Hi I have just deployed a test rancher server, and created a bunch of containers that are running with 0 users. However I’m seeing up to 1 Gbps on the network, coming from ipsec-ipsec-cni-driver-1 container https://ibb.co/ddQ9aa
Anyone have any ideas? Am I secure? I’m in love with Rancher! Excellent work all round.
The IPSec containers communicate with each other to tunnel traffic from containers on one host to those on another as needed. They are not involved with direct inbound/outbound traffic to the internet. There should be some other containers with corresponding inbound/outbound traffic.
So it is likely that you just have chatty containers talking, not someone using you as a botnet. But you should have access control enabled if it isn’t already.
Thank you! I correlated the traffic with
network-services-network-manager-1 and rancher-agent, so I assume it to be local traffic.
Yes I configured local authentication as soon as I had rancher installed. A small window for hackers…
cni-driver container runs with
--net=host. The traffic that you are seeing belongs to the host but not the container.
That traffic would include
- cross host container-container traffic
- rancher system/service containers getting updates from rancher/server
- actual traffic received on this host directed towards the application containers deployed on this host.