This task is to plan the incremental deployment of IPsec transports in production.
The smallest fraction of production traffic may be moved to IPsec transport by selecting one pair of nodes from the largest pools: one text node in ESAMS + one in EQIAD. Alternately, we could do one pair of nodes from the upload pool so that in the worst case a failure will only result in images not loading rather than a page not loading.
Because firewalls enforcing IPsec transport have not been configured (T85823), any failure to establish encrypted transport is expected to result in uninterrupted communication between affected hosts via standard unencrypted transport. In the case that traffic is interrupted for any reason, a fall back can be affected by executing 'ipsec-global down' on at least one of the affected nodes, as described in T88536.
Once this milestone is passed and we are satisfied with the function and performance of this single pair of nodes, deployment will continue with application of the ipsec role to greater numbers of text caches, and following a similar strategy for other cache classes.