{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations","id":"31096","self":"https://jira.geedge.net/rest/api/2/issue/31096","key":"OMPUB-704","fields":{"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303},"components":[],"timespent":null,"timeoriginalestimate":null,"description":"现象:E21办公室使用Psiphon3客户端拨测测试(客户端捕包参见附件Psiphon3_2.pcap),其中Server IP=5.157.60.60,该IP在Psiphon3_SLOK_ServerIP_Object中被成功学习到,但是该连接未被成功阻断(pcap包中链接持续,TSG中无安全事件日志)\r\n\r\n排查:\r\n * 安全事件日志:拨测期间,通过client ip=办公室公网IP,Server IP=5.157.60.60未查到对应日志\r\n * 会话日志:拨测期间,通过client ip=办公室公网IP,Server IP=5.157.60.60未查到对应日志。\r\n * 通过NZ查看:拨测期间,Old Airport PE中10.231.11.3 NPB有DDOS bypass(参见附件OAP-PE-T9K001-NPB03),所有NPB均无丢包、错报告警;","project":{"self":"https://jira.geedge.net/rest/api/2/project/10206","id":"10206","key":"OMPUB","name":"Operation and Maintenance","projectTypeKey":"business","avatarUrls":{"48x48":"https://jira.geedge.net/secure/projectavatar?pid=10206&avatarId=10715","24x24":"https://jira.geedge.net/secure/projectavatar?size=small&pid=10206&avatarId=10715","16x16":"https://jira.geedge.net/secure/projectavatar?size=xsmall&pid=10206&avatarId=10715","32x32":"https://jira.geedge.net/secure/projectavatar?size=medium&pid=10206&avatarId=10715"},"projectCategory":{"self":"https://jira.geedge.net/rest/api/2/projectCategory/10002","id":"10002","description":"系统运维","name":"MaintenanceDev"}},"fixVersions":[],"aggregatetimespent":null,"resolution":{"self":"https://jira.geedge.net/rest/api/2/resolution/10000","id":"10000","description":"该问题的工作流程已完成。","name":"完成"},"timetracking":{},"customfield_10401":null,"customfield_10104":null,"customfield_10402":null,"customfield_10105":"0|i03fn8:","customfield_10403":null,"customfield_10404":null,"attachment":[{"self":"https://jira.geedge.net/rest/api/2/attachment/33316","id":"33316","filename":"app_label.drawio.png","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2022-12-01T14:46:53.130+0800","size":431647,"mimeType":"image/png","content":"https://jira.geedge.net/secure/attachment/33316/app_label.drawio.png","thumbnail":"https://jira.geedge.net/secure/thumbnail/33316/_thumb_33316.png"},{"self":"https://jira.geedge.net/rest/api/2/attachment/33155","id":"33155","filename":"OAP-PE-T9K001-NPB03 (3).html","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuyang","name":"liuyang","key":"JIRAUSER10102","emailAddress":"liuyang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"刘洋","active":true,"timeZone":"Asia/Shanghai"},"created":"2022-11-23T15:50:52.377+0800","size":6352520,"mimeType":"text/html","content":"https://jira.geedge.net/secure/attachment/33155/OAP-PE-T9K001-NPB03+%283%29.html"},{"self":"https://jira.geedge.net/rest/api/2/attachment/33156","id":"33156","filename":"Psiphon3_2.pcap","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuyang","name":"liuyang","key":"JIRAUSER10102","emailAddress":"liuyang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"刘洋","active":true,"timeZone":"Asia/Shanghai"},"created":"2022-11-23T15:37:54.868+0800","size":7086532,"mimeType":"application/vnd.tcpdump.pcap","content":"https://jira.geedge.net/secure/attachment/33156/Psiphon3_2.pcap"}],"aggregatetimeestimate":null,"resolutiondate":"2023-03-11T15:06:05.163+0800","workratio":-1,"summary":"CN学习到Psiphon3中继节点IP,但是TSG未将其成功Deny","lastViewed":null,"watches":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-704/watchers","watchCount":4,"isWatching":false},"creator":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuyang","name":"liuyang","key":"JIRAUSER10102","emailAddress":"liuyang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"刘洋","active":true,"timeZone":"Asia/Shanghai"},"subtasks":[],"created":"2022-11-23T15:51:16.655+0800","reporter":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuyang","name":"liuyang","key":"JIRAUSER10102","emailAddress":"liuyang@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?avatarId=10341","24x24":"https://jira.geedge.net/secure/useravatar?size=small&avatarId=10341","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&avatarId=10341","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&avatarId=10341"},"displayName":"刘洋","active":true,"timeZone":"Asia/Shanghai"},"customfield_10000":"{summaryBean=com.atlassian.jira.plugin.devstatus.rest.SummaryBean@56dd5ff4[summary={pullrequest=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@60cf9d6b[overall=PullRequestOverallBean{stateCount=0, state='OPEN', details=PullRequestOverallDetails{openCount=0, mergedCount=0, declinedCount=0}},byInstanceType={}], build=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@7ba13c05[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BuildOverallBean@6799d2df[failedBuildCount=0,successfulBuildCount=0,unknownBuildCount=0,count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], review=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@5b4eba9e[overall=com.atlassian.jira.plugin.devstatus.summary.beans.ReviewsOverallBean@6386e0af[stateCount=0,state=,dueDate=,overDue=false,count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], deployment-environment=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@11b5a9ce[overall=com.atlassian.jira.plugin.devstatus.summary.beans.DeploymentOverallBean@38139e0d[topEnvironments=[],showProjects=false,successfulCount=0,count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], repository=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@162749db[overall=com.atlassian.jira.plugin.devstatus.summary.beans.CommitOverallBean@42704028[count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}], branch=com.atlassian.jira.plugin.devstatus.rest.SummaryItemBean@7eb76a71[overall=com.atlassian.jira.plugin.devstatus.summary.beans.BranchOverallBean@5af0705c[count=0,lastUpdated=,lastUpdatedTimestamp=],byInstanceType={}]},errors=[],configErrors=[]], devSummaryJson={\"cachedValue\":{\"errors\":[],\"configErrors\":[],\"summary\":{\"pullrequest\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":\"OPEN\",\"details\":{\"openCount\":0,\"mergedCount\":0,\"declinedCount\":0,\"total\":0},\"open\":true},\"byInstanceType\":{}},\"build\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"failedBuildCount\":0,\"successfulBuildCount\":0,\"unknownBuildCount\":0},\"byInstanceType\":{}},\"review\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"stateCount\":0,\"state\":null,\"dueDate\":null,\"overDue\":false,\"completed\":false},\"byInstanceType\":{}},\"deployment-environment\":{\"overall\":{\"count\":0,\"lastUpdated\":null,\"topEnvironments\":[],\"showProjects\":false,\"successfulCount\":0},\"byInstanceType\":{}},\"repository\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}},\"branch\":{\"overall\":{\"count\":0,\"lastUpdated\":null},\"byInstanceType\":{}}}},\"isStale\":false}}","aggregateprogress":{"progress":0,"total":0},"customfield_10100":null,"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/3","iconUrl":"https://jira.geedge.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10200":null,"customfield_10400":null,"labels":["E21现场"],"environment":null,"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"duedate":null,"progress":{"progress":0,"total":0},"issuelinks":[{"id":"27480","self":"https://jira.geedge.net/rest/api/2/issueLink/27480","type":{"id":"10003","name":"Relates","inward":"relates to","outward":"relates to","self":"https://jira.geedge.net/rest/api/2/issueLinkType/10003"},"inwardIssue":{"id":"29848","key":"OMPUB-641","self":"https://jira.geedge.net/rest/api/2/issue/29848","fields":{"summary":"【E21现场】YouTube deny失败","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}},"priority":{"self":"https://jira.geedge.net/rest/api/2/priority/3","iconUrl":"https://jira.geedge.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"issuetype":{"self":"https://jira.geedge.net/rest/api/2/issuetype/10004","id":"10004","description":"","iconUrl":"https://jira.geedge.net/secure/viewavatar?size=xsmall&avatarId=10303&avatarType=issuetype","name":"故障","subtask":false,"avatarId":10303}}}}],"comment":{"comments":[{"self":"https://jira.geedge.net/rest/api/2/issue/31096/comment/50552","id":"50552","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"* 确认流量是否经过系统,建议先在PE站点进行定位\r\n ## 在办公网定期执行\r\n{code:java}\r\necho -e \"GET / HTTP/1.0\\r\\n\"|nc 5.157.60.60 80 -v {code}\r\n拨测构造 196.188.136.150->5.157.60.60的HTTP访问流量\r\n ## 在PE站点查询196.188.136.150->5.157.60.60的会话日志,确认日志数量是否与拨测次数一致,且stream_dir都为double","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2022-11-29T11:19:29.623+0800","updated":"2022-11-29T11:19:29.623+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/31096/comment/50651","id":"50651","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"body":"2022年11月30日测试结果\r\n\r\n1、5.157.60.60该IP目前已正常被执行deny动作\r\n\r\n2、临时关闭Psiphon3 deny策略, 196.188.136.150(E现场办公网公网IP)->5.157.60.60成功拨测流量,100%经过old airport PE(NPB IP 10.231.11.3),Bole-IGW(NPB IP 10.225.11.3)仅有C2S侧单向流,缺失S2C侧\r\n\r\n \r\n\r\n流量拨测结论,client IP 196.188.136.150 server IP 5.157.60.60的流量经过TSG系统,PE上流量完整,IGW上缺失S2C,但是不影响按IP作为特征进行deny\r\n\r\n \r\n\r\n按本issue描述的现场推测原因,有以下两种可能性\r\n # 测试时,PE和IGW同时触发Bypass,流量没有被TSG正常处理,导致无会话日志和安全日志,且deny失败\r\n ## IGW和PE同时触发Bypass的概率不高,且按NZ监控记录,当时每秒Bypass的会话数量约20,远小于每秒2000+的新建会话数,测试流量恰好位于Bypass的会话中概率不高\r\n # 测试时,流量正常经过,但是策略未及时同步+日志丢失\r\n ## 该IP被学习为Psiphon3的特征已经有一段时间,测试时段未及时同步的可能性不高\r\n ## 按11月30日拨测情况,IGW站点仍然存在会话日志丢失or查询不出来的情况,但是PE和IGW同时丢日志仍然属于极小概率事件","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=yangwei","name":"yangwei","key":"JIRAUSER10103","emailAddress":"yangwei@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10103&avatarId=10708","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10103&avatarId=10708","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10103&avatarId=10708","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10103&avatarId=10708"},"displayName":"杨威","active":true,"timeZone":"Asia/Shanghai"},"created":"2022-12-01T15:13:37.480+0800","updated":"2022-12-01T15:21:42.118+0800"},{"self":"https://jira.geedge.net/rest/api/2/issue/31096/comment/55231","id":"55231","author":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuxueli","name":"liuxueli","key":"JIRAUSER10133","emailAddress":"liuxueli@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10133&avatarId=10612","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10133&avatarId=10612","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10133&avatarId=10612","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10133&avatarId=10612"},"displayName":"刘学利","active":true,"timeZone":"Asia/Shanghai"},"body":"* 在京版环境复现CDN IP未被正常阻断,未阻断存在两个原因:\r\n ** 域名白名单机制\r\n ** 端口179(BGP)的流量在交换版bypass,未回流到计算版\r\n * 本BUG的原因属于第二种,5.157.60.60的链接目的port=179,所以未产生效果。\r\n * 现场已将port=179的流量回流到计算版","updateAuthor":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuxueli","name":"liuxueli","key":"JIRAUSER10133","emailAddress":"liuxueli@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10133&avatarId=10612","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10133&avatarId=10612","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10133&avatarId=10612","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10133&avatarId=10612"},"displayName":"刘学利","active":true,"timeZone":"Asia/Shanghai"},"created":"2023-03-11T14:58:53.916+0800","updated":"2023-03-11T15:07:02.778+0800"}],"maxResults":3,"total":3,"startAt":0},"votes":{"self":"https://jira.geedge.net/rest/api/2/issue/OMPUB-704/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"assignee":{"self":"https://jira.geedge.net/rest/api/2/user?username=liuxueli","name":"liuxueli","key":"JIRAUSER10133","emailAddress":"liuxueli@geedgenetworks.com","avatarUrls":{"48x48":"https://jira.geedge.net/secure/useravatar?ownerId=JIRAUSER10133&avatarId=10612","24x24":"https://jira.geedge.net/secure/useravatar?size=small&ownerId=JIRAUSER10133&avatarId=10612","16x16":"https://jira.geedge.net/secure/useravatar?size=xsmall&ownerId=JIRAUSER10133&avatarId=10612","32x32":"https://jira.geedge.net/secure/useravatar?size=medium&ownerId=JIRAUSER10133&avatarId=10612"},"displayName":"刘学利","active":true,"timeZone":"Asia/Shanghai"},"updated":"2024-08-29T15:36:48.611+0800","status":{"self":"https://jira.geedge.net/rest/api/2/status/10103","description":"这一问题被认为是完成, 这项决议是正确的。问题已关闭可以重新开放。","iconUrl":"https://jira.geedge.net/images/icons/statuses/generic.png","name":"已关闭","id":"10103","statusCategory":{"self":"https://jira.geedge.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"完成"}}}}