[01:08] <ant> mercutio: from sort(1): "*** WARNING *** The locale specified by the  environment  affects  sort order.  Set LC_ALL=C to get the traditional sort order that uses native byte values."
[01:11] <mercutio> hmm mine doesn't show that
[01:12] <ant> mercutio: got that from a debian wheezy machine
[01:14] <mercutio> yeah i can't find a way to repeat
[01:14] <mercutio> it does say that in the man page though
[01:14] <mercutio> oh i thought you meant it outputted that
[01:14] <ant> try "A" and ".a" with en_US.UTF-8 and de_DE.UTF-8
[01:15] <ant> no it just said so in the man page
[01:15] <mercutio> yeah
[01:15] <mercutio> i only use sort to do uniq :/
[01:16] <mercutio> so as long as it sorts i don't worry too much
[01:16] <mercutio> and it's usually on numbers anyway
[08:20] <mkb> the order wasn't case sensitiv elike it ususually is
[08:21] <brycec> mkb: what is your locale normally?
[08:22] <mkb> LANG=en_US.UTF-8 on these machines
[08:22] <m0unds> patrick.georgi-clan.de/2015/02/17/intel-boot-guard/
[08:22] <m0unds> err, wrong channel
[08:23] <mkb> I can't reproduce, but I've heard of grep matching the wrong case too
[08:23] <brycec> Huh, peculiar.
[08:24] <mkb> locales are a UI thing and sort is used for a lot more than that so it doesn't seem to make sense to have sort change behavior on different locales
[08:24] <mkb> I mean there's a lot of scripts that didn't expect sort to do anything more than by byte number
[08:24] <brycec> Yeah it's well-known and documented that if you want consistent and cross-platform results in your programs/scripts, you set LC_*=C before calling out to anything.
[08:25] <mkb> I've had LC_ALL=C LC_CTYPE=en_US.UTF-8 on my desktop for a while since that's all that OpenBSD supports anyway
[08:25] <mkb> I guess I'll have to make sure I put that in .profile everywhere else
[08:27] <brycec> fwiw i can reproduce it on my Linux desktop. Normally, only variable set is LANG=en_CA.UTF-8 and sort does not function case-sensitive. If I unset that, or set LC_ALL=C, it's case-sensitive.
[10:43] *** dwarren has quit IRC (Remote host closed the connection)
[10:45] *** dj_goku has quit IRC (Ping timeout: 244 seconds)
[11:10] *** dj_goku has joined #arpnetworks
[11:10] *** dj_goku has quit IRC (Changing host)
[11:10] *** dj_goku has joined #arpnetworks
[13:19] *** _Zodiac has joined #arpnetworks
[13:19] *** _Zodiac has left 
[15:32] *** djkrikke-2 has joined #arpnetworks
[15:32] <djkrikke-2> Hi, I'm looking for some common practices on datacenter ip subnetting
[15:44] <up_the_irons> RFC 3531 comes to mind (it also works for IPv4, despite its title).  It's how we allocate blocks to customers.
[15:45] <djkrikke-2> up_the_irons: I'm more interested in the technical aspect, like vlans and inter-vlan routing
[15:46] <djkrikke-2> like, is it common practice to VLAN customers?
[15:48] <mercutio> djkrikke-2: no
[15:48] <mercutio> djkrikke-2: arp does though
[15:48] <mercutio> it's common practice to just stick everyone in a huge bridge domain
[15:52] <mercutio> not that common practice is a good thing
[15:52] <djkrikke-2> mercutio: I see
[15:53] <djkrikke-2> mercutio: doesn't that generate a huge amount of broadcast traffic on switches?
[15:53] <mercutio> djkrikke-2: most don't have mac address limits or ip restrictions or reverse path filtering.
[15:53] <mercutio> djkrikke-2: yes
[15:53] <mercutio> djkrikke-2: find a random cheap vps like vultr adn do tcpdump -p -l -n -i eth0 ! port 22
[15:54] <mercutio> the cable network here got so bad that routers started failing under the heavy arp load
[15:56] <djkrikke-2> mercutio: do you know a good solution?
[15:56] <mercutio> djkrikke-2: well you can do what arp does, you can also do pppoe, and i am struggling to figure out what the best way is
[15:57] <mercutio> with virtual machines, i've been experiementing with just having ip route default dev eth0 src <src ip>
[15:57] <mercutio> and having a single /32 routed to it.
[15:57] <djkrikke-2> mercutio: I was thinking of keeping a big subnet, but creating vlans, combined with proxy arp on the gateway
[15:58] <mercutio> then those routes are picked up by routing domain on the host and propogated.
[15:59] *** _Zodiac has joined #arpnetworks
[16:00] *** _Zodiac has left 
[16:00] <djkrikke-2> mercutio: what exactly does that ip route command do?
[16:00] <mercutio> for physical machines i kind of like the idea of just having routed /29 tbh
[16:00] <mercutio> djkrikke-2: it means you don't have a gateway, and it relies on proxy arp to get out
[16:00] <mercutio> so you can have a netmask of 255.255.255.255 on the ip
[16:00] <djkrikke-2> oh, so you don't configure a gateway, but tell everything to go through eth0, and proxy arp answers on this?
[16:01] <mercutio> yeh
[16:01] <mercutio> well you have a gateway of the ethernet interface
[16:01] <mercutio> is this for physical machines or virtual machines?
[16:01] <djkrikke-2> well physical, but I'm interested in your approach :)
[16:02] <djkrikke-2> so you have netmask 255.255.255.255 and a gateway ip
[16:02] <djkrikke-2> do you really need proxy arp then?
[16:02] <djkrikke-2> you just use the gateway for everything?
[16:02] <mercutio> proxy arp was because i have stuff in bridge mode still
[16:02] <mercutio> the gateway is just the ethernet interface
[16:02] <mercutio> i don't know if need proxy arp or not
[16:03] <mercutio> but it's enabled
[16:03] <mercutio> if it's physical i would say that a /29 per user is better
[16:04] <mercutio> the other thing you can do is you can have a /30 in rfc1913 space and route a /29 to /32 to them
[16:04] <mercutio> depending on how much space they want
[16:04] <mercutio> and use a normal gateway but you have like ip route add default via 192.168.32.77 src 4.2.2.2
[16:04] <mercutio> or wehatever ip you give them
[16:05] <mercutio> i prefer /30 to /31 as it means you can always have low ip for gateway
[16:05] <mercutio> which is the first ip of the block too
[16:05] <mercutio> the way arp is doing it uses up a lot of ip addresses.
[16:06] <mercutio> it's not necessarily bad - and if there were lots of ip addresses available then other hackish solutions wouldn't be so advantageous
[16:06] <mercutio> but it's getting harder and more expensive to buy ip addresses.
[16:06] <mercutio> like people are buying old companies to get ip address space!
[16:06] <mercutio> actually i'm in apnic zone, and arin is apparently not so bad.
[16:08] <djkrikke-2> mercutio: yes that's the reason why I'm thinking about this subject, I'm looking into ways to optimize the ip usage
[16:08] <djkrikke-2> if you need a public ip for every subnet, wel..
[16:08] <mercutio> what kind of customers are you servicing?
[16:08] <mercutio> as much as i hate the huge bridge domain, most people don't seem to care :/
[16:08] <djkrikke-2> mercutio: it's for a local computer science club
[16:09] <mercutio> with hundreds of users?
[16:09] <djkrikke-2> not hundreds :)
[16:09] <mercutio> like 30?
[16:09] <djkrikke-2> but I'm a computer science student myself, so I'm always thinking about optimal solutions
[16:09] <djkrikke-2> something like that yes
[16:10] <mercutio> with 30 it's probably fine to just have a /28 and two broadcast and gateway
[16:10] <mercutio> or /27 if it's acutally 30, rather than nearly 30
[16:10] <mercutio> oh god
[16:10] <mercutio> make that /27 and /26
[16:10] <mercutio> i went off by one :/
[16:11] <djkrikke-2> mercutio: or... we could keep a big subnet, put them in 3 vlans and proxy arp?
[16:11] <mercutio> there are pros and cons.  one of the reasons peopel are doing it that way is that some people are doing two router solutions, with 3 ip addresses used for routers.
[16:11] <mercutio> so each router has an ip on the subnet, then there's one that bounces between them
[16:12] <mercutio> traffic can be forwarded from either to the host, and out the bouncing one
[16:12] <mercutio> well the thing is vlans complicate things.
[16:12] <mercutio> if you have a small setup then suddenly it means you're the only one who understands how it works.
[16:13] <djkrikke-2> mercutio: the reason why we want to isolate several "groups" is because it's for testing purposes
[16:13] <mercutio> so usually i'd vote in favour of not increasing complexity too much, unless it's necessary.
[16:13] <mercutio> ok
[16:13] <mercutio> it's necessary then
[16:13] <djkrikke-2> so we want the traffic to be forced through the firewall
[16:13] <djkrikke-2> and that works with proxy arp and vlans
[16:13] <mercutio> yeah
[16:14] <djkrikke-2> but I was thinking, can't large hosting providers save on ip's by using this strategy
[16:14] <mercutio> large hosting providers usually have heaps of ip addresses they got earlier.
[16:14] <djkrikke-2> instead of subnetting, just use vlans per user and filter broadcast traffic
[16:14] <mercutio> it's small and medium providers that hav higher requirements for ip's
[16:14] <djkrikke-2> and use a large block
[16:14] <mercutio> small providers don't usually have expertise, and medium providers ..
[16:15] <mercutio> well that's where innovation can happen i suppose
[16:15] <mercutio> i actually have been thinking about pppoe per user more and more recently
[16:15] <mercutio> now there's in kernel etc for ppp
[16:15] <mercutio> it's not really that high overhead
[16:16] <djkrikke-2> mercutio: I'm not that familiar with pppoe, but it's some kind of tunnel right?
[16:16] <mercutio> yeah kind of
[16:16] <mercutio> 8 byte overhead
[16:16] <mercutio> well it can be 6 i think
[16:16] <mercutio> but yeah 8 is normal overhead spoken of
[16:17] <mercutio> basically it means you have a radius server, a ppp server.
[16:17] <mercutio> the ppp server deals with terminating the connections, the radius server deals with authentication and accounting
[16:17] <mercutio> bringing easy talleys of data done, making it easy to disconnect users, add ip addresses etc.
[16:18] <mercutio> and not wasting ip's
[16:18] <mercutio> that said i'm familiar with ppp/radius so it doesn't seem such a big complexity to me
[16:18] <mercutio> http://sourceforge.net/projects/accel-ppp/
[16:18] <mercutio> so you can use something like that
[16:18] <mercutio> oh which can do rate limits too
[16:20] <up_the_irons> djkrikke-2: it is not common to VLAN customers, but I do it because it makes sense and customers like it
[16:20] <up_the_irons> djkrikke-2: you're right in that the way most providers do things, it makes arp storms a problem
[16:20] <djkrikke-2> up_the_irons: just for internal isolation? So that they can have internal traffic?
[16:21] <djkrikke-2> or with filtering in between?
[16:21] <djkrikke-2> mercutio: rate limiting is pretty interesting too ;)
[16:21] <up_the_irons> djkrikke-2: well it simply makes sense that each customer have a private network; it segregates things nicely
[16:21] <mercutio> djkrikke-2: i have isp background so radius/ppp is more familiar to me too
[16:22] <up_the_irons> djkrikke-2: also, it allows mixing of services easily; some customers have VMs and also dedicated servers, or VMs and colo
[16:24] <djkrikke-2> up_the_irons: That makes sense, but you combine it with subnetting right?
[16:24] <djkrikke-2> so that for outer-vlan traffic, the gateway is always used?
[16:24] <up_the_irons> i'm not sure what exactly you're referring to when you say subnetting; that's a very general term
[16:25] <up_the_irons> yes gateway is always used for outside traffic
[16:25] <djkrikke-2> I mean that every customer has a separate subnet, like for example a /29
[16:25] <up_the_irons> yes
[16:26] <djkrikke-2> up_the_irons: allright
[16:26] <djkrikke-2> don't you think that's a waste of public ip's, when you need a gateway for every subnet?
[16:27] <mercutio> go rfc1918 :)
[16:28] <mercutio> oh djkrikke-2 another way people in more commercial environments do things is sometimes direct to direct nat
[16:28] <mercutio> like one to one mapping... so they'll have internal subnets everywhere, and just remap from an external ip to an internal ip
[16:28] <djkrikke-2> mercutio: yes, I was thinking about that too. But...NAT
[16:29] <mercutio> djkrikke-2: it's not like normal nat evilness
[16:29] <mercutio> you can do it stateless
[16:29] <mercutio> so 1-to-1 mappiung
[16:29] <djkrikke-2> mercutio: true, but you can't for example configure a cpanel with an internal ip, then it will create dns records with internal ip's etc
[16:29] <djkrikke-2> or sip sessions
[16:31] <up_the_irons> djkrikke-2: it does tend to use IPs, yes
[16:33] <brycec> (And steak does tend to use cows. The world is imperfect, but you do what you gotta do.)
[16:33] <mercutio> djkrikke-2: i don't use cpanel
[16:33] <djkrikke-2> brycec: maybe we can solve that cow problem too :)
[16:33] <djkrikke-2> No I'm just wondering if there are better solutions, that's all
[16:34] <mercutio> it's more common with people using load balancers etc.
[16:34] <mercutio> which cpanel isn't really aimed towards.
[16:34] <mercutio> ipv6 makes everything less painful.
[16:38] <mercutio> so i registered localdomain.nz does that mean that people with search paths are going to hit my domain?
[16:38] <up_the_irons> djkrikke-2: i'm not aware of better solutions, but i haven't investigated it in a long time; do tell if you find something promising :)
[16:39] <djkrikke-2> up_the_irons: well my idea is to have a router that knows about all the ips and vlans
[16:39] <djkrikke-2> then you can create a vlan per customer, take a big subnet, and let the router handle the arp proxying
[16:40] <mercutio> djkrikke-2: he's terminating on cisco, which makes these more complicated setups a bit more troublesome.
[16:40] <mercutio> linux makes it easier to shoot yourself in the foot
[16:40] <up_the_irons> djkrikke-2: so you would have a large subnet, but separate VLANs.  how would you prevent one node from taking another's IP?
[16:41] <up_the_irons> and yeah, i only do hardware packet forwarding for main traffic
[16:41] <djkrikke-2> up_the_irons: if the router knows about the IP's in a specific vlan, it can take that into account?
[16:41] <djkrikke-2> so that when the same IP is in another VLAN, nothing happens?
[16:41] <BryceBot> That's what she said!!
[16:42] <brycec> So, MAC pinning
[16:42] <brycec> (or static MAC)
[16:42] <brycec> Which isn't very flexible for the customer
[16:42] <mercutio> i hate mac pinning
[16:42] <djkrikke-2> well, the customer is always in his VLAN?
[16:42] <djkrikke-2> more IP pinning
[16:43] <mercutio> tbh, pppoe is the easiest solution :/
[16:43] <mercutio> but it does add a little of complexity to each userr.
[16:49] <djkrikke-2> hmm, ok, it's 2 am over here so I'm going to get some sleep. Thanks for the discussion brycec, up_the_irons and mercutio :)
[16:49] <mercutio> djkrikke-2: it's a complicated topic
[16:49] <mercutio> 'night
[16:49] <djkrikke-2> Thank you
[16:50] <up_the_irons> djkrikke-2: on cisco, you can't have the same subnet be in two separate VLANs
[16:50] <up_the_irons> djkrikke-2: 'nite!
[18:16] <m0unds> sophos sent me fancy unicorn socks
[18:24] *** _Zodiac has joined #arpnetworks
[18:24] *** _Zodiac has left 
[21:16] *** jlgaddis has quit IRC (Ping timeout: 250 seconds)
[21:21] *** jlgaddis has joined #arpnetworks
[22:11] *** DaCa has quit IRC (Remote host closed the connection)