[tech] Resolved! Re: Outage report, was Re: IMPORTANT: Upcoming UWA planned firewall upgrades (Sun 18/11 & 9/12)
Matt Tavani
matt.tavani at uwa.edu.au
Wed Nov 21 08:19:12 AWST 2018
Hi Nick,
The call says 'in progress' but no notes on there, so not sure anything has been changed as yet. Glad to hear it's working though.
I can't assist on the 1.1.1.1 thing as that is beyond the scope of what I can get into from a project perspective. If you email the service desk with the issue they will forward it onto either Networks or Security for a response.
Cheers, Matt
On 20/11/18, 5:05 pm, "Nick Bannon" <nick at ucc.gu.uwa.edu.au> wrote:
On Tue, Nov 20, 2018 at 12:44:17PM +0800, Nick Bannon wrote:
> On Tue, Nov 20, 2018 at 03:59:28AM +0000, Matt Tavani wrote:
> > Hi Nick,
> > Nothing reported on IPv6 so far but I believe you guys are the only ones using it.
>
> Wow!
What is a good core:
* UWA Crawley campus IPv6 address; and
* UWA Crawley campus IPv4 address
that I should be able to ping from outside UWA?
DNS servers are usually a good default choice, but I think there's been
some overenthusiastic and not-publically-documented firewalling of those done.
> > If you can provide the details below I can get a ticket raised to investigate if there is an issue. Just fill in as much as you can based on what you???re seeing/not seeing.
>
> Thank you. Can you add our usual contact address as an "external
> contact" in the service ticket?
Good news! The IPv6 outage appears to have been resolved - are you aware
of any relevant changes?
Approximately the window Monday 2018-11-19 21:21 -- Tue 2018-11-20 13:03.
(local time)
> Could you also personally test Cloudflare 1.1.1.1 DNS and raise a similar
> issue for that? I imagine firewall rules in general have been held off
> until the recent upgrades; however I believe it's been against IETF
> recommendations to block that since November 2011.
> https://blog.cloudflare.com/announcing-1111/
> https://en.wikipedia.org/wiki/Bogon_filtering
Would you still be able to do this for us? It's not a UCC-specific issue,
however we're not able to directly create our own issues, in any case.
(for info on _that_, see ServiceNow issue INC0222454 )
The quick test is that 1.1.1.1 should be pingable (also DNS, HTTP, etc.).
The main technical question is: is there an explicit legacy firewall entry
concerning it; or has it been null-routed at another level?
Thank you,
Nick.
--
Nick Bannon | "I made this letter longer than usual because
nick-sig at rcpt.to | I lack the time to make it shorter." - Pascal
More information about the tech
mailing list