***: sentabi has joined #arpnetworks
sentabi has quit IRC (Changing host)
sentabi has joined #arpnetworks
sentabi has quit IRC ()
sentabi_ has joined #arpnetworks
sentabi_ has quit IRC (Changing host)
sentabi_ has joined #arpnetworks
sentabi_ is now known as sentabi
sentabi has quit IRC (Ping timeout: 240 seconds)
sentabi has joined #arpnetworks
sentabi has quit IRC (Ping timeout: 255 seconds)
heavysixer has quit IRC (Quit: BAMPF!)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
sentabi has joined #arpnetworks
fink has joined #arpnetworks
sentabi has quit IRC (Ping timeout: 265 seconds)
sentabi has joined #arpnetworks
sentabi has quit IRC (Ping timeout: 265 seconds)
sentabi has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
sentabi has quit IRC (Ping timeout: 240 seconds)
fink has quit IRC (Quit: fink)
schmir has quit IRC (Remote host closed the connection)
dytra has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
dytra has quit IRC (Ping timeout: 240 seconds)
sentabi has joined #arpnetworks
sentabi has quit IRC (Ping timeout: 264 seconds) jpalmer: any word on kvr13's return? toddf: http://twitter.com/#!/bsdvps .. is it down again? jpalmer: both of my VPS's on kvr13 are down.
CRITICAL
10h 43m 56s toddf: support@ notified?
tried booting them with the control panel/ssh access thing? jpalmer: I haven't tried logging into the portal, and hitting the "boot" button, but I assume if the host was up, at least one of my VPS's would also be. toddf: I'd try checking your console(s) (serial -> ssh, video -> vnc) as well as hitting the boot button of neither are up, boot won't do anything if they're running, but if they're not ... ;-)
serial is less useful if you didn't configure console there and/or getty isn't running jpalmer: if this works, I'm going to be pretty annoyed. I'll want a *good* explanation of why the host came back up and my vps's didn't RandalSchwartz: kvr13 is down again?
crap
Hmm. I'm not seeing it on my kvr13 box jpalmer: "boot" doesn't seem to have any effect. toddf: PING kvr13.arpnetworks.com (208.79.88.78): 56 data bytes
64 bytes from 208.79.88.78: icmp_seq=0 ttl=55 time=61.162 ms
jpalmer: maybe your vps's are `special' jpalmer: I can ping kvr13, but neither of my VPS's are up. RandalSchwartz: my vps *on* kvr13 *is* up
so the problem is more local than the machine toddf: jpalmer: did you try shutting them down then hitting vnc when booting them up?
does vnc connect at all? dxtr: My vps on kvr08 is indeed up. Just wanted to add that! jpalmer: Thats even more worrisome, then. as one of those VPS's is simply a default install, with named enabled. no addition software or tweaks.
vnc won't connect. I didn't try a hard powerdown, and a subsequent boot on either VPS toddf: jpalmer: any `guessable' passwords?
jpalmer: basic troubleshooting steps, fwiw jpalmer: toddf: I appreciate the advice, but I've been a BSD admin for 15 years. the "basic troubleshooting" steps don't generally include powering down hosts. RandalSchwartz: Hmm. "portmaster -Da" is aborting with The devel/automake19 port has been deleted: No longer required by any port
how do I get it *past* that? toddf: jpalmer: maybe I should rephrase that, "it is what I would do if I were you" jpalmer: toddf: hard power down, and subsequent boot worked. Now I need an explanation. RandalSchwartz: ahh. needed to manually remove it toddf: jpalmer: similar timeframe for me, though I started dabbling 16 years ago jpalmer: it's odd that both VPS's are on the same host, went down at the same time (got the alerts from opsview!) a few minutes apart.. and both required a hard shutdown/boot to fix it. toddf: jpalmer: if the kvm process (a userland app for most intents and purposes) was stuck that would be the trick to get it to resolve, a 'hard shutdown' is essentially 'kill <your_kvm_pid>' as far as I am aware
jpalmer: guess we get to find out what kindof logs and info arp has on such incidents jpalmer: maybe my email to support@ last night asking to have my VPS's moved off of kvr13 may have been slightly premature. I'm just getting frustrated. I hear how solid and reliable ARP is, and signed up 2 weeks ago. this is the third outage. (this one was 10+ hours) toddf: jpalmer: note I'm making very educated guesses based on a year hanging out here, arp staff can confirm or refute my theories when they are active ;-)
the only time my vps (on 'mercury' fwiw) was down was when I panicked the kernel doing some testing of experimental codez... in the year+ I've been a customer, so the `hear how reliable' is not a myth dxtr: My VPS has never been down except for when I've (un)intentionally put it down myself
But the connection have died a couple of times jpalmer: I'm sure it's not a myth. I chose ARP based on the rave reviews from people in ##FreeBSD
speaking of ##FreeBSD.. RandalSchwartz, I stepped down as staff over there. thought you'd be interested in knowing that after our previous discussion a few weeks ago RandalSchwartz: I've never had a 10 hour outage
just a two hour one because of the kvr13 problems last week toddf: if indeed your vps was moved, the vnc host/port would change, not much else .. from what has been stated here .. I value the ssh serial console for debugging purposes, so if you haven't set that up it might be time to do so `incase' it is the guest os's lockup and not kvm or arp dxtr: I hate when I use ipv6 (or lack of it) as an argument for or against a company and people say "Who uses ipv6 anyway?" or "What's the use of that?" RandalSchwartz: dxtr - we *all* will be using ipv6 come next year
or start getting isolated
I wonder if it'll be like when 888 numbers came out
everyone still paid a premium for 800 numbers
because they said "nobody would recognize 888"
now - we don't think twice about 888 vs 877 vs 800
have they even *started* deploying 866 number/
? jpalmer: toddf: I couldn't connect via serial console either, but I just realized.. I only have it setup for one of my VPS's RandalSchwartz: I think the whole toll free number thing really slowed down once we got dialing plans that include the entire US, and also the web is more conveninent for most things jpalmer: anyway, heading into the office. I'll check my logs, and ask gary to review his.
thanks for the hard shutdown/boot suggestion. dxtr: RandalSchwartz: I heard DoD gave up a /8 net
Havey ou heard anything about that?
I couldn't find a source RandalSchwartz: the iana probably has a blog :) dxtr: mkay RandalSchwartz: indeed - http://blog.icann.org/category/iana/
ooh - better - http://blog.icann.org/
if people aren't convinced we're running out, they just need to read http://www.ripe.net/news/v4-time-period-reductions.html
LIRs getting only 9 month supplies, not 12 month ***: fink has joined #arpnetworks
dxtr has quit IRC (Read error: Operation timed out)
mhoran has quit IRC (Read error: Connection reset by peer)
nuke` has quit IRC (Read error: Operation timed out)
mattx86 has quit IRC (Read error: Operation timed out) toddf: randalschwartz: thanks for the link, very good indeed RandalSchwartz: Yeah, I just saw your tweet toddf: *grin* RandalSchwartz: and... retweete
and I just got notified on my iphone that I was mentioned. :) ***: Guest81122 has quit IRC (Quit: ZNC - http://znc.sourceforge.net)
phlux has joined #arpnetworks
phlux is now known as Guest53302
fink has quit IRC (Client Quit)
sentabi has joined #arpnetworks
nerdd_ has joined #arpnetworks
nerdd has quit IRC (Ping timeout: 240 seconds)
nukeAFK has joined #arpnetworks
mattx86 has joined #arpnetworks
vmmello has joined #arpnetworks
vmmello has quit IRC (Quit: Leaving) mattx86: fwiw, my vps is still up on kvr13: up 5 days, 5:32 jpalmer: interesting. thanks for the info.
I don't see anything funky in my logs. so, I'll ask Gary what (if anything) he sees. mattx86: hope it works out for you RandalSchwartz: yeah, good thing
I wonder how it deals with incompats ***: fink has joined #arpnetworks
fink has quit IRC (Client Quit)
tinono has joined #arpnetworks tinono: ey!
is it possible to customize one's kvm instance? I would like an ne2k_pci nic instead of e1000 IPv6Free1y: im going to guess no, but im certainly not a person to be giving definitive answers. toddf: tinono: ask support@ .. if they do it they will give you an answer there..
up_the_irons tends to be active later in the day to answer such questions here tinono: i'll drop a mail toddf: it's possible from a technical standpoint, but just curious, why would you want this? tinono: well, mainly two things
1) i'm seeing loots of em0 timeouts in openbsd
2) netbsd's wm driver (e1000) is broken with qemu's e1000
(it's a qemu bug)
so if that change is possible, i might as well give it a try toddf: are you running in i386 or amd64 mode?
what rev of OpenBSD are you running? tinono: amd64
both 4.7 and latest snapshot toddf: I'm run 4.7 - 4.8-current and never had a single timeout at arp tinono: yeah, I do suppose not everyone has these problems
because you'd hear them all day in the channel
imagine I want to ftp a 200MB file
I need 3 tries before it goes through without a em0 watchdog timeout RandalSchwartz: I regularly push a lot more than that around on my freebsd 8.0 box using em0 toddf: wierd, indeed .. netbsd's ethernet driver != openbsd's ethernet driver RandalSchwartz: so it must be netbsd and openbsd's driver mattx86: vcs: btw, we overhauled the about page for alpine linux after you had to get to sleep. you might check it out again if you're slightly interested :) tinono: netbsd's driver can't even get the mac address out of the nic RandalSchwartz: maybe you could install virtualbox on a freebsd install and put netbsd inside that :) tinono: yeah.. on my 758MB or on my 256? :-p RandalSchwartz: then you could pick whatever hardware you want :)
ram schmam. let it swap! mattx86: also, for anyone else that may be remotely interested: http://www.alpinelinux.org/wiki/About tinono: thing is, ive been using freebsd-8.1, never had the slightest issue :-p RandalSchwartz: indeed
freebsd might just be ahead of the pack on this toddf: its `interesting' that tinono has issues whereas I have none. what are you doing tinono, to cause your vps to behave differently than mine I wonder? ;-)
I run some experimental diffs on my vps, but none hav anything to do with networking ***: owda has joined #arpnetworks
owda has quit IRC (Changing host)
owda has joined #arpnetworks
owda has left tinono: toddf: i'm wondering the same thing ~_~
imagine that
boot bsd.rd
drop to shell
ifconfig em0 blah blah
route, nameservers ok
ftp some 100MB file
em0: watchdog timeout
this is the stock 4.7 bsd.rd
doesn't happen everytime of course, but still... toddf: do you get the 100mb file from arpnet or outside? tinono: outside toddf: http://arpnetworks.com/100mb.bin
would be nice if that was on a v6 IP ;-) tinono: damn I'm dumb. seems to only happen with mirrors.kernel.org ...
:-p toddf: what are you snarfing from there inside openbsd? tinono: debian-live images. I was playing with grub2
booting isos and all that toddf: from within your vps tinono: yeah RandalSchwartz: ... curl -o /dev/null http://arpnetworks.com/100mb.bin
total time 9 seconds
average download speed 10.8M
and this is to my laptop
I guess that's 10.8 megabytes/sec? :) toddf: 104857600 bytes received in 9.24 seconds (10.82 MB/s) RandalSchwartz: yeah, but was that to your laptop? toddf: strange, I get that inside my vps RandalSchwartz: yes - the vps are limited to 100 megabit toddf: I don't have a spinal tap to the internet at the office just yet RandalSchwartz: traceroute arpnetworks.com from here goes through 9 hops... 2.1 ms :)
round-trip min/avg/max/stddev = 1.958/2.275/2.619/0.171 ms toddf: my laptop upstream suxx by comparison.. 104857600 bytes received in 59.74 seconds (1.67 MB/s) RandalSchwartz: ahh, that reminds me. some, uh, data is available from last night -: RandalSchwartz fires up the uh, "data" locators RandalSchwartz: aha. "data" located!
4 minutes to download 175 MB. Yeay
have you seen burnbit? turn any URL into a torrent? toddf: interesting RandalSchwartz: ... magnet:?xt=urn:btih:c66982d38a9727344249f3cc1eeb3715eec2254d&dn=100mb.bin&tr=http%3A%2F%2Ftracker.burnbit.com%3A6969%2Fannounce
that's the torrent of 100mb.bin :) ***: tinono has quit IRC (Ping timeout: 252 seconds)
fink has joined #arpnetworks vcs: man ipv6 is fun toddf: ;-)
the headache of nat, gone. zomg! vcs: haha
im working on setting up the link-local routing for my /48
learning alot of new stuff ***: mhoran has joined #arpnetworks
ChanServ sets mode: +o mhoran up_the_irons: we've talked about this once before; but let me ask the channel again (chan is bigger now :) -- toddf: epoll coming! tooth: yes, I am wearing pants. up_the_irons: if one were to make a BGP speaking software router that support VRRP for several hundred VLANs, what combination of OS / software would you choose? toddf: OpenBSD, hands down. nix VRRP and use CARP! heh. but you kinda expect that from me. ;-) up_the_irons: one candidate: Linux + quagga + keepalived (does VRRP). another: FreeBSD + quagga + ??. another: OpenBSD + OpenBGPD + ?? toddf: some network designs separate bgp and internal routers, but ymmv up_the_irons: toddf: i can't do CARP b/c the other side will be a cisco device (which can do VRRP) toddf: huh? you're having a freebsd system fault tolerant routing with a cisco?
why is the cisco even in the picture? up_the_irons: toddf: i want a cisco device to be fault tolerant to <something>
toddf: b/c my core router is a cisco
can't change that :) toddf: so basically, you want a lesser software solution incase the expensive gizmo goes splat? up_the_irons: toddf: you're good
yes :) tooth: have two expensive gizmos then! up_the_irons: I have an identical cisco, that I *could* hook up and just do VRRP or HRSP that way; but I kinda would like to get experience with doing it with open source tools toddf: no clue on vrrp stuff, sorry, I only know carp and replace cisco anychance I get ..
openbgpd does some neat fast switchover stuff, but all the bells and whistles work only on openbsd which only supports carp, not vrrp, for patent reasons up_the_irons: toddf: understandable toddf: I encourage others to join the discussion at their convenience, obviously there may be better stuff out there, but for vrrp .. I have no clue how one might make openbsd work ;-( jpalmer: up_the_irons: have you got a moment for /msg? up_the_irons: jpalmer: depends on the /msg. if a quick question, yes, otherwise best to email support@arpnetworks.com jpalmer: up_the_irons: ok, I'll email then. I had issues with 2 VPS's on kvr13 last night, (down for 10 hours, had to hard shutdown and boot) just trying to determine the cause. up_the_irons: jpalmer: OK, please send any details you can and also include VM UUIDs jpalmer: will do. thanks up_the_irons: jpalmer: np. sorry for the downtime; that is unusual
I think the host is stable now, no issues after taking off RouterOS on a guest. Other VMs stayed up.
jpalmer: are you running a custom distro / OS? jpalmer: up_the_irons: centos 5.5 x86_64 in both
up_the_irons: in fact, it seems you sent an email earlier today or yesterday, about one of the VPS's being down so much.
I'm heading home now. will get an email to support@ with details. for now, ignore my request to move those VPS's off of kvr13 ;) up_the_irons: jpalmer: technically, that's an unsupported distro for us, so ymmv. The OS / distros I put on the order page are what I know work rock solid. I have a few other CentOS customers, and they don't seem to have issues, but maybe your setup is different
jpalmer: roger jpalmer: well, one of those VPS's is a 100% default centos, with nothing done except enabling named, and setting up som slave zones. up_the_irons: just being centos is suspect to me ;)
maybe they got hacked ;)
the reason I don't support RH-based distros is the hack factor jpalmer: heh, I'm a BSD guy myself, but those machines are constantly updated. (both of these machines are for clients) up_the_irons: i c jpalmer: anywho, I realize you are busy. I'll detail what I can. thanks. up_the_irons: jpalmer: np! mattx86: up_the_irons: as for BGP+VRRP+VLANs, you *could* try RouterOS, but with the KVM headaches it seems to have caused, I think it'd be best if I instead recommended against using it ;)
if you do want to try it, they do have a $45 license, a 24-hour trial, and a demo license that is somewhat crippled
http://wiki.mikrotik.com/wiki/Manual:License_levels up_the_irons: mattx86: trying to stay away from anything requiring a license :) mattx86: up_the_irons: ah, that's understandable RandalSchwartz: vyatta seemed to be a cisco clone with a lot of those same features up_the_irons: still, looking for something I can load onto a 1U server with beefy Intel NICs :) RandalSchwartz: I interviewed the vyatta guys a few weeks back on FLOSS mattx86: I've actually got vyatta loaded onto a kvm vps at another provider up_the_irons: oh nice RandalSchwartz: yeah - this is software
runs on bare metal up_the_irons: ah cool mattx86: I'm actually tunneling thru a local RouterOS box -> IPIP tunnel -> Vyatta KVM -> Internet right now RandalSchwartz: looks like it includes BGP and VRRP
even in the open edition
sadly, ipv6 looks like a paid subscription :( mattx86: vyatta's configuration method isn't as simple as routeros's, but is decent
vyatta also seems to be missing features in places (eg., doesn't allow tcp/udp port ranges in the qos stuff; only a single port per matcher)
RandalSchwartz: really? that's a bummer :/ bob^^: vyatta is good at load balancing across multiple lines
but it has some really stupid missing stuff, you are right mattx86: if I may also point out, RouterOS has built-in scripting.
yes, I realize you can use bash+cron on vyatta, but it doesn't seem to integrate well IPv6Free1y: just buy juniper, problem solved.
:P RandalSchwartz: "no one ever got fired by buying juniper!"
"the company goes under, first. :)" IPv6Free1y: thats because its the best :) RandalSchwartz: the stupid juniper VPN here angers me to no end mattx86: that's what I should do, get a junpier cert RandalSchwartz: I wish they'd just put in openvpn mattx86: juniper* even IPv6Free1y: just gone mine yesterday
<3 Juniper VPN, especially their SSL VPN mattx86: IPv6Free1y: you're the guy with the test lab/server rack in his house right? :P IPv6Free1y: mattx86: JNCIS-ENT, the very first one :) (the exam just went live wednesday) RandalSchwartz: I have to use the web-based outlook here so that meetings get into my calendar IPv6Free1y: yea... thats my new one. my old one was all cisco crap RandalSchwartz: the problem is, to check email, juniper randomly wants to cancel my previous session
which of course, kills any open ssh sessions I have going IPv6Free1y: RandalSchwartz: that sucks. Maybe you need to hire a new network engineer who actually knows how to configure that juniper device mattx86: IPv6Free1y: did your company reimburse you for any of your cert efforts? IPv6Free1y: mattx86: absolutely. RandalSchwartz: since i'm obsessive about mail, and check it a few time an hour, there's a 1 in 3 chance I'll have to restart the VPN again too IPv6Free1y: RandalSchwartz: ipsec or ssl? RandalSchwartz: some java thingy
this is OSX IPv6Free1y: so ssl. RandalSchwartz: I guess.
it's magicl mattx86: IPv6Free1y: how would you recommend someone go about getting certified on the cheap? RandalSchwartz: and I have to set up port forwarding only
I can't just appear to be "on" the internal network
openvpn is so much more sane IPv6Free1y: RandalSchwartz: nothing wrong with the product youre using, the problem is the person who configured it RandalSchwartz: is there something simple I can tell them to fix this? IPv6Free1y: probably not considering i doubt theyre gonna change their settings for one user RandalSchwartz: here's what I get about a third of the time: "There are already other user sessions in progress: "
when trying to view my email IPv6Free1y: Try telling them you want to use Network Connect. RandalSchwartz: and "Continue will result in termination of the other session. Please select from one of the following options:"
and the only two buttons are "continue the session" and "cancel"
"cancel" closes the browser window... can't read email
"continue the session" closes my VPNs!
WTF IPv6Free1y: yeah, ask about network connect mattx86: that's right, you told me about olive a little while back IPv6Free1y: yeah olive is a good way to get started RandalSchwartz: does network connect run on OSX? IPv6Free1y: yes, im running it now
works great
http://img201.imageshack.us/img201/3166/screenshot20101008at158.png
hmm should have obfuscated the hostname i guess. oh well RandalSchwartz: I'd still rather just run openvpn :)
with network connect, are you "on" the internal LAN?
or do you have to do everything with port forwarding? IPv6Free1y: ive nnever heard of any VPN requiring port forwarding RandalSchwartz: this one does :) IPv6Free1y: so i cant say... but yes, you definitely get an internal IP address
you have to do port forwarding at home for your work vpn to work? RandalSchwartz: Juniper Networks "Secure Access SSL VPN"
you go into a "java secure application manager" window IPv6Free1y: i cant imagine why youd need port forwarding for a vpn tunnel, that makes no sense RandalSchwartz: and say "port 80 here is port 80 on $internal_machine" tooth: IPv6Free1y, some home routers don't behave well with VPNs IPv6Free1y: tooth: okay but thats nothing to do with this discussion tooth: ah, okay, forwarding on the other side IPv6Free1y: RandalSchwartz: no theres definitely noting like that.
its just a client that sits in your applications menu RandalSchwartz: Oooh - they added network connect as a tab since the last time I saw! IPv6Free1y: you click, login, done. RandalSchwartz: and it works on OSX
previously, I hit it, and it tried to download an .exe :) IPv6Free1y: heh RandalSchwartz: wow... I can't wait to try it later.
Oh, I can try it now. the wireless is considered in the DMZ
weird, yeah, I'm logged in from a different place now
and I could connect to machines inside the corp!
nice IPv6Free1y: woot RandalSchwartz: as in, without having to change it to my port forwarding!
let's see if I can get my corp email
yeah, that worked
but the question is, will it fail after 10-15 minutes now IPv6Free1y: yea the port forwarfing thing just has to do with the java stuff... it basically forwards your requests almost proxy-style. RandalSchwartz: indeed
wow - this will making working remotely a whole lot easier. IPv6Free1y: Heh... THAT will depend on your admin's settings. I think 10-15 mins is the default timeout. I change it to be 8 hours so somebody can effectively go a full work day without reconnecting. RandalSchwartz: even my .internal address resolved
cool
(they use .internal for non-routed machiens here) IPv6Free1y: if you have timeout issues, ask your admin to extend the timeout.
also you dont need to go to any web page anymore ... just open network connect from your applications menu RandalSchwartz: "applications menu"? IPv6Free1y: /Applications/ RandalSchwartz: ahh yeah, there it is IPv6Free1y: Sorry I have my applications folder in my dock, so i refer to it as a menu RandalSchwartz: wow - this makes the wifi here that much more usable too IPv6Free1y: haha nice RandalSchwartz: aha - and when I'm on this VPN, I can use /exchange/ directly to read my email!
slick -: RandalSchwartz updates his bookmarks toddf: true vpn's tend to be that way IPv6Free1y: heh yea RandalSchwartz: so did my login credentials get buried in that downlaod?
I never entered a password or anything
ahh - this link is only 5 down 0.5 up
as opposed to the infinite down/infinite up I get when hardwired IPv6Free1y: probably. next time you connect youll put your credentials directly into network connect ***: tinono has joined #arpnetworks tinono: anyone with multiple vpses at arp, how do the private IPs work? do I just assign some myself, or I need to ask support? toddf: your multiple vps's get a shared vlan, and whether you make up your own rfc internal addresses or you just talk amongst the boxes, only when you hit the router do you chalk up network traffic for the bandwidth meter tinono: oh alright
thanks RandalSchwartz: how does that work when my servers are on different hosts?
is it still about outside vs inside? toddf: vlan magic and monitoring bandwidth at the _router_ not the _switch_ means .. it still works .. vcs: Anyone else here setup their /48 subnet over link-local? I added the provided link local address as my default gw with the external interface, and assigned myself the first IP in the range, however it seems all of my packets are dropped at the first hop / default gw (link local address). toddf: try xfer'ing a large file back and forth between your two vps's and watch your bandwidth graphs.
vcs: if you're new, the default allocation policy is to assign the lowest /64 to the link and route the rest of the /48 to your host vcs: hmm... think maybe i had misunderstood the default ipv6 setup
I thought I was only assigned that one address from looking at the IP_BLOCK section
so when I requested the rest, he set it up to route over the link local address toddf: yes, but you need a global on the link to be able to have a global ip to initiate requests with vcs: hmmm... had I realized it was all already pointing at me, I would not have asked for this change RandalSchwartz: www.stonehenge.com/pic/speedtest.mov
that's what it looks like to *peg* speedtest.net :) mattx86: gives an oops IPv6Free1y: heh ive done that before... obviously not at home
http://www.speedtest.net/result/983279594.png
my awesome home connection
18Mbit my ass. mattx86: minus that ping there, I'd love to have those speeds :)
sure you're not already maxing it out :P
that was a question actually - I mean, with those pings RandalSchwartz: there... now as a youtube video - http://www.youtube.com/watch?v=MizBSyte0o0 IPv6Free1y: dont think so, but wife may be torrenting mattx86: gawd randal
got bandwidth? RandalSchwartz: you should see torrenting :)
I had 40GB on red.stonehenge.com three weeks ago, needed to get it to my laptop
it all transferred in about 10 minutes
I think my local firewire was the bottleneck :) mattx86: that makes me want to cry :P RandalSchwartz: it helps that the other end of this fiber is in 1 wilshire
which is very close netwise to arp mattx86: the 10-20Mbps my brother gets in japan is amazing RandalSchwartz: 1.5 ms typical mattx86: I decided to download openoffice late one night and had it downloaded in like.. no more than 10 minutes at most RandalSchwartz: Ahh yes, that reminds me... I need to get the latest release
7 minutes remaining, as I start up mattx86: nice RandalSchwartz: 416 KB/sec
now 424
6 minutes to go mattx86: sigh.. I've gotta get out of here and get some real internet
a real life for that matter RandalSchwartz: 459
462
did you see earlier, 100MB.bin transferred in 10 seconds mattx86: nah, I didn't see that RandalSchwartz: again - since arp to here is basically next door in the same cage
very fast times mattx86: that's rediculous heh RandalSchwartz: I think I'm limited by local ethernet speed :)
Hmm. no. it's running gigabit mattx86: foul play is afoot! ;) toddf: remember, vps's at arp are limited to 100mbit mattx86: oh yeah vcs: hmm its wierd, i can ping the link local address just fine to the other end, but send any packets to it for routing and i never get anything. I also RandalSchwartz: ah done
just had to go get a drink toddf: vcs: what os on your vps? vcs: OpenBSD RandalSchwartz: routing requires the upstream to do the right thing back toddf: $ grep : /etc/hostname.em0 /etc/mygate
/etc/hostname.em0:inet6 2607:f2f8:1800::2 64
/etc/mygate:fe80::5054:ff:fe27:9007%em0
thats what I have for v6 config on my system, depending on how yours is setup you'll need to do similar or different vcs: toddf: upstream configured it to use the link local address RandalSchwartz: I use x:x:x:: for my v6. :) toddf: 'yours is setup' aka however arp is routing whatever address vcs: I have to use route add to support that: route add -inet6 default fe80::5054:ff:fe27:9007%em0 RandalSchwartz: why add the ::2 ? :)
yeah /etc/mygate is for ipv4, right? vcs: it can also be for ipv6 toddf: randalschwartz: because initially the vps gateway was ::1 RandalSchwartz: even still, you can be ::0 when the gateway being ::1 toddf: vcs: doing default route != configuring global addressing RandalSchwartz: that's how I had it :) toddf: indeed one can RandalSchwartz: red.stonehenge.com has IPv6 address 2607:f2f8:3080::
vcs - I did all my net config in rc.conf
better control of it there, I think vcs: toddf: I used the first IP in the provided /48 for my em0 interface, also setup a few alias
the traffic is supposed to be routed through link local, wouldn't setting the link local to be the default gw achieve what i want here? RandalSchwartz: ipv6_enable=YES
.. ipv6_defaultrouter=fe80::5054:ff:fe27:9007%em0
... ipv6_ifconfig_em0="2607:f2f8:3080::/64"
that's how I have mine toddf: vcs: you want the link local to be your upstream default router regardless
the router to you is one setting
you to the router is another
is the router expecting to see a /64 or a /48 on the local link or is it routing the whole thing to your link local and you're supposed to setup e.g. vether(4) or whatever with it? RandalSchwartz: oh - you're on openbsd
not freebsd
nevermind vcs: "/48 block routed over a link-local address (fe80::/64) "
RandalSchwartz: same principals should apply
and i have actually tried your exact same config toddf: vcs: so then you get to assign the global IP somewhere other than em0 vcs: to no avail toddf: because that means his end on the router should do: route add -inet6 -net 2607:xxxx:xxxx::/48 fe80::1234%vlan123 vcs: toddf: I think he said he made changes to my vlan toddf: you have asked for a fun nonstandard config that means you get to figure out how to respond to those addresses
but of course, you're not listening, and I'm afk .. so re-read up above a few times and let it sink in vcs: hehe, I would not have asked for them if I did not just see a /64 in my account RandalSchwartz: you have both a /64 and a /48 on your account? vcs: when i first opened my console on the arpnetworks website, i saw a /64 RandalSchwartz: I know he.net does it that way vcs: so i requested to be able to use my full /48
and thats how we got to the /48 routed over link local RandalSchwartz: so that's just like mine
he sends anything in my /48 to my vlan
it's up to me to recognize my packets
did you enable v6 in sysctl ?
I think openbsd disables v6 by default vcs: No, v6 is enabled here
i have your exact same setup, OpenBSD loaded on my system right now. I am going to disable pf and the OpenVPN i had setup
maybe that is interfering somehow, even thought it is ipv4 RandalSchwartz: yeah, maybe you aren't passing v6 properly vcs: hmm no luck even after that RandalSchwartz: do you have a final "pass all" or "block all" rule? vcs: right now the firewall is disabled for testing
so it should not be affecting anything RandalSchwartz: yeah, you typed yous while I was typing mine :) up_the_irons: vcs: if it helps, this is what i have on my side:
up vlandev em0
inet6 alias fe80::1 64
!route add -inet6 -net 2607:f2f8:a5c0:: -prefixlen 48 fe80::2%vlan195 vcs: up_the_irons: i was unaware i could access my /48 without this, i think this is just a misunderstanding up_the_irons: vcs: no, you can't. we don't put an entire /48 on the wire anymore. that's the wrong way to do it vcs: ahhh ok
well thanks, that does help up_the_irons: vcs: here's an example VPS with link-local style setup (FreeBSD):
ipv6_defaultrouter="fe80::1%em0"
ipv6_ifconfig_em0="2607:f2f8:d00d::2 prefixlen 64"
ipv6_ifconfig_em0_alias0="fe80::2 prefixlen 64" RandalSchwartz: I think you can use /64 instead of prefixlen too up_the_irons: vcs: basically, you put fe80::2/64 as an alias on the interface (em0), then fe80::1/64 will be accessible (it is the other end of the link). default route can then be "fe80::1%em0" (*important* you qualify it with "%em0" b/c _all_ interfaces, even loopback, have an fe80::/64 address) vcs: yes i know. Thanks for all the help, I think my issue was not creating this alias: ipv6_ifconfig_em0_alias0="fe80::2 prefixlen 64" up_the_irons: vcs: yeah , if you don't have that, you can't talk to the other side. just like IPv4, if i gave you a 10.0.0.1/30
your side needs the 10.0.0.2 vcs: ahhhh. up_the_irons: anyway, i must wander off... -: up_the_irons disappears into the ether vcs: thanks a million for the help ***: LucasWilcox has quit IRC (Read error: Connection reset by peer)
LucasWilcox has joined #arpnetworks
plundra has quit IRC (Ping timeout: 264 seconds)
plundra has joined #arpnetworks
fink has quit IRC (Quit: fink) vcs: its working!!!!
thanks a trillion
if you would like, I will put together a wiki page for OpenBSD on how to set this up
so you wont get ipv6 n00bs like me bothering you all the time :P tinono: ipv6 noobs are usually ok with their /64 though :-p vcs: :P good point ***: tinono has quit IRC (Ping timeout: 255 seconds) jpalmer: up_the_irons: ping? ***: vcs_ has joined #arpnetworks vcs_: hello from ipv6 :D ***: vcs_ has quit IRC (Client Quit) RandalSchwartz: wow - network connect works like openvpn.
although they're probbaly paying a lot more for it up_the_irons: vcs: why yes, please! http://wiki.arpnetworks.com/
people cried for a wiki, and then i put one up, and like nobody contributes ;) vcs: :P ***: yekoms has joined #arpnetworks RandalSchwartz: we just whine a lot
you have to learn to ignore us. :) vcs: hahahah up_the_irons: lol RandalSchwartz: "can you please make the bits go faster!" -: up_the_irons slaps RandalSchwartz RandalSchwartz: "I ordered a new VPS, like, 20 minutes ago! Where is it?" up_the_irons: haha RandalSchwartz: "up_the_irons - are you here?"
"any other staff here?" -: vcs looks at topic and sighs RandalSchwartz: "I forgot my root password! I can't get in to my box!" yekoms: rofl
always use kvm.
:)
anywho, shower time and stuff ;) up_the_irons: RandalSchwartz has this down to a science RandalSchwartz: Uh - I've done support before. :)
been on the other side of that line far too long
up_the_irons did you see my speedtest video? up_the_irons: RandalSchwartz: no.. speedtest video? RandalSchwartz: ... http://youtu.be/MizBSyte0o0?a
and how come I can't download 100MB.bin in less than 10 seconds?
is there an upstream throttle? up_the_irons: haha
nice video
i think i can beat that RandalSchwartz: no - that's pegging it
I'm testing *their* end
since that's far less than a gigabit
my desk to wilshire 1 = 1 gigabit up_the_irons: ah i c RandalSchwartz: I got 90 / 90 on dslreports.com
so I should make a vid of that too
really freak people out
"where does it stop? where does it all end?" up_the_irons: hah vcs: alright i made an article in the wiki
that explains what to do and why you have to do it tooth: thanks vcs vcs: http://wiki.arpnetworks.com/wiki/48 IPv6 on OpenBSD
np RandalSchwartz: ... This page does not exist yet. You can create a new empty page, or use one of the page templates. tooth: oh hah
space. ;-) RandalSchwartz: so what's the url? tooth: http://wiki.arpnetworks.com/wiki/48%20IPv6%20on%20OpenBSD RandalSchwartz: space isn't legal in a URL tooth: I know. vcs: firefox does that :X
haha tooth: actually this is chrome. RandalSchwartz: then it's wrong vcs: yeah i normally use chrome, but recently had to install FF for a customer which hijacked my default browser RandalSchwartz: wow - that's so much easier on freebsd
this creates 13 aliases for me - ipv4_addrs_em0=208.79.95.2-14/28
works the same way for ipv6
.. ipv6_addrs_em0=2607:f2f8:a5c0::2-f/48
or in your case vcs: Randal: it may work that way in OpenBSD
i just have not tried it :P RandalSchwartz: .. ipv6_addrs_em0="2607:f2f8:a5c0::2-f/48 2607:f2f8:a5c0::1337/48"
no - this is in /etc/rc.conf
openbsd didn't have that last I looked vcs: yeah
it does not RandalSchwartz: why openbsd and not freebsd?
I left openbsd after 5 years vcs: security factor RandalSchwartz: freebsd has big ports, reasonable security, zfs boot, and pf vcs: reasonable security is not enough for me :X RandalSchwartz: well - the security goons at freebsd are pretty much on top of everything vcs: well, that may be true
but freebsd does not have nearly as good of 0day protection
at least by default
I do like the FreeBSD ports tree, OpenBSD has one as well of course not as big
but I have been able to get everything I need from pkg_add for the most part RandalSchwartz: downloading 100mb.bin to my $client location: 9 seconds, average speed 10.9M vcs: so its not a big deal for me RandalSchwartz: well zfs for / is nice vcs: yes ZFS has some great features and stability
I dont need them however
not at least for this VPS
ZFS is nicer when you have alot more storage than 40G to work with :P RandalSchwartz: ok - just explaining my thought process vcs: yeah dont get me wrong I like FreeBSD alot
some of my servers for work run it
and make use of ZFS cool features mike-burns: You should use the OS that you are most comfortable with. RandalSchwartz: and not the most painful, like windows :) vcs: high level abstract GUI's confuse me
never understood running windows for a server
debugging problems with GUI is not pleasant
to say the least ***: infrared_ is now known as infrared
fink has joined #arpnetworks
mike-burns has quit IRC (Quit: I have quit)
mike-burns has joined #arpnetworks
ChanServ sets mode: +o mike-burns toddf: *sigh* that wiki page is full of wrong, lets see if I can edit it vcs: :X
well it is what worked for me in the context that i understand it toddf: works for you != what is documented to be the proper procedures on OpenBSD. I happen to be someone who has coded parts of /etc/netstart which processes those files so I might know a thing or three about what you're trying to accomplish (albiet the hard and non typical way to go about using a /48) vcs: oh ok thats cool. I will be interested to see the correct way
I did reffer to OpenBSD documentation
but I did not become an expert overnight toddf: updates saved vcs: well thanks for the corrections anyonway :) ***: baklava has joined #arpnetworks
vmmello has joined #arpnetworks
vmmello has quit IRC (Quit: Leaving)
baklava has quit IRC (Quit: Game Over. Please insert another token into the ring.)
baklava has joined #arpnetworks
gregdolley2 has joined #arpnetworks
gregdolley2 has quit IRC (Ping timeout: 240 seconds)
fink has quit IRC (Quit: fink)