Issues
- Change Jetty default settings to exclude vulnerable cipher suites, expose client-initiated renegotiationNMS-13227Resolved issue: NMS-13227Jeff Gehlbach
- Minion SNMPv3 trap configuration query is done every 60 secondsNMS-13217Resolved issue: NMS-13217Benjamin Reed
- CVE-2020-27223: Jetty DoS vulnerabilityNMS-13201Resolved issue: NMS-13201Benjamin Reed
- Change Jetty default settings to eliminate TLS 1.0 and TLS 1.1 supportNMS-10256Resolved issue: NMS-10256Jeff Gehlbach
4 of 4
During a primary interface IP direct replacement in the requisition, it’s observed that dbonly scan and periodic scan don’t remove the old IP interface from the node. With a manual requisition synchronization or force node scan, it does indeed remove the old IP interface from the node. Adding discovered IP interfaces works regardless of the type of scans.
Steps to reproduce
Replace IP primary interface of a node in the requisition.
Synchronize requisition (dbonly).
Wait for the periodic scan to take place.
After the periodic scan, the new IP primary interface is provisioned. However, the old IP primary interface remains in the node. At this point, the old IP interface has already been removed from the device so it shouldn't be discovered by Provisiond. Only when a manual scan is performed, then it removes the old IP primary interface from the node.
Expected outcome
dbonly scan should remove the old IP interface in addition to adding the new IP interface. It should only persists the IP addresses that exists in the requisition and remove the IP interfaces from the node that’s not in the requisition.
periodic scan should remove and add interfaces based on the current entries in the SNMP ipAddrTable. It should persists the IP addresses that exists in the table and remove the IP interfaces from the node that’s not in the table.