Page MenuHomePhabricator

Diffscan: host off-infra
Open, Needs TriagePublic

Description

Diffscan currently runs from a Cloud VM, which has the main advantages of:

  1. Being puppetized
  2. Not hitting external rate-limiters
  3. Low latency

However the main drawback is that the scan is coming from a 172.16.0.0/21 IP:

  1. Which is not representative of an external scan (different paths and ACLs)
  2. Enabling NAT (see T209011) might not be an option (could overload the NAT table)

Ideally that host has IPv6 connectivity for T265329

As the tool is quite lightweight (only needs python, internet and SMTP) it might be worth running it from an external server, like wikitech-static.

Event Timeline

ayounsi created this task.Oct 15 2020, 12:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 15 2020, 12:41 PM
ayounsi updated the task description. (Show Details)Oct 15 2020, 1:21 PM
Volans updated the task description. (Show Details)Oct 15 2020, 5:07 PM
jbond updated the task description. (Show Details)Oct 15 2020, 5:10 PM
jbond added a comment.EditedOct 15 2020, 5:14 PM

im not sure what the hosting for wikitech-static is but if we go this route, which i think is a good idea, we should inform the hosting provider of our intensions just incase they have there own rate limits or outbound filters

im not sure what the hosting for wikitech-static is

That's currently on rackspace