[01:23] *** KDE_Perry has quit IRC () [01:28] *** KDE_Perry has joined #arpnetworks [01:40] sounds like your version is too new [01:40] you have to downgrade to 6.18 apparently [01:40] assuming 6.18 is less than 6.5 [01:41] maybe you need to upgrade? [01:42] because apparently 5.2 is older trhan 5.18 [01:43] oh apparently it works in 6.14 to 6.18 [01:46] '18' > '5' [01:46] yeah [01:47] it may work again now [01:47] routeros is good at breaking things [01:47] That's what she said!! [01:47] i seem to remember hearing of version 6.26 being reasonably current? [01:48] 6.26 isn't released yet [01:48] just 6.26 is their rc [01:48] according to http://www.mikrotik.com/download [01:48] oh [01:48] maybe it was 6.25 then [01:48] 6.25 is latest stable in the 6.x branch, 5.26 and 4.17 respectively [01:48] maybe i got confused with 5.26 then [01:49] isn't routeros 6 way less stable than 5? [01:49] *) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used; [01:49] scary changelogs (that's for 6.25) [01:49] scarier if "didn't fix..." :P [01:50] whenever i see the changelogs for routeros stuff it always seems to suggest that things are fixed that wen't broken and then were broken [01:50] suggesting that things break a lot randomly [01:50] i never had stability problems with 6. but i only use my mikrotiks as simple wlan access points [01:51] i think most of the issues are with mpls, dynamic routing, ppp, queues etc. [01:51] so yeah as a dumb switch or bridge it may be stable [01:52] imho using mikrotiks as switches sucks because of their weird stp implementation (just like linux sucks in that regard) [01:53] well not everyone uses stp :/ [01:53] i doubt most users of routeros do. [01:53] i still don't know how to have make a trunk port speak stp properly [01:53] my switch has stp enabled. [01:53] but it defaulted that way :/ [01:54] i used to be using a unifi wireless ap which was pretty unstable. [01:55] but i haven't had a single stability issue with tp-link that i replaced it with. [01:55] it's capable of running openwrt etc too. but haven't tried yet. [01:55] i got a second one so i could :/ [01:56] i've got another wireless ap as a client bridging to ethernet ports, which is tp-link too. using gargoyle, and that was pretty easy to install. [06:01] *** jpalmer has joined #arpnetworks [06:01] ipv6 appears to be down for me. anyone else? [06:01] works for me [06:02] interesting. I can't even ping my gateway [06:03] nevermind. traceroute shows it's an issue on my ISP's side. it's not making it to the first hop past my ISP's gateway. [06:04] wait, that can't be right, cuz I can't ping it from another server in california, either. [06:05] ant: can you ping 2607:f2f8:ab28::2 or ::1 ? [06:05] Yes. [06:06] both are responding? [06:06] Both are responding. [06:07] from here too [06:07] ok, I need to figure this out then. I'm not able to ping it from 3 different networks [07:05] jpalmet, I can ping both (from ARP) but traceroute to ::2 never finishes [07:14] traceroutes from comcast & linode in dallas both look ok to me [08:39] *** m0unds1 is now known as m0unds [09:50] *** sjackso has joined #arpnetworks [11:56] *** _Zodiac has joined #arpnetworks [11:56] *** _Zodiac has left [12:35] How does centralized logon generally for Linux work in Enterprises today? [12:36] Assuming we are not falling back on Active Directory and doing things directly in Linux [12:36] NIS ? [12:41] *** mnathani__ is now known as mnathani_ [12:43] ldap/kerberos [12:43] which is coincidentally the same underpinnings of AD [12:44] (ldap for directory, and kerberos for auth) [12:44] Though you could do auth with ldap too, but that's less common; the benefits of kerberos outweigh it [12:46] is it kind of roll your own solution with kerberos and ldap, or are there system packages that provide a decent out of box experience [12:47] perhaps even commercially supported? [12:47] There are, or have been, some packaged stuff [12:47] Novell had something [12:47] I haven't touched the area for awhile though [12:48] last time I set it up, I used a distro called Zeroshell to serve as my ldap/kerberos root [13:15] k [13:55] RHEL Probably has their own solution [13:55] using LDAP and Kerberos [13:58] * brycec shrugs [13:58] only think I know about RHEL and derivatives is they have a nice wizard/gui for configuring client machines for it [13:58] YER A WIZARD brycec [13:58] Thanks BryceBot [13:58] No problem, brycec [15:09] *** toddf has quit IRC (Ping timeout: 272 seconds) [15:10] *** toddf has joined #arpnetworks [15:10] *** ChanServ sets mode: +o toddf [15:36] http://www.gliffy.com/go/publish/7081735 [15:37] I am wondering if it would be possible to trunk the link between the Mikrotik and the Catalyst Switch, run 2 Vlans across it [15:38] one that will present the Bell Fibe Modem on the same Layer 2 as the Cisco 2811 behind the switch [15:38] the other for the Lan behind the Mikrotik [15:40] What's the advantage of multiple pppoe sessions? Just more external IP's as opposed to nat? [15:40] more public IPs, yes [15:40] allowing me to test vpn tunnels [15:40] that actually traverse multiple public addresses [15:47] why separate vlans? [15:47] why not just run both pppoe sessions on the same vlan? [15:47] as there is one cable between the mikrotik and the catalyst 3750 [15:48] and the mikrotik already has its pppoe session [15:48] and is performing NAT [15:48] why not route the inbound cable into a switch port [15:48] have it on a vlan [15:48] and have two more ports on teh switch to terminate pppoe sessions. [15:49] on lots of routers you can do ppp relay, but i don't think routeros does that [15:49] will pcs behind the catalyst be able to connect via pppoe session as well [15:49] any that are in the vlan group [15:49] you can probably get by with running untagged. [15:50] but tagging keeps things nice and separate. [15:50] http://forum.mikrotik.com/viewtopic.php?f=1&t=6634 [15:51] so yeah people want pppoe relay [15:51] my google foo landed me on the same page :-) [15:51] oh that's from 2006 [15:52] anyway what i'd do is just plug your incoming internet connection into the switch on say vlan 900 [15:52] then have routerboard plug into a switch port on vlan 900 [15:53] then any pc's you want with their own pppoe session you allow vlan 900 as well as their normal lan vlan [15:53] if you don't tag you're more likely to pollute random arps out the internet connection, i dunno if you midn that or not. [15:54] as well as broadcast traffic [15:55] depending on where the bridge/segment finishes, it may go to internet or just an upstream modem. [15:55] if it's an upstream modem that just feeds you pppoe i wouldn't worry, but if they're bridging again onto the wider network you probably want to avoid that. [15:55] only issue with that is - the internet modem and mikrotik device are like 1 foot apart, the switch however is in the next room and only one cable exists between the rooms [15:55] here cable is a big huge bridged annoyance. [15:56] oh. [15:56] you could just use a 5 port switch [15:56] so thats why I was hoping to run multiple vlans on that cable [15:56] actually there's an even more complicated idea. [15:56] the routerboard is one with a switch? [15:56] it is [15:56] you can run the internet into the switch. [15:57] then run ethernet from the switch ports [15:57] then plug the switch port on the routerboard into the wan port as well. [15:57] i dunno if that's getting too convouled for you :) [15:57] could probably just bridge it in software [15:57] it's better to be switched than bridged. [15:57] complicated and convoluted I like - allows for greater learning [15:57] especially on lower end routerboards. [15:58] ccr's don't have switches though. [15:58] and lots of the routerboards have funky switch arrangements, so they'll have two different switches for two different groups of ports. [15:58] so actually run a cable between the routed port and the 'switch port' [15:58] and internet into another switch port [15:58] the wan port and switch port. [15:59] so yeah say ports 5 to 8 are just cut off and used as a switch [15:59] that goes nowehre. [15:59] well doesn't go into routeros at all [15:59] they designate port 1 to wan [15:59] by default [15:59] what model is it? [15:59] that is likely to be a different switch [16:00] you're still stuck with cpu forwarding to the second switch, to go out for the normal traffic. [16:00] but you're cpu forwarding atm anyway. [16:00] well i imagine you are cos you're using nat. [16:00] Mikrotik RouterBOARD RB2011UiAS-2HnD-IN [16:00] oh fancy [16:00] that should be good for 100 megabit+ pppoe [16:00] so yeah wouldn't worry too much about cpu [16:01] do I still need to worry about VLANs? [16:01] Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) [16:02] well you're plugging into a vdsl modem aren't you? [16:02] yes [16:02] that does NAT also [16:02] you should be able to get away without [16:02] because bridge domain means it shouldn't pass afaik. [16:02] however allows pppoe passthrough [16:02] yeah so traffic won't leak onto the internet. [16:03] is it pppoe relay or are you bridging the ptm interface and the ethernet interface? [16:03] all I do is dial pppoe from one of the modems switch ports [16:03] and it connects and gives me a public ip [16:03] a lot of the broadcom modems actually let you do quite advanced stuff. [16:04] yeah but uhh [16:04] hangon [16:04] I could just run a second cable [16:04] between one of the modem ports to a switch port on the mikrotik [16:04] Bridge PPPoE Frames Between WAN and Local Ports [16:04] my router has under wan service that [16:05] but ther'es also a way to just do bridging before that level [16:06] under wan service you can do ppp over ethernet, ip over ethernet, or bridging [16:06] when adding a connection. [16:06] both ways work. [16:08] fwiw, it's basically the same on my adsl and vdsl modems, even though they're from different vendors. but they're both broadcom. [16:10] http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Example_-_802.1Q_Trunking_with_Atheros_switch_chip_in_RouterOS_v6 [16:10] looks like you can play with vlans too [16:11] where do you seee the bridge pppoe between WAN and local Ports? [16:12] is your modem broadcom? [16:12] it's under advanced setup -> wan -> edit [16:12] don't think they allow options like that [16:12] the vendor has it pretty locked down [16:12] what modem is it? [16:13] there is one vendor here that uses broadcom and locks it down but you can bypass it [16:13] home hub 2000 [16:13] but all the commands are all completely different [16:13] i think that's vr9 [16:14] home hub 1000 is broadcom [16:14] and home hub 2000 is meant to be the same as Sagemcom F@st5250 [16:14] do I need to worry about routing loops if I connect a second ethernet between one of the Internet Modem ports and say Ether3 [16:14] yeah it's broadcom [16:15] or perhaps a broadcast storm [16:15] depends on the switching domain. [16:15] or broadcast domain or whatever [16:15] wan port is usually in a different domain [16:15] ether 1 and ether 3 are in different domains [16:16] either one :) [16:16] except they both connect to a device with 2 ports in the same domain [16:17] apparently that pppoe bridge is limited to 35 megabit [16:17] i'm still struggling to find good information [16:18] can you get a shell on it? [16:19] can you put a ring on it? [16:19] oh i think that's the older sagemcom [16:20] hmm ok [16:20] maybe the /simplest/ solution [16:20] don't think I can get a shell [16:21] is as you said to plug a second cable from the modem to the routerboard. [16:21] then have vlan for it, and have the vlan go to the switch but not into routeros. [16:22] will it work if I leave it in the same vlan / untagged even? [16:22] probably. [16:22] so yeah just plug lan to lan [16:22] and then everything should magically work? [16:23] can't wait to try it [16:23] but i dunno if routeros will get confused by pppoe coming in more than one place. [16:23] it shouldn't actually. [16:23] other residents in the home are using the net so I will wait a while [16:23] heh [16:23] that reminds me i have stuff to do today while people aren't around. [16:27] there's a conference that i was thinking of going to, but it was too expensive in the end. watching video feed instead :) [16:28] but the next talk is meant to be about peering. [16:29] which conference? [16:29] nznog [16:29] http://www.nznog.org/home/video_full [16:30] there's two new internet peering exchanges suddenly in this city [16:30] so it went from like 1 to 3 [16:30] thats good [16:30] i dunno how good it is. [16:31] do they interconnect with each other? [16:31] the existing peering exchange was more stable than coresite. [16:31] nope. [16:31] arp isn't on equinix, which is the other major one in los angeles. [16:31] are people meant to go on all 3? [16:31] and los angeles is a bigger hub than here. [16:31] probably just go on the one closest to their infrastructure? [16:32] well it looks like things are moving towards multiple location points. [16:32] so nearest may still mean all 3 :) [16:32] it gives some redundancy [16:32] and may mean quicker 10gb adoption [16:33] but if you use two of them one for in and one for out, to someone, and one of them has a problem you can still have issues. [16:33] what city? [16:33] auckland [16:33] population of about 1.4 million [16:33] but covers nz whichi s about 4.5 million i think [16:34] it's funny to see how most people have their laptops out while the talks are on. [16:34] 1:33pm, shouldnt the break be over? [16:35] yeah [16:35] that's what i was thinking [16:35] it looks like more people in there now [16:35] i suppose people are slack getting back. [16:35] how many folks there do you know? [16:35] a few. [16:36] it's also harder to recognise people by their backs :) [16:36] this music really sucks too. [16:37] video quality is surprisingly good though [16:37] audio quality more so [16:37] That's what she said!! [16:37] for some reason i find most technical talks are downright hard to see/hear at all. [16:37] you have to select 720p manually. [16:37] and it'd still be nicer if they did 1080p+ [16:37] mine was automatically 720p [16:38] i wonder why mine wasn't [16:38] maybe it's going to the US [16:38] it's using something called livestream or something. i signed up for an account. [16:38] just switched to full screen [16:38] pretty cool [16:38] yeah i'm using full screen [16:38] dual monitors ftw :) [16:38] 4k ftw [16:38] :-) [16:39] haha [16:39] my irc is on 4k :) [16:39] 4k is nice. [16:39] finally [16:40] how much does it cost to attend in person? and can anyone attend or do you have to be a network operator [16:40] $250+accomodation+transport. [16:40] anyone can attend. [16:41] Oh goodness. I used to work at Livestream. [16:41] it's about a 4 hour drive from here. [16:41] there's also lots of free alcohol. [16:42] i wonder if arp is on peeringdb. [16:43] can [16:43] it is [16:43] yeah they are [16:43] pretty sure I have seen it on there before [16:43] http://www.peeringdb.com/view.php?asn=25795 [16:43] hard to read the slides though [16:43] yeah it's there [16:44] yeah their projector sucks [16:44] it looks like it's interlaced too. [16:44] the email address is like scrolling colours [16:45] most people use the routing servers in nz. [16:45] as well as the list for the exchange [16:45] he has got a good point [16:48] windows hah [16:48] and an ie icon even [16:50] short password :) [16:56] have you ever looked at the sql for peeringdb? [16:56] nope [16:57] i didn't even know there was any [16:57] http://www.peeringdb.com/dbexport/peeringdb.sql [16:57] i found out about it through that talk :) [16:57] did you know about it? [16:57] did not [16:57] APE is the normal exchange in auckland. [16:58] 11 hah [17:08] they charge per megabit to other cities [17:14] he's hopeful [17:26] no-one liked my question :) [17:28] "can't do a netflix-comcast to us" [17:28] lol [17:29] yeah [17:29] the biggest provider here doesn't peer. [17:39] whats the benefit of a bilat vs route-server peering? [17:40] bilat means you can easily turn it off when ther'es an issue [17:40] it means you make an individual connection to them, and create a bgp session [17:40] which can give more control over routing policy easier. [17:40] but menas you have to create bgp sessions with extra participant. [17:40] it's usually pretty simple to setup bilat, but you don't generally do it with everyone. [17:41] like cloudflare was saying how they don't advertise anycast without bi-lat. they were pretty easy to do bi-lat with. [17:41] even amazon [17:41] bi-lat only [17:41] amazon are also only in australia [17:42] who was that one? [17:42] whats the deal with megaport, is that like a special kind of transit [17:42] oh sitehost. [17:42] yeh. [17:42] kind of [17:42] intellipath is the special kind of transit [17:42] megaport is a new internet exchange with like 9 people on it [17:43] but more people getting onto it. [17:43] cloudflare peering was actually noticable for web page performance [17:44] that's an intersting idea [17:45] the other thing about bi-lat is making sure you have contact details. [18:15] mnathani_: what did you think of it? [18:23] interesting [18:23] thanks for sharing [18:23] its a whole other world out there [18:23] for folks used to canada / us networks [18:24] cuba - all satellite [18:24] would be cable, but the nearest landfall is the US. oops. [18:25] in the other direction, 7000ft trench [18:26] @last up_the_irons [18:26] brycec, I last saw up_the_irons 6 days 23 hours 33 min 8 sec ago saying in a channel: now they call it CoreSite. [18:26] Wow, up_the_irons isn't usually this quiet [18:26] no way [18:26] 6 days? [18:26] almost 7 days [18:26] Speak of the friggin devil [18:27] wow [18:27] brycec: almost like you summoned him [18:27] mnathani_: peering may actually improve in the US if independant fiber providers take off [18:28] while it's comcast/verizon/etc it doesn't really encourage it. [18:28] up_the_irons: Please do me a favour and see if you received the e-mail I sent yesterday? Never got an autoresponse from it. (And now the matter is becoming more urgent, so I sent a second email from an address I know works, and does receive the autoresponse) [18:28] i don't know what canada is like. [18:28] (Pretty, pretty please) [18:28] brycec: what was the email about? [18:28] VPS upgrade [18:28] my queue is mostly empty now [18:29] "mostly" [18:29] I really have no idea where the email disappeared to, and the Exchange admin is currently unable to help out [18:30] i see it in the web-based queue, but haven't got it in email yet [18:30] (but I checked and double-checked the To: address -- referring to the email I sent yesterday) [18:30] Yeah today's email was *just* sent, seconds before you appeared [18:31] Feel free to PM [18:33] i see it in my email now [18:36] Thanks up_the_irons. Btw, do you know if your email/ticket system "replies all" (to addresses that were cc'd originally)? [18:36] (And sorry to be a pest. I know you have many other customers :) ) [18:37] honestly i have no idea; never tested it and nobody else ever asked ;) [18:38] heh [18:38] I'm going to assume either "no" or that something is jinky in email between arp and my work mailbox [18:39] brycec: you are talking about exchange [18:40] It's worked for every other mail I've sent (not that it's saying much... but seems to work for everyone else at the company, including others that have emailed ARP) [18:40] ok that's weird [19:00] mercutio: we have success. I connected the second cable to the mikrotik, and a VM just connected using pppoe [19:00] sweet mnathani_ [19:01] well that's the simplest possible. [19:01] so it's bridging to all the ports. [19:01] this should also mean you can access your modem easier. [19:02] wonder if layer2 loops would be a problem [19:02] shoudln't be a loop [19:02] how would I even detect such a thing [19:03] as wan port on rb is different domain [19:03] by all of your lights blinking madly. [19:03] high pings etc. it's quite obvious normally [19:03] and in small networks it's pretty easy to notice/fix. [19:03] the problem happens in larger networks, when someone has no idea they've done it. [19:07] now they're telling APNIC users they should take addresses from ARIN :) [19:08] oh wow ARIn haven't been holding back ip addresses enough, so they've been plumetting quick. [19:31] are there any commands to run on the mikrotik to detect broadcast storms / loops [19:31] perhaps look at cpu usage? [19:36] you could just look at cpu [19:36] i have no idea about stp or anything on routeros [19:36] (or notice when connectivity breaks down...) [19:37] tcpdump on any machine would help too, just a flood of traffic [19:37] (but as for on the device itself, no clue... my routing and firewalls run *BSD) [19:38] whats hardware offloading? [19:38] in terms of a networking gateway as mentioned on the talk? [20:05] *** toddf has quit IRC (Ping timeout: 265 seconds) [20:06] *** toddf has joined #arpnetworks [20:06] *** ChanServ sets mode: +o toddf [20:06] *** jpalmer has quit IRC (Quit: WeeChat 0.4.2) [20:15] hardware offloading is when you move some of the smarts of network traffic to the network card or switch [20:15] most routers are doing it on the switch atm [20:15] it uses propietary drivers. [20:30] stuff like packet encapsulation? [20:30] yeh the switch can do that [20:30] most of the atheros switches support it [20:31] like used on your router. [20:31] routeros support for that stuff is weak afiak [20:31] and your router is more powerful than normal cpe's. [20:31] i was watcing that talk too [20:31] but i got called away, and missed some :( [20:31] That's what she said!! [20:44] the main improvement in cpe's recently has been about power usage. [20:48] *** SpaceDump has quit IRC (Ping timeout: 264 seconds) [20:49] *** SpaceDump has joined #arpnetworks [21:50] mnathani_: there's a talk tomorrow on bufferbloat, that sounds like it may be more interesting than most, as they're trying to go a bit more technical it seems. [21:57] mercutio: one thing I didn't think of earlier, DHCP is enabled on the modem and the mikrotik [21:57] connecting the 2 could have clients on the mikrotik side get an Ip from the Internet Modem?