DMZ Testing

[badra001]

• create instances in all VPCs
• test connectivity across TGW, across regions
• test DNS vpc endpoints
• test lookup of AWS DNS resource
• once VPN in place Create VPNs to on-prem ASRs #194
  • test ping, iperf
  • test lookup of on-prem zone data
  • make sure test includes internal DNS entry and DMZ DNS entry
  • test all zone lookups from on-prem and fowarded in DNS from Associate DNS forward zones to proper VPCs #232

[badra001]

East test instances and IPs:

• vpc1-dmz-services i-01fa175dd732dd426 10.132.7.228
• vpc1-tgw-dmz-common i-09ce02e49eab4dc1e 10.136.1.106
• vpc2-dmz-common i-0c75914fc29b06fd5 10.132.22.196
• vpc2-tgw-dmz-test i-01ee026363fbf8639 10.136.3.82
• vpc3-dmz-shared i-082ab6a6ec832d9e3 10.132.39.32
• vpc3-tgw-dmz-stage i-09b09802231a1d2b5 10.136.5.87
• vpc4-dmz-test i-0e2355f59081ae046 10.132.78.226
• vpc4-tgw-dmz-prod i-005753d318095ac02 10.136.7.16
• vpc5-dmz-ite i-0bb166c0f28637a58 10.132.110.21
• vpc5-tgw-dmz-endpoints i-068bb6bb01613bdec 10.136.9.153
• vpc6-dmz-uat i-02fe63b7f4099266b 10.132.139.88
• vpc7-dmz-stage i-0e0c60cee059f7be9 10.132.173.221
• vpc8-dmz-prod i-030ed37a124b8ca18 10.132.207.102

Ping status

% nmap -sn $(awk '{print $3}' x)
Starting Nmap 7.70 ( https://nmap.org ) at 2023-11-08 06:49 EST
Nmap scan report for 10.132.7.228
Host is up (0.035s latency).
Nmap scan report for 10.136.1.106
Host is up (0.036s latency).
Nmap scan report for 10.132.22.196
Host is up (0.035s latency).
Nmap scan report for 10.136.3.82
Host is up (0.034s latency).
Nmap scan report for 10.132.39.32
Host is up (0.035s latency).
Nmap scan report for 10.136.5.87
Host is up (0.037s latency).
Nmap scan report for 10.132.78.226
Host is up (0.035s latency).
Nmap scan report for 10.136.7.16
Host is up (0.043s latency).
Nmap scan report for 10.132.110.21
Host is up (0.034s latency).
Nmap scan report for 10.132.139.88
Host is up (0.034s latency).
Nmap scan report for 10.132.173.221
Host is up (0.036s latency).
Nmap scan report for 10.132.207.102
Host is up (0.036s latency).
Nmap done: 13 IP addresses (12 hosts up) scanned in 10.44 seconds

Missing from this is

• vpc5-tgw-dmz-endpoints i-068bb6bb01613bdec 10.136.9.153 (10.136.8.0/22)

nmap (iperf, ssh)

%  nmap -p 22,5201 -oG xx.log $(cat ips.txt)
% cat xx.log
# Nmap 7.70 scan initiated Wed Nov  8 06:54:31 2023 as: nmap -p 22,5201 -oG xx.log 10.132.7.228 10.136.1.106 10.132.22.196 10.136.3.82 10.132.39.32 10.136.5.87 10.132.78.226 10.136.7.16 10.132.110.21 10.136.9.153 10.132.139.88 10.132.173.221 10.132.207.102
Host: 10.132.7.228 ()   Status: Up
Host: 10.132.7.228 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.1.106 ()   Status: Up
Host: 10.136.1.106 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.22.196 ()  Status: Up
Host: 10.132.22.196 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.3.82 ()    Status: Up
Host: 10.136.3.82 ()    Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.39.32 ()   Status: Up
Host: 10.132.39.32 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.5.87 ()    Status: Up
Host: 10.136.5.87 ()    Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.78.226 ()  Status: Up
Host: 10.132.78.226 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.7.16 ()    Status: Up
Host: 10.136.7.16 ()    Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.110.21 ()  Status: Up
Host: 10.132.110.21 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.139.88 ()  Status: Up
Host: 10.132.139.88 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.173.221 () Status: Up
Host: 10.132.173.221 () Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.132.207.102 () Status: Up
Host: 10.132.207.102 () Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
# Nmap done at Wed Nov  8 06:54:42 2023 -- 13 IP addresses (12 hosts up) scanned in 11.05 seconds

[badra001]

West test instances and IPs

• vpc1-dmz-services i-0b62fe447323b0ac0 10.134.6.154
• vpc1-tgw-dmz-common i-0c6ab4de24123a429 10.136.33.84
• vpc2-dmz-common i-04d3f912f3f4d34c7 10.134.23.155
• vpc2-tgw-dmz-test i-0f53c2f472d375162 10.136.35.10
• vpc3-dmz-shared i-0a9a53791e1f94585 10.134.39.54
• vpc3-tgw-dmz-stage i-045091ec8b37e2eb2 10.136.37.46
• vpc4-dmz-test i-022e1a177366357e8 10.134.74.70
• vpc4-tgw-dmz-prod i-0dd305de6b3d2c92b 10.136.39.119
• vpc5-dmz-ite i-0ce7d91d2ad32a427 10.134.106.143
• vpc5-tgw-dmz-endpoints i-0fb5d06ca3e668b51 10.136.40.233
• vpc6-dmz-uat i-0817c14a319a12edc 10.134.142.46
• vpc7-dmz-stage i-02976682ff0f1ab3f 10.134.170.113
• vpc8-dmz-prod i-013a7b94a2bc56c5d 10.134.205.96

ping status

% nmap -sn $(awk '{print $3}' x)
Starting Nmap 7.70 ( https://nmap.org ) at 2023-11-08 10:26 EST
Nmap scan report for 10.134.6.154
Host is up (0.068s latency).
Nmap scan report for 10.136.33.84
Host is up (0.069s latency).
Nmap scan report for 10.134.23.155
Host is up (0.071s latency).
Nmap scan report for 10.136.35.10
Host is up (0.071s latency).
Nmap scan report for 10.134.39.54
Host is up (0.069s latency).
Nmap scan report for 10.136.37.46
Host is up (0.068s latency).
Nmap scan report for 10.134.74.70
Host is up (0.069s latency).
Nmap scan report for 10.136.39.119
Host is up (0.070s latency).
Nmap scan report for 10.134.106.143
Host is up (0.068s latency).
Nmap scan report for 10.134.142.46
Host is up (0.069s latency).
Nmap scan report for 10.134.170.113
Host is up (0.069s latency).
Nmap scan report for 10.134.205.96
Host is up (0.068s latency).
Nmap done: 13 IP addresses (12 hosts up) scanned in 10.56 seconds

Again, are missing the endpoints subnet, because it's not done with the routing setup.

nmap (iperf, ssh)

% nmap -p 22,5201 -oG x.log $(!awk)
% cat x.log
badra001@redwood:apps (master)$ cat x.log
# Nmap 7.70 scan initiated Wed Nov  8 11:30:11 2023 as: nmap -p 22,5201 -oG x.log 10.134.6.154 10.136.33.84 10.134.23.155 10.136.35.10 10.134.39.54 10.136.37.46 10.134.74.70 10.136.39.119 10.134.106.143 10.136.40.233 10.134.142.46 10.134.170.113 10.134.205.96
Host: 10.134.6.154 ()   Status: Up
Host: 10.134.6.154 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.33.84 ()   Status: Up
Host: 10.136.33.84 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.23.155 ()  Status: Up
Host: 10.134.23.155 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.35.10 ()   Status: Up
Host: 10.136.35.10 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.39.54 ()   Status: Up
Host: 10.134.39.54 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.37.46 ()   Status: Up
Host: 10.136.37.46 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.74.70 ()   Status: Up
Host: 10.134.74.70 ()   Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.39.119 ()  Status: Up
Host: 10.136.39.119 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.106.143 () Status: Up
Host: 10.134.106.143 () Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.136.40.233 ()  Status: Up
Host: 10.136.40.233 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.142.46 ()  Status: Up
Host: 10.134.142.46 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.170.113 () Status: Up
Host: 10.134.170.113 () Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
Host: 10.134.205.96 ()  Status: Up
Host: 10.134.205.96 ()  Ports: 22/open/tcp//ssh///, 5201/open/tcp//targus-getdata1///
# Nmap done at Wed Nov  8 11:30:23 2023 -- 13 IP addresses (13 hosts up) scanned in 11.98 seconds

endpoint host there now.

[badra001]

both east and west endpionts subnet now fixed from the AWS routing side