Issue
Enabling acceleration for a VS network when working with CloudBoot compute resources leads to poor effectiveness of anti IP spoofing and packet sniffing rules.
Environment
OnApp version - 6.1
OnApp-Messaging version <= 6.0.0-3
OnApp CloudBoot Compute Resources
Resolution
To resolve the issue, you need to use custom liveupdate.tgz images. This can be done the following way:
- Enter Control Panel box via ssh, and change to the corresponded (to your ramdisk(s)) tftpboot images directory
For CentOS6 KVM:
# cd /tftpboot/images/centos6/ramdisk-kvm
For CentOS6 Xen:
# cd /tftpboot/images/centos6/ramdisk-xen
For CentOS7 KVM:
# cd /tftpboot/images/centos7/ramdisk-kvm
For CentOS7 Xen:
# cd /tftpboot/images/centos7/ramdisk-xen
- Backup current liveupdate.tgz
- Download custom liveupdate.tgz (corresponded to your ramdisk) with onapp-messaging included
For CentOS6 KVM:
# wget http://rpm.repo.onapp.com/utils/onapp-ramdisk-centos6-kvm-liveupdate-6.1.0-45.tgz
For CentOS6 Xen:
# wget http://rpm.repo.onapp.com/utils/onapp-ramdisk-centos6-xen-liveupdate-6.1.0-45.tgz
For CentOS7 KVM:
# wget http://rpm.repo.onapp.com/utils/onapp-ramdisk-centos7-kvm-liveupdate-6.1.0-45.tgz
For CentOS7 Xen:
# wget http://rpm.repo.onapp.com/utils/onapp-ramdisk-centos7-xen-liveupdate-6.1.0-45.tgz
- Change current liveupdate.tgz with custom (downloaded) one
For CentOS6 KVM:
# cp -av onapp-ramdisk-centos6-kvm-liveupdate-6.1.0-45.tgz liveupdate.tgz
For CentOS6 Xen:
# cp -av onapp-ramdisk-centos6-xen-liveupdate-6.1.0-45.tgz liveupdate.tgz
For CentOS7 KVM:
# cp -av onapp-ramdisk-centos7-kvm-liveupdate-6.1.0-45.tgz liveupdate.tgz
For CentOS7 Xen:
# cp -av onapp-ramdisk-centos7-xen-liveupdate-6.1.0-45.tgz liveupdate.tgz
- Proceed with LiveUpdate procedure
- Enter upgraded Compute Resource via ssh, and restart onapp-messaging service
# service onapp-messaging restart
Cause
When you enable acceleration for a network at the Accelerator Dashboard page, anti-spoofing gets disabled, which results in accepting any source IP addresses and system slowdowns.