***: LT has joined #arpnetworks
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
ElectricBill has joined #arpnetworks
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
jpalmer: mattx86: how much voip traffic are we talking?
err, s/voip// how much traffic are we talking about?
mattx86: jpalmer: probably just one 'line'. hopefully it'll fit inside of <=64k up
jpalmer: mattx86: you can try pfsense on an old unused box. I've had great success with it.
mattx86: I've had decent luck with it
jpalmer: mattx86: pfsense on an alix board is incredibly performant, but since you mentioned cost.. I'd try it on an old unused machine
mattx86: I'd like to use the new 2.0 stuff I believe it is, but it's just too buggy, or was a few months ago
nah, I've already got a soekris net5501 sitting here
(that's what I used last time to try pfsense)
jpalmer: ahh, perfect.
mattx86: maybe I wasn't doing something right, heh I dunno
all I know is that sharing a 1.5Mbps line with the family, without proper QoS, is maddening
jpalmer: also, while I've got you... and I don't know if I asked you already ... is it better to shape my download traffic at a vps (by first tunneling it to the VPS and out to the internet) ?
jpalmer: well, in the world of voip, latency is your biggest enemy. I think I'd avoid tunneling as much as possible.
mattx86: gotcha
latency aside though, which would provide the best, consistent, throughput?
jpalmer: without knowing all the details, I can't speak authoratatively of course. but in general practice, the nearest direct path is going to acheive the best results.
mattx86: it's my understanding that it's basically a waste of time to shape/throttle ingress traffic - hence having the vps shape/throttle it on egress to us (download)
jpalmer: well, ingress is a special case. the packets coming in won't be prioritized. but, how often is your ingress pipe maxed to where QoS would be essential?
mattx86: well, web browsing can cause latency to spike, and in some cases, downloads can make web browsing crawl
jpalmer: (and this is why most voip experts recommend you don't terminate with an itsp that is outside of your ISP's local network. specifically for the ingress and latency reasons)
mattx86: ah, gotcha
jpalmer: web browsing doesn't usually cause latency spikes. most web browsing is an occasional few K downloaded, and 20-30 seconds reading it.. then another few K downloaded as they navigate. your average home DSL shouldn't see any impact from that.
RandalSchwartz: hmm. at 23:03 last night, my nagios reports problems even pinging itself
mattx86: this an AT&T residential line though, so you can see my dilemma
jpalmer: downloads, p2p, and such.. will play a role. those you'll want to throttle in some way (if they can only send so much out, they only get so much in return)
RandalSchwartz: it sorted itself out within a few minutes though
jpalmer: RandalSchwartz: 23:03 eastern?
RandalSchwartz: pacific
might be others all launching things at 11pm
I've heard that's sometimes a problem
jpalmer: RandalSchwartz: cuz, mine showed host down at 2:01 - 2:06 UTC
(kvr13)
RandalSchwartz: I'm careful to not have cron jobs at the 0's
jpalmer: I just assumed an internet hiccup.
RandalSchwartz: I don't think this is on kvr13
no - kvr08
jpalmer: well, if it was an issue at the network level, it wouldn't matter which host. ie, a router dropping out.
RandalSchwartz: unable to ping itself for 3 minutes
mattx86: jpalmer: I don't know about that.. I'll sit here and watch the live traffic graphs on my PPPoE interface as I refresh a page and see the graphs soar to atleast half, if not the full connection speed (800Kbps on average)
RandalSchwartz: and ping 07 and 13
pinging yourself shouldn't involve any net though
so it was likely more of a host problem
something in the simulation of the NIC
jpalmer: mattx86: half = 50% bandwidth available. considering your web browsing is almost all ingress traffic, I don't see that being an issue. the average residential DSL has several mbit down. even the worst voip codecs are going to be much smaller than that.
mattx86: jpalmer: althought I do care about how fast web sites load, I care even more about the interactive traffic: gaming, SSH, and perhaps VoIP
jpalmer: mattx86: right. generally you prioritize voip as highest. interactive stuff next, bulk stuff (web surfing, downloads, p2p, etc) at the lowest level.
mattx86: quite simply, anything going on besides my gaming basically gives terrible latency at terrible moments in the game for it
that's why I'm banging my head against the wall over getting my QoS right
jpalmer: (on a persnal note, I'd have gaming in that "bulk" stuff, but thats a personal preference :P
mattx86: atleast on my MikroTik RouterOS box, prioritizing just isn't enough; atleast w/o having tunneling thru a vps to shape the ingress (egress on the tunnel at the vps)
s/having//
jpalmer: I'd take a look at your traffic then, and find out whats chewing up so much.
mattx86: already done that for the most part
a simple request to google, or say yahoo's homepage will do it
the moment 70Kbps goes out and 800Kbps comes in, is the moment my pings jump from about 70ms to 800ms
jpalmer: if you are maxing out your inbound pipe, QoS isn't going to help you (in which case, maybe tunneling over the VPS isn't a bad idea assuming their pipe is higher capacity) but for that to work, you'll have to use the VPS to act as default route for *all* of your traffic.
mattx86: righto :)
that's what I've done on/off already
I haven't arrived at a concrete setup yet though, because mikrotik costs money, and vyatta is somewhat limiting
(on the vps end)
I'm considering going linux+tc on the vps end
jpalmer: I think you might be confusing two different things. yes, you may be sending the web request at 70kbps, but in general that request should be under what, 2 or 3 k? and with proper QoS.. even if it maxes your outbound for that 2 or 3k of traffic, the QoS would still have priority.
mattx86: I don't really see any other choice as far as distro goes
perhaps
but 'proper QoS' is exactly what I'm trying to figure out :)
jpalmer: curious, have you tried a consumer grade router at the house, with something like DD-WRT on it?
mattx86: not lately
unfortunately I gave away my WRT54G w/ 3rd-party firmware to a friend years ago heh
jpalmer: ok. what are you using for voip? is it like a skype handset? a softphone on your computer? an actual voip phone registering directly to an itsp? a softswitch like asterisk or freeswitch?
mattx86: nothing yet, but I'm thinking an 802.11 skype or otherwise handset would be great
jpalmer: ok. my advice in that case: hit ebay. find a $40 router that can handle dd-wrt. dd-wrt will let you set QoS tags by MAC address.
mattx86: my mikrotik wireless router supports WMM and ToS/DSCP
jpalmer: so if you have a dedicated handset, that MAC will *only* be communicating for voip. so you can tag any/all traffic from that MAC as platinum, or high priorty (I forget what dd-wrt calls it)
mattx86: hrm..
jpalmer: btw: you may even find that skype doesn't even "need" QoS. the SILK codec they use has forward and reverse loss correction. so it's pretty good about handling nasty networks.
QoS will obviously be preferred. but in the case of skype in particular, you may find it's perfectly usable without.
mattx86: true.. skype over the PC works pretty nice too
jpalmer: (We took skype's SILK codec, and implemented it into our software. the results were dramatic. right now our voip solution can literally handle wifi networks with 8% packet loss, fully saturated, and still be usable.)
other codecs, 1% packet loss is noticable, and 2% is literally unusable
mattx86: like what is it called, 711-ulaw :P
jpalmer: (again, one of the reasons using an ITSP that is at some random place on the net, is not recommended. 1% and 2% packet loss over the internet.. is common.
yeah, ulaw doesn't handle packetloss well at all.
mattx86: I get that, but, being on a residential line, there's not much I can do about that
sure I can setup asterisk but it'd be the same situation; may as well purchase the service and handset and be done with it
jpalmer: well, I'm more giving you info that I'm hoping you can apply as-needed in your environment, since you know it much better than I do ;)
mattx86: oh, thanks :)
jpalmer: I know verizon does SIP trunking (at least for commercial accounts) so, ATT may also
mattx86: ah
you mean, verizon is your SIP provider in that case?
as would ATT in mine?
if they do that sort of thing.. just not sure I understand what you mean by 'they do SIP trunking'
jpalmer: well, not *mine* I work for a company that builds communications packages on smartphones for use in hospitals. one of those hospitals recently switched to voip trunking with verizon, and in the process.. broke all of their internal communications systems for about 2 hours one day.
mattx86: not good
jpalmer: what I mean is.. if you call ATT, they may support having your VoIP device registering with them.. giving you a phone number, and having it act as your home phone. instead of you paying like a teliax or callcentric or skype, to do it.
mattx86: on that note, it may be just as well to switch on the phone portion of the line again :P
then again, most VoIP is dirt cheap
interesting though
like, I knew verizon had their broadwing service I believe its called
not sure if ATT has something similar though
interesting though
already said that :P
right, so I'll check out dd-wrt and see what happens
oh actually, that was called verizon voicewing, and apparently verizon killed that around march 31st last year
you sure verizon is still doing that sort of thing ?
jpalmer: mattx86: we just had that trouble about 3 weeks ago.
but again, thats a commercial account. not sure if verizon offers it to residential
mattx86: ah, I gotcha
jpalmer: (of course, it could be a special case for this particular hospital. they are so large (and famous) that.. they literally have their own exchange.
mattx86: nice :)
***: schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
Tadaka has joined #arpnetworks
mattx86 has quit IRC (Quit: Leaving)
balboah has joined #arpnetworks
balboah: I'm thinking of getting a FreeBSD VPS, wondering if there are some memcache servers that can be used in the network?
***: schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
up_the_irons: hmm.. starting at 22:55 last night, and lasting about 35 minutes, I don't see *any* traffic in Cacti for any graphs. wonder what happened there, hrm...
jpalmer: up_the_irons: RandalSchwartz and I were talking about that a bit ago. his nagios, and my opsview both reported outages. (I'm on kvr13, he's kvr08) I'm guessing something network related
RandalSchwartz commented that his nagios, couldn't even ping localhost.
up_the_irons: if it can't ping localhost, i would say load, or something, cuz those packets don't even leave the VM
balboah: you can run memcache on your VPS, sure
jpalmer: he mentioned that. then said he's got no crontabs set for that timeframe
up_the_irons: i mean the host load, in general
balboah: up_the_irons: is there some server that you can rent for memcache only or do I need to setup another vps if I want to use a bigger chunk of memory?
jpalmer: oh, correction he said "couldn't ping itself" I assumed localhost. but maybe not.
up_the_irons: balboah: no, i don't have memcache servers, sorry. A VPS comes with the default OS and you'd have to install whatever you want on it
balboah: up_the_irons: ok thanks
RandalSchwartz: no - it was pinging the network interface
but its own
and it also couldn't see the other two boxes
nagios doesn't ping localhost. :)
or at least, I don't think I have it set up that way
it *does* ping its retail network interface though
jpalmer: *nod* when you said "itself" my poor brain did s/itself/localhost/
***: owda has joined #arpnetworks
owda has quit IRC (Changing host)
owda has joined #arpnetworks
balboah has quit IRC (Quit: balboah)
baklava has quit IRC (Ping timeout: 264 seconds)
baklava has joined #arpnetworks
RandalSchwartz has quit IRC (Ping timeout: 276 seconds)
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Changing host)
RandalSchwartz has joined #arpnetworks
RandalSchwartz: hey - my boxes all just went nuts again
including red
what happened?
***: islandfox has quit IRC (Read error: No route to host)
RandalSchwartz: my nagios was unable to ping itself
maybe a routing issue?
and my ssh and irc sessions both collapsed
***: mhoran has quit IRC (Read error: Connection reset by peer)
nakano is now known as nakano_
BarberRonny has quit IRC (Read error: No route to host)
BarberRonny has joined #arpnetworks
nakano_ is now known as nakano
RandalSchwartz: up_the_irons probably has alarm bells going off somewhere :)
***: mhoran has joined #arpnetworks
ChanServ sets mode: +o mhoran
RandalSchwartz: any idea what just broke?
mhoran: Routing blip perhaps?
RandalSchwartz: well, maayan.insightcruises.com failed to be able to ping *itself*
mhoran: Oh interesting.
RandalSchwartz: that's seems very suspicious
it happened yesterday too
dxtr: RandalSchwartz: I had lost my SSH session too
mhoran: I assumed it was internal at first but my VMs seemed to still be able to hit each other.
dxtr: But I've been away since yesterday evening
RandalSchwartz: looks like it gets gummed up for about 90 to 120 seconds
[10-12-2010 13:16:08] HOST ALERT: maayan;DOWN;SOFT;1;(Host Check Timed Out)
***: islandfox has joined #arpnetworks
toddf: have you logged into the console and manually run the ping? I've had false negatives from nagios before, very annoying
RandalSchwartz: I can't get on when it's happening
toddf: aka if anything up to and including the actual ping fails, it fails.
console or via network'ed ssh?
RandalSchwartz: ssh. console takes about 3 minutes to set up
and by then, it's over :)
toddf: let me show you a trick I use for my vm:
in /etc/conserver.cf:
console 0.v { type exec; exec ssh -i /root/.ssh/csmultiplex toddfries@console.cust.arpnetworks.com;
}
RandalSchwartz: what is /etc/conserver.cf?
and where?
which machine?
toddf: the config file for conserver that I run on my remote system (remote to arp networks)
so if my system has issues (I run test patches that assure it does from time to time) I can see the console output logs
-: RandalSchwartz googles for conserver
toddf: it's in ports too
you could do the same thing by running screen on a remote system, logging the screen, and using ssh to access your serial console remotely
RandalSchwartz: not in macports though
toddf: conserver however is a program I already run to get serial console access to the unix systems in my office so an extra definition for a ssh `serial' port makes sense for me
RandalSchwartz: wait - so you're not talking about the vnc console?
because that's what takes the time
toddf: no sir, the texty serial console thing
RandalSchwartz: that's not enabled by default is it? and how do I attach to it... via the arp console ssh?
toddf: the one where the kernel debugger capture is so much easier than screenshotting a vnc session and mailing it around to other devs
RandalSchwartz: (this should be a wiki entry :)
toddf: I'm no freebsd expert, but on OpenBSD one tells the kernel to hit the serial port at the boot loader via 'boot> set tty com0' or on the fs via /etc/boot.conf:set tty com0 .. then /etc/ttys sets the getty on /dev/tty00
I suspect on freebsd it has something to do with the kernel config stored in the fs .. ?
RandalSchwartz: ... http://www.freebsd.org/doc/handbook/serialconsole-setup.html
but I don't know what the virtual serial line looks like in this VPS
and I don't what to break the ability to boot. :)
so if someone has done this successfully here for freebsd, I'm listening
toddf: com0 = tty00 = `virtual serial line'
you can `play' in qemu, same difference
or, more to the point, you can enable the getty on ttyd0 in /etc/ttys and if it shows up on your serial console you have a win for the boot loader showing up there also
worst case, boot from cdrom and edit the loader.conf and nix that line you added, maybe even create a backup w/out the line so a simple 'mv' or 'cp' from the cdrom can restore things
RandalSchwartz: unfortunately, all I have are production machines
I should have played with this when it was pre-production
so I'll have to wait until someone can tell me precisely what works
toddf: if you make a qemu disk image of freebsd (or point me to one) I can tell you what works, I don't have time to install freebsd inside qemu
RandalSchwartz: I don't have qemu running. :)
just vmware and virtualbox
is there even a qemu for osx?
-: RandalSchwartz looks in macports
RandalSchwartz: 0.12.5
that sounds awefully... old
Oh - they all start with 0
toddf: that's rather new
RandalSchwartz: weird
toddf: yes qemu hasn't hit 1.x yet
RandalSchwartz: yeah - two months ago, it says
ahh qemu-img has support for *.vdi import
so I could send you a virtualbox image
IPv6Freely: i stick to an old ver of qemu since i had to patch it
toddf: vmdk and vdi, is vdi virtualbox?
RandalSchwartz: yes
toddf: ipv6freely: older, huh, why?
IPv6Freely: toddf: i had to patch it so it would do multicast properly between hosts
er
between VMs
toddf: that's not what we're worried about here
IPv6Freely: im aware, i was just saying
multicast is kinda important for running OSPF between VMs :P
***: schmir has quit IRC (Remote host closed the connection)
up_the_irons: "Engineers will be shortly performing an emergency maintenance to replace a defective switch at Wilshire Annex (as2.lax7). Expected impact will be 15 mins or less. Emergency work is beginning immediately."
-- PacketExchange
that was an hour ago
***: fink has joined #arpnetworks
RandalSchwartz: up_the_irons - is that what caused my stoppage earlier?
not sure why I can't ping myself. that seems weird.
I could understand not pinging other machines
up_the_irons: RandalSchwartz: not sure why pinging yourself would fail; that wouldn't be a packetexchange thing
***: fink has quit IRC (Read error: Operation timed out)
RandalSchwartz: well - this is twice within two days that maayan has marked itself down (while also not seeing either of the other two hosts) for about two minutes
is there something you can decipher at your end? this is annoying
I can give you exact times if it'll help
1316 to 1318 today (pacific time)
2300 to 2303 yesterday
maayan is on kvr08 if it makes a difference
***: CRowen has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
up_the_irons: RandalSchwartz: i'm going to investigate further, but i have a feeling this is one of those things that i need to catch in the act (very annoying), b/c my munin and cacti graphs also show no data for the period
***: schmir has quit IRC (Remote host closed the connection)
nakano is now known as nakano_
tinono has joined #arpnetworks
tinono: hi there!
anyone running OpenBSD on their VPS?
I'm having a hard time using the serial console. it's always reported as 'down'. I do have a getty on tty00
tty00 "/usr/libexec/getty std.9600" vt220 on secure
that's what I have for it in /etc/ttys
hopefuly I got something wrong ~_~
toddf: I have openbsd
you have to '<esc>co' just as the serial console instructions talked about
'down' means the guest os shutdown and you didn't `re open' the connection
tinono: yes of course. that's when I get [connecting...down]
is my tty00 line in ttys ok?
ps shows the getty actualy is running
15986 00 Is+ 0:00.01 /usr/libexec/getty std.9600 tty00
up_the_irons: tinono: i think i might know what the problem is
tinono: remember that bug I was describing in your support ticket? I had to change your serial port #, and I haven't updated console.cust yet (but I'm doing it now)
tinono: logout, and try again in about a minute
tinono: oh ok
thanks
-: jdoe BLAMES OPENBSD
tinono: up_the_irons: it's fixed alright. thanks.
up_the_irons: tinono: no problem
***: _Ehtyar has quit IRC (Remote host closed the connection)
yekoms has quit IRC (Quit: Leaving)
fink_ has joined #arpnetworks
fink_ has quit IRC (Quit: fink_)
heavysixer has quit IRC (Quit: BAMPF!)
tinono has quit IRC (Quit: leaving)
Ehtyar has joined #arpnetworks
owda has quit IRC (Ping timeout: 250 seconds)