https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/OPNFLWPLUG-619 OpenFlowPlugin <p>Openflowplugin has an application (lldp speaker) that sends LLDP packet out of the controller to the switch and once it receive it back from other switch, it determine that there is a link between two switches.</p> <p>In this scenario, there is a possibility that any other controller can connect to the switch and spoof the LLDP packets and controller can learn wrong link. This is a security vulnerability, which was fixed in the last release.</p> <p>To fix this security vulnerability we added few checks when controller receives packet from switch to make sure that this packet was sent by the same controller. To make sure of that controller internally generate hash using the string value return by RuntimeMXBean.<br/> ManagementFactory.getRuntimeMXBean().getName() (this basically returns the string &#8211; pid@hostname e.g 123@of-node-1)<br/> <a href="https://github.com/opendaylight/openflowplugin/blob/master/applications/topology-lldp-discovery/src/main/java/org/opendaylight/openflowplugin/applications/topology/lldp/utils/LLDPDiscoveryUtils.java#L130" class="external-link" target="_blank" rel="nofollow noopener">https://github.com/opendaylight/openflowplugin/blob/master/applications/topology-lldp-discovery/src/main/java/org/opendaylight/openflowplugin/applications/topology/lldp/utils/LLDPDiscoveryUtils.java#L130</a></p> <p>So this works perfectly fine in the single node cluster. </p> <p>Now in the 3 node cluster environment, there is a possibility that two switches (Switch 1 &amp; Switch 2) will be owned by two different node in the cluster. So if controller 1 sends LLDP packet to switch1 and it goes to Switch 2, switch 2 will send that packet to controller 2 (master of switch 2). Both controller will internally call <br/> RuntimeMXBean().getName() and each cluster node will get different string name (given that controllers are running on different VM and VMs has different host name and the pid of the java process is different for each cluster node) and the check will fail, and both the controller will assume that it's a security attack, because that LLDP packet was not sent by it.</p> <p>To fix this there are two options (1) Provide a key string through configuration file or config subsystem that each controller will use internally to generate the hash value and this will make sure that each controller will generate the same hash.<br/> (2) Clustering can provide a cluster wide unique ID (cluster id) that application can use to generate this hash value and use it for authenticity across different cluster node. <br/> Option (2) is more secure option because it generates the unique id at run time and it's more difficult to spoof it compare to (1). But (1) is as good as the current fix we have.</p> <p>Operating System: All<br/> Platform: All</p> OPNFLWPLUG-619

LLDP spoof warning in 3-node cluster

Bug Resolved Done Anil Vishnoi Anil Vishnoi Thu, 11 Feb 2016 18:27:36 +0000 Mon, 27 Sep 2021 09:01:43 +0000 Fri, 6 May 2016 13:43:20 +0000 General 0 6 <p>master : <a href="https://git.opendaylight.org/gerrit/#/c/34503/" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/#/c/34503/</a><br/> stable/beryllium : <a href="https://git.opendaylight.org/gerrit/#/c/34501/1" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/#/c/34501/1</a></p> <p>Anil Vishnoi, have we verified the fix against Beryllium SR?</p> <p>I verified it against Stable/Beryllium but not RC2.3. Do i need to verify it against RC2.3?</p> <p>Okay if it has been verified, then I will update the spreadsheet accordingly. Thanks Anil Vishnoi.</p> Duplicate INFRAUTILS-4 Development External issue ID 5327 External issue URL Issue Type ODL SR Target Milestone Priority Rank 0|i0329r: