At the level we’re doing this at, I think the bug where we accidentally put instances in the wrong ULA and thus expose organizations to each other is about as likely as the bug where we forget that fdaa:xxxx:: can’t talk to fdaa:yyyy:: for any value of x and y. Importantly: the same tiny BPF program that enforces this rule is also logically required in order to route packets, since our WireGuard mesh uses a different addressing format than our hosts.
3 Likes