Secure BGP setup for Kubernetes cluster

Started by newtwork_noob_2878237843, September 24, 2021, 02:07:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 24, 2021, 02:07:22 PM
I just successfully set up BGP routing with FRR to help with load balancing my K8s cluster (with Metallb). I followed instructions from https://blog.xirion.net/posts/metallb-opnsense/. I want the services in my k8s cluster to be advertised only to the local network. However, after setting up BGP I started seeing crazy amounts of suspicious traffic to the internet in Suricata on one of my K8s nodes. What did I screw up? Screenshots attached. Any tips would be much appreciated!

September 24, 2021, 02:21:39 PM #1
You need to post the routing table ...
September 24, 2021, 03:11:46 PM #2
Sorry, routing table attached
September 24, 2021, 05:07:52 PM #3
There is no default gateway so there shouldnt be anything
September 24, 2021, 05:36:17 PM #4
Thank you. By "there shouldn't be anything" do you mean there shouldn't be any security vulnerabilities associated with BGP? Many thanks
September 24, 2021, 06:47:02 PM #5
If this is the routing table of k8s node then its safe :)
September 24, 2021, 07:17:05 PM #6
This is the routing table from opnsense, not from the K8s nodes
September 24, 2021, 07:19:43 PM #7
OK, and when k8s use OPN as Gateway, also safe
September 24, 2021, 07:40:16 PM #8
 8) That's great news. I must have been just paranoid about the traffic I saw. Many thanks!
Print
Go Up Pages1
User actions