[tech] Resolved! Re: Outage report, was Re: IMPORTANT: Upcoming UWA planned firewall upgrades (Sun 18/11 & 9/12)

Matt Tavani matt.tavani at uwa.edu.au
Wed Nov 21 08:19:12 AWST 2018


Hi Nick, 

The call says 'in progress' but no notes on there, so not sure anything has been changed as yet. Glad to hear it's working though. 

I can't assist on the 1.1.1.1 thing as that is beyond the scope of what I can get into from a project perspective. If you email the service desk with the issue they will forward it onto either Networks or Security for a response. 

Cheers, Matt

On 20/11/18, 5:05 pm, "Nick Bannon" <nick at ucc.gu.uwa.edu.au> wrote:

    On Tue, Nov 20, 2018 at 12:44:17PM +0800, Nick Bannon wrote:
    > On Tue, Nov 20, 2018 at 03:59:28AM +0000, Matt Tavani wrote:
    > > Hi Nick, 
    > > Nothing reported on IPv6 so far but I believe you guys are the only ones using it. 
    > 
    > Wow!
    
    What is a good core:
      * UWA Crawley campus IPv6 address; and
      * UWA Crawley campus IPv4 address
    that I should be able to ping from outside UWA?
    DNS servers are usually a good default choice, but I think there's been
    some overenthusiastic and not-publically-documented firewalling of those done.
    
    > > If you can provide the details below I can get a ticket raised to investigate if there is an issue. Just fill in as much as you can based on what you???re seeing/not seeing. 
    > 
    > Thank you. Can you add our usual contact address as an "external
    > contact" in the service ticket?
    
    Good news! The IPv6 outage appears to have been resolved - are you aware
    of any relevant changes?
    Approximately the window Monday 2018-11-19 21:21 -- Tue 2018-11-20 13:03.
    (local time)
    
    > Could you also personally test Cloudflare 1.1.1.1 DNS and raise a similar
    > issue for that? I imagine firewall rules in general have been held off
    > until the recent upgrades; however I believe it's been against IETF
    > recommendations to block that since November 2011.
    > https://blog.cloudflare.com/announcing-1111/
    > https://en.wikipedia.org/wiki/Bogon_filtering
    
    Would you still be able to do this for us? It's not a UCC-specific issue,
    however we're not able to directly create our own issues, in any case.
    (for info on _that_, see ServiceNow issue INC0222454 )
    The quick test is that 1.1.1.1 should be pingable (also DNS, HTTP, etc.).
    The main technical question is: is there an explicit legacy firewall entry
    concerning it; or has it been null-routed at another level?
    
    Thank you,
    Nick.
    
    -- 
       Nick Bannon   | "I made this letter longer than usual because
    nick-sig at rcpt.to | I lack the time to make it shorter." - Pascal
    



More information about the tech mailing list