***: Ehtyar has joined #arpnetworks
HighJinx has quit IRC (Quit: [Textual IRC Client: http://www.textualapp.com/])
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Ping timeout: 248 seconds)
heavysixer has quit IRC (Ping timeout: 260 seconds)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
HighJinx has joined #arpnetworks
cmeiklejohn has joined #arpnetworks
cmeiklejohn has quit IRC (Quit: ["Textual IRC Client: www.textualapp.com"])
vmmello has joined #arpnetworks
heavysixer has quit IRC (Remote host closed the connection)
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
mikjaer has quit IRC (Ping timeout: 245 seconds)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
HighJinx has joined #arpnetworks
staticsafe has quit IRC (Quit: WeeChat 0.3.9)
staticsafe has joined #arpnetworks
cmeiklejohn has joined #arpnetworks
cmeiklejohn has quit IRC (Ping timeout: 265 seconds)
cmeiklejohn has joined #arpnetworks
cmeiklejohn has quit IRC (Ping timeout: 255 seconds)
dzup has quit IRC (Read error: Connection reset by peer)
mnathani has quit IRC (Ping timeout: 256 seconds)
m_nathani has quit IRC (Ping timeout: 272 seconds)
dzup has joined #arpnetworks
heavysixer has quit IRC (Remote host closed the connection)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
cmeik has joined #arpnetworks
mnathani has joined #arpnetworks
cmeik has quit IRC (Quit: Computer has gone to sleep.)
up_the_irons: anyone using CARP / OpenBSD on their VPS' ?
i know someone has to...
got a customer saying they can ping the CARP interface from their VMs, but they can't ping the CARP interface from the outside (perhaps the CARP interface shouldn't even be pingable from the outside?)
staticsafe: interesting concept
(reading up on CARP)
up_the_irons: isn't CARP using local (RFC1918) addresses?
(afaict from http://www.openbsd.org/faq/pf/carp.html)
up_the_irons: nfi
staticsafe: heh
plett: I've used CARP before, but not on a VPS. It doesn't have anything to do with RFC1918 addresses
staticsafe: oic
that page isn't making much sense to me atm heh
plett: It's the same in concept as VRRP or HSRP. You have a 'floating' IP address which can move between machines on a L2 segment if one goes down
staticsafe: so IP failover?
plett: The first paragraph on that page begins "CARP is the Common Address Redundancy Protocol. Its primary purpose is to allow multiple hosts on the same network segment to share an IP address." :)
staticsafe: plett: you explained it much better :)
mercutio: up_the_irons: it may be due to mac addresses changing?
up_the_irons: mercutio: i would imagine so, but when the CARP IP gets assigned a new MAC, I would imagine some sort of gratuitous ARP would be sent so switches update their caches. Otherwise, it would be kinda pointless.
mercutio: lots of routers can hold onto arp for ages
hence i'm not really a fan of crap on external facing interfaces
carp
i did mean carp
staticsafe: nice freudian slip
:P
mercutio: weird i just had a long pause to my vm and now it seems fine
like it went to sleep
oh it seems it emulates other mac addresses
it may only be when load balancing
Lefty: it could be firewall-related... I had a similar problem on a pfsense box the other day, as I'd moved a service from a static to a CARP IP but then forgot to add firewall rules allowing traffic to the CARP address
mercutio: oh well i have no idea
and i've only got one ipv4 address so don't really ...
hmm, i wonder if carp works with ipv6
staticsafe: it does say it supports ipv6
mercutio: i so need a fan
i'm melting
staticsafe: http://www.bigassfans.com/
***: vmmello has quit IRC (Remote host closed the connection)
cmeik has joined #arpnetworks
mikeputnam: ha
i know a maintenance man at a local hotel. he told me about installing a Big Ass Fan[TM]
***: HighJinx has quit IRC (Quit: Computer has gone to sleep.)
gcw|mbpro has joined #arpnetworks
cmeik has quit IRC (Ping timeout: 240 seconds)
HighJinx has joined #arpnetworks
toddf: carp works with ipv6 somewhat, I've done it, but have ended up having to ping6 the carp ip from the client before it works at times, supposedly code went in to fix it, I never setup a proper test env to confirm this or not
mercutio: ahh
i've only got a /64 to my vps atm i think, and it seems carp doesn't like using an overlapping address
or i'm doing somethign wrong
brycec: the "local" interface needs only a private address, something it can talk to the other host using. Then the public address gets floated between them
At least, that's from my experimentation with pfSense.
And in that scenario, a dedicated, separate interface was recommended so it would have a completely separate (non-public) IP anyways.
The idea of using CARP between VPS', particularly if they're on separate hosts, is intriguing.
mercutio: yeah it is slightly
even if it's just for things like authorative dns
that timeout and can go to diff server
but are much faster if server is up
and you don't have to worry about state etc
brycec: That reminds me... one of these days I need to read up on anycast
mercutio: anycast is pretty simple
basically you advertise the same address in multiple locations via BGP
that said, it gets more complicated with traffic management etc
like BGP as-path isn't always accurate for closest destination
brycec: whoa, really? you can advertise the same address in multiple places?
that's wild...
mercutio: yeh
but
you need to advertise at least a /24
well if it's to the internet
brycec: ha obviously :p
mercutio: if it's just your local network you can easily add /32 in different locations
brycec: (obviously if you're familiar with BGP)
mercutio: yeah
i had no idea how familiar you were
there's like 25,000 BGP users in thew orld isn't ther?
oh maybe more
brycec: Yeah, I'm vaguely familiar with
I thought I heard there were 39k or so
mercutio: ok
25k was a random stab in the dark
anyway
there are like more than a billion users
so a lot of people aren't using bgp
brycec: Well since you've explained it, it seems very simple afterall
mercutio: err i mean
don't necessarily need to understand bgp
yeah
umm generally speaking
you have a /24 for external facing
then you have another subnet for internal facking
facing
ie, you need to be able to reach the gear regardless
but pretty much if you have more than two locations having a /32 advertised gets helpful real quickly for dns
just like lots of people know 8.8.8.8
it's much easier to remember one number for all locations than heaps of differnet ip numbers
i reckon there should be a standard anycast recursive dns myself
that any provider can implement
but yeah, the problem with anycast for wider internet facing stuff, is there's lots of community stuff that needs to be done to improve routing
and providers can be hit and miss with how they let you influence routing
i kind of wish there was better control for that stuff standardised
***: dzup has quit IRC (Ping timeout: 260 seconds)
dzup has joined #arpnetworks
jlgaddis: most providers allow you to set communities on your advertisements to control that type of stuff
mercutio: yeah, bu t it's not standardised
***: meingtsil has joined #arpnetworks
meingtsla has quit IRC (Read error: Operation timed out)
jlgaddis: *nod*
***: meingtsil is now known as meingtsla