jeeze, what is google doing?
?
now i can change the bg image?  google is becoming lame
ugh
stupid
yeah
keep it simple, stupid :)
yup
oh man
i see what you mean
what the hell are they thinking, it's awful
if you switch javascript off for google you don't get the background
it's so Bing'y
apparently it's only for 24 hours
then you willhave hte option of keeping it, or disabling it
stupid google
http://lifehacker.com/5559961/turn-off-googlecoms-24+hour-background-image
the embossed stuff still looks stupid :/
up_the_irons: first thing I did after getting your email is login to my main box and make sure it's all still there :)
up_the_irons: we're good. thanks.
Wraithan: ping re: arch installation
n/m
cedwards: ?
Wraithan: couldn't figure out the grub entry for vda devices, but I got it.
oh
yeah
http://www.youtube.com/watch?v=QAue4hnH8-A
arp networks not listed on http://www.fix6.net/ipv6-webhosting/
I swear Kubuntu is going to drive me to start using Gnome...
jdoe: so don't use Kubuntu.
jdoe: the best KDE I've found is http://chakra-project.org
cedwards:I'm basically screwed by my own mistrust.
I don't want to screw around with minor distros and I don't trust arch.
jdoe: then I guess you're screwed.
yep.
why is it that you don't trust arch?
so my options are basically centos, fedora, *buntu and debian.
the first two are polished but upgrading them sucks, the kubuntu sucks, and debian is stale :/
Hi, I currently have an OpenBSD VPS with you guys, but I would like to switch it to Arch Linux, is this possible ?
mdg: heh. I just did that one one of my machines.
mdg: it's possible. you'll need to submit a support@ request, and there is some manual config to be done during install.
cedwards: were you doing the $20/month (and did your pricing change?)
mdg: I am doing the $20 (I have two machines). No price change, just a support request for him to reprovision is all.
cedwards: I might give fedora a shot.
cedwards: awesome, thanks
mdg: the reprovisioning will require your current system be destroyed, so make sure you've got what you need.
mdg: ..and I'll document on the wiki the manual tweaks required to get an Arch machine running properly.
sounds good
cedwards: sorry, distracted before. My beef with arch is that I'm not sure how big the maintainer community is.
for all I know it's just some dude like Slackware.
jdoe: it seems to be pretty big. I've actually been helping build and test packages for chakra-project, and our -devel channel has been pretty busy.
everything goes through -testing before it goes public.
and what I've been doing is compiling the entire repository in a chroot, helping ensure each package is compatible with the rest.
jdoe, its a good size for the size of the community.  There are TUs which aid in package maintenance as well
mdg: irc is very active, although it seems to be 12yr olds.
yeah heh
i used to spend a lot of time in the arch channel it has changed a ton from when i started with arch
never tried arch
i've mostly been on debian in my linux experience
i tend to break it :/
i went from slack for 2 years to fedora for 3 weeks slack for a few more years then arch for the last 2 or 3 years
The fun thing about Arch is that the community doesnt take itself too seriously
mdg: i am the founder of the -ot renegade channel
and everything is so stinking simple. it's great
renegade ?
plol
Well, we had a issue with the ops in #archlinux-offtopic so we started another channel that everyone was an op in
then that blew up because the founder of that one went all nazi too
who was the founder of that one ?
so I started ##lessthanthree and that's our new home
daedhel
heh
how long have you been an archer mdg /
?
I remember when #archlinux was a channel that if the answer was on the wiki or man page, we used to give kids RTFM and leave them at that, now it is all about the hand holding #ubuntu-like stuff with ops banning for stupid cra[
Wraithan: ~ 3 years
I see that a lot too, ubuntu users for some reason decide to try arch and then get mad in irc because it doesnt work like ubuntu did
but the archwiki, you cant beat it
I use the archwiki when troubleshooting stuff on the gentoo and ubuntu servers at work
hi guys!
HELLLOO
oh hey
mdg: TU = trusted user or similar? Why should I trust them? :P
jdoe: because the developers do
jdoe: why do you trust the developers of your distro?
lessthanthree is a great name :)
http://lessthanthreesoftware.com
That's my blog
lol
nice :)
love the last post
had a very similar experience
people think websites take like two seconds :(
http://www.teamfortress.com/macupdate/ -- for all you macf-- er users :)
Wraithan: TU implies some forum rat, debian has ridiculous bureaucracy, redhat/suse have actual companies overseeing that.
so yeah, there's a difference.
redhat/suse are crap
+1
TU is more than forum rat, these are people who have maintained packages in the AUR which is a user based repository for packages
i remember using redhat about 12 years ago
it was 'ok' then
in fact, i think my first linux experience was suse
but then i was shown freebsd, and i must admit, i've absolutely *never* looked back
sometimes they become a TU because they are taking one of the AUR packages to a official repo, then they are moved into taking care of more projects
probably helps that i was shown by the chap who used to be the official freebsd documentation editor
redhat isn't crap for what it is.
jdoe: it hurts the linux world.
having a stable platform for production use? how terrible.
have a stable platform that encourages people to not move forward and therefor keep progress in check if folks want to support 'enterprise' as well
yeah, doesn't sound bad at all.
python 2.3 and 2.4 should be dead.
2.7 is coming out next month
heh
see, here's the thing.
suppose I have an app written for python2.3 (and I do indeed have just such an app, although not on redhat)
my options are to fix the app for whatever version redhat/debian/whoever decides to ship.
... or I can have that platform supported and not waste the time and effort.
that's a no-brainer.
waste?
yes, waste.
There is a reason the python language has progressed in ways that aren't backwards compatible
yes, but none of that invalidates the way things were previously done.
it worked before, and it will continue to work for the foreseeable future.
so yes, it's a waste for us to fix the app.
maybe you should have kept up with python
it isn't bad porting from 2.3 to 2.4
or 2.4 or 2.5
right, but it takes more than zero effort, right?
and the benefits from my POV are negligible. Things might perform slightly better, but my current setup is never going to perform worse.
But the additional effort required because you are using some ANCIENT verison of python and can't run 2.6 because there are libaries you can't update because your system is so old
what effort?
it's supported for years.
rhel does 7 years of support for major versions.
additional effort because only old libraries which are also unsupported now
so you are rebuilding everything
true, but 7 years is a long time, after that long I probably would be anyway.
but you are chosing to ignore that cost
and the difference is it's on my timeline, not because some distro EOL'd a version after a year.
heh, yeah sure
to each their own, but I never thought I'd hear someone call stability a *failing* of linux..
you and every other programmer who has said, we have plenty of time, we can just update it later
funny thing is the cost of updating grows over time
I'm not a programmer, I'm a sysadmin.
Ah
I've never met a programmer who wouldn't jump at the chance to upgrade to python 3.14
Not quite a bad but almost
for me, show me a tangible, immediate benefit or gtfo ;)
well no, not immediate.
I'm low on blood sugar and rambling now. I need food.
:)
i still haven't got stuck in to python
i bought the book
*books
now they are out of date
:(
what version do they teach?
sec
2.0 hehe
i'm sure i wouldn't have any trouble learning the new stuff though
2.0?
that's what it says
o'reilly books, from at least, hmm, four years ago?
book is 10 years old?
maybe more than four years
'covers python 2' is what is says :/
oh
ok
probably 2.4
i find that i need a project to learn a new language
never really found a project
i was going to write a radius server in python but 'hmmmmmmm'
maybe with twisted or sth
diesel > twisted
lol
meh
don't really know hehe
twisted is not like writing python it is like writing twisted
i guess i'd want a new 'thread' for every inbound UDP packet
but as i say, never had to actually do anything with python so :)
i wrote a radius client in php a few years ago, that was fun
that was before i ended up writing a usenet binary grabber in php with rate limiting
fun projects, now i hate php
wth does my /etc/event.d/ttyS0 work in Jaunty but not Lucid
dunno
I hate writing for upstart though.
i don't really get why it matters that a box takes a little while to start
hence i don't really get the point of upstart
well it makes init dependencies more sane.
and it gives you some easier triggers than what init allowed.
... but users don't care about that so they boast about how instead of taking 15 seconds to boot now it takes 14.
bsd style makes more sense to me
i can't even begin to understand runlevels, especially in the context of 'today'
and tbh i don't really care how long a restart takes
but that's probably because we have redundant everything
even on a lone machine I don't care
same, tbh
init is the fastest part of the boot anyway
I've got to wait minutes for the controllers to init.
yup
dell servers tend to take even longer than that tbh
been a while since I had to deal with one.
tbh, when you look at how long it takes to restart something like a cisco 6500 with something like a sup720
everything comes into perspective :)
10+ minute downtime right there
indeed.
new IPv6 policy for new VPS setups:
" A /48 IPv6 block has been allocated to your site as recommended by RFC 3177 and RFC 5375.
However, only the first /64 is directly connected (assigned) to your VLAN.
Should you require use of the entire /48 at this time, we will route it to you over a link-local address.
Please email support@arpnetworks.com to set this up. "
this will appear in IP Block detail in the Portal for new setups
I think it is a saner default
makes perfect sense :)
and the info appears a little different, so as to make this clear
putting a /48 on the VLAN always made me uncomfortable
toddf will like this change ;)
hehehehe :)
YAYAYAYAYAYAYAYAYAYAYAYA
the next sane default would be a link local address for the gateway
LOL
:D
what is the effect of this change?
I'm not following
toddf: I'll have to wrap my head around that more.  What I don't want is for a 2+ VPS setup to require one of the VPS's to be a gateway, unless this is explicitly requested by the customer
that makes sense, up_the_irons
ipv6 is a confusing beast
I mean, what can you do with the new setup that you can't do with the old one
coudln't I always say that my em0 was /64
and then create other nets near it?
RandalSchwartz: nope
RandalSchwartz: b/c the /48 was on the wire
the whole /48 was routed to your VPS previously, no?
https://twitter.com/IPv4Countdown
RandalSchwartz: the /48 would have to be routed to you, over say a link-local address, for you to subnet it further
RandalSchwartz: exactly same like IPv4.  If I put a /24 on the VLAN, you can't subnet it.  But if I route the /24 over a /30 to you, then you can subnet further.  This new policy will allow this to happen in a more organic way.  People who don't need it will accept the sane default, and people that need it (very few), can request it
well, wouldn't my em0 act as a proxy arp them?
you'd route all of the /48 to my em0, then I could further route it
RandalSchwartz: yes, if you wanted that, sure
RandalSchwartz: not sure wrt proxy arp
yeah - so I don't see what the change buys me yet
as long as I'm not putting two pieces of the /48 in entirely disjoint places
but I can't, because the global routing table can't handle that
up_the_irons: the difference between global and link local for the default gateway is not huge, but if a customer wanted a different /64 routed to the VPS, no change for default gateway
RandalSchwartz: you shouldn't.  with only a couple VPS's, there is really no need to further subnet a /48
RandalSchwartz: unless you want to do some tunnel's and have individual /64's for the tunnels
randalschwartz: this isn't about arp, v6 doesn't have arp!
how does it map an address to ether then?
ndp
bob^^: yeah, previously, the whole /48 was assigned to the VLAN, which worked but sets a bad example; it shouldn't really be done that way in retrospect
v6 does multicast
yeah, indeed
ping6 -n -w ff02::1%em0
i like the new default :)
makes sense :)
that'll get you all kame based systems on the wire, unless firewalled
ping6 -n -w ff02::2%em0
toddf: roger
that'll get you all sysctl net.inet6.ip6.forwarding=1 kame based systems on the wire, unless firewalled (read: all your routers)
the ff02::/8 is a special multicast subnet .. compare with 224.0.0.0 on ipv4, but always present in v6
it permits link local discover of addresses, both global and link local
yeah
so if I want my laptop to have a piece of my v6 with a 6over4 tunnel of some kind to my apr box, I can't do that right now, because em0 will answer for all /48 ?
so a combo of ff02::/8 multicast and fe80::/8 link-local addresses come into play to discover local addresses
precisely
ahh.  I thought I could do that before
so I'll want mine changed. :)
oh cool
if you want to route a /64 to your laptop you'll need a /64 routed to your vps and then re-route that /64 to your laptop over a tunnel
i hadn't thought of that
what the new default permits
is one /64 for the link local of your vps
then the rest of the 65535 /64's just routed to your vps
so you can then do with them what you want, including assign them to lo1 lo2 lo3 or whatever
yeah, ok, sign me up!
wow, i just did "ping6 -n -w ff02::1%em0" on a test VPS
or .. if you enable forwarding for v6, you can setup tunnels to remote systems to utilize the address space
interesting!
if I change my /48 to a /64 right now, will it break anythin?
in anticipation of the change?
the -w is the `kame specific' option, w/out it even linux and cisco respond
it sees the router and the console server.  i wonder why the console server is in there...
randalschwartz: changing to a /64 will not break if your v6 addresses lie within that /64 including your upstream gateway
now if your upstream gateway were the link local of the upstream router, the 'including your upstream gateway' goes away in the above sentence
oh, same vlan, f'in duh
yeah - that's true so far
the %em0 means 'this ethernet segment attached to em0'
and if anyone who has an existing VPS wants to change to the new default, just let me know; it's a pretty easy change
randalschwartz: because bsd systems assign networks to interfaces when you assign addresses, just changing the prefix on the interface may not change your routing table, it may be a maintnence reboot to make sure all tendrils are in proper order
so what interface does the remainder of the /48 come in on?
randalschwartz: its routed to you
I'd take v6 down and up
as in, it also comes in via em0?
think if you were on a subnet with 10.0.0.1 as router and 10.0.0.2 as your vps and 10.0.0.0/24 for the network .. and someone routed you 10.0.0.0/16 to your 10.0.0.2 vps .. same deal
ahh, but I can say 10.0.0.3/2 goes over there ==>
just rinse and recycle with v6 subnets of /64 and /48 instead of /24 and /16
since I'm now only 1,2
well, 10.0.0.0/24 ought to be on the native wire
10.0.1.0/24 however you can point elsewhere since its routed to you and you can (and maybe even should) add a reject route for the larger block and route only the speicifc ones that are accessable
ahh.  I mean 10.0.1/24 is "over there"
right
yeah - that's what I was getting at
upstream router would send any of 10/16 to me
but only 10/24 is considered "me"
by "me"
and the specific link local of 10.0.0.0/24 over-rides the route of the 10/16
yeah, that's how I thought it was working now anyway
what we had for a previous default is 10/16 on the wire, period
equivalent mind you
but if I assigned /24 to em0, and 10.0.1/24 to lo1
wouldn't it just do the right thing?
I mean, why does upstream care?
previously, no
the wire would do arp requests for 10.0.1.X thinking its on the local link
ahh...
it's starting to sink in
ok yes, I want this change. :)
what a router considers on the local link it won't magically `route' to a box on the link, unless that box does proxy arp, in which case its faking things and doing fudgery I'd care not to endorse ;-)
not sure if v6 even has 'proxy ndp'
while the term 'link local' originates from v6, you get the same concepts in v4 `within the subnet on the wire'
email to support done. :)
toddf: it does indeed do proxy ndp, which was required on some tunnels for customers when I put the whole /48 on the wire
up_the_irons: I hereby put this whole discourse under public domain, at least my part, do with it what you will, for the furtherance of `proper(tm)' networking *grin*
as long as I'm not using any address above the /64, it doesn't matter how I'm set up, right?
at least so I have to worry about a transition
toddf: cool!
randalschwarts: technically no, but a mismatch in prefixlen from router to vps cannot be a thing to expect no problems from ever ;-)
Right.  I'll fix it as soon as I hear I've been changed
it `happens' to work, just as if the router thought 10.2.3.0/24 were on the link and the client thought 10.2.0.0/16 were on the link and the client happened to use 10.2.3.2 and hit the router at 10.2.3.1, it would magically work, but obviously there is potential for `fun' down the road
in theory then, I could assign each jail its own /64
and nat the ipv4, right?
(I once had a client where the router was outside the local subnet, and windows somehow worked fine, for bsd to exist I had to widen the subnet mask considerably...)
[arin-announce] IANA IPv4 Free Pool is Now at 6.25%
wow
yes you could
it was 10% 6 months ago!
"imminent collision... sound the klaxons"
"followed shortly by the failtrombone"
"network_ipv6 stop" doesn't do what I thought
but "ifconfig em0 inet6 dead:beef:babe::/64 does
fixed up the routing too, looks like
I don't see any /48's in there now
toddf: if I route a /48 to a link-local, is there any way to get around the fact one must choose one vps as the gateway, and then ipv6 forward to all others (makes that vps more of a single point of failure)
initiall you'll have customers with a single vps
you'll have a /64 on the wire
and your router is the default upstream
well yes, that's the new default now
if they get more vps's they can choose to put them all in that one /64
the rest of the /48 can be routed as a group to one vps or split up amongst several vps's
right right, but should they want the /48 routed... then what?
presuming they're all on the same host box
if they're wanting failover they can put the link local address into a carp group between vps's
roger
carp diem!
fish of the day!
but how can the /48 be split up amongst several vps's if it is routed?  I can only pick one destination of the route
you can split the /48 into 65535 /64's if they really want 65535 individual vps's with individual /64's
not that your routing table would be happy but it could be done theoretically
toddf: right, that's just the "manual" (email support) way of doing it
if you wanted an automated way of splitting it up, ospf comes to mind as superior to rip6
toddf: if they want the whole /48 routed and want to be self service, then they have to accept that one vps, or some device, will be a gateway for them
i take it
I may use rip6 for my upstream tunnel to iijlabs which wrote kame, but thats the only place I've used either
one mac address on the link must respond as a router for the /48 yes
roger, that's all i wanted to clarify
they could have multiple vps's responding to that one mac address per carp(8) or other similar technology
note that 'fe80::X' addresses can also be aliased
$ ifconfig vlan8
vlan8: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0c:76:55:82:1b description: wifi-default priority: 0 vlan: 8 priority: 0 parent interface: trunk0 groups: vlan physical internal inet6 fe80::20c:76ff:fe55:821b%vlan8 prefixlen 64 scopeid 0xd inet6 fe80::2%vlan8 prefixlen 64 scopeid 0xd
blah stupid irssi
$ ifconfig vlan8
vlan8: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0c:76:55:82:1b
        description: wifi-default
        inet6 fe80::20c:76ff:fe55:821b%vlan8 prefixlen 64 scopeid 0xd
        inet6 fe80::2%vlan8 prefixlen 64 scopeid 0xd
$ ifconfig carp8
        inet6 fe80::200:5eff:fe00:108%carp8 prefixlen 64 scopeid 0x15
        inet6 fe80::1%carp8 prefixlen 64 scopeid 0x15
        inet6 2001:240:58a:2::1 prefixlen 64
$ ps ax | grep rtadvd
21080 ??  Is      0:10.62 rtadvd carp3 carp6 carp8 carp13 carp14
.. on a client system:
$ ping6 -n -w ff02::1%rum0
PING6(72=40+8+24 bytes) fe80::69%rum0 --> ff02::1%rum0
40 bytes from fe80::69%rum0: knetbook.fries.net.
37 bytes from fe80::1%rum0: carp1.fries.net.
37 bytes from fe80::2%rum0: carp1.fries.net.
$ netstat -nr -f inet6 | grep def
default                            fe80::1%rum0                   UG        11 10546019     -     4 rum0
toddf - so after the change to the link-local /48, what's my outbound default route going to look like?
what I just showed you is a carp'ed v6 gateway responding on multiple link local addresses, and the client having auto-discovered the carp'ed link local for default gateway
my em0 is now /64, right?
randalschwartz: depends on if I talk up_the_irons into link local or global .. ;-)
which would be better?
I'm sure he's listening. :)
randalschwartz: in reality, anything thats on the link and subnets you have configured that the router responds to
the `path with most options' is link local, the `path that mimics old v4 behavior better' is global
my existing ::1 for example?
::1 <=> 127.0.0.1
I mean dead:beef:babe::1
I just hate typing all that :)
this is my vps:
$ netstat -nr -f inet6 | grep def
default                            fe80::5054:ff:fe27:9007%em0    UGS       14     3667     -     8 em0
$ cat /etc/mygate
fe80::5054:ff:fe27:9007%em0
208.79.89.89
$ cat /etc/hostname.em0
inet6 2607:f2f8:1800::2 64
inet 208.79.89.90 255.255.255.252
what is that fe80 address?
I have fe80::5054 as well
fe80::/8 is `link local' aka each v6 enabled link has the subnet but those are non routable addresses
is that link local based on MAC addr?
ff02::/8 is `multicast' aka each v6 enabled link has the subnet but those are non routable addresses, plus if you access one it is sent to the whole ethernet segment
it can be based on mac address
however, at isc.org for example, they do this:
/etc/hostname.em0:
inet6 fe80::1234
rtsol
and get a global v6 with ::1234 for that host
manually numbering hosts lower /64 bits but having the upper /64 bits auto configured
that only works if you do rtadvd (router) and rtsol (client) but it can be useful, some discourage since if you nubmer things from 0 its easy to discover hosts, but well, whatever
ok - so I'll just let my eyes glaze over, and replace ipv6_defaultrouter=2607:f2f8:3080::1 with whatever up_the_irons says :)
RandalSchwartz: yep :)
there are also some privacy things to change the link local also, randomly generate etc, the mac address is the default source of the lower /64 bits on a link local address though yes
so the dead:beef:babe::1 address effectively goes away?
the thing to simply keep in mind is ... fe80::BLAH%em0 -> `on the local em0 link, link local addresses' .. ff02::BLAH%em0 -> `multicast on the local em0 link, link local addresses' .. 200X:BLAH -> global routable addresses
if you can reach a system on the local link, you can route to it, therefore unless the link local of the remote system changes, your default route doesn't need to change even if both you and the router renumber
I eman, doesn't the router need some v6 number?
or can it just use a virtual interface name, like I use em0?
the router has a fe80::...%em0 number you can set as your default route yes
`em0' is not an adddress its an interface
toddf: hey, if I "ifconfig destroy vlanXXX" then "sh netstart vlanXXX" (with new settings in hostname.vlanXXX), will that bring up vlanXXX with the new settings?  any side effects I should know about?
$ ping6 -n -w ff02::1%em0
PING6(72=40+8+24 bytes) fe80::5054:ff:fe27:2122%em0 --> ff02::1%em0
40 bytes from fe80::5054:ff:fe27:2122%em0: 0.v.freedaemon.com.
44 bytes from fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com.
guess what, s3.lax.arpnetworks.com aka fe80::5054:ff:fe27:9007%em0 is my v6 router on my local link, and thats what I set my default route to, works fine
so this is me - fe80::5054:ff:fe27:2232%em0: red.stonehenge.com.
and this is the router - fe80::5054:ff:fe27:9007%em0: s3.lax.arpnetworks.com.
and that's how we'll route to each other?
up_the_irons: I've been around way too long and you'll realize this when I say this, but I am in a habit of 'ifconfig if down' 'ifconfig if destroy' 'sh /etc/netstart if' .. it used to cause issues sometimes, probably fixed by now, doesn't change my `be safe' habits
randalschwartz: that'd be my recommendation, yes
will my number ever change?
toddf: roger
I'm just a v6 guru client, up_the_irons can take the he.net attitude route and force global addresses to be in place and ping'able before the rest of the v6 is routed through, but he's turning out to not be so blind
toddf: yeah i'm trying not to go that way; i'd rather do it proper now then have a thousand interfaces to change later
randalschwartz: if your em0 macaddr changes, it would be because up_the_irons set a different cmdline to his kvm instance; you can always do 'ifconfig em0 inet6 fe80::5054:ff:fe27:2232' on your em0 interface as the 1st thing done with it, and it'll use that as the link local
regardless of up_the_irons mac address tomfoolery
but I can't just say "use em0 as my default route?"
you can do that in v4
toddf: or I could use fe80::1 and fe80::2, which is simpler, but I'm not sure what the ramifications could be down the road
he.net uses 2 global addresses in a point to point link when they could use link local, for every tunnel they have, seems like a waste of precious memory in their cisco concentrators ;-) hehehehe
randalschwartz: if it is a point to point link, you can, you can't broadcast to a v4 router on an ethernet segment and hope it picks up the packets and routes them, you need a router destination as far as I know
ok
well, maybe if the v4 router responds to the broadcast address, but that seems rather hockey
I've configured `ip subnet zero' tomfoolery before, its way way way sad and strange
at 1and1 hosting for example, the openbsd net config is like this:
  /etc/hostname.nfe0:
  inet 74.208.X.X 255.255.255.255
 !route add -llinfo -iface -net 10.255.0.0/16 10.255.255.1 -ifp nfe0
  inet alias 74.208.X.X 255.255.255.255
  .. etc ..
 /etc/mygate:
  10.255.255.1
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            10.255.255.1       UGS      112 1554310729     -     8 nfe0
10.255/16          link#1             UCLS       1        0     -     8 nfe0
10.255.255.1       00:00:0c:07:ac:00  UHLc       3        0     -     8 nfe0
thats just hockey .. but it lets them assign individual /32's to individual colos w/out wasting netmask and broadcast on each vlan .. such a pita though
finding arpnetworks that does things .. right .. in so many ways prior to my `suggestions' .. was a breth of fresh air
I even have a colo facility here in Oklahoma City that thinks putting all ethernet segments on the same vlan is ok with filter rules on the switch *sigh* .. I wish I could calculate the broadcast traffic they rack up against peoples bandwidth as a result ..
so technically, if both upstream and I route via link local, he doesn't even need to assign the /64 as "live", right
so, its been fun folks, but I have someone who wants to see me at home -> http://todd.fries.net/pub/IMG00550-20100610-1103.jpg ;-) (incase anybody was wondering why I've been silent for the last 1.5 months, more or less..)
just route the entire /48 to me, and I can either respond, or route it along?
pretty much, yes
that would be easier to understand
however, if he has an ip on his router for the lowest /64 in your /48 .. his router would expect your global addresses to appear on the link also
rather than having a special /64 that acts differently from teh rest
ok
well - do the right thing, whatever it is.
I have to bounce from here.
aka its as if you had a 192.168.0.0/24 for routing, router = 192.168.0.1, you = 192.168.0.2
if he just did: route add 10.0.0.0/16 192.168.0.2
then you could have 10.0.X.X anywhere inside your vps or tunnel it out etc
however if he also had an alias on his router
10.0.0.0/24
his router would look for 10.0.0.0-10.0.0.255 on the link
10.0.0.1/24 .. rather
ok - I'll be back online in a few... just gotta relocate to the happy hour location
I'm explaining this all in terms of v4, but if you s/192.168.0./fe80::/g and s/10.0.0.0\/16/2607:f2f8:XXXX::\/48/g you start to get the idea
I'm heading home, so likely won't be responsive most of the evening
toddf: thanks for all the great info
ok - back
but it looks like my 6 is gone
RandalSchwartz: yeah i'm making the changes now
Oh- I guess not
it responds to pings
do I need to use an alias to make em0 also be fe80::2/64 ?
... ipv6_addrs_em0="2607:f2f8:3080::/64 fe80::2/64"
would that work?
well - I've managed to screw up my v6
em0 has         inet6 fe80::2%em0 prefixlen 64 scopeid 0x1
right?
i never knew a 403 was quite so time consuming toddf ;)
but it still says the way to fe80::2 is via lo0
that can't be right
how do I convince it to send via em0?
and I can't ping6 fe80::1, so I surely can't add that as a default route
what do I do next?
ahh - via em0
yeah, that's doing it
now I have default route out
and ping in!
this implies ipv6_defaultrouter=fe80::1%80
errr ipv6_defaultrouter=fe80::1%em0
and ipv6_addrs_em0="2607:f2f8:3080::/64 fe80::2/64"
can anyone verify that?
is this mic on?
hello?
I don't see toddf or up_the_irons talking back at me
RandalSchwartz: i'm still trying this on my own vps
Ahh.  lo0 is already fe80::1%lo0
so maybe fe80::1 is a bad choice
yeah i'm just noticing this also
your default route will have to be explicitly fe80::1%em0
which is why I went off the grid
finally found the route command: sudo route add -inet6 default fe80::1 -prefixlen 64
no that's not enough
not for freebsd
since there's already an fe80::1
on lo0
yeah i deleted those ;)  but yeah i see what you're saying
maybe you should pick something like fe80:feed:feed:feed:feed
and for my end fe80:f00d:f00d:f00d:f00d:f00d :)
LOL
or actually, it'd be cuter the other way around
anyway, I have v6 at the moment
Not sure if I did the right thing for a reboot, but it won't matter, as I say
actually fe80:feed:feed:feed::1 and :;2 would be cool
with a /64
it'd clearly stand out in the docs :)
RandalSchwartz: i'm going to change it to the auto-assigned link local
but what if that changes?
oh duh, you control both ends of that. :)
yup
this is a virtual world
RandalSchwartz: what is the auto-assigned one btw
... fe80::5054:ff:fe27:2232
thanks
and yours is fe80::5054:ff:fe27:9007
looks like it's derived from the linklayer
RandalSchwartz: yes, use "fe80::5054:ff:fe27:9007" as your default gateway
so should I go ahead and update that for mine?
ok
RandalSchwartz: where did it say that btw?
I looked at "ndp -a"
that's like "arp -a" for ipv6
ah right
ok - after the change, no v6 for now
RandalSchwartz: what does your interface and routing table look like?
I left em0 off
hold on
nope.  still can't ping 9007
... default                           fe80::5054:ff:fe27:9007%em0   UGS         em0
can i see your em0
...         inet6 fe80::5054:ff:fe27:2232%em0 prefixlen 64 scopeid 0x1
oh wait, there might be a bad route still
hmm.  I have an fe80::/10 via lo0
otherwise it looks like it *should* work
I can ping myself at the %em0
yeah i'm still trying to get mine own test vps set up
rats. the other one *was* working :)
yeah, gotta be something simple...
ah, the %em0 is important
ping6 fe80::5054:ff:fe27:9007%em0
that works for me
but not without
yes
because of that %lo0 entry
ah!
default                           fe80::5054:ff:fe27:9007       UGS         lo0
yeah
so maybe you should pick something that isn't in fe80::/10
it says lo0
see there ya are
nah, fe80:: is _the_ link-local subnet
ok
not sure why freebsd puts the /10 on lo0
but you have to fully qualify which link :)
hi guys
anybody run voip stuff on their arps?
the auto-assigned link-local addresses are supposed to be the ones to route over.  if i get rtadvd running, then your box _should_ automatically get the default route, etc...
so do you think it should work now?
RandalSchwartz: i'm rebooting mine and i will see...
well, did you change your end pointing at me?
to use my virt net?
virt if?
I think that's what I was missing before
you've got confusion at your end about fe80::/10 like I did
RandalSchwartz: my end pointing at you is now: fe80::5054:ff:fe27:2232
yeah, I can't hit 9007 yet
with %someif ?
RandalSchwartz: perhaps if we did fe80::2%em0 (qualified it), it would have worked, before, but oh well
RandalSchwartz: try -- ping6 fe80::5054:ff:fe27:9007%em0
it *did* work before
I am.  fail.
lol
ok, i got my test vps working
so what else did you change?
I have default                           fe80::5054:ff:fe27:9007%em0   UGS         em0
i only have a /64 routed to it, but /48 would be similar
here's my rc.conf:
ipv6_enable="YES"
ipv6_defaultrouter="fe80::5054:ff:fe27:9007%em0"
ipv6_ifconfig_em0="2607:f2f8:d00d::2 prefixlen 64"
i have:
default                           fe80::5054:ff:fe27:9007%em0   UGS         em0
yes - that's what I have
ok, check
what does your ifconfig em0 look like?
...         inet6 fe80::5054:ff:fe27:2232%em0 prefixlen 64 scopeid 0x1
inet6 2607:f2f8:3080:: prefixlen 64
I cannot ping fe80::5054:ff:fe27:9007%em0
my default gateway
so maybe packets aren't coming back to me
do you have the right interface on my return route?
yeah strange
yeah
your vlan on my end:
vlan232: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 52:54:00:27:90:07
        vlan: 232 priority: 0 parent interface: em0
        groups: vlan
        inet6 fe80::5054:ff:fe27:9007%vlan232 prefixlen 64 scopeid 0x122
and your route?
netstat -rn | grep vlan232 :)
2607:f2f8:3080::/48                fe80::5054:ff:fe27:2232%vlan232 UGS        0        0     -    48 vlan232
fe80::%vlan232/64                  link#290                       UC         0        0     -    48 vlan232
fe80::5054:ff:fe27:9007%vlan232    52:54:00:27:90:07              UHL        0        0     -    48 lo0
ff01::%vlan232/32                  link#290                       UC         0        0     -    48 vlan232
ff02::%vlan232/32                  link#290                       UC         0        0     -    48 vlan232
can you ping me?
oh wait.
I think I see it
no no
yeah, I'm routed to :9007
no i can't ping you
wait - where's the route to my /48
oh - first line
yeah
regardless of /48, we need to see why the local link isn't pinging :)
this probably won't make you feel better, but to get mine working, i rebooted the vps
sure - noidea
i'd rather not reboot, of course
yeah
ahh, screw it... I'll try a reboot... but let's verify my rc.conf
.. fe80::5054:ff:fe27:9007%em0
oops.
ipv6_enable=YES
ipv6_gateway_enable=YES
crap
can't paste here
hehe
... ipv6_enable=YES
... ipv6_defaultrouter=fe80::5054:ff:fe27:9007%em0
... ipv6_addrs_em0="2607:f2f8:3080::/64"
... ipv6_gateway_enable=YES
and off we go... reboot land
RandalSchwartz: try /48
oops.
yeah, lemme fix
RandalSchwartz: just to be consistent, until we know the link local works
didn't help
but rebooting
k
freebsd?  why not just /etc/rc.d/network restart ?
infrared: we're having problems with new ipv6 config
o
there we go!
PING6(56=40+8+8 bytes) fe80::5054:ff:fe27:9007%vlan232 --> fe80::5054:ff:fe27:2232%vlan232
16 bytes from fe80::5054:ff:fe27:2232%vlan232, icmp_seq=73 hlim=64 time=0.964 ms
16 bytes from fe80::5054:ff:fe27:2232%vlan232, icmp_seq=74 hlim=64 time=0.54 ms
16 bytes from fe80::5054:ff:fe27:2232%vlan232, icmp_seq=75 hlim=64 time=0.543 ms
reboot fix it ?!
v4 came up, v6 still no go
RandalSchwartz: but i can ping you now
PING6(56=40+8+8 bytes) fe80::5054:ff:fe27:9007%vlan232 --> fe80::5054:ff:fe27:2232%vlan232
16 bytes from fe80::5054:ff:fe27:2232%vlan232, icmp_seq=0 hlim=64 time=0.496 ms
16 bytes from fe80::5054:ff:fe27:2232%vlan232, icmp_seq=1 hlim=64 time=0.457 ms
and I you
now why aren't the routes working further out
ahh - my external address didn't get assigned
ah
bingo
I have pingo!
correct ip6 when outbound as well
:)
and yup, traceroute6 to my laptop works
(gotta love teredo
ipv6 anywhere
now you can assign /64's around to different devices
ugh, unless you're behind a hotspot
indeed
then it goes mental
no - I'm behind a hotspot
and it's working fine
uh huh
if you're *two* layers down, that's hard
a hotspot where you have a public address without having been logged in
a public ipv4
it goes nuts
oh
:)
never seen that
it's unusual, tbh :)
ok - looks like all is good
thanks for helping me diagnose it
too bad it took a reboot, but that fixed it
I don't see anything obviously different in the route table or the ifconfig
but there ya go
uptimes shmuptimes
oh - I see it!
I now have a route for fe80::%em0/64
didn't ahve that before
that would have done it
without that, there would have been no route to the router
RandalSchwartz: yeah, all those little things get set up by /etc/rc and we forget we have to do it
manually
if no reboot is desired
indeed
anyway, all good now
I can move on to the next most important task :)
hi RandalSchwartz
hey fink
RandalSchwartz: cool
up_the_irons: sent a support ticket thinger, i can't send e-mails to you directly because your e-mail server checks reverse dns
amdprophet: lol, get that fixed ;)
hey up_the_irons - did you see that he.net is now offering free reverse dns and secondary dns?
that's what the support ticket is about :P
RandalSchwartz: nope
yeah - up to 25 domains
amdprophet: ah :)
interesting
so if someone is asking "where do I get offsite secondary", tell them he.net
up_the_irons: you're at he.net?
infrared: ?
your machines
no
they're in a cage
because they're wild
whoa
the cage is a few blocks from me :)
randalschwartz: wonder what he.net is getting out of the free dns offerings ..
publicity but ..
more publicity
yes
doesn't add enough in my book
well - if you go to them for that
freedns.afraid.org++
you might by transit from them
*shrug* guess automation makes it cheap enough
buy
yeah
if I were in the transit buying game, I'd be looking at quality and price points and nothing else
Yeah - I have a half dozen things at at afraid
toddf: free hosting or free lookups?
I'll be moving them to he.net soon
oh, hosting.
he.net is also the biggest provider of teredo transit
pretty much if you get on teredo, you're on he.net
up_the_irons: is there any chance you'll be able to delegate rdns to our nameservers tonight?
amdprophet: yeah sure
that's because, I think, teredo.ipv6.microsoft.net is in fact a he.net machine
sweet :D
at least, it's just one hop from he.net
infrared: my machines are in my own cage at CoreSite (aka CRG West, aka One Wilshire)
One Wilshire is clearly labeled for a few miles distance :)
My hotel room is on the 28th floor of the north tower of the Westin, however
so I'm looking the wrong way each night. :)
I'm facing pasadena
and the dodgers stadium
the bedroom has power outlets... down by the tv at the foot of the bed, and not up near the headboard
so I asked for an extension cord