search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
680 stars 290 forks source link

Add static route to MOJ TGW for 10.20/16 traffic #6832

Closed davidkelliott closed 4 months ago

davidkelliott commented 5 months ago

User Story

We currently have routes 10.26 and 10.27 traffic in the PTTP TGW. We now need to add in the 10.20/16 range as well to enable Domain Controllers in the core-shared-services account to be able to talk to the MoJ DCs.

See the existing routes for 10.26 and 10.27 here for an example of what is needed - https://github.com/ministryofjustice/deployment-tgw/blob/master/env/production/eu-west-2.yml#L90

Wider MoJ networking changes are being made by Ian Harvey See related issues here:

Temporary solution: https://github.com/ministryofjustice/modernisation-platform/issues/6633

DC stories: https://github.com/ministryofjustice/modernisation-platform/issues/5970 https://github.com/ministryofjustice/modernisation-platform/issues/5737 https://github.com/ministryofjustice/modernisation-platform/issues/5736

Value / Purpose

Allows us to decommission the Azure FixNGo platform in the longer term. In the short term can also avoids domain controller traffic traversing the AWS - Azure VPN in theory improving performance of domain reliant services (Remote Desktop, Planet FM and CSR/MyDetail)

Useful Contacts

Dom Robinson, Dave Elliott, David Sibley, Ian Harvey

Additional Information

Needs to be complete by 23rd of May as Network ops are putting in their side of the change and need to be able to test.

Proposal / Unknowns

Hypothesis If we... [do a thing] Then... [this will happ]

Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.

Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.

Definition of Done

mikereiddigital commented 4 months ago

@SteveLinden tomorrow we'll take a look at this.

dms1981 commented 4 months ago

https://github.com/ministryofjustice/deployment-tgw/pull/241

mikereiddigital commented 4 months ago

Thank you @dms1981 for taking Steve and I through this change.

dms1981 commented 4 months ago

We've added the static route to the MOJ TGW (myself, @SteveLinden , and @mikereiddigital ). However, we don't have any immediate way of testing this as we don't have any resources on premise to communicate with from an MP core address range. I'll pick this back up if any further work is required and loop @SteveLinden and @mikereiddigital to see what I missed, if anything.