Created 08-15-2023 04:48 AM
Hello,
After CDP deployment we observed a suspecious traffic from diffrent internet IPs to CDP Agent
port UDP 7191
After an investigation it comes from
/opt/cloudera/cm-agent/bin/flood
Please could anyone give us more details about this traffic ?
Regards
Yasine L
Created 08-15-2023 04:54 AM
A quick dig shows this port 7191 is for parcel distribution and internal only
Peer-to-peer parcel distribution | 7190, 7191 | Hosts > All Hosts > Configuration > P2P Parcel Distribution Port | Used to distribute parcels to cluster hosts during installation and upgrade operations. |
Reference
Created 08-15-2023 05:41 AM
So normally it should be an internal traffic, but the firewall is showing external traffic to different IPs in different countries.
Created 08-30-2023 06:00 AM
@Yasine, Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.
Regards,
Vidya Sargur,Created 09-05-2023 01:57 PM
Hello @Yasine Thank you for bringing this in our Community.
So normally it should be an internal traffic, but the firewall is showing external traffic to different IPs in different countries.
May I ask you to be specific and present evidences such as screenshots, tests or logs citing this issue?
Thanks
V
Created 10-13-2023 07:31 PM
I noticed this same activity after deploying to the latest version of CM and after deploying parcels in my Lab cluster. I started getting P2P violations from my IDS and IPS. Is there any way to control the external p2p process?
I've gone ahead and attached screen captures from my firewall.
CDP - 7.1.9-1.cdh7.1.9.p0.44702451 - CM - 7.11.3
Example of the detection:
All 5 of my nodes repeatedly trying to talk across the globe.