SYMC: Discard routes aberrations
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Juniper Openstack |
New
|
Undecided
|
Unassigned | ||
| OpenContrail |
New
|
Undecided
|
Unassigned | ||
Bug Description
Two networks connected to a logical router - jump/bastion network and private production network. Production network is A.B.C.0/24, jump network is not important, assume 192.168.60.0/24. A few VMs created on production network and on jump network. VMs on jump network have FIPs assigned. From jump network - nmap scan of production network finds too many accessible IPs as it routes requests for non-existing IPs via external (FIP) network outside of the cloud.
This issue is easily reproducible with an overlapping IP range for the private production network and any other routable network outside it. So even if an IP A.B.C.D is not present in the private production network, but is present outside the cloud, it gets routed outside the cloud.
Looking at the routes for both networks - noticed that discard routes on these two networks are different - production network has discard route for A.B.C.0/24 and jump network has discard route for 192.168.60.0/24. Rest of routes are /32 for all VMs existing on these two networks. It seems like the discard route for the IP range is not taking a preference while routing.
