[02:06:41] 10netops, 10Operations, 10ops-codfw: Setup new msw1-codfw - https://phabricator.wikimedia.org/T224250 (10ayounsi) T84333 is when the msw1<->cr connection has been made. The other option would be to add a 10G extension module to msw1 (EX-UM-4X4SFP), @papaul, do you have any spares? As the MPC3D doesn't suppor... [03:08:27] 10netops, 10Operations, 10ops-codfw: Setup new msw1-codfw - https://phabricator.wikimedia.org/T224250 (10Papaul) @ayounsi no we do not have any EX-UM-4X4SFP spares onsite. we will have to order some like we did when we did the switch re-fresh. All switches in rack A8, B8 and D8 didn't have the 10GB Uplink Mo... [05:09:15] 10Traffic, 10Operations: Wikipedia is unavailable on Symbian phone's browsers - https://phabricator.wikimedia.org/T227828 (10Ft1978Bp) It is a Nokia C7-00 with Symbian^3. (The Opera Mobile version is 12.00.2256) [08:50:16] 10Traffic, 10Operations, 10observability, 10User-fgiunchedi: Per-backend ATS Prometheus metrics - https://phabricator.wikimedia.org/T227668 (10fgiunchedi) [09:48:15] 10Traffic, 10Analytics, 10Operations: TLS certificates for Analytics origin servers - https://phabricator.wikimedia.org/T227860 (10ema) [09:48:26] 10Traffic, 10Analytics, 10Operations: TLS certificates for Analytics origin servers - https://phabricator.wikimedia.org/T227860 (10ema) p:05Triage→03Normal [09:52:31] 10Traffic, 10Analytics, 10Operations, 10User-Elukey: TLS certificates for Analytics origin servers - https://phabricator.wikimedia.org/T227860 (10elukey) [10:00:51] ^^ re T227860 I'm wondering if acme-chief could be helpful [10:00:52] T227860: TLS certificates for Analytics origin servers - https://phabricator.wikimedia.org/T227860 [10:01:31] as we require only a few public hostnames in the SAN list, no IPs, no internal/private domains (.wmnet)... [10:55:48] bblack, ema: CR for adding ncredir to the high-traffic1 lvs: https://gerrit.wikimedia.org/r/#/c/522055/ pcc: https://puppet-compiler.wmflabs.org/compiler1001/17327/ [11:02:05] hmm I'm wondering if adding a new public IP requires some change in the routers regarding BGP ACLs [11:02:09] XioNoX: ^^ [11:02:59] netmon hosts have a copy of router configs in case that's helpful [11:04:36] and for the default static route.. dunno if it's /32 based or the whole /28 or /111 (IPv6) [11:06:55] godog: hmm where? :) [11:07:42] vgutierrez: should be /var/lib/rancid/core/configs [11:07:48] or thereabouts [11:10:35] yeah... the routers have even bigger prefixes [11:12:00] and the backup route is for the /28 :) [12:08:45] 10Traffic, 10Operations, 10CommRel-Specialists-Support (Apr-Jun-2019), 10Performance, and 2 others: Sometimes pages load slowly for users routed to the Amsterdam data center (due to some factor outside of Wikimedia cluster) - https://phabricator.wikimedia.org/T226048 (10Elitre) This was published in https:... [12:09:06] 10Traffic, 10Operations, 10CommRel-Specialists-Support (Jul-Sep-2019), 10Performance, and 2 others: Sometimes pages load slowly for users routed to the Amsterdam data center (due to some factor outside of Wikimedia cluster) - https://phabricator.wikimedia.org/T226048 (10Elitre) [12:15:43] vgutierrez: yeah the ht1/ht2/lt lvs ranges are set up as whole subnets for the fallback routes [18:15:23] did you guys merge the config of varnish and trafficserver ? i used to have to make another edit for trafficserver but now it's just text.yaml but also upload.yaml [18:15:41] when changing a director or backend for formerly "misc" stuff [18:36:19] 10HTTPS, 10Traffic, 10Operations, 10Security: Investigate our mitigation strategy for HTTPS response length attacks - https://phabricator.wikimedia.org/T92298 (10Legoktm) >>! In T92298#2795655, @BBlack wrote: > > My current thinking on this is that it's best to wait on TLSv1.3's padding mechanism to be av... [18:41:19] 10netops, 10Operations: cr4-ulsfo rebooted unexpectedly - https://phabricator.wikimedia.org/T221156 (10ayounsi) Still no news, asked to escalate the case. [18:41:40] 10HTTPS, 10Traffic, 10Operations, 10Security: Investigate our mitigation strategy for HTTPS response length attacks - https://phabricator.wikimedia.org/T92298 (10CDanis) >>! In T92298#5329217, @Legoktm wrote: > Do we support TLS 1.3 yet? I'm apparently connecting over 1.2 still. No -- {T170567} [18:43:10] 10Traffic, 10Operations, 10Goal, 10Patch-For-Review, 10Performance: Support TLSv1.3 - https://phabricator.wikimedia.org/T170567 (10Legoktm) [18:43:15] 10HTTPS, 10Traffic, 10Operations, 10Security: Investigate our mitigation strategy for HTTPS response length attacks - https://phabricator.wikimedia.org/T92298 (10Legoktm)