Move some of wikimediacloud.org 185.15.56.0/23 to Netbox
Open, LowPublic
Actions

Assigned To

None

Authored By

	ayounsi
	Nov 24 2020, 12:38 PM

Description

From https://raw.githubusercontent.com/wikimedia/operations-dns/master/templates/wikimediacloud.org

I suggest:

codfw:

nat.cloudgw         5M  IN A      185.15.57.1  <- Move to Netbox
wan.cloudgw         5M  IN A      208.80.153.190 <- move to a wikimedia.org FQDN (as it's a 208.80.153.x IP) - https://netbox.wikimedia.org/ipam/ip-addresses/7044/
virt.cloudgw        5M  IN A      185.15.57.9  <- Move to Netbox

; neutron virtual router cloudinstances2b-gw
cloudinstances2b-gw 5M  IN A      185.15.57.10  <- Move to Netbox

Also I don't think there is any reason for the 5M TTL? and the default 1H is fine?

eqiad:

; neutron virtual router cloudinstances2b-gw
cloudinstances2b-gw 5M  IN A      185.15.56.244  <- move to Netbox
; general outgoing/egress NAT address (routing_source_ip)
nat                 5M  IN A      185.15.56.1  <- move to Netbox

Same question for the TTL.

The ns/ns-recursor A/AAAA records are more complex.

Ideally there should be no services records pointing to host IPs. For example "ns0.wikimedia.org" is a VIP hosted on hosts with different host IPs.
One of the advantage, is that decommissioning an host will not required moving DNS records. It's also less snowflakes in the infra.
As they point to prod IPs (208.80...) we could move them there, so they end in a .wikimedia.org FQDN.

But in the meantime, to make some progress it's fine to keep them as it, in the operations/dns file.

Related Objects

Mentioned In: T292097: Netbox info missing on some WMCS elements
T258729: netbox DNS Automation Workflow checklist for Commissioning and Decommissioning 2020Q1

Event Timeline

ayounsi triaged this task as Low priority.Nov 24 2020, 12:38 PM

ayounsi created this task.

Restricted Application edited projects, added SRE, Traffic, cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptNov 24 2020, 12:38 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Note that 185.15.56.0/24 is delegated to designate directly from the RIPE, so the PTR is out of scope here.

aborrero moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.Nov 24 2020, 12:57 PM

Volans mentioned this in T258729: netbox DNS Automation Workflow checklist for Commissioning and Decommissioning 2020Q1.Nov 24 2020, 5:58 PM

aborrero moved this task from Soon! to Watching on the cloud-services-team (Kanban) board.Feb 11 2021, 5:46 PM

@nskaggs I'm triaging the netbox tasks. Does WMCS has an opinion on that task or it's fine to proceed?

It is fine to proceed. Moreover, after the cloudgw project, some of this may be already on netbox anyway! see https://netbox.wikimedia.org/search/?q=cloudgw#ip%20addresses

The other topics you mentioned:

Regarding the service FQDNs. We don't need them. These FQDNs related to the edge network are mostly here to help us make sense of the network topology (traceroute, tcpdump, ping, etc) there aren't any services listening on them (not a DNS server definitely)
regarding 208.80.153.190 that whole range should probably be replace with the cloud-specific range in codfw. That's for another task though.

regarding the DNS server addresses. You are right, an intermediate service FQDN might be in order here.

Aklapper added a project: Infrastructure-Foundations.Jun 21 2021, 9:00 PM

ayounsi mentioned this in T292097: Netbox info missing on some WMCS elements.Oct 4 2021, 11:59 AM

BBlack removed a project: Traffic.Oct 8 2021, 6:27 PM

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:40 PM

fnegri moved this task from Kanban to Watching on the cloud-services-team board.

Move some of wikimediacloud.org 185.15.56.0/23 to NetboxOpen, LowPublicActions

Description

Related Objects

Event Timeline

Move some of wikimediacloud.org 185.15.56.0/23 to Netbox
Open, LowPublic
Actions