[Outages-discussion] FB Outage AAR I - Engineering Posts Pabulum

Bill Woodcock woody at pch.net
Wed Oct 6 04:48:22 EDT 2021


>> What team doesn't have their management IPs somewhere other than DNS? That seems crazy to me.

> I've always been partial to a binder with printouts of all vital IPs for infrastructure and disaster recovery, updated monthly

We have a not-yet-fully-enacted plan that we’ve been noodling with to have all of our critical stuff in un-routed IPv6, with centrally-managed hosts files being generated wih only need-to-know contents and pushed to each machine with a need-to-know individually.  As well, of course, as keeping encrypted different-site backups, etc.

We haven’t yet seen a problem with it.  We have some Jira/Confluence boosters internally, which is tricky, because people want to put sensitive information into the Jira and Confluence instances, but they need Internet access to phone home and do updates and stuff, apparently.  Which is unfortunate.  But I guess I heard that they’d shot themselves in the foot some other way recently, which tipped the balance in favor of getting rid of them, I think.  I’m not fully up-to-date on that argument.

                                -Bill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20211006/cfc6fd9c/attachment.sig>


More information about the Outages-discussion mailing list