Page MenuHomePhabricator
IndexNew Document
Phriction Welcome Phacility Cluster Documentation Phacility Cluster Network

Phacility Cluster Network
Updated 3,379 Days AgoPublic
Actions

Version 4 of 9: You are viewing an older version of this document, as it appeared on Feb 2 2015, 4:16 PM.
Previous
Published
Next
Draft

This document describes the network layout of the Phacility Cluster.

Overview

The Phacility cluster is deployed in an AWS VPC.

Most devices only accept connections from other devices within the cluster. Load balancers at the edge of the cluster accept external traffic and relay it to devices within the cluster, which may make additional service calls to other cluster services.

External Interfaces

These devices have external interfaces and accept requests from the public internet.

InterfaceDeviceNotes
admin.phacility.comalbHTTP load balancer (ELB). Serves admin HTTP traffic.
bastionbastionManages operational access.
vault.phacility.comvaultSSH load balancer. Serves VCS SSH traffic.
*.phacility.comlbHTTP load balancer (ELB). Serves most HTTP traffic.

Network Layout

This is a general overview of device layout and traffic flow within the network.

For each type of request, traffic enters the network at the perimeter device in the left column, and is forwarded to the "Internal Device" to respond to the request. The internal device may also make requests to one or more devices from the "Service Devices" column to satisfy the request.

Perimeter DevicePerimeter PortInternal DeviceInternal PortService Devices
alb443admin80None
bastion22AllVariesNone
lb443web80db, repo
vault22web2223repo

Connection Restrictions

Connections to devices within the network are restricted. This table summarizes the layers which provide restrictions.

RestrictionAffectsNotes
AWS Security RulesAll DevicesDrops most inbound traffic.
iptables RulesNormal DevicesDrops most inbound traffic.
Phabricator RulesApplication ServersRestricts cluster devices and listening interfaces.
rSAAS RulesApplication ServersProvides additional restrictions.
MySQL RulesDatabase ServersPrevents unrecognized connections.
Last Author
epriestley
Last Edited
Feb 2 2015, 4:16 PM

Event Timeline

epriestley created this document.Feb 1 2015, 4:59 PM
epriestley changed the title from Network to Phacility Cluster Network.
epriestley edited the content of this document. (Show Details)
epriestley edited the content of this document. (Show Details)Feb 2 2015, 4:16 PM
epriestley edited the content of this document. (Show Details)
epriestley edited the content of this document. (Show Details)Feb 2 2015, 5:44 PM
epriestley edited the content of this document. (Show Details)
epriestley edited the content of this document. (Show Details)Feb 16 2015, 8:06 PM
epriestley edited the content of this document. (Show Details)
epriestley edited the content of this document. (Show Details)Jun 29 2015, 8:17 PM
Phabricator · Built by Phacility