Closed
Bug 1114699
Opened 11 years ago
Closed 10 years ago
Deploy Tor Middle relays as capped testing/iteration
Categories
(Infrastructure & Operations Graveyard :: NetOps: Projects, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: javaun, Assigned: arzhel)
Details
The requirements here are for the initial deployment of Tor Middle Relays hosted at Mozilla.
Our goals in this initial deployment are to:
- Deploy the first Mozilla middle relays
- Learn and improve our hosting efficiency. For this reason, the IT/Services leadership suggested an initial cap on network traffic while we're learning and iterating.
The following technical decisions were agreed upon:
- Cap the network at 100mbit.
- Create nodes on a separate link in our Phoenix data center in a separate IP space.
|
Reporter | |
Updated•11 years ago
|
Assignee: network-operations → jbarnell
Due Date: 2015-01-23
|
||
Comment 1•11 years ago
|
||
I'd like to stress the importance of a separate IP space / network hardware here, so we can easily tell which traffic is from/to TOR and which one is Mozilla.
What's the future network architecture? Will it move to the SCL3? If so, is it going to be similar to a BU, i.e. separate core connected to border?
Include me in the design discussion :-)
|
|
||
Comment 2•11 years ago
|
||
Me and Arzhel have put together a document what is the current state and where we should go from here. I made some recommendations from a security point of view.
https://docs.google.com/a/mozilla.com/document/d/1gPb8V5CHuV8Tztpp3WzAebbj2aTPF0fQaOXW85hXuxs/edit
Feel free to comment on it.
Who is going to manage this environment? It would be really good if we could puppetize both the admin host and relay servers before 28th.
|
|
||
Comment 3•11 years ago
|
||
We decided to go with an independent infrastructure for centralized management, namely ansible. That is now working and all steps from the document's 'to be done before 28' are implemented, per Arzhel.
|
|
||
Comment 4•11 years ago
|
||
Do we use some kind of network policing here to restrict bandwidth to 100Mbit/sec?
Flags: needinfo?(arzhel)
|
Assignee | |
Comment 5•11 years ago
|
||
Nop, but we're monitoring the bandwidth actively.
Flags: needinfo?(arzhel)
|
|
||
Updated•10 years ago
|
Assignee: jbarnell → arzhel
Component: NetOps → NetOps: Projects
|
|
Assignee | |
Comment 6•10 years ago
|
||
The testing infra has been running since January, closing that bug.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Updated•3 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•