cloudgw: review security policy for edge network
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	aborrero
	May 10 2023, 12:48 PM

Description

Since there were a bunch of hosts migrated to a new switch, previously working connections no longer work.

Example to cloudgw2002-dev.codfw1dev.wikimediacloud.org:

aborrero@cloudcontrol2004-dev:~ $ ping 208.80.153.189
PING 208.80.153.189 (208.80.153.189) 56(84) bytes of data.
^C
--- 208.80.153.189 ping statistics ---
94 packets transmitted, 0 received, 100% packet loss, time 95217ms

Among other things, this makes basically all tests on WMCS cookbooks wmcs.openstack.network.tests fail for codfw1dev.

Related Objects
Search...

Status	Assigned	Task
Resolved	aborrero	T296411 cloud: decide on general idea for having cloud-dedicated hardware provide service in the cloud realm & the internet
Resolved	aborrero	T297596 have cloud hardware servers in the cloud realm using a dedicated LB layer
Resolved	aborrero	T324992 cloudlb: create PoC on codfw
Resolved	Papaul	T342076 Decommission asw-b1-codfw
Resolved	cmooney	T327919 Configure cloudsw1-b1-codfw and migrate cloud hosts in codfw B1 to it
Resolved	cmooney	T336368 cloudgw: review security policy for edge network

Event Timeline

aborrero created this task.May 10 2023, 12:48 PM

aborrero updated the task description. (Show Details)

@aborrero my apologies I messed up the vlan list for cloudgw2002. cloud-instance-transport1-b-codfw (2120) was missing. Should be ok now.

cmooney@cloudsw1-b1-codfw> show arp interface irb.2120               
MAC Address       Address         Name                      Interface               Flags
d0:8e:79:f5:86:44 208.80.153.188  cloudgw2003-dev.codfw1dev irb.2120 [ge-0/0/17.0]  none
2c:ea:7f:7b:e1:04 208.80.153.189  cloudgw2002-dev.codfw1dev irb.2120 [ge-0/0/6.0]   none
d0:8e:79:f5:86:44 208.80.153.190  wan.cloudgw.codfw1dev.wik irb.2120 [ge-0/0/17.0]  none
Total entries: 3

cmooney@wikilap:~$ ping 208.80.153.189
PING 208.80.153.189 (208.80.153.189) 56(84) bytes of data.
64 bytes from 208.80.153.189: icmp_seq=1 ttl=46 time=159 ms
64 bytes from 208.80.153.189: icmp_seq=2 ttl=46 time=157 ms

@aborrero re-reading the description it sounds like there may be some other issues? Let me know if there is anything specific, the particular problem/fix above only deals with cloudgw2002.

Fixed! thanks

cloudgw: review security policy for edge networkClosed, ResolvedPublicActions

Description

Related ObjectsSearch...

Event Timeline

cloudgw: review security policy for edge network
Closed, ResolvedPublic
Actions

Related Objects
Search...