shenoy <vshenoy@juniper.net>; Raghunandan Srinivasan <RAGHUS@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
+ QA team
 
Hey Assen,
 
Say there is a VM(VM-10) with 1.1.1.10 and mac M1 and there is another VM(VM-11)) with 1.1.1.11 with mac M2.
You added a spoof IP on VM-10 i.e. 1.1.1.100. Now VM-11 runs a ping to 1.1.1.100. Here are the steps:
1)	VM-11 arp’s for 1.1.1.100.
2)	Vrouter used flood route and sends it to VM-10.
3)	VM-10 responds with M1 and VM-11 learns it.
4)	VM-11 sends ping with dmac of M1 and spoofed IP 1.1.1.100.
5)	DMAC M1 is present in vrouter because of 1.1.1.10 ip of VM-10. Hence vrouter forwards it to VM-10 using bridge lookup of M1.
Native IP here is 1.1.1.10 for VM-10. And as you see above only bridging is happening as they are in same subnet.
 
So what we are missing here is IP-MAC validation in a broadcast domain. You will not see this issue when its cross subnet.
 
May be you can raise a bug and we will see if alternative can be suggested or take it up for fixing.
We also need to know the setup details like do they use baremetal etc to think on alternatives.
One quick way can be to use l3-only mode but am not sure how feasible it will be for customer.
 
Jeba/Chhandak/Vivek,
Have you guys tried the scenario above on our testbed? We may have to check it locally before suggesting any option or fix.
 
Thanks,
Manish
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Friday, June 8, 2018 at 2:36 PM
To: Manish Singh <manishs@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hi Manish, 
 
Thanks for the reply. 
 
Customer is asking for additional explanation.  
 
- could you elaborate a bit more on why the packets gets bridged and what is meant with "vm which is present in bridge table because of native IP" ? 
- And is there any way they can disable\prevent this behaviour?
 
Regards, 
Assen
 
From: Manish Singh 
Sent: Tuesday, June 5, 2018 1:13 PM
To: Assen Tarlov <atarlov@juniper.net>
Cc: support-private <support-private@juniper.net>; contrail ebay <contrail-ebay@juniper.net>
Subject: Re: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
Hey Assen,
 
Here is what I found in src-tcpdump:
 
Arp request for 10.41.2.31, which got flooded in VN. Reply came with mac and then ping used the destination mac. This destination mac will be of spoof-dst vm which is present in bridge table because of native IP.
Packet gets bridged and that’s why ping works.
 
13:37:46.150155 02:b5:ba:2f:bf:44 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 10.41.2.31 tell spoof2.dev-bavanveen.ams1.cloud, length 28
13:37:46.150618 02:33:84:3c:bb:21 (oui Unknown) > 02:b5:ba:2f:bf:44 (oui Unknown), ethertype ARP (0x0806), length 42: Reply 10.41.2.31 is-at 02:33:84:3c:bb:21 (oui Unknown), length 28
13:37:53.151251 02:b5:ba:2f:bf:44 (oui Unknown) > 02:33:84:3c:bb:21 (oui Unknown), ethertype IPv4 (0x0800), length 98: spoof2.dev-bavanveen.ams1.cloud > 10.41.2.31: ICMP echo request, id 9246, seq 41, length 64
 
Thanks,
Manish
 
From: Assen Tarlov <atarlov@juniper.net>
Date: Monday, June 4, 2018 at 6:50 PM
To: Manish Singh <manishs@juniper.net>
Cc: support-private <support-private@juniper.net>, contrail ebay <contrail-ebay@juniper.net>
Subject: RE: 2017-0808-0319 - Updated - EBAY CLASSIFIEDS - EMEA - - IP "spoofing" seems to work for unallocated IPs
 
1729815

tags:

added: customer ebay

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2018-09-17: [Review update] master

#7

Review in progress for https://review.opencontrail.org/46229
Submitter: Ashok Singh (<email address hidden>)

Revision history for this message

Sivakumar Ganapathy (hotlava51) wrote on 2018-10-01:

#9

Awaiting customer verification of the fix before commit. Hence moving to 5.1.0.

Update as of 24-Sep

===========
Siva,

I am waiting as well for info from customer. The latest Info I have is that the eBay Engineer working on it, is on PTO

“ we're currently on an offsite and i'll be on pto for the next two week, but we will try to test this as soon as possible.”

I will update you if I get an info

Regards,
Assen

=========

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	Status tracked in Trunk
	Trunk	In Progress	High	sangarshan p	Juniper Openstack r5.1.0

Juniper Openstack

IP-Spoofing for unallocated IPs

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches