[tech] [wheel] Outage report, was Re: IMPORTANT: Upcoming UWA planned firewall upgrades (Sun 18/11 & 9/12)
Nick Bannon
nick at ucc.gu.uwa.edu.au
Tue Nov 20 12:44:17 AWST 2018
On Tue, Nov 20, 2018 at 03:59:28AM +0000, Matt Tavani wrote:
> Hi Nick,
> Nothing reported on IPv6 so far but I believe you guys are the only ones using it.
Wow!
What is a good core:
* UWA Crawley campus IPv6 address; and
* UWA Crawley campus IPv4 address
that I should be able to ping from outside UWA?
DNS servers are usually a good default choice, but I think there's been
some overenthusiastic and not-publically-documented firewalling of those done.
> If you can provide the details below I can get a ticket raised to investigate if there is an issue. Just fill in as much as you can based on what you???re seeing/not seeing.
Thank you. Can you add our usual contact address as an "external
contact" in the service ticket?
Could you also personally test Cloudflare 1.1.1.1 DNS and raise a similar
issue for that? I imagine firewall rules in general have been held off
until the recent upgrades; however I believe it's been against IETF
recommendations to block that since November 2011.
https://blog.cloudflare.com/announcing-1111/
https://en.wikipedia.org/wiki/Bogon_filtering
> - Affected application/system: Provide name of affected application/system
ICMP, NTP, HTTPS.
> - Brief description of the issue: Provide a brief description of the issue
All testable off-campus IPv6 connectivity broken.
+ hostname
motsugo
+ fping6 -Aen ipv6.google.com ipv6-test.com
syd15s03-in-x0e.1e100.net (2404:6800:4006:804::200e) is unreachable
agaric.t0x.net (2001:41d0:8:e8ad::1) is unreachable
*** The time is: Tue Nov 20 11:00:21 AWST 2018
+ hostname
motsugo
+ fping6 -Aen murasoi ipv6.google.com ipv6-test.com www.facebook.com
murasoi.ucc.gu.uwa.edu.au (2405:3c00:5200:100::1) is alive (0.27 ms)
syd15s04-in-x0e.1e100.net (2404:6800:4006:805::200e) is unreachable
agaric.t0x.net (2001:41d0:8:e8ad::1) is unreachable
edge-star-mini6-shv-01-syd2.facebook.com (2a03:2880:f119:8083:face:b00c:0:25de) is unreachable
> - Time of when tested: Provide time in HH:MM AM/PM format when this was tested
Since: Tuesday 2018-11-20 00:00 AM , UTC+0800
Ongoing at: Tuesday 2018-11-20 12:30 PM , UTC+0800
> - From (Source of the connection): Provide hostname and/or IP address of connection origin
motsugo.ucc.gu.uwa.edu.au. 3600 IN AAAA 2405:3c00:5200:100::7
(also known as motsugo.ucc.gu.uwa.edu.au. 3600 IN A 130.95.13.7)
> - To (Destination of the connection): Provide hostname or IP address of the connection destination
syd15s04-in-x0e.1e100.net (2404:6800:4006:805::200e)
agaric.t0x.net (2001:41d0:8:e8ad::1)
edge-star-mini6-shv-01-syd2.facebook.com (2a03:2880:f119:8083:face:b00c:0:25de)
> - Ports or Services: Provide ports for the connection
All testable connectivity down.
ICMP service. (ICMP echo request/reply, does not have a TCP/UDP port number)
Expected firewalling: zero: all IPv6 to or from the UCC firewall host, any IP protocol.
( Also, NTP port 123 to host murasoi.ucc.gu.uwa.edu.au , for example )
> - Reporter: Name and phone of the person reporting the incident
UCC Wheel Group, 08 6488 3901.
(you can also contact me personally as a backup, but please direct
primary technical followups to our standard email, as usual)
Thank you,
Nick.
wheel at ucc.gu.uwa.edu.au
--
Nick Bannon | "I made this letter longer than usual because
nick-sig at rcpt.to | I lack the time to make it shorter." - Pascal
More information about the tech
mailing list