mattx86: how much voip traffic are we talking?
err,  s/voip//   how much traffic are we talking about?
jpalmer: probably just one 'line'.  hopefully it'll fit inside of <=64k up
mattx86: you can try pfsense on an old unused box.  I've had great success with it.
I've had decent luck with it
mattx86: pfsense on an alix board is incredibly performant,  but since you mentioned cost..  I'd try it on an old unused machine
I'd like to use the new 2.0 stuff I believe it is, but it's just too buggy, or was a few months ago
nah, I've already got a soekris net5501 sitting here
(that's what I used last time to try pfsense)
ahh, perfect.
maybe I wasn't doing something right, heh  I dunno
all I know is that sharing a 1.5Mbps line with the family, without proper QoS, is maddening
jpalmer: also, while I've got you... and I don't know if I asked you already ... is it better to shape my download traffic at a vps (by first tunneling it to the VPS and out to the internet) ?
well,  in the world of voip,  latency is your biggest enemy.  I think I'd avoid tunneling as much as possible.
gotcha
latency aside though, which would provide the best, consistent, throughput?
without knowing all the details,  I can't speak authoratatively of course.  but in general practice,  the nearest direct path is going to acheive the best results.
it's my understanding that it's basically a waste of time to shape/throttle ingress traffic - hence having the vps shape/throttle it on egress to us (download)
well,  ingress is a special case.  the packets coming in won't be prioritized.  but, how often is your ingress pipe maxed to where QoS would be essential?
well, web browsing can cause latency to spike, and in some cases, downloads can make web browsing crawl
(and this is why most voip experts recommend you don't terminate with an itsp that is outside of your ISP's local network.  specifically for the ingress and latency reasons)
ah, gotcha
web browsing doesn't usually cause latency spikes.   most web browsing is an occasional few K downloaded,  and 20-30 seconds reading it.. then another few K downloaded as they navigate.  your average home DSL shouldn't see any impact from that.
hmm.  at 23:03 last night, my nagios reports problems even pinging itself
this an AT&T residential line though, so you can see my dilemma
downloads, p2p, and such.. will play a role.  those you'll want to throttle in some way (if they can only send so much out,  they only get so much in return)
it sorted itself out within a few minutes though
RandalSchwartz: 23:03 eastern?
pacific
might be others all launching things at 11pm
I've heard that's sometimes a problem
RandalSchwartz: cuz,  mine showed host down at 2:01 - 2:06 UTC
(kvr13)
I'm careful to not have cron jobs at the 0's
I just assumed an internet hiccup.
I don't think this is on kvr13
no - kvr08
well,  if it was an issue at the network level,  it wouldn't matter which host.   ie,  a router dropping out.
unable to ping itself for 3 minutes
jpalmer: I don't know about that..  I'll sit here and watch the live traffic graphs on my PPPoE interface as I refresh a page and see the graphs soar to atleast half, if not the full connection speed (800Kbps on average)
and ping 07 and 13
pinging yourself shouldn't involve any net though
so it was likely more of a host problem
something in the simulation of the NIC
mattx86: half = 50% bandwidth available.  considering your web browsing is almost all ingress traffic,  I don't see that being an issue.  the average residential DSL has several mbit down.  even the worst voip codecs are going to be much smaller than that.
jpalmer: althought I do care about how fast web sites load, I care even more about the interactive traffic: gaming, SSH, and perhaps VoIP
mattx86: right.  generally you prioritize voip as highest.  interactive stuff next,  bulk stuff (web surfing, downloads, p2p, etc) at the lowest level.
quite simply, anything going on besides my gaming basically gives terrible latency at terrible moments in the game for it
that's why I'm banging my head against the wall over getting my QoS right
(on a persnal note,  I'd have gaming in that "bulk" stuff,  but thats a personal preference :P
atleast on my MikroTik RouterOS box, prioritizing just isn't enough; atleast w/o having tunneling thru a vps to shape the ingress (egress on the tunnel at the vps)
s/having//
I'd take a look at your traffic then,  and find out whats chewing up so much.
already done that for the most part
a simple request to google, or say yahoo's homepage will do it
the moment 70Kbps goes out and 800Kbps comes in, is the moment my pings jump from about 70ms to 800ms
if you are maxing out your inbound pipe,  QoS isn't going to help you (in which case,  maybe tunneling over the VPS isn't a bad idea assuming their pipe is higher capacity) but for that to work,  you'll have to use the VPS to act as default route for *all* of your traffic.
righto :)
that's what I've done on/off already
I haven't arrived at a concrete setup yet though, because mikrotik costs money, and vyatta is somewhat limiting
(on the vps end)
I'm considering going linux+tc on the vps end
I think you might be confusing two different things.   yes, you may be sending the web request at 70kbps,  but in general that request should be under what,  2 or 3 k?  and with proper QoS..   even if it maxes your outbound for that 2 or 3k of traffic,  the QoS would still have priority.
I don't really see any other choice as far as distro goes
perhaps
but 'proper QoS' is exactly what I'm trying to figure out  :)
curious,  have you tried a consumer grade router at the house,  with something like DD-WRT on it?
not lately
unfortunately I gave away my WRT54G w/ 3rd-party firmware to a friend years ago  heh
ok.  what are you using for voip?  is it like a skype handset?  a softphone on your computer?  an actual voip phone registering directly to an itsp? a softswitch like asterisk or freeswitch?
nothing yet, but I'm thinking an 802.11 skype or otherwise handset would be great
ok.  my advice in that case:    hit ebay.  find a $40 router that can handle dd-wrt.    dd-wrt will let you set QoS tags by MAC address.
my mikrotik wireless router supports WMM and ToS/DSCP
so if you have a dedicated handset,  that MAC will *only* be communicating for voip.  so you can tag any/all traffic from that MAC as platinum, or high priorty (I forget what dd-wrt calls it)
hrm..
btw:   you may even find that skype doesn't even "need" QoS.   the SILK codec they use has forward and reverse loss correction.  so it's pretty good about handling nasty networks.
QoS will obviously be preferred.  but in the case of skype in particular,  you may find it's perfectly usable without.
true.. skype over the PC works pretty nice too
(We took skype's SILK codec,  and implemented it into our software.   the results were dramatic.   right now our voip solution can literally handle wifi networks with 8% packet loss, fully saturated,  and still be usable.)
other codecs,  1% packet loss is noticable,  and 2% is literally unusable
like what is it called, 711-ulaw :P
(again, one of the reasons using an ITSP that is at some random place on the net,  is not recommended.   1% and 2% packet loss over the internet..  is common.
yeah,  ulaw doesn't handle packetloss well at all.
I get that, but, being on a residential line, there's not much I can do about that
sure I can setup asterisk but it'd be the same situation; may as well purchase the service and handset and be done with it
well, I'm more giving you info that I'm hoping you can apply as-needed in your environment,  since you know it much better than I do ;)
oh, thanks :)
I know verizon does SIP trunking (at least for commercial accounts)  so,  ATT may also
ah
you mean, verizon is your SIP provider in that case?
as would ATT in mine?
if they do that sort of thing.. just not sure I understand what you mean by 'they do SIP trunking'
well,  not *mine*  I work for a company that builds communications packages on smartphones for use in hospitals.   one of those hospitals recently switched to voip trunking with verizon,  and in the process..  broke all of their internal communications systems for about 2 hours one day.
not good
what I mean is..  if you call ATT,  they may support having your VoIP device registering with them.. giving you a phone number, and having it act as your home phone.  instead of you paying like a teliax or callcentric or skype, to do it.
on that note, it may be just as well to switch on the phone portion of the line again  :P
then again, most VoIP is dirt cheap
interesting though
like, I knew verizon had their broadwing service I believe its called
not sure if ATT has something similar though
interesting though
already said that :P
right, so I'll check out dd-wrt and see what happens
oh actually, that was called verizon voicewing, and apparently verizon killed that around march 31st last year
you sure verizon is still doing that sort of thing ?
mattx86: we just had that trouble about 3 weeks ago.
but again,  thats a commercial account.  not sure if verizon offers it to residential
ah, I gotcha
(of course, it could be a special case for this particular hospital.  they are so large (and famous) that..  they literally have their own exchange.
nice :)
I'm thinking of getting a FreeBSD VPS, wondering if there are some memcache servers that can be used in the network?
hmm.. starting at 22:55 last night, and lasting about 35 minutes, I don't see *any* traffic in Cacti for any graphs.  wonder what happened there, hrm...
up_the_irons: RandalSchwartz and I were talking about that a bit ago.  his nagios, and my opsview both reported outages.   (I'm on kvr13,  he's kvr08)   I'm guessing something network related
RandalSchwartz commented that his nagios,  couldn't even ping localhost.
if it can't ping localhost, i would say load, or something, cuz those packets don't even leave the VM
balboah: you can run memcache on your VPS, sure
he mentioned that.  then said he's got no crontabs set for that timeframe
i mean the host load, in general
up_the_irons: is there some server that you can rent for memcache only or do I need to setup another vps if I want to use a bigger chunk of memory?
oh, correction he said "couldn't ping itself"  I assumed localhost.  but maybe not.
balboah: no, i don't have memcache servers, sorry.  A VPS comes with the default OS and you'd have to install whatever you want on it
up_the_irons: ok thanks
no  - it was pinging the network interface
but its own
and it also couldn't see the other two boxes
nagios doesn't ping localhost. :)
or at least, I don't think I have it set up that way
it *does* ping its retail network interface though
*nod*   when you said "itself"  my poor brain did s/itself/localhost/
hey - my boxes all just went nuts again
including red
what happened?
my nagios was unable to ping itself
maybe a routing issue?
and my ssh and irc sessions both collapsed
up_the_irons probably has alarm bells going off somewhere :)
any idea what just broke?
Routing blip perhaps?
well, maayan.insightcruises.com failed to be able to ping *itself*
Oh interesting.
that's seems very suspicious
it happened yesterday too
RandalSchwartz: I had lost my SSH session too
I assumed it was internal at first but my VMs seemed to still be able to hit each other.
But I've been away since yesterday evening
looks like it gets gummed up for about 90 to 120 seconds
[10-12-2010 13:16:08] HOST ALERT: maayan;DOWN;SOFT;1;(Host Check Timed Out)
have you logged into the console and manually run the ping? I've had false negatives from nagios before, very annoying
I can't get on when it's happening
aka if anything up to and including the actual ping fails, it fails.
console or via network'ed ssh?
ssh.  console takes about 3 minutes to set up
and by then, it's over :)
let me show you a trick I use for my vm:
in /etc/conserver.cf:
console 0.v { type exec; exec ssh -i /root/.ssh/csmultiplex toddfries@console.cust.arpnetworks.com;
}
what is /etc/conserver.cf?
and where?
which machine?
the config file for conserver that I run on my remote system (remote to arp networks)
so if my system has issues (I run test patches that assure it does from time to time) I can see the console output logs
it's in ports too
you could do the same thing by running screen on a remote system, logging the screen, and using ssh to access your serial console remotely
not in macports though
conserver however is a program I already run to get serial console access to the unix systems in my office so an extra definition for a ssh `serial' port makes sense for me
wait - so you're not talking about the vnc console?
because that's what takes the time
no sir, the texty serial console thing
that's not enabled by default is it?  and how do I attach to it... via the arp console ssh?
the one where the kernel debugger capture is so much easier than screenshotting a vnc session and mailing it around to other devs
(this should be a wiki entry :)
I'm no freebsd expert, but on OpenBSD one tells the kernel to hit the serial port at the boot loader via 'boot> set tty com0' or on the fs via /etc/boot.conf:set tty com0 .. then /etc/ttys sets the getty on /dev/tty00
I suspect on freebsd it has something to do with the kernel config stored in the fs .. ?
... http://www.freebsd.org/doc/handbook/serialconsole-setup.html
but I don't know what the virtual serial line looks like in this VPS
and I don't what to break the ability to boot. :)
so if someone has done this successfully here for freebsd, I'm listening
com0 = tty00 = `virtual serial line'
you can `play' in qemu, same difference
or, more to the point, you can enable the getty on ttyd0 in /etc/ttys and if it shows up on your serial console you have a win for the boot loader showing up there also
worst case, boot from cdrom and edit the loader.conf and nix that line you added, maybe even create a backup w/out the line so a simple 'mv' or 'cp' from the cdrom can restore things
unfortunately, all I have are production machines
I should have played with this when it was pre-production
so I'll have to wait until someone can tell me precisely what works
if you make a qemu disk image of freebsd (or point me to one) I can tell you what works, I don't have time to install freebsd inside qemu
I don't have qemu running. :)
just vmware and virtualbox
is there even a qemu for osx?
0.12.5
that sounds awefully... old
Oh - they all start with 0
that's rather new
weird
yes qemu hasn't hit 1.x yet
yeah - two months ago, it says
ahh qemu-img has support for *.vdi import
so I could send you a virtualbox image
i stick to an old ver of qemu since i had to patch it
vmdk and vdi, is vdi virtualbox?
yes
ipv6freely: older, huh, why?
toddf: i had to patch it so it would do multicast properly between hosts
er
between VMs
that's not what we're worried about here
im aware, i was just saying
multicast is kinda important for running OSPF between VMs :P
"Engineers will be shortly performing an emergency maintenance to replace a defective switch at Wilshire Annex (as2.lax7). Expected impact will be 15 mins or less.  Emergency work is beginning immediately."
-- PacketExchange
that was an hour ago
up_the_irons - is that what caused my stoppage earlier?
not sure why I can't ping myself.  that seems weird.
I could understand not pinging other machines
RandalSchwartz: not sure why pinging yourself would fail; that wouldn't be a packetexchange thing
well - this is twice within two days that maayan has marked itself down (while also not seeing either of the other two hosts) for about two minutes
is there something you can decipher at your end?  this is annoying
I can give you exact times if it'll help
1316 to 1318 today (pacific time)
2300 to 2303 yesterday
maayan is on kvr08 if it makes a difference
RandalSchwartz: i'm going to investigate further, but i have a feeling this is one of those things that i need to catch in the act (very annoying), b/c my munin and cacti graphs also show no data for the period
hi there!
anyone running OpenBSD on their VPS?
I'm having a hard time using the serial console. it's always reported as 'down'. I do have a getty on tty00
tty00 "/usr/libexec/getty std.9600" vt220 on secure
that's what I have for it in /etc/ttys
hopefuly I got something wrong ~_~
I have openbsd
you have to '<esc>co' just as the serial console instructions talked about
'down' means the guest os shutdown and you didn't `re open' the connection
yes of course. that's when I get [connecting...down]
is my tty00 line in ttys ok?
ps shows the getty actualy is running
15986 00  Is+     0:00.01 /usr/libexec/getty std.9600 tty00
tinono: i think i might know what the problem is
tinono: remember that bug I was describing in your support ticket?  I had to change your serial port #, and I haven't updated console.cust yet (but I'm doing it now)
tinono: logout, and try again in about a minute
oh ok
thanks
up_the_irons: it's fixed alright. thanks.
tinono: no problem