[02:05] *** dj_goku has quit IRC (Remote host closed the connection)
[06:12] *** dj_goku has joined #arpnetworks
[06:12] *** dj_goku has quit IRC (Changing host)
[06:12] *** dj_goku has joined #arpnetworks
[06:42] *** nathani has quit IRC (Quit: WeeChat 1.4)
[08:26] <mnathani> how would I go about adding the link local IPv6 /128 route for backup out to eth1 so I dont have to do %eth1 on Ubuntu
[09:42] <brycec> I'm not sure I understand what you mean... If you're specifying a route to a LL address of *course* you have to include the interface.
[09:43] <brycec> To alter that behaviour would, at a minimum, require removing fe80::/8 from all other interfaces, and then whatever other hoops you have to jump through to get $tools to not require an interface suffix.
[09:50] *** nathani has joined #arpnetworks
[10:05] <mnathani> I was going by the trello suggestion: "If there were an IPv6 address for the backup server, all customers could add the address as a /128 to the routing tables on their VPS's to go via the link-local for the backup server over the dedicated interface."
[10:06] <brycec> (Now I'm trying to wrap my head around that)
[10:06] <mnathani> perhaps the person who suggested that wanted a global unicast routable IPv6 AAAA record and not a link local
[10:06] <brycec> That could be
[10:06] <brycec> Which would annihilate the poor IPv6 router
[10:07] <mnathani> it should only be acceible via backup interface
[10:07] <mnathani> ie: not routed to IPv6 router
[10:07] <mnathani> or global internet for that matter
[11:43] *** fIorz has joined #arpnetworks
[11:45] <fIorz> up_the_irons: it seems like the IPv6 routing from the LA to the FFM location is somehow broken, traceroute ends at some HE router two hops or so from 2607:f2f8:0:102::4, while it works just fine from elsewhere
[13:28] <up_the_irons> fIorz: yeah we're aware of that; it's because we're migrating to a new router and our NTT session used to carry a static route (which we migrated to the new router)
[13:29] <up_the_irons> brycec: mnathani : the suggestion had mentioned link-local
[13:30] <up_the_irons> mnathani: you always have to qualify a link-local address by %interface, if you have more than one link-local address
[13:32] <up_the_irons> fIorz: I should set up a static to a different endpoint...
[13:34] <up_the_irons> OK that was easy
[13:34] <up_the_irons> It's working now
[13:42] <brycec> up_the_irons: New router... still running OpenBSD 3.9 though? :P
[13:43] <up_the_irons> OpenBSD 5.9
[13:43] <brycec> About damn time :)
[13:43] <brycec> And just in time for 6.0 no less
[13:44] <up_the_irons> Yeah
[13:54] <fIorz> up_the_irons: now I am talking to a different webserver than via ipv4!? (in particular with a different(/worse) TLS setup)
[13:55] <up_the_irons> Not sure which webserver you're referring to
[13:55] <brycec> Huzzah ARP. Company's main DC lost its Internet (apparently, I'm hearing it 3rd/4th/5th-hand) but the distributed/replicated services I stood up on our ARP instances are, of course, still chugging along.
[13:55] <fIorz> up_the_irons: 2607:f2f8:0:102::4, or portal.a.c
[13:56] <up_the_irons> I wonder if we're not proxying IPv6 from our SSL termination endpoint
[13:56] <up_the_irons> mercutio: ^^
[13:57] * brycec wishes his company's monitoring wasn't run out of that DC however. *sigh* Always something.
[13:57] <fIorz> https://www.ssllabs.com/ssltest/analyze.html?d=portal.arpnetworks.com&s=2607%3af2f8%3a0%3a102%3a0%3a0%3a0%3a4
[13:57] <up_the_irons> brycec: nice :)
[13:58] <up_the_irons> fIorz: yeah that's how it was before we used a different SSL endpoint
[13:59] <fIorz> yeah, IPv6 can do time travel :-)
[14:01] <fIorz> (also, keeping the old endpoint available at all is a security problem, even if the DNS isn't pointing to it, as a MitM doesn't really care about DNS)
[14:02] <up_the_irons> right
[14:28] <up_the_irons> I've turned this into a Trello card under Known Issues:
[14:28] <up_the_irons> https://trello.com/c/F6SS2RE1/15-portal-ipv6-endpoint-has-old-ip-should-proxy-through-newer-endpoint-with-stronger-ssl-termination
[14:29] <up_the_irons> Votes welcome!
[14:30] <mnathani> I am still confused about the /128 IPv6 Route as mentioned by the other Trello Card for backup
[14:31] <mnathani> I was under the assumption that adding the route with the AAAA record would somehow eliminate the need to specify the interface %eth1 or whatever
[14:32] <up_the_irons> No, that's not the case
[14:32] <up_the_irons> All link-local addresses must be qualified, since the same subnet (fe80::/64) exists on all interfaces by default
[14:34] <up_the_irons> I kept having to tell people our backup server IPv6 address, now at least the hostname can be queried
[14:34] <up_the_irons> toddf: FYI, I wanted to acknowledge your feature request emails; I simply haven't had time to add them to Trello yet, but I will do so this week
[14:49] <toddf> up_the_irons: no worries, just .. much more experienced elsewhere these days, and I hope they are useful/constructive criticism ;-)
[20:19] <up_the_irons> toddf: Yes, they are useful and appreciated!