Closed
Bug 1090993
Opened 11 years ago
Closed 11 years ago
External SCL3 ZLB cluster neet access to webops1.private.{scl3,phx1}.mozilla.com
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Infrastructure & Operations Graveyard
NetOps: DC ACL Request
x86_64
Linux
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gozer, Assigned: jbarnell)
Details
This already works in PHX1, but not in SCL3. The local flows should be:
zlb1.ops.scl3.mozilla.com => webops1.private.scl3.mozilla.com tcp/80
zlb3.ops.scl3.mozilla.com => webops1.private.scl3.mozilla.com tcp/80
zlb5.ops.scl3.mozilla.com => webops1.private.scl3.mozilla.com tcp/80
zlb6.ops.scl3.mozilla.com => webops1.private.scl3.mozilla.com tcp/80
And ideally, but not necessary, allowing cross-DC access too would be appreciated.
zlb1.ops.scl3.mozilla.com => webops1.private.phx1.mozilla.com tcp/80
zlb3.ops.scl3.mozilla.com => webops1.private.phx1.mozilla.com tcp/80
zlb5.ops.scl3.mozilla.com => webops1.private.phx1.mozilla.com tcp/80
zlb6.ops.scl3.mozilla.com => webops1.private.phx1.mozilla.com tcp/80
Thanks!
|
Assignee | |
Comment 1•11 years ago
|
||
Part 1:
jbarnell@fw1.scl3.mozilla.net# show | compare
[edit security policies from-zone ops to-zone private]
policy netops--sflow { ... }
+ policy zlb-to-webops-private {
+ match {
+ source-address [ zlb1 zlb3 zlb5 zlb6 ];
+ destination-address webops1.private.scl3;
+ application junos-http;
+ }
+ then {
+ permit;
+ }
+ }
|
|
Assignee | |
Comment 2•11 years ago
|
||
Part 2:
jbarnell@fw1.phx1.mozilla.net# show | compare
[edit security policies from-zone dc to-zone private]
policy cifclient1--https { ... }
+ policy scl3-zlb-to-webops {
+ match {
+ source-address [ zlb1.ops.scl3 zlb3.ops.scl3 zlb5.ops.scl3 zlb6.ops.scl3 ];
+ destination-address webops1.private.phx1;
+ application junos-http;
+ }
+ then {
+ permit;
+ }
+ }
Please test and verify.
|
|
Assignee | |
Updated•11 years ago
|
Assignee: network-operations → jbarnell
|
|
Assignee | |
Comment 3•11 years ago
|
||
Closing please reopen if there are problems.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•3 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•