[00:11] *** HighJinx has joined #arpnetworks
[00:33] *** Ehtyar has joined #arpnetworks
[01:24] *** HighJinx has quit IRC (Quit: [Textual IRC Client: http://www.textualapp.com/])
[01:27] *** HighJinx has joined #arpnetworks
[01:40] *** HighJinx has quit IRC (Ping timeout: 248 seconds)
[01:42] *** heavysixer has quit IRC (Ping timeout: 260 seconds)
[01:47] *** heavysixer has joined #arpnetworks
[01:47] *** ChanServ sets mode: +o heavysixer
[01:49] *** HighJinx has joined #arpnetworks
[07:57] *** cmeiklejohn has joined #arpnetworks
[08:08] *** cmeiklejohn has quit IRC (Quit: ["Textual IRC Client: www.textualapp.com"])
[08:40] *** vmmello has joined #arpnetworks
[09:01] *** heavysixer has quit IRC (Remote host closed the connection)
[09:31] *** HighJinx has quit IRC (Quit: Computer has gone to sleep.)
[09:57] *** mikjaer has quit IRC (Ping timeout: 245 seconds)
[10:08] *** heavysixer has joined #arpnetworks
[10:08] *** ChanServ sets mode: +o heavysixer
[10:41] *** HighJinx has joined #arpnetworks
[11:08] *** staticsafe has quit IRC (Quit: WeeChat 0.3.9)
[11:15] *** staticsafe has joined #arpnetworks
[11:45] *** cmeiklejohn has joined #arpnetworks
[11:55] *** cmeiklejohn has quit IRC (Ping timeout: 265 seconds)
[11:59] *** cmeiklejohn has joined #arpnetworks
[12:04] *** cmeiklejohn has quit IRC (Ping timeout: 255 seconds)
[12:34] *** dzup has quit IRC (Read error: Connection reset by peer)
[12:44] *** mnathani has quit IRC (Ping timeout: 256 seconds)
[12:46] *** m_nathani has quit IRC (Ping timeout: 272 seconds)
[12:52] *** dzup has joined #arpnetworks
[13:49] *** heavysixer has quit IRC (Remote host closed the connection)
[13:51] *** heavysixer has joined #arpnetworks
[13:51] *** ChanServ sets mode: +o heavysixer
[15:00] *** cmeik has joined #arpnetworks
[16:01] *** mnathani has joined #arpnetworks
[16:29] *** cmeik has quit IRC (Quit: Computer has gone to sleep.)
[16:34] <up_the_irons> anyone using CARP / OpenBSD on their VPS' ?
[16:35] <up_the_irons> i know someone has to...
[16:39] <up_the_irons> got a customer saying they can ping the CARP interface from their VMs, but they can't ping the CARP interface from the outside (perhaps the CARP interface shouldn't even be pingable from the outside?)
[16:42] <staticsafe> interesting concept
[16:42] <staticsafe> (reading up on CARP)
[16:44] <staticsafe> up_the_irons: isn't CARP using local (RFC1918) addresses?
[16:44] <staticsafe> (afaict from http://www.openbsd.org/faq/pf/carp.html)
[16:47] <up_the_irons> nfi
[16:47] <staticsafe> heh
[16:54] <plett> I've used CARP before, but not on a VPS. It doesn't have anything to do with RFC1918 addresses
[16:54] <staticsafe> oic
[16:55] <staticsafe> that page isn't making much sense to me atm heh
[16:56] <plett> It's the same in concept as VRRP or HSRP. You have a 'floating' IP address which can move between machines on a L2 segment if one goes down
[16:57] <staticsafe> so IP failover?
[16:57] <plett> The first paragraph on that page begins "CARP is the Common Address Redundancy Protocol. Its primary purpose is to allow multiple hosts on the same network segment to share an IP address." :)
[17:00] <staticsafe> plett: you explained it much better :)
[17:07] <mercutio> up_the_irons: it may be due to mac addresses changing?
[17:09] <up_the_irons> mercutio: i would imagine so, but when the CARP IP gets assigned a new MAC, I would imagine some sort of gratuitous ARP would be sent so switches update their caches.  Otherwise, it would be kinda pointless.
[17:09] <mercutio> lots of routers can hold onto arp for ages
[17:10] <mercutio> hence i'm not really a fan of crap on external facing interfaces
[17:10] <mercutio> carp
[17:10] <mercutio> i did mean carp
[17:10] <staticsafe> nice freudian slip
[17:10] <staticsafe> :P
[17:11] <mercutio> weird i just had a long pause to my vm and now it seems fine
[17:11] <mercutio> like it went to sleep
[17:12] <mercutio> oh it seems it emulates other mac addresses
[17:12] <mercutio> it may only be when load balancing
[17:13] <Lefty> it could be firewall-related... I had a similar problem on a pfsense box the other day, as I'd moved a service from a static to a CARP IP but then forgot to add firewall rules allowing traffic to the CARP address
[17:15] <mercutio> oh well i have no idea
[17:15] <mercutio> and i've only got one ipv4 address so don't really ...
[17:15] <mercutio> hmm, i wonder if carp works with ipv6
[17:15] <staticsafe> it does say it supports ipv6
[17:15] <mercutio> i so need a fan
[17:16] <mercutio> i'm melting
[17:16] <staticsafe> http://www.bigassfans.com/
[17:41] *** vmmello has quit IRC (Remote host closed the connection)
[18:31] *** cmeik has joined #arpnetworks
[18:38] <mikeputnam> ha
[18:39] <mikeputnam> i know a maintenance man at a local hotel. he told me about installing a Big Ass Fan[TM]
[18:53] *** HighJinx has quit IRC (Quit: Computer has gone to sleep.)
[19:23] *** gcw|mbpro has joined #arpnetworks
[20:31] *** cmeik has quit IRC (Ping timeout: 240 seconds)
[20:39] *** HighJinx has joined #arpnetworks
[20:43] <toddf> carp works with ipv6 somewhat, I've done it, but have ended up having to ping6 the carp ip from the client before it works at times, supposedly code went in to fix it, I never setup a proper test env to confirm this or not
[20:50] <mercutio> ahh
[20:51] <mercutio> i've only got a /64 to my vps atm i think, and it seems carp doesn't like using an overlapping address
[20:51] <mercutio> or i'm doing somethign wrong
[20:53] <brycec> the "local" interface needs only a private address, something it can talk to the other host using. Then the public address gets floated between them
[20:53] <brycec> At least, that's from my experimentation with pfSense.
[20:54] <brycec> And in that scenario, a dedicated, separate interface was recommended so it would have a completely separate (non-public) IP anyways.
[20:55] <brycec> The idea of using CARP between VPS', particularly if they're on separate hosts, is intriguing.
[21:02] <mercutio> yeah it is slightly
[21:02] <mercutio> even if it's just for things like authorative dns
[21:02] <mercutio> that timeout and can go to diff server
[21:02] <mercutio> but are much faster if server is up
[21:02] <mercutio> and you don't have to worry about state etc
[21:19] <brycec> That reminds me... one of these days I need to read up on anycast
[21:22] <mercutio> anycast is pretty simple
[21:23] <mercutio> basically you advertise the same address in multiple locations via BGP
[21:23] <mercutio> that said, it gets more complicated with traffic management etc
[21:23] <mercutio> like BGP as-path isn't always accurate for closest destination
[21:24] <brycec> whoa, really? you can advertise the same address in multiple places?
[21:24] <brycec> that's wild...
[21:24] <mercutio> yeh
[21:24] <mercutio> but
[21:24] <mercutio> you need to advertise at least a /24
[21:24] <mercutio> well if it's to the internet
[21:24] <brycec> ha obviously :p
[21:24] <mercutio> if it's just your local network you can easily add /32 in different locations
[21:24] <brycec> (obviously if you're familiar with BGP)
[21:24] <mercutio> yeah
[21:25] <mercutio> i had no idea how familiar you were
[21:25] <mercutio> there's like 25,000 BGP users in thew orld isn't ther?
[21:25] <mercutio> oh maybe more
[21:25] <brycec> Yeah, I'm vaguely familiar with
[21:25] <brycec> I thought I heard there were 39k or so
[21:26] <mercutio> ok
[21:26] <mercutio> 25k was a random stab in the dark
[21:26] <mercutio> anyway
[21:26] <mercutio> there are like more than a billion users
[21:26] <mercutio> so a lot of people aren't using bgp
[21:26] <brycec> Well since you've explained it, it seems very simple afterall
[21:26] <mercutio> err i mean
[21:27] <mercutio> don't necessarily need to understand bgp
[21:27] <mercutio> yeah
[21:27] <mercutio> umm generally speaking
[21:27] <mercutio> you have a /24 for external facing
[21:27] <mercutio> then you have another subnet for internal facking
[21:27] <mercutio> facing
[21:27] <mercutio> ie, you need to be able to reach the gear regardless
[21:27] <mercutio> but pretty much if you have more than two locations having a /32 advertised gets helpful real quickly for dns
[21:28] <mercutio> just like lots of people know 8.8.8.8
[21:28] <mercutio> it's much easier to remember one number for all locations than heaps of differnet ip numbers
[21:28] <mercutio> i reckon there should be a standard anycast recursive dns myself
[21:28] <mercutio> that any provider can implement
[21:32] <mercutio> but yeah, the problem with anycast for wider internet facing stuff, is there's lots of community stuff that needs to be done to improve routing
[21:33] <mercutio> and providers can be hit and miss with how they let you influence routing
[21:34] <mercutio> i kind of wish there was better control for that stuff standardised
[21:52] *** dzup has quit IRC (Ping timeout: 260 seconds)
[22:04] *** dzup has joined #arpnetworks
[22:34] <jlgaddis> most providers allow you to set communities on your advertisements to control that type of stuff
[22:38] <mercutio> yeah, bu t it's not standardised
[22:43] *** meingtsil has joined #arpnetworks
[22:44] *** meingtsla has quit IRC (Read error: Operation timed out)
[22:44] <jlgaddis> *nod*
[22:45] *** meingtsil is now known as meingtsla