Questions tagged with Networking & Content Delivery

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Global Accelerator Network Interface Appears in Network Insight Analysis From Different Ip Address

I have a Network Insight Analysis that runs daily. The analysis is fairly basic. It runs a check between any two network interfaces on our network. I have noticed that there is a finding that keeps appearing that we do not expect. (note I have replaced ids with unique letters). The source of the finding is a network interface associated with a global accelerator we have. However, the network interface is in a subnet with CIDR `10.48.161.64/28` but the source header indicates it is sending from a different CIDR range which allows it through security groups that should explicitly not allow traffic from that subnet. Hypothetically, these resources have security groups separating blocking ingress from one into the other. However, since the apparent source is different, it does not seem to be the case. I have not been able to replicate this network traffic outside of the network analysis tools. My suspicion is something to do with global accelerator being able to preserve client IP or change headers? Below is the first entry into the analysis. ``` { "SequenceNumber": 1, "Component": { "Id": "eni-BBB", "Arn": "arn:aws:ec2:us-west-1:yyy:network-interface/eni-BBB", }, "OutboundHeader": { "DestinationAddresses": ["10.48.129.197/32"], "DestinationPortRanges": [{"From": 8334, "To": 8334}], "Protocol": "6", "SourceAddresses": ["10.32.129.192/27"], "SourcePortRanges": [{"From": 0, "To": 65535}], }, "Subnet": { "Id": "subnet-AAA", "Arn": "arn:aws:ec2:us-west-1:xxx:subnet/subnet-AAA", }, "Vpc": { "Id": "vpc-yyy", "Arn": "arn:aws:ec2:us-west-1:xxx:vpc/vpc-", }, }, ``` I am aware that there are better ways to do what I am doing potentially. Right now I am just trying to understand why this behavior occurs or maybe some places to look for answers. Alternatively, if this is a false positive for whatever reason, understand how I can update my configurations to handle it. Also interesting to note, we have an identical setup in another region and that does not trip these same rules If there is any more information I can provide, please let me know! Network Analysis JSON below. ``` { "matchPaths": [ { "source": { "packetHeaderStatement": { "sourceAddresses": [ "0.0.0.0/0" ], "destinationAddresses": [ "10.48.0.0/12", "172.16.0.0/13" ] }, "resourceStatement": { "resourceTypes": [ "AWS::EC2::NetworkInterface" ] } }, "destination": { "packetHeaderStatement": { "sourceAddresses": [ "0.0.0.0/0" ], "destinationAddresses": [ "10.48.0.0/12", "172.16.0.0/13" ] }, "resourceStatement": { "resourceTypes": [ "AWS::EC2::NetworkInterface" ] } } } ] } ```
1
answers
1
votes
57
views
asked a month ago