Re: Static IP setup for routers on AWS


Engelke, Johannes <info@...>
 

Hi Amit,
thanks for your answer. I deployed cloud foundry without using static IP’s. It is working well.

As far as I understood the uaa config the entire 10.x.x.x network is allowed to access the UAA Servers anyway, so there is no reason to place the dedicated static IP's of the routers into the config.

Do you see any security improvements, if only routers are allowed to access the UAA?

Best,
Johannes

On 08 Apr 2016, at 02:19, Amit Gupta <agupta(a)pivotal.io> wrote:

The UAA needs to know the router IPs to know which IPs to accept inbound requests from. If you don't care about this, you can try configuring UAA to allow requests from many IPs, and remove the static IPs from gorouter. I would be interested to find out the result of this experiment should you try it out.

Best,
Amit

On Thu, Apr 7, 2016 at 6:28 AM, Engelke, Johannes <info(a)johannes-engelke.de <mailto:info(a)johannes-engelke.de>> wrote:
Hi,
does anybody know, why the routers got static ips in the cf-infrastructure-aws.yml file? https://github.com/cloudfoundry/cf-release/blob/master/templates/cf-infrastructure-aws.yml#L173 <https://github.com/cloudfoundry/cf-release/blob/master/templates/cf-infrastructure-aws.yml#L173>

Bosh is assigning the instances to ELB’s during deploy time, so there should be no need to have static addresses here.

If nobody know’s a good reason should we remove them ;-)

Cheers
Johannes

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.