Closed
Bug 1181666
Opened 9 years ago
Closed 9 years ago
change routing announcement of 63.245.214.0/23 to 63.245.212.0/22
Categories
(Infrastructure & Operations Graveyard :: NetOps, task)
Infrastructure & Operations Graveyard
NetOps
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dcurado, Assigned: dcurado)
Details
As we move infrastructure from PHX1 to SCL3, there will be a need for more public IP address space in SCL3. Fortunately for us, we have enough public IP address space to meet this need. We just need to tell the world about it. The planned activity goes like this: - modify the configurations of the POP border routers so that they advertise 63.245.212.0/22 in addition to 63.245.214.0/23 - verify that all the routers in the world's default free zone (DFZ) learn the new route announcement (63.245.212.0/22) (we can do this by using various "looking-glass" web sites around the world) - when we are confident that 63.245.212.0/22 has propagated out to the world (this takes but a few minutes usually) then we can delete the 63.245.214.0/23 routing announcement from the POP border routers.
Flags: cab-review?
|
Assignee | |
Updated•9 years ago
|
Assignee: network-operations → dcurado
Status: NEW → ASSIGNED
|
||
Comment 1•9 years ago
|
||
(In reply to Dave Curado :dcurado from comment #0) > As we move infrastructure from PHX1 to SCL3, there will be a need for more > public IP address space in SCL3. Fortunately for us, we have enough public > IP address space to meet this need. We just need to tell the world about it. > > The planned activity goes like this: > > - modify the configurations of the POP border routers so that they advertise > 63.245.212.0/22 in addition to 63.245.214.0/23 > - verify that all the routers in the world's default free zone (DFZ) learn > the new route announcement (63.245.212.0/22) > (we can do this by using various "looking-glass" web sites around the > world) > - when we are confident that 63.245.212.0/22 has propagated out to the world > (this takes but a few minutes usually) > then we can delete the 63.245.214.0/23 routing announcement from the POP > border routers. Dave when are you looking to do this (do I need to expedite this for TCW?)
|
|
Assignee | |
Comment 2•9 years ago
|
||
I can do this just about any time. I will do it at some off hour, out an abundance of caution.
|
|
Assignee | |
Comment 3•9 years ago
|
||
There was an old static route on both border routers, from when the SJC1 data center was still in place. Netops at the time did a lot of unorthodox things, which included routing some of our own private IP space out towards our providers, so reach SJC1. I deleted that static route from both POP border routers. dcurado@border1.ops.sjc2.mozilla.net> show configuration | compare rollback 2 [edit routing-options static] - route 63.245.208.0/22 next-hop 64.125.170.37;
|
|
Assignee | |
Comment 4•9 years ago
|
||
- updated the bgp-announce policy on border1.sjc2 to allow 63.245.212.0/22 to be announced - updated the inbound anti spoofing filter to allow packets to the 63.245.212.0/22 range to come in - created the static route for 63.245.212.0/22 next-hop discard, preference 200 - commited, then verified through a looking glass in Japan that the route is in the default free zone dcurado@border1.ops.sjc2.mozilla.net> show configuration | compare rollback 7 [edit routing-options static] route 63.245.219.36/30 { ... } + route 63.245.212.0/22 { + discard; + preference 200; + } - route 63.245.208.0/22 next-hop 64.125.170.37; [edit policy-options policy-statement bgp-announce term announce-scl3 from] route-filter 63.245.223.0/24 exact { ... } + route-filter 63.245.212.0/22 exact; [edit firewall family inet filter inbound-anti-spoofing term reject-mozilla from source-address] 63.245.223.0/24 { ... } + 63.245.212.0/22;
|
|
Assignee | |
Comment 5•9 years ago
|
||
on border1.pao1... same changes... dcurado@border1.ops.pao1.mozilla.net> show configuration | compare rollback 4 [edit routing-options static] route 63.245.219.32/30 { ... } + route 63.245.212.0/22 { + discard; + preference 200; + } - route 63.245.208.0/22 next-hop 64.125.170.33; [edit policy-options policy-statement bgp-announce term announce-scl3 from] route-filter 63.245.223.0/24 exact { ... } + route-filter 63.245.212.0/22 exact; [edit firewall family inet filter inbound-anti-spoofing term reject-mozilla from source-address] 63.245.223.0/24 { ... } + 63.245.212.0/22;
|
|
Assignee | |
Comment 6•9 years ago
|
||
All looks good. From border1.pao1: dcurado@border1.ops.pao1.mozilla.net> show route advertising-protocol bgp 64.125.170.33 inet.0: 541178 destinations, 1039194 routes (541175 active, 3 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 63.245.212.0/22 Self I * 63.245.214.0/23 Self 0 I * 63.245.219.0/24 Self I * 63.245.221.0/24 Self I * 63.245.223.0/24 Self I -------------- dcurado@border1.ops.sjc2.mozilla.net> show route advertising-protocol bgp 64.125.170.37 inet.0: 541176 destinations, 1417258 routes (541175 active, 1 holddown, 0 hidden) Restart Complete Prefix Nexthop MED Lclpref AS path * 63.245.212.0/22 Self I * 63.245.214.0/23 Self 0 I * 63.245.219.0/24 Self I * 63.245.221.0/24 Self I * 63.245.223.0/24 Self I {master} dcurado@border1.ops.sjc2.mozilla.net> show route advertising-protocol bgp 62.115.8.161 inet.0: 541176 destinations, 1417252 routes (541175 active, 1 holddown, 0 hidden) Restart Complete Prefix Nexthop MED Lclpref AS path * 63.245.212.0/22 Self I * 63.245.214.0/23 Self 0 I * 63.245.219.0/24 Self I * 63.245.221.0/24 Self I * 63.245.223.0/24 Self I
|
|
Assignee | |
Comment 7•9 years ago
|
||
I can now safely delete the static route for 63.245.214.0/23. But, in an abundance of caution, I'll do that during the TCW coming this saturday.
|
|
Assignee | |
Comment 9•9 years ago
|
||
this work has been completed.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Change Request: --- → approved
Flags: cab-review+
|
|
||
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•