Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9

To: Noah Meyerhans <noahm@debian.org>, 912524@bugs.debian.org
Cc: Mike Hommey <mh+reportbug@glandium.org>
Subject: Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9
From: Peter Palfrader <weasel@debian.org>
Date: Fri, 2 Nov 2018 09:15:12 +0000
Message-id: <[🔎] 20181102091512.wtxmyorlgxjghvmt@sarek.noreply.org>
Reply-to: Peter Palfrader <weasel@debian.org>, 912524@bugs.debian.org
In-reply-to: <[🔎] 20181102052518.rhs6yui5z7vibn7n@ctrl.internal.morgul.net>
References: <[🔎] 154103321167.27271.738828882358740663.reportbug@mitsuha.glandium.org> <[🔎] 154103321167.27271.738828882358740663.reportbug@mitsuha.glandium.org> <[🔎] 20181102041753.jdcqysoosdiuo5pb@ctrl.internal.morgul.net> <[🔎] 154103321167.27271.738828882358740663.reportbug@mitsuha.glandium.org> <[🔎] 20181102052518.rhs6yui5z7vibn7n@ctrl.internal.morgul.net> <[🔎] 154103321167.27271.738828882358740663.reportbug@mitsuha.glandium.org>

On Thu, 01 Nov 2018, Noah Meyerhans wrote:

> It was pointed out on IRC that this is intentional, per
> https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/manifests/snapshot_web.pp
> 
> IMO blocking random (and large) chunks of EC2 is not a good idea, as the
> collateral impact is potentially huge.  I'd like to suggest a more
> targeted way of throttling individual clients that doesn't have such
> broad impact. The iptables connlimit module comes to mind, but there are
> undoubtedly other options.

It's not random.  Still, I agree that blocking large chunks is not
ideal.

We would welcome you working with us on finding actual rate limiting
configurations that work.  So far, many have suggested but nobody has
actually delivered anything.
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

Reply to:

References:
- Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9
  - From: Mike Hommey <mh+reportbug@glandium.org>
- Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9
  - From: Noah Meyerhans <noahm@debian.org>
- Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9
Next by Date: Bug#913940: [snapshot@debian.org: WebApp Error: <class 'psycopg2.DataError'>: value "2261434398" is out of range for type integer CONTEXT: PL/Perl function "stat"]
Previous by thread: Bug#912524: snapshot.debian.org is unreachable from (apparently) 18.128.0.0/9
Next by thread: Bug#913940: [snapshot@debian.org: WebApp Error: <class 'psycopg2.DataError'>: value "2261434398" is out of range for type integer CONTEXT: PL/Perl function "stat"]
Index(es):
- Date
- Thread