Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-2115

eBPF flow map key collision

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • netobserv-1.8
    • None
    • False
    • None
    • False
    • Hide
      If there is traffic using overlapping subnets in your cluster, there is a small risk that the eBPF Agent mixes up flows from overlapped IPs, if different connections happen to have the exact same source and destination IPs, ports and protocol within a 5 seconds time frame and happening on the same node. This should not be possible unless you configured secondary networks or UDN. Even in that case, it is still very unlikely in usual traffic, as source ports are usually a good differentiator.
      Show
      If there is traffic using overlapping subnets in your cluster, there is a small risk that the eBPF Agent mixes up flows from overlapped IPs, if different connections happen to have the exact same source and destination IPs, ports and protocol within a 5 seconds time frame and happening on the same node. This should not be possible unless you configured secondary networks or UDN. Even in that case, it is still very unlikely in usual traffic, as source ports are usually a good differentiator.
    • Known Issue
    • NetObserv - Sprint 267

      See also: NETOBSERV-2095

      There's a (very small) risk of key collisions for traffic using same ports+ips+protocol, in case of overlapping IPs (secondary networks, UDN ...)

      This is going to remain as a known issue, until we find a solution. (Or we may decide not not fix it given how unlikely it is)

              Unassigned Unassigned
              jtakvori Joel Takvorian
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: