Closed
Bug 1447092
Opened 7 years ago
Closed 7 years ago
Allow ICMP traffic to external ELB/ALB taskcluster applications
Categories
(Taskcluster :: Services, defect)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: dividehex, Unassigned)
References
Details
While troubleshooting possible network traffic problems between external taskcluster ELB/ALB (such as queue.taskcluster.net) and the Mozilla data centers (MDC1, MDC2, SLC3), I noticed the ELB/ALB security groups do not allow ICMP. This hampers proper network route and performance testing in situations like this. I propose changing the security groups for all external (public) taskcluster applications (ELB/ALB/public EC2 instance) to allow ICMP traffic.
|
||
Comment 1•7 years ago
|
||
I don't think we use any ELBs or ALBs (TIL "ALB"). Are there specific hosts that are ignoring ICMP?
Flags: needinfo?(jwatkins)
|
Reporter | |
Comment 2•7 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] pronoun: he from comment #1)
> I don't think we use any ELBs or ALBs (TIL "ALB"). Are there specific hosts
> that are ignoring ICMP?
Ahh this is probably a heroku app not that I think of it. This host in particular is taskcluster-artifacts.net. This wouldn't happen to be a CDN would it?
Flags: needinfo?(jwatkins)
|
|
||
Comment 3•7 years ago
|
||
It is, indeed, a CDN - CloudFront.
|
|
Reporter | |
Comment 4•7 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] pronoun: he from comment #3)
> It is, indeed, a CDN - CloudFront.
Thanks for the confirmation and it does looks like ICMP is allowed against AWS CDN endpoint IPs.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
|
Assignee | |
Updated•6 years ago
|
Component: Platform and Services → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•