Traffik between nodes using external port 8006

[greg]

Greetings

I have a 7 nodes cluster communicating with a private network.
I just noticed there's a connection between a random port of one of them to the public IP of another on port 8006:

14:34:52.461001 IP node5public.47128 > node3public.8006: Flags [.], ack 49438, win 501, options [nop,nop,TS val 520091568 ecr 6844307], length 0

# ss -tp | grep 47128
ESTAB      0      0               node5public:47128             node3public:8006                 users:(("pveproxy worker",pid=27646,fd=12))

Is it to be expected? what is this connection for?

Thanks in advance

Regards

 

[greg]

One year later, no one has an idea?

 

[LnxBil]

Is it to be expected? what is this connection for?

First, I don't know, but if I would be tasked to inspect, I would record the traffic via tcpdump, open in wireshark and use the PVE internal SSL certificates to try to break the encrypted packages. If this is already TLS 1.3, I would try to inject into the perl server some debugging stuff to get the session keys in order to break the encryption.

 

[dcsapak]

hi,

it seems that post was simply overlooked.

to answer the initial question

Is it to be expected? what is this connection for?

when an api call for node 'A' reaches node 'B', that node 'B' proxies the connection to node 'A', which actually does the work and sends the response back.
this way it does not really matter which node you reach with the api, it'll be always forwarded to the correct one

 

[greg]

Take makes perfect sense, thanks a lot!