Help:Cloud VPS IP space
This page documents IP addresses allocated for Cloud VPS projects.
The networks listed here are the supernets allocated for Cloud VPS usage. They're not expected to change very often, and so are suitable for use in e.g. access control lists. In practice, addresses are allocated from smaller networks in the documented IP space; the networks currently in use can be viewed via the OpenStack browser tool.
The canonical source of truth for IP allocations is Netbox, access to which is restricted.
IP space
| Network | Usage |
|---|---|
| 172.16.0.0/17 | Private IPv4 space. Used for internal traffic within Cloud VPS and when talking to Wikimedia wikis. |
| 185.15.56.0/25 | Public IPv4 space for instances with floating IP addresses. |
185.15.56.1 is the address used as the source NAT address for outbound traffic from instances without floating IP addresses.
| |
| 2a02:ec80:a000::/56 | Public IPv6 space for Cloud VPS instances.[1] |
| Network | Usage |
|---|---|
| 172.16.128.0/17 | Private IPv4 space. Used for internal traffic within Cloud VPS and when talking to Wikimedia wikis. |
| 185.15.57.0/29 | Public IPv4 space for instances with floating IP addresses. |
185.15.57.1 is the address used as the source NAT address for outbound traffic from instances without floating IP addresses.
| |
| 185.15.57.16/29 | Public IPv4 space for instances with floating IP addresses. |
| 2a02:ec80:a100::/56 | Public IPv6 space for Cloud VPS instances.[1] |
Machine-readable data
The Cloud VPS IP space is published in machine-readable formats as well:
- https://meta.wmcloud.org/cloudvps-ips-all.json includes all public and private Cloud VPS IP space
- https://meta.wmcloud.org/cloudvps-ips-public.json includes all public Cloud VPS IP space
These files contain the IP addresses for both the live eqiad1 deployment as well as the codfw1dev testing deployment, and are updated automatically when new networks are introduced. The files use the Googlebot format as described on Bot traffic.
In addition, a list of Toolforge worker IP private addresses is published at https://tools-static.wmflabs.org/admin/meta/worker-ips.json in the same format. Currently all Toolforge workers are hosted in Cloud VPS and so included in the files listed above, but there are certain situations (e.g. rate limiting) where specifically filtering for Toolforge workers might be useful due to their shared nature.
Notes
- ↑ 1.0 1.1 As there is no shortage of public IPv6 addresses, all instances with IPv6 connectivity are allocated a publicly routable address. Source NAT is not used for IPv6 traffic.
Communication and support
Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:
- Chat in real time in the IRC channel #wikimedia-cloud connect or the bridged Telegram group
- Discuss via email after you have subscribed to the cloud@ mailing list
- Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
- Read the News wiki page
Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself
Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)