Page MenuHomePhabricator
Create Task
Maniphest T341223

Configure eqiad cloudsw devices to support cloud-private
Closed, ResolvedPublic
Actions

Description

Cloud services are moving ahead and migrating the network setup for hosts in eqiad to match the changes recently made in codfw.

To support this several changes are needed on the network side.

  • Add cloud-private vlans and irb gateway interface on all 4 cloudsw in eqiad
  • Trunk cloud-private vlan to connected cloud hosts on cloudsw's
  • Assign public VIP range for services (T341220)
  • Configure BGP group for peering from cloudsw to cloudlb / cloudservice
  • Review and update ACLs and BGP policies to ensure new ranges announced upstream and traffic allowed

The below tasks I will not do as part of this work, but leaving for reference. If/when we move to an active/passive setup we can make this change, but as there are some complications better to leave things as they are for now and review the design when needed.

  • Reconfigure cloudsw routing in eqiad as iBGP with c8/d5 as route reflectors
    • This allows for the use of MED attribute to control active/passive device for a given VIP if needed in future
  • Update wikitech docs to reflect change to iBGP

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add Eqiad cloud VIP range to prefix list filtering inbound from hostsoperations/homer/publicmaster+2 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

cmooney created this task.Jul 6 2023, 12:51 PM
cmooney triaged this task as Medium priority.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 6 2023, 12:51 PM
cmooney added a parent task: T341060: openstack eqiad1: introduce cloud-private and cloudlb.Jul 6 2023, 12:54 PM
cmooney updated the task description. (Show Details)
aborrero mentioned this in T341060: openstack eqiad1: introduce cloud-private and cloudlb.Jul 6 2023, 2:28 PM
aborrero edited parent tasks, added: T341063: eqiad1: introduce cloud-private support; removed: T341060: openstack eqiad1: introduce cloud-private and cloudlb.
aborrero added a project: User-aborrero.
cmooney updated the task description. (Show Details)Jul 6 2023, 2:30 PM
aborrero moved this task from Backlog to Radar/observer on the User-aborrero board.Jul 6 2023, 2:31 PM
aborrero mentioned this in T341200: rename cloudswift1001 as cloudlb1001.
aborrero mentioned this in T341201: rename cloudswift1002 as cloudlb1002.
gerritbot added a comment.Jul 6 2023, 2:58 PM

Change 936053 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] Add Eqiad cloud VIP range to prefix list filtering inbound from hosts

https://gerrit.wikimedia.org/r/936053

gerritbot added a project: Patch-For-Review.Jul 6 2023, 2:58 PM
gerritbot added a comment.Jul 6 2023, 3:02 PM

Change 936053 merged by jenkins-bot:

[operations/homer/public@master] Add Eqiad cloud VIP range to prefix list filtering inbound from hosts

https://gerrit.wikimedia.org/r/936053

Maintenance_bot removed a project: Patch-For-Review.Jul 6 2023, 3:10 PM
cmooney updated the task description. (Show Details)Jul 6 2023, 3:46 PM
aborrero closed this task as Resolved.Sep 15 2023, 12:46 PM
cmooney updated the task description. (Show Details)Sep 15 2023, 12:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits