↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When |
---|---|---|
*** | schmir has joined #arpnetworks | [00:52] |
.............. (idle for 1h7mn) | ||
sentabi has joined #arpnetworks | [01:59] | |
sentabi has quit IRC (Changing host)
sentabi has joined #arpnetworks | [02:05] | |
sentabi has quit IRC ()
sentabi_ has joined #arpnetworks sentabi_ has quit IRC (Changing host) sentabi_ has joined #arpnetworks sentabi_ is now known as sentabi | [02:18] | |
..................... (idle for 1h44mn) | ||
sentabi has quit IRC (Ping timeout: 240 seconds)
sentabi has joined #arpnetworks | [04:03] | |
.......... (idle for 47mn) | ||
sentabi has quit IRC (Ping timeout: 255 seconds) | [04:50] | |
...... (idle for 26mn) | ||
heavysixer has quit IRC (Quit: BAMPF!)
heavysixer has joined #arpnetworks ChanServ sets mode: +o heavysixer | [05:16] | |
............ (idle for 58mn) | ||
sentabi has joined #arpnetworks
fink has joined #arpnetworks | [06:14] | |
sentabi has quit IRC (Ping timeout: 265 seconds)
sentabi has joined #arpnetworks | [06:24] | |
sentabi has quit IRC (Ping timeout: 265 seconds) | [06:29] | |
sentabi has joined #arpnetworks | [06:35] | |
..... (idle for 20mn) | ||
ziyourenxiang has joined #arpnetworks
sentabi has quit IRC (Ping timeout: 240 seconds) fink has quit IRC (Quit: fink) schmir has quit IRC (Remote host closed the connection) | [06:55] | |
dytra has joined #arpnetworks | [07:10] | |
ziyourenxiang has quit IRC (Quit: ziyourenxiang) | [07:17] | |
dytra has quit IRC (Ping timeout: 240 seconds) | [07:25] | |
sentabi has joined #arpnetworks | [07:30] | |
sentabi has quit IRC (Ping timeout: 264 seconds) | [07:42] | |
jpalmer | any word on kvr13's return? | [07:42] |
toddf | http://twitter.com/#!/bsdvps .. is it down again? | [07:46] |
jpalmer | both of my VPS's on kvr13 are down.
CRITICAL 10h 43m 56s | [07:48] |
toddf | support@ notified?
tried booting them with the control panel/ssh access thing? | [07:49] |
jpalmer | I haven't tried logging into the portal, and hitting the "boot" button, but I assume if the host was up, at least one of my VPS's would also be. | [07:49] |
toddf | I'd try checking your console(s) (serial -> ssh, video -> vnc) as well as hitting the boot button of neither are up, boot won't do anything if they're running, but if they're not ... ;-)
serial is less useful if you didn't configure console there and/or getty isn't running | [07:50] |
jpalmer | if this works, I'm going to be pretty annoyed. I'll want a *good* explanation of why the host came back up and my vps's didn't | [07:51] |
RandalSchwartz | kvr13 is down again?
crap Hmm. I'm not seeing it on my kvr13 box | [07:53] |
jpalmer | "boot" doesn't seem to have any effect. | [07:54] |
toddf | PING kvr13.arpnetworks.com (208.79.88.78): 56 data bytes
64 bytes from 208.79.88.78: icmp_seq=0 ttl=55 time=61.162 ms jpalmer: maybe your vps's are `special' | [07:54] |
jpalmer | I can ping kvr13, but neither of my VPS's are up. | [07:54] |
RandalSchwartz | my vps *on* kvr13 *is* up
so the problem is more local than the machine | [07:54] |
toddf | jpalmer: did you try shutting them down then hitting vnc when booting them up?
does vnc connect at all? | [07:55] |
dxtr | My vps on kvr08 is indeed up. Just wanted to add that! | [07:55] |
jpalmer | Thats even more worrisome, then. as one of those VPS's is simply a default install, with named enabled. no addition software or tweaks.
vnc won't connect. I didn't try a hard powerdown, and a subsequent boot on either VPS | [07:55] |
toddf | jpalmer: any `guessable' passwords?
jpalmer: basic troubleshooting steps, fwiw | [07:55] |
jpalmer | toddf: I appreciate the advice, but I've been a BSD admin for 15 years. the "basic troubleshooting" steps don't generally include powering down hosts. | [07:56] |
RandalSchwartz | Hmm. "portmaster -Da" is aborting with The devel/automake19 port has been deleted: No longer required by any port
how do I get it *past* that? | [07:57] |
toddf | jpalmer: maybe I should rephrase that, "it is what I would do if I were you" | [07:57] |
jpalmer | toddf: hard power down, and subsequent boot worked. Now I need an explanation. | [07:57] |
RandalSchwartz | ahh. needed to manually remove it | [07:58] |
toddf | jpalmer: similar timeframe for me, though I started dabbling 16 years ago | [07:58] |
jpalmer | it's odd that both VPS's are on the same host, went down at the same time (got the alerts from opsview!) a few minutes apart.. and both required a hard shutdown/boot to fix it. | [07:59] |
toddf | jpalmer: if the kvm process (a userland app for most intents and purposes) was stuck that would be the trick to get it to resolve, a 'hard shutdown' is essentially 'kill <your_kvm_pid>' as far as I am aware
jpalmer: guess we get to find out what kindof logs and info arp has on such incidents | [07:59] |
jpalmer | maybe my email to support@ last night asking to have my VPS's moved off of kvr13 may have been slightly premature. I'm just getting frustrated. I hear how solid and reliable ARP is, and signed up 2 weeks ago. this is the third outage. (this one was 10+ hours) | [08:00] |
toddf | jpalmer: note I'm making very educated guesses based on a year hanging out here, arp staff can confirm or refute my theories when they are active ;-)
the only time my vps (on 'mercury' fwiw) was down was when I panicked the kernel doing some testing of experimental codez... in the year+ I've been a customer, so the `hear how reliable' is not a myth | [08:01] |
dxtr | My VPS has never been down except for when I've (un)intentionally put it down myself
But the connection have died a couple of times | [08:02] |
jpalmer | I'm sure it's not a myth. I chose ARP based on the rave reviews from people in ##FreeBSD
speaking of ##FreeBSD.. RandalSchwartz, I stepped down as staff over there. thought you'd be interested in knowing that after our previous discussion a few weeks ago | [08:03] |
RandalSchwartz | I've never had a 10 hour outage
just a two hour one because of the kvr13 problems last week | [08:04] |
toddf | if indeed your vps was moved, the vnc host/port would change, not much else .. from what has been stated here .. I value the ssh serial console for debugging purposes, so if you haven't set that up it might be time to do so `incase' it is the guest os's lockup and not kvm or arp | [08:05] |
dxtr | I hate when I use ipv6 (or lack of it) as an argument for or against a company and people say "Who uses ipv6 anyway?" or "What's the use of that?" | [08:05] |
RandalSchwartz | dxtr - we *all* will be using ipv6 come next year
or start getting isolated I wonder if it'll be like when 888 numbers came out everyone still paid a premium for 800 numbers because they said "nobody would recognize 888" now - we don't think twice about 888 vs 877 vs 800 have they even *started* deploying 866 number/ ? | [08:05] |
jpalmer | toddf: I couldn't connect via serial console either, but I just realized.. I only have it setup for one of my VPS's | [08:07] |
RandalSchwartz | I think the whole toll free number thing really slowed down once we got dialing plans that include the entire US, and also the web is more conveninent for most things | [08:07] |
jpalmer | anyway, heading into the office. I'll check my logs, and ask gary to review his.
thanks for the hard shutdown/boot suggestion. | [08:08] |
dxtr | RandalSchwartz: I heard DoD gave up a /8 net
Havey ou heard anything about that? I couldn't find a source | [08:19] |
RandalSchwartz | the iana probably has a blog :) | [08:26] |
dxtr | mkay | [08:27] |
RandalSchwartz | indeed - http://blog.icann.org/category/iana/
ooh - better - http://blog.icann.org/ if people aren't convinced we're running out, they just need to read http://www.ripe.net/news/v4-time-period-reductions.html LIRs getting only 9 month supplies, not 12 month | [08:30] |
*** | fink has joined #arpnetworks
dxtr has quit IRC (Read error: Operation timed out) mhoran has quit IRC (Read error: Connection reset by peer) nuke` has quit IRC (Read error: Operation timed out) mattx86 has quit IRC (Read error: Operation timed out) | [08:42] |
toddf | randalschwartz: thanks for the link, very good indeed | [08:43] |
RandalSchwartz | Yeah, I just saw your tweet | [08:44] |
toddf | *grin* | [08:44] |
RandalSchwartz | and... retweete
and I just got notified on my iphone that I was mentioned. :) | [08:44] |
*** | Guest81122 has quit IRC (Quit: ZNC - http://znc.sourceforge.net)
phlux has joined #arpnetworks phlux is now known as Guest53302 fink has quit IRC (Client Quit) sentabi has joined #arpnetworks nerdd_ has joined #arpnetworks nerdd has quit IRC (Ping timeout: 240 seconds) nukeAFK has joined #arpnetworks mattx86 has joined #arpnetworks | [08:44] |
......... (idle for 42mn) | ||
vmmello has joined #arpnetworks | [09:40] | |
vmmello has quit IRC (Quit: Leaving) | [09:50] | |
mattx86 | fwiw, my vps is still up on kvr13: up 5 days, 5:32 | [10:01] |
jpalmer | interesting. thanks for the info.
I don't see anything funky in my logs. so, I'll ask Gary what (if anything) he sees. | [10:10] |
mattx86 | hope it works out for you | [10:15] |
RandalSchwartz | yeah, good thing
I wonder how it deals with incompats | [10:19] |
*** | fink has joined #arpnetworks
fink has quit IRC (Client Quit) | [10:23] |
..... (idle for 24mn) | ||
tinono has joined #arpnetworks | [10:50] | |
tinono | ey!
is it possible to customize one's kvm instance? I would like an ne2k_pci nic instead of e1000 | [10:50] |
IPv6Free1y | im going to guess no, but im certainly not a person to be giving definitive answers. | [10:51] |
toddf | tinono: ask support@ .. if they do it they will give you an answer there..
up_the_irons tends to be active later in the day to answer such questions here | [10:52] |
tinono | i'll drop a mail | [10:52] |
toddf | it's possible from a technical standpoint, but just curious, why would you want this? | [10:52] |
tinono | well, mainly two things
1) i'm seeing loots of em0 timeouts in openbsd 2) netbsd's wm driver (e1000) is broken with qemu's e1000 (it's a qemu bug) so if that change is possible, i might as well give it a try | [10:55] |
toddf | are you running in i386 or amd64 mode?
what rev of OpenBSD are you running? | [10:57] |
tinono | amd64
both 4.7 and latest snapshot | [10:58] |
toddf | I'm run 4.7 - 4.8-current and never had a single timeout at arp | [10:58] |
tinono | yeah, I do suppose not everyone has these problems
because you'd hear them all day in the channel imagine I want to ftp a 200MB file I need 3 tries before it goes through without a em0 watchdog timeout | [10:59] |
RandalSchwartz | I regularly push a lot more than that around on my freebsd 8.0 box using em0 | [11:00] |
toddf | wierd, indeed .. netbsd's ethernet driver != openbsd's ethernet driver | [11:00] |
RandalSchwartz | so it must be netbsd and openbsd's driver | [11:00] |
mattx86 | vcs: btw, we overhauled the about page for alpine linux after you had to get to sleep. you might check it out again if you're slightly interested :) | [11:00] |
tinono | netbsd's driver can't even get the mac address out of the nic | [11:00] |
RandalSchwartz | maybe you could install virtualbox on a freebsd install and put netbsd inside that :) | [11:01] |
tinono | yeah.. on my 758MB or on my 256? :-p | [11:01] |
RandalSchwartz | then you could pick whatever hardware you want :)
ram schmam. let it swap! | [11:01] |
mattx86 | also, for anyone else that may be remotely interested: http://www.alpinelinux.org/wiki/About | [11:01] |
tinono | thing is, ive been using freebsd-8.1, never had the slightest issue :-p | [11:02] |
RandalSchwartz | indeed
freebsd might just be ahead of the pack on this | [11:02] |
toddf | its `interesting' that tinono has issues whereas I have none. what are you doing tinono, to cause your vps to behave differently than mine I wonder? ;-)
I run some experimental diffs on my vps, but none hav anything to do with networking | [11:06] |
*** | owda has joined #arpnetworks
owda has quit IRC (Changing host) owda has joined #arpnetworks owda has left | [11:06] |
tinono | toddf: i'm wondering the same thing ~_~
imagine that boot bsd.rd drop to shell ifconfig em0 blah blah route, nameservers ok ftp some 100MB file em0: watchdog timeout this is the stock 4.7 bsd.rd doesn't happen everytime of course, but still... | [11:15] |
toddf | do you get the 100mb file from arpnet or outside? | [11:17] |
tinono | outside | [11:17] |
toddf | http://arpnetworks.com/100mb.bin
would be nice if that was on a v6 IP ;-) | [11:19] |
tinono | damn I'm dumb. seems to only happen with mirrors.kernel.org ...
:-p | [11:22] |
toddf | what are you snarfing from there inside openbsd? | [11:22] |
tinono | debian-live images. I was playing with grub2
booting isos and all that | [11:23] |
toddf | from within your vps | [11:23] |
tinono | yeah | [11:23] |
RandalSchwartz | ... curl -o /dev/null http://arpnetworks.com/100mb.bin
total time 9 seconds average download speed 10.8M and this is to my laptop I guess that's 10.8 megabytes/sec? :) | [11:24] |
toddf | 104857600 bytes received in 9.24 seconds (10.82 MB/s) | [11:25] |
RandalSchwartz | yeah, but was that to your laptop? | [11:25] |
toddf | strange, I get that inside my vps | [11:25] |
RandalSchwartz | yes - the vps are limited to 100 megabit | [11:25] |
toddf | I don't have a spinal tap to the internet at the office just yet | [11:26] |
RandalSchwartz | traceroute arpnetworks.com from here goes through 9 hops... 2.1 ms :)
round-trip min/avg/max/stddev = 1.958/2.275/2.619/0.171 ms | [11:26] |
toddf | my laptop upstream suxx by comparison.. 104857600 bytes received in 59.74 seconds (1.67 MB/s) | [11:27] |
RandalSchwartz | ahh, that reminds me. some, uh, data is available from last night
RandalSchwartz fires up the uh, "data" locators aha. "data" located! 4 minutes to download 175 MB. Yeay have you seen burnbit? turn any URL into a torrent? | [11:28] |
toddf | interesting | [11:35] |
RandalSchwartz | ... magnet:?xt=urn:btih:c66982d38a9727344249f3cc1eeb3715eec2254d&dn=100mb.bin&tr=http%3A%2F%2Ftracker.burnbit.com%3A6969%2Fannounce
that's the torrent of 100mb.bin :) | [11:39] |
.... (idle for 15mn) | ||
*** | tinono has quit IRC (Ping timeout: 252 seconds) | [11:54] |
fink has joined #arpnetworks | [12:00] | |
.......... (idle for 46mn) | ||
vcs | man ipv6 is fun | [12:46] |
toddf | ;-)
the headache of nat, gone. zomg! | [12:47] |
vcs | haha
im working on setting up the link-local routing for my /48 learning alot of new stuff | [12:50] |
*** | mhoran has joined #arpnetworks
ChanServ sets mode: +o mhoran | [12:58] |
up_the_irons | we've talked about this once before; but let me ask the channel again (chan is bigger now :) -- | [13:02] |
toddf | epoll coming! | [13:03] |
tooth | yes, I am wearing pants. | [13:03] |
up_the_irons | if one were to make a BGP speaking software router that support VRRP for several hundred VLANs, what combination of OS / software would you choose? | [13:03] |
toddf | OpenBSD, hands down. nix VRRP and use CARP! heh. but you kinda expect that from me. ;-) | [13:04] |
up_the_irons | one candidate: Linux + quagga + keepalived (does VRRP). another: FreeBSD + quagga + ??. another: OpenBSD + OpenBGPD + ?? | [13:04] |
toddf | some network designs separate bgp and internal routers, but ymmv | [13:04] |
up_the_irons | toddf: i can't do CARP b/c the other side will be a cisco device (which can do VRRP) | [13:04] |
toddf | huh? you're having a freebsd system fault tolerant routing with a cisco?
why is the cisco even in the picture? | [13:05] |
up_the_irons | toddf: i want a cisco device to be fault tolerant to <something>
toddf: b/c my core router is a cisco can't change that :) | [13:05] |
toddf | so basically, you want a lesser software solution incase the expensive gizmo goes splat? | [13:06] |
up_the_irons | toddf: you're good
yes :) | [13:06] |
tooth | have two expensive gizmos then! | [13:07] |
up_the_irons | I have an identical cisco, that I *could* hook up and just do VRRP or HRSP that way; but I kinda would like to get experience with doing it with open source tools | [13:07] |
toddf | no clue on vrrp stuff, sorry, I only know carp and replace cisco anychance I get ..
openbgpd does some neat fast switchover stuff, but all the bells and whistles work only on openbsd which only supports carp, not vrrp, for patent reasons | [13:07] |
up_the_irons | toddf: understandable | [13:08] |
toddf | I encourage others to join the discussion at their convenience, obviously there may be better stuff out there, but for vrrp .. I have no clue how one might make openbsd work ;-( | [13:09] |
jpalmer | up_the_irons: have you got a moment for /msg? | [13:11] |
up_the_irons | jpalmer: depends on the /msg. if a quick question, yes, otherwise best to email support@arpnetworks.com | [13:12] |
jpalmer | up_the_irons: ok, I'll email then. I had issues with 2 VPS's on kvr13 last night, (down for 10 hours, had to hard shutdown and boot) just trying to determine the cause. | [13:15] |
up_the_irons | jpalmer: OK, please send any details you can and also include VM UUIDs | [13:16] |
jpalmer | will do. thanks | [13:16] |
up_the_irons | jpalmer: np. sorry for the downtime; that is unusual
I think the host is stable now, no issues after taking off RouterOS on a guest. Other VMs stayed up. jpalmer: are you running a custom distro / OS? | [13:18] |
jpalmer | up_the_irons: centos 5.5 x86_64 in both
up_the_irons: in fact, it seems you sent an email earlier today or yesterday, about one of the VPS's being down so much. I'm heading home now. will get an email to support@ with details. for now, ignore my request to move those VPS's off of kvr13 ;) | [13:21] |
up_the_irons | jpalmer: technically, that's an unsupported distro for us, so ymmv. The OS / distros I put on the order page are what I know work rock solid. I have a few other CentOS customers, and they don't seem to have issues, but maybe your setup is different
jpalmer: roger | [13:23] |
jpalmer | well, one of those VPS's is a 100% default centos, with nothing done except enabling named, and setting up som slave zones. | [13:24] |
up_the_irons | just being centos is suspect to me ;)
maybe they got hacked ;) the reason I don't support RH-based distros is the hack factor | [13:24] |
jpalmer | heh, I'm a BSD guy myself, but those machines are constantly updated. (both of these machines are for clients) | [13:25] |
up_the_irons | i c | [13:25] |
jpalmer | anywho, I realize you are busy. I'll detail what I can. thanks. | [13:26] |
up_the_irons | jpalmer: np! | [13:26] |
mattx86 | up_the_irons: as for BGP+VRRP+VLANs, you *could* try RouterOS, but with the KVM headaches it seems to have caused, I think it'd be best if I instead recommended against using it ;)
if you do want to try it, they do have a $45 license, a 24-hour trial, and a demo license that is somewhat crippled http://wiki.mikrotik.com/wiki/Manual:License_levels | [13:32] |
up_the_irons | mattx86: trying to stay away from anything requiring a license :) | [13:34] |
mattx86 | up_the_irons: ah, that's understandable | [13:35] |
RandalSchwartz | vyatta seemed to be a cisco clone with a lot of those same features | [13:35] |
up_the_irons | still, looking for something I can load onto a 1U server with beefy Intel NICs :) | [13:36] |
RandalSchwartz | I interviewed the vyatta guys a few weeks back on FLOSS | [13:36] |
mattx86 | I've actually got vyatta loaded onto a kvm vps at another provider | [13:36] |
up_the_irons | oh nice | [13:36] |
RandalSchwartz | yeah - this is software
runs on bare metal | [13:36] |
up_the_irons | ah cool | [13:36] |
mattx86 | I'm actually tunneling thru a local RouterOS box -> IPIP tunnel -> Vyatta KVM -> Internet right now | [13:37] |
RandalSchwartz | looks like it includes BGP and VRRP
even in the open edition sadly, ipv6 looks like a paid subscription :( | [13:38] |
mattx86 | vyatta's configuration method isn't as simple as routeros's, but is decent
vyatta also seems to be missing features in places (eg., doesn't allow tcp/udp port ranges in the qos stuff; only a single port per matcher) RandalSchwartz: really? that's a bummer :/ | [13:39] |
bob^^ | vyatta is good at load balancing across multiple lines
but it has some really stupid missing stuff, you are right | [13:41] |
mattx86 | if I may also point out, RouterOS has built-in scripting.
yes, I realize you can use bash+cron on vyatta, but it doesn't seem to integrate well | [13:43] |
IPv6Free1y | just buy juniper, problem solved.
:P | [13:44] |
RandalSchwartz | "no one ever got fired by buying juniper!"
"the company goes under, first. :)" | [13:44] |
IPv6Free1y | thats because its the best :) | [13:44] |
RandalSchwartz | the stupid juniper VPN here angers me to no end | [13:45] |
mattx86 | that's what I should do, get a junpier cert | [13:45] |
RandalSchwartz | I wish they'd just put in openvpn | [13:45] |
mattx86 | juniper* even | [13:45] |
IPv6Free1y | just gone mine yesterday
<3 Juniper VPN, especially their SSL VPN | [13:46] |
mattx86 | IPv6Free1y: you're the guy with the test lab/server rack in his house right? :P | [13:47] |
IPv6Free1y | mattx86: JNCIS-ENT, the very first one :) (the exam just went live wednesday) | [13:47] |
RandalSchwartz | I have to use the web-based outlook here so that meetings get into my calendar | [13:47] |
IPv6Free1y | yea... thats my new one. my old one was all cisco crap | [13:47] |
RandalSchwartz | the problem is, to check email, juniper randomly wants to cancel my previous session
which of course, kills any open ssh sessions I have going | [13:47] |
IPv6Free1y | RandalSchwartz: that sucks. Maybe you need to hire a new network engineer who actually knows how to configure that juniper device | [13:47] |
mattx86 | IPv6Free1y: did your company reimburse you for any of your cert efforts? | [13:48] |
IPv6Free1y | mattx86: absolutely. | [13:48] |
RandalSchwartz | since i'm obsessive about mail, and check it a few time an hour, there's a 1 in 3 chance I'll have to restart the VPN again too | [13:48] |
IPv6Free1y | RandalSchwartz: ipsec or ssl? | [13:48] |
RandalSchwartz | some java thingy
this is OSX | [13:48] |
IPv6Free1y | so ssl. | [13:48] |
RandalSchwartz | I guess.
it's magicl | [13:49] |
mattx86 | IPv6Free1y: how would you recommend someone go about getting certified on the cheap? | [13:49] |
RandalSchwartz | and I have to set up port forwarding only
I can't just appear to be "on" the internal network openvpn is so much more sane | [13:49] |
IPv6Free1y | RandalSchwartz: nothing wrong with the product youre using, the problem is the person who configured it | [13:49] |
RandalSchwartz | is there something simple I can tell them to fix this? | [13:50] |
IPv6Free1y | probably not considering i doubt theyre gonna change their settings for one user | [13:50] |
RandalSchwartz | here's what I get about a third of the time: "There are already other user sessions in progress: "
when trying to view my email | [13:50] |
IPv6Free1y | Try telling them you want to use Network Connect. | [13:50] |
RandalSchwartz | and "Continue will result in termination of the other session. Please select from one of the following options:"
and the only two buttons are "continue the session" and "cancel" "cancel" closes the browser window... can't read email "continue the session" closes my VPNs! WTF | [13:50] |
IPv6Free1y | yeah, ask about network connect | [13:51] |
mattx86 | that's right, you told me about olive a little while back | [13:52] |
IPv6Free1y | yeah olive is a good way to get started | [13:52] |
RandalSchwartz | does network connect run on OSX? | [13:52] |
IPv6Free1y | yes, im running it now
works great http://img201.imageshack.us/img201/3166/screenshot20101008at158.png hmm should have obfuscated the hostname i guess. oh well | [13:52] |
RandalSchwartz | I'd still rather just run openvpn :)
with network connect, are you "on" the internal LAN? or do you have to do everything with port forwarding? | [13:54] |
IPv6Free1y | ive nnever heard of any VPN requiring port forwarding | [13:55] |
RandalSchwartz | this one does :) | [13:55] |
IPv6Free1y | so i cant say... but yes, you definitely get an internal IP address
you have to do port forwarding at home for your work vpn to work? | [13:55] |
RandalSchwartz | Juniper Networks "Secure Access SSL VPN"
you go into a "java secure application manager" window | [13:55] |
IPv6Free1y | i cant imagine why youd need port forwarding for a vpn tunnel, that makes no sense | [13:56] |
RandalSchwartz | and say "port 80 here is port 80 on $internal_machine" | [13:56] |
tooth | IPv6Free1y, some home routers don't behave well with VPNs | [13:56] |
IPv6Free1y | tooth: okay but thats nothing to do with this discussion | [13:56] |
tooth | ah, okay, forwarding on the other side | [13:56] |
IPv6Free1y | RandalSchwartz: no theres definitely noting like that.
its just a client that sits in your applications menu | [13:57] |
RandalSchwartz | Oooh - they added network connect as a tab since the last time I saw! | [13:57] |
IPv6Free1y | you click, login, done. | [13:57] |
RandalSchwartz | and it works on OSX
previously, I hit it, and it tried to download an .exe :) | [13:57] |
IPv6Free1y | heh | [13:58] |
RandalSchwartz | wow... I can't wait to try it later.
Oh, I can try it now. the wireless is considered in the DMZ weird, yeah, I'm logged in from a different place now and I could connect to machines inside the corp! nice | [13:58] |
IPv6Free1y | woot | [14:01] |
RandalSchwartz | as in, without having to change it to my port forwarding!
let's see if I can get my corp email yeah, that worked but the question is, will it fail after 10-15 minutes now | [14:01] |
IPv6Free1y | yea the port forwarfing thing just has to do with the java stuff... it basically forwards your requests almost proxy-style. | [14:02] |
RandalSchwartz | indeed
wow - this will making working remotely a whole lot easier. | [14:02] |
IPv6Free1y | Heh... THAT will depend on your admin's settings. I think 10-15 mins is the default timeout. I change it to be 8 hours so somebody can effectively go a full work day without reconnecting. | [14:03] |
RandalSchwartz | even my .internal address resolved
cool (they use .internal for non-routed machiens here) | [14:03] |
IPv6Free1y | if you have timeout issues, ask your admin to extend the timeout.
also you dont need to go to any web page anymore ... just open network connect from your applications menu | [14:03] |
RandalSchwartz | "applications menu"? | [14:04] |
IPv6Free1y | /Applications/ | [14:04] |
RandalSchwartz | ahh yeah, there it is | [14:04] |
IPv6Free1y | Sorry I have my applications folder in my dock, so i refer to it as a menu | [14:04] |
RandalSchwartz | wow - this makes the wifi here that much more usable too | [14:06] |
IPv6Free1y | haha nice | [14:08] |
RandalSchwartz | aha - and when I'm on this VPN, I can use /exchange/ directly to read my email!
slick RandalSchwartz updates his bookmarks | [14:10] |
toddf | true vpn's tend to be that way | [14:11] |
IPv6Free1y | heh yea | [14:11] |
RandalSchwartz | so did my login credentials get buried in that downlaod?
I never entered a password or anything ahh - this link is only 5 down 0.5 up as opposed to the infinite down/infinite up I get when hardwired | [14:12] |
IPv6Free1y | probably. next time you connect youll put your credentials directly into network connect | [14:16] |
*** | tinono has joined #arpnetworks | [14:23] |
tinono | anyone with multiple vpses at arp, how do the private IPs work? do I just assign some myself, or I need to ask support? | [14:24] |
toddf | your multiple vps's get a shared vlan, and whether you make up your own rfc internal addresses or you just talk amongst the boxes, only when you hit the router do you chalk up network traffic for the bandwidth meter | [14:25] |
tinono | oh alright
thanks | [14:26] |
RandalSchwartz | how does that work when my servers are on different hosts?
is it still about outside vs inside? | [14:29] |
toddf | vlan magic and monitoring bandwidth at the _router_ not the _switch_ means .. it still works .. | [14:35] |
vcs | Anyone else here setup their /48 subnet over link-local? I added the provided link local address as my default gw with the external interface, and assigned myself the first IP in the range, however it seems all of my packets are dropped at the first hop / default gw (link local address). | [14:36] |
toddf | try xfer'ing a large file back and forth between your two vps's and watch your bandwidth graphs.
vcs: if you're new, the default allocation policy is to assign the lowest /64 to the link and route the rest of the /48 to your host | [14:36] |
vcs | hmm... think maybe i had misunderstood the default ipv6 setup
I thought I was only assigned that one address from looking at the IP_BLOCK section so when I requested the rest, he set it up to route over the link local address | [14:38] |
toddf | yes, but you need a global on the link to be able to have a global ip to initiate requests with | [14:41] |
vcs | hmmm... had I realized it was all already pointing at me, I would not have asked for this change | [14:43] |
RandalSchwartz | www.stonehenge.com/pic/speedtest.mov
that's what it looks like to *peg* speedtest.net :) | [14:43] |
mattx86 | gives an oops | [14:44] |
IPv6Free1y | heh ive done that before... obviously not at home
http://www.speedtest.net/result/983279594.png my awesome home connection 18Mbit my ass. | [14:44] |
mattx86 | minus that ping there, I'd love to have those speeds :)
sure you're not already maxing it out :P that was a question actually - I mean, with those pings | [14:47] |
RandalSchwartz | there... now as a youtube video - http://www.youtube.com/watch?v=MizBSyte0o0 | [14:49] |
IPv6Free1y | dont think so, but wife may be torrenting | [14:49] |
mattx86 | gawd randal
got bandwidth? | [14:52] |
RandalSchwartz | you should see torrenting :)
I had 40GB on red.stonehenge.com three weeks ago, needed to get it to my laptop it all transferred in about 10 minutes I think my local firewire was the bottleneck :) | [14:53] |
mattx86 | that makes me want to cry :P | [14:54] |
RandalSchwartz | it helps that the other end of this fiber is in 1 wilshire
which is very close netwise to arp | [14:54] |
mattx86 | the 10-20Mbps my brother gets in japan is amazing | [14:54] |
RandalSchwartz | 1.5 ms typical | [14:55] |
mattx86 | I decided to download openoffice late one night and had it downloaded in like.. no more than 10 minutes at most | [14:55] |
RandalSchwartz | Ahh yes, that reminds me... I need to get the latest release
7 minutes remaining, as I start up | [14:55] |
mattx86 | nice | [14:56] |
RandalSchwartz | 416 KB/sec
now 424 6 minutes to go | [14:56] |
mattx86 | sigh.. I've gotta get out of here and get some real internet
a real life for that matter | [14:56] |
RandalSchwartz | 459
462 did you see earlier, 100MB.bin transferred in 10 seconds | [14:57] |
mattx86 | nah, I didn't see that | [14:58] |
RandalSchwartz | again - since arp to here is basically next door in the same cage
very fast times | [14:58] |
mattx86 | that's rediculous heh | [14:58] |
RandalSchwartz | I think I'm limited by local ethernet speed :)
Hmm. no. it's running gigabit | [14:58] |
mattx86 | foul play is afoot! ;) | [15:00] |
toddf | remember, vps's at arp are limited to 100mbit | [15:00] |
mattx86 | oh yeah | [15:01] |
vcs | hmm its wierd, i can ping the link local address just fine to the other end, but send any packets to it for routing and i never get anything. I also | [15:04] |
RandalSchwartz | ah done
just had to go get a drink | [15:04] |
toddf | vcs: what os on your vps? | [15:05] |
vcs | OpenBSD | [15:05] |
RandalSchwartz | routing requires the upstream to do the right thing back | [15:05] |
toddf | $ grep : /etc/hostname.em0 /etc/mygate
/etc/hostname.em0:inet6 2607:f2f8:1800::2 64 /etc/mygate:fe80::5054:ff:fe27:9007%em0 thats what I have for v6 config on my system, depending on how yours is setup you'll need to do similar or different | [15:05] |
vcs | toddf: upstream configured it to use the link local address | [15:06] |
RandalSchwartz | I use x:x:x:: for my v6. :) | [15:06] |
toddf | 'yours is setup' aka however arp is routing whatever address | [15:06] |
vcs | I have to use route add to support that: route add -inet6 default fe80::5054:ff:fe27:9007%em0 | [15:06] |
RandalSchwartz | why add the ::2 ? :)
yeah /etc/mygate is for ipv4, right? | [15:06] |
vcs | it can also be for ipv6 | [15:07] |
toddf | randalschwartz: because initially the vps gateway was ::1 | [15:07] |
RandalSchwartz | even still, you can be ::0 when the gateway being ::1 | [15:07] |
toddf | vcs: doing default route != configuring global addressing | [15:07] |
RandalSchwartz | that's how I had it :) | [15:07] |
toddf | indeed one can | [15:07] |
RandalSchwartz | red.stonehenge.com has IPv6 address 2607:f2f8:3080::
vcs - I did all my net config in rc.conf better control of it there, I think | [15:07] |
vcs | toddf: I used the first IP in the provided /48 for my em0 interface, also setup a few alias
the traffic is supposed to be routed through link local, wouldn't setting the link local to be the default gw achieve what i want here? | [15:08] |
RandalSchwartz | ipv6_enable=YES
.. ipv6_defaultrouter=fe80::5054:ff:fe27:9007%em0 ... ipv6_ifconfig_em0="2607:f2f8:3080::/64" that's how I have mine | [15:09] |
toddf | vcs: you want the link local to be your upstream default router regardless
the router to you is one setting you to the router is another is the router expecting to see a /64 or a /48 on the local link or is it routing the whole thing to your link local and you're supposed to setup e.g. vether(4) or whatever with it? | [15:09] |
RandalSchwartz | oh - you're on openbsd
not freebsd nevermind | [15:10] |
vcs | "/48 block routed over a link-local address (fe80::/64) "
RandalSchwartz: same principals should apply and i have actually tried your exact same config | [15:10] |
toddf | vcs: so then you get to assign the global IP somewhere other than em0 | [15:10] |
vcs | to no avail | [15:10] |
toddf | because that means his end on the router should do: route add -inet6 -net 2607:xxxx:xxxx::/48 fe80::1234%vlan123 | [15:11] |
vcs | toddf: I think he said he made changes to my vlan | [15:12] |
toddf | you have asked for a fun nonstandard config that means you get to figure out how to respond to those addresses
but of course, you're not listening, and I'm afk .. so re-read up above a few times and let it sink in | [15:12] |
vcs | hehe, I would not have asked for them if I did not just see a /64 in my account | [15:13] |
RandalSchwartz | you have both a /64 and a /48 on your account? | [15:16] |
vcs | when i first opened my console on the arpnetworks website, i saw a /64 | [15:16] |
RandalSchwartz | I know he.net does it that way | [15:16] |
vcs | so i requested to be able to use my full /48
and thats how we got to the /48 routed over link local | [15:16] |
RandalSchwartz | so that's just like mine
he sends anything in my /48 to my vlan it's up to me to recognize my packets did you enable v6 in sysctl ? I think openbsd disables v6 by default | [15:17] |
vcs | No, v6 is enabled here
i have your exact same setup, OpenBSD loaded on my system right now. I am going to disable pf and the OpenVPN i had setup maybe that is interfering somehow, even thought it is ipv4 | [15:18] |
RandalSchwartz | yeah, maybe you aren't passing v6 properly | [15:25] |
vcs | hmm no luck even after that | [15:26] |
RandalSchwartz | do you have a final "pass all" or "block all" rule? | [15:26] |
vcs | right now the firewall is disabled for testing
so it should not be affecting anything | [15:26] |
RandalSchwartz | yeah, you typed yous while I was typing mine :) | [15:26] |
up_the_irons | vcs: if it helps, this is what i have on my side:
up vlandev em0 inet6 alias fe80::1 64 !route add -inet6 -net 2607:f2f8:a5c0:: -prefixlen 48 fe80::2%vlan195 | [15:29] |
vcs | up_the_irons: i was unaware i could access my /48 without this, i think this is just a misunderstanding | [15:29] |
up_the_irons | vcs: no, you can't. we don't put an entire /48 on the wire anymore. that's the wrong way to do it | [15:30] |
vcs | ahhh ok
well thanks, that does help | [15:30] |
up_the_irons | vcs: here's an example VPS with link-local style setup (FreeBSD):
ipv6_defaultrouter="fe80::1%em0" ipv6_ifconfig_em0="2607:f2f8:d00d::2 prefixlen 64" ipv6_ifconfig_em0_alias0="fe80::2 prefixlen 64" | [15:31] |
RandalSchwartz | I think you can use /64 instead of prefixlen too | [15:32] |
up_the_irons | vcs: basically, you put fe80::2/64 as an alias on the interface (em0), then fe80::1/64 will be accessible (it is the other end of the link). default route can then be "fe80::1%em0" (*important* you qualify it with "%em0" b/c _all_ interfaces, even loopback, have an fe80::/64 address) | [15:32] |
vcs | yes i know. Thanks for all the help, I think my issue was not creating this alias: ipv6_ifconfig_em0_alias0="fe80::2 prefixlen 64" | [15:33] |
up_the_irons | vcs: yeah , if you don't have that, you can't talk to the other side. just like IPv4, if i gave you a 10.0.0.1/30
your side needs the 10.0.0.2 | [15:33] |
vcs | ahhhh. | [15:33] |
up_the_irons | anyway, i must wander off...
up_the_irons disappears into the ether | [15:34] |
vcs | thanks a million for the help | [15:35] |
*** | LucasWilcox has quit IRC (Read error: Connection reset by peer)
LucasWilcox has joined #arpnetworks plundra has quit IRC (Ping timeout: 264 seconds) plundra has joined #arpnetworks | [15:43] |
.... (idle for 18mn) | ||
fink has quit IRC (Quit: fink) | [16:01] | |
vcs | its working!!!!
thanks a trillion if you would like, I will put together a wiki page for OpenBSD on how to set this up so you wont get ipv6 n00bs like me bothering you all the time :P | [16:08] |
tinono | ipv6 noobs are usually ok with their /64 though :-p | [16:09] |
vcs | :P good point | [16:10] |
*** | tinono has quit IRC (Ping timeout: 255 seconds) | [16:14] |
.... (idle for 19mn) | ||
jpalmer | up_the_irons: ping? | [16:33] |
*** | vcs_ has joined #arpnetworks | [16:36] |
vcs_ | hello from ipv6 :D | [16:36] |
*** | vcs_ has quit IRC (Client Quit) | [16:36] |
RandalSchwartz | wow - network connect works like openvpn.
although they're probbaly paying a lot more for it | [16:48] |
up_the_irons | vcs: why yes, please! http://wiki.arpnetworks.com/
people cried for a wiki, and then i put one up, and like nobody contributes ;) | [16:54] |
vcs | :P | [16:55] |
*** | yekoms has joined #arpnetworks | [16:55] |
RandalSchwartz | we just whine a lot
you have to learn to ignore us. :) | [16:55] |
vcs | hahahah | [16:55] |
up_the_irons | lol | [16:56] |
RandalSchwartz | "can you please make the bits go faster!" | [16:56] |
up_the_irons | up_the_irons slaps RandalSchwartz | [16:56] |
RandalSchwartz | "I ordered a new VPS, like, 20 minutes ago! Where is it?" | [16:56] |
up_the_irons | haha | [16:57] |
RandalSchwartz | "up_the_irons - are you here?"
"any other staff here?" | [16:57] |
vcs | vcs looks at topic and sighs | [16:57] |
RandalSchwartz | "I forgot my root password! I can't get in to my box!" | [16:57] |
yekoms | rofl
always use kvm. :) anywho, shower time and stuff ;) | [16:57] |
up_the_irons | RandalSchwartz has this down to a science | [16:58] |
RandalSchwartz | Uh - I've done support before. :)
been on the other side of that line far too long up_the_irons did you see my speedtest video? | [16:58] |
up_the_irons | RandalSchwartz: no.. speedtest video? | [17:00] |
RandalSchwartz | ... http://youtu.be/MizBSyte0o0?a
and how come I can't download 100MB.bin in less than 10 seconds? is there an upstream throttle? | [17:00] |
up_the_irons | haha
nice video i think i can beat that | [17:01] |
RandalSchwartz | no - that's pegging it
I'm testing *their* end since that's far less than a gigabit my desk to wilshire 1 = 1 gigabit | [17:01] |
up_the_irons | ah i c | [17:02] |
RandalSchwartz | I got 90 / 90 on dslreports.com
so I should make a vid of that too really freak people out "where does it stop? where does it all end?" | [17:02] |
up_the_irons | hah | [17:02] |
...... (idle for 26mn) | ||
vcs | alright i made an article in the wiki
that explains what to do and why you have to do it | [17:28] |
tooth | thanks vcs | [17:29] |
vcs | http://wiki.arpnetworks.com/wiki/48 IPv6 on OpenBSD
np | [17:30] |
RandalSchwartz | ... This page does not exist yet. You can create a new empty page, or use one of the page templates. | [17:30] |
tooth | oh hah
space. ;-) | [17:30] |
RandalSchwartz | so what's the url? | [17:30] |
tooth | http://wiki.arpnetworks.com/wiki/48%20IPv6%20on%20OpenBSD | [17:30] |
RandalSchwartz | space isn't legal in a URL | [17:30] |
tooth | I know. | [17:30] |
vcs | firefox does that :X
haha | [17:31] |
tooth | actually this is chrome. | [17:31] |
RandalSchwartz | then it's wrong | [17:31] |
vcs | yeah i normally use chrome, but recently had to install FF for a customer which hijacked my default browser | [17:32] |
RandalSchwartz | wow - that's so much easier on freebsd
this creates 13 aliases for me - ipv4_addrs_em0=208.79.95.2-14/28 works the same way for ipv6 .. ipv6_addrs_em0=2607:f2f8:a5c0::2-f/48 or in your case | [17:32] |
vcs | Randal: it may work that way in OpenBSD
i just have not tried it :P | [17:33] |
RandalSchwartz | .. ipv6_addrs_em0="2607:f2f8:a5c0::2-f/48 2607:f2f8:a5c0::1337/48"
no - this is in /etc/rc.conf openbsd didn't have that last I looked | [17:33] |
vcs | yeah
it does not | [17:33] |
RandalSchwartz | why openbsd and not freebsd?
I left openbsd after 5 years | [17:34] |
vcs | security factor | [17:34] |
RandalSchwartz | freebsd has big ports, reasonable security, zfs boot, and pf | [17:34] |
vcs | reasonable security is not enough for me :X | [17:34] |
RandalSchwartz | well - the security goons at freebsd are pretty much on top of everything | [17:35] |
vcs | well, that may be true
but freebsd does not have nearly as good of 0day protection at least by default I do like the FreeBSD ports tree, OpenBSD has one as well of course not as big but I have been able to get everything I need from pkg_add for the most part | [17:35] |
RandalSchwartz | downloading 100mb.bin to my $client location: 9 seconds, average speed 10.9M | [17:36] |
vcs | so its not a big deal for me | [17:36] |
RandalSchwartz | well zfs for / is nice | [17:38] |
vcs | yes ZFS has some great features and stability
I dont need them however not at least for this VPS ZFS is nicer when you have alot more storage than 40G to work with :P | [17:38] |
RandalSchwartz | ok - just explaining my thought process | [17:43] |
vcs | yeah dont get me wrong I like FreeBSD alot
some of my servers for work run it and make use of ZFS cool features | [17:44] |
mike-burns | You should use the OS that you are most comfortable with. | [17:44] |
RandalSchwartz | and not the most painful, like windows :) | [17:46] |
vcs | high level abstract GUI's confuse me
never understood running windows for a server debugging problems with GUI is not pleasant to say the least | [17:48] |
*** | infrared_ is now known as infrared
fink has joined #arpnetworks | [17:55] |
............ (idle for 56mn) | ||
mike-burns has quit IRC (Quit: I have quit)
mike-burns has joined #arpnetworks ChanServ sets mode: +o mike-burns | [18:52] | |
toddf | *sigh* that wiki page is full of wrong, lets see if I can edit it | [18:59] |
vcs | :X
well it is what worked for me in the context that i understand it | [19:08] |
toddf | works for you != what is documented to be the proper procedures on OpenBSD. I happen to be someone who has coded parts of /etc/netstart which processes those files so I might know a thing or three about what you're trying to accomplish (albiet the hard and non typical way to go about using a /48) | [19:17] |
...... (idle for 26mn) | ||
vcs | oh ok thats cool. I will be interested to see the correct way
I did reffer to OpenBSD documentation but I did not become an expert overnight | [19:43] |
toddf | updates saved | [19:44] |
vcs | well thanks for the corrections anyonway :) | [19:47] |
......... (idle for 44mn) | ||
*** | baklava has joined #arpnetworks | [20:31] |
vmmello has joined #arpnetworks | [20:44] | |
.... (idle for 16mn) | ||
vmmello has quit IRC (Quit: Leaving) | [21:00] | |
............... (idle for 1h14mn) | ||
baklava has quit IRC (Quit: Game Over. Please insert another token into the ring.) | [22:14] | |
baklava has joined #arpnetworks | [22:24] | |
gregdolley2 has joined #arpnetworks | [22:31] | |
gregdolley2 has quit IRC (Ping timeout: 240 seconds) | [22:39] | |
.............. (idle for 1h7mn) | ||
fink has quit IRC (Quit: fink) | [23:46] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |