Page MenuHomePhabricator
Create Task
Maniphest T356850

Do not NAT traffic to cloud-private
Closed, ResolvedPublic
Actions

Description

Traffic from Cloud VPS instances to the cloud-private networks should not be subjected to the general egress NAT.

Details

SubjectRepoBranchLines +/-
Remove cloud_private_v4_set from cloudgw nftables definitionoperations/puppetproduction+2 -13
P:wmcs::cloudgw: do not NAT traffic to cloud-internal networksoperations/puppetproduction+39 -13
P:wmcs: cloud_private_subnet: add route to private instance networksoperations/puppetproduction+63 -8
Customize query in gerrit

Event Timeline

taavi created this task.Feb 7 2024, 8:55 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 7 2024, 8:55 AM
gerritbot added a comment.Feb 7 2024, 8:58 AM

Change 998261 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:wmcs: cloud_private_subnet: add route to private instance networks

https://gerrit.wikimedia.org/r/998261

gerritbot added a project: Patch-For-Review.Feb 7 2024, 8:58 AM
gerritbot added a comment.Feb 7 2024, 11:47 AM

Change 998261 merged by Majavah:

[operations/puppet@production] P:wmcs: cloud_private_subnet: add route to private instance networks

https://gerrit.wikimedia.org/r/998261

Maintenance_bot removed a project: Patch-For-Review.Feb 7 2024, 12:30 PM
gerritbot added a comment.Feb 7 2024, 2:13 PM

Change 998412 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:wmcs::cloudgw: do not traffic to cloud-internal networks

https://gerrit.wikimedia.org/r/998412

gerritbot added a project: Patch-For-Review.Feb 7 2024, 2:13 PM
taavi triaged this task as Medium priority.Feb 7 2024, 2:46 PM
aborrero added a project: User-aborrero.Feb 7 2024, 4:51 PM
aborrero moved this task from Backlog to Radar on the User-aborrero board.Feb 8 2024, 10:08 AM
gerritbot added a comment.Feb 8 2024, 1:34 PM

Change 998412 merged by Majavah:

[operations/puppet@production] P:wmcs::cloudgw: do not NAT traffic to cloud-internal networks

https://gerrit.wikimedia.org/r/998412

Stashbot added a comment.Feb 8 2024, 1:43 PM

Mentioned in SAL (#wikimedia-cloud) [2024-02-08T13:43:02Z] <taavi> deploy change to exclude cloud-private networks from general egress NAT https://phabricator.wikimedia.org/T356850

taavi closed this task as Resolved.Feb 8 2024, 1:47 PM
Maintenance_bot removed a project: Patch-For-Review.Feb 8 2024, 2:31 PM
gerritbot added a comment.Feb 8 2024, 5:40 PM

Change 999004 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/puppet@production] Remove cloud_private_v4_set from cloudgw nftables definition

https://gerrit.wikimedia.org/r/999004

gerritbot added a project: Patch-For-Review.Feb 8 2024, 5:40 PM
gerritbot added a comment.Mar 5 2024, 9:05 AM

Change 999004 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] Remove cloud_private_v4_set from cloudgw nftables definition

https://gerrit.wikimedia.org/r/999004

Maintenance_bot removed a project: Patch-For-Review.Mar 5 2024, 9:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL