Disable dynamic router_advertisements for IPv6. This caused some frontend traffic to be flooded to unrelated VMs. Even though this looks dramatic, the affected traffic was public internet traffic so security policies require encryption anyway and we've seen encrypted traffic only, anyway. It did cause superfluous traffic in the network, though.
Customer traffic should not appear on non-target VMs. As this only affecte the frontend network, additional security policies already required that this should be encrypted and from our analysis we have only seen encrypted traffic flooded anyway.
[X] Security requirements tested? (EVIDENCE)
Validated the new settings with our previous platform (which already used the setting but got lost at some point in the migration). Also checked on customer affected machine that this setting solves the problem and manually verified that the changed automation code is applied properly.
@flyingcircusio/release-managers
Release process
Impact:
None
Changelog:
Security implications
Customer traffic should not appear on non-target VMs. As this only affecte the frontend network, additional security policies already required that this should be encrypted and from our analysis we have only seen encrypted traffic flooded anyway.
Validated the new settings with our previous platform (which already used the setting but got lost at some point in the migration). Also checked on customer affected machine that this setting solves the problem and manually verified that the changed automation code is applied properly.