nixbag: you know me, i don't wake 'til noon ;) nixbag: i would say count on being at the data center between 2 and 3pm nixbag: oh, and would you like to build a server with me on Friday? This would be at my home office. i would like to build a server with you, sir unfortunately, there's that little geographic issue that i would need to overcome heh lol upcoming: new buttons and icons in the Portal ;) WOOHOO MOAR BUTTONZ!!!1 ;) wait will there be a "change the virtual cd-rom mounted in my vps to $dropdown_with_iso_image_list" button ? jlgaddis: soon that branch is like half way done oh nice, i didn't know that was actually something you were working on of course, that now reminds me i need to open a ticket, heh your bragging is causing more work for yourself, sir :P lol wow, backup space ssh key submission is werkin already up_the_irons: using Ruby? i hope not, he has my credit card info stored ;) up_the_irons: i'd love to help build a server on friday. so would I! (And I'd help rack too) But I'm 700mi away... :P brycec: better than me, 1333mi 5532mi for me. 5625 for me ha! 5793.34mi boo I know this is likely a FAQ, but I couldn't find in the wiki or FAQ- Is it possible to transition an image to your dedicated HW, or would I need to reinstall? i can't speak w/ certainty, but i am quite positive that's gonna be a new install (though you could probably restore a backup over the top of it afterwards) Fair enough. Not a problem, just didn't know ;) silly question, is there a equivalent to htop in FreeBSD (i'd rather not install the linux emulation stuff)? I only know of the one, the original, the only htop damn staticsafe: Maybe this will help? http://caterva.org/blog/posts/htop_on_FreeBSD/ hmm seems you still need some linux, but at least not ALL the linux compat layer i suppose i can make do with watch and ps aux ;) what's so bad about linux compat? lol only part of that post is correct, you do need the linprocfs, but not linux emu for htop also there is much more bloat in FreeBSD as linux emulation, it consists only of a remapping of syscalls :) eep! http://blog.linode.com/2013/03/07/linode-nextgen-the-network/ mikeputnam: so basically up_the_irons can pick up their used gear cheap? :D mikeputnam: I like how blog.linode.com has broken IPv6. That really inspires me to trust them with hosting my stuff :) it doesn't have broken IPv6 $ telnet blog.linode.com 80 Trying 2600:3c00::4c... its under heavy load so its very slow atm Sits there forever for me... v4 connects and works ping6 linode.com <- works staticsafe: Does their v6 work for you? but not blog. they probably host their www. on arpnetworks :p Yep. I can ping6 linode.com but not blog linode's ipv6 worked fine for me (past tense) not coming up for me now dang, linode getting some fancy gear yea And by fancy gear, we mean crap that's only good for a rural one-room library... haha up_the_irons: ever consider registering ndpnetworks.com? brycec: lol no (it's available) >_> okay, at least it was when I checked :P I see Linode want routers with big MAC tables, which I guess means they do L2 from the routers all the way to individual VPSs that's common plett most of the vps's places have heaps of "arp noise" too If that is a hard requirement and means you have limited router choices, is it easier to use a few smaller routers and push L3 one or two steps further down the tree towards the VPSes? like if you run tcpdump on the interface it'll show haeps of arp like 20/sec+ plett: this is like asking why internet costs more when less providers are in an area they could fix their network by either replacing router with bug router, or segregating big They're buying shedloads more kit, so now is the time to do it, if they think it needs doing but how would they seperate? i think companies like that like kowing it's a global problem for an area not that one router is having isuses cos otherwise more troubleshooting for their "support" starff which are probably in another country language barrier er etc Personally I'd have each VPS host do IP routing for the VPSs it's running, and talk BGP/OSPF/whatever to an upstream router to announce the VPSs IPs well that's what i was thinking for a moment :) And add VLANs between VPSs as an additional service, if required but where is the gateway address? Gateway for the VPS? The other end of the /30 that it's on, which will be be the host it's running on that uses a lot of ip's up Or if you can find a way to do a point-to-point link on the virtual ethernet between VPS and host, you can save 3 of the 4 IPs in the /30 and just put a /32 on the VPS hmm It's done that way with /30s at ARP that's a really nice idea plett: yeah plett: but mostly out of architecture reasons but maximum profit extraction s/but/not/ it can probably be /31s with arp really Yeah. If the VPS OS can understand that. There would always be oddball setups that need the /30 yeh. i was surprised more things worked with /31s recently but idon't think it's a new thing i just haven't been paying enough attention Alternatively, use just IPv6 to route to the VPSs, and tunnel the v4 inside the v6 to get it to the VPS ;) I'm not sure that's really troll... I think it sounds awesome no it doesn't where's your sense of adventure? Native v6 with /32 v4 routes routed to IPs within the v6 network would be something I'd want to play with this assignment is killing it :( But I'm not sure I'd want to put it into production :) (or toddf) host doing routing sounds good until you get DoS'd just say no to software routing heh But you need software bridging with virtual servers anyway. Is that going to survive better when attacked? yes, very much so Yes - software bridging isn't making decisions, just has to pass it along and virtually all NICs now do VLAN offloading, so that part is processed in hardware also but if you don't VLAN your customers, then oh well, you can't benefit from that ;) have fun! I'm curious about why software routing in the host would fall over under load sooner than a DoS aimed at the VPS's own IP And you can have upstream rate limiting and blackholing etc plett: When the host is responsible solely for "in packet, out packet" it can handle that faster than "in packet, do routing, decide where to go, etc, out packet" Essentially O(1) vs O(4) (for example) cut through switching And a ddos aimed at a single vps versus the host itself (by way of routing) means the other vps aren't all affected and the damage is relatively limited to just that vps brycec: I agree that the host doing etheret bridging is less work than the host having to do IP routing, but I'm not sure how big a deal it would be in practice staticsafe: Are virtual server hosts typically able to do cut through switching? idk I'm no expert in this field I would expect it to be store-and-forward Well in theory, if routing requires 4x as many CPU cycles as bridging (it probably requires more), then that's a huge differnce. brycec: There is always an ARP/ND lookup done by the kernel, even in bridging. An IP lookup from a kernel routing table wouldn't be that much more work I'm not suggesting putting a full BGP feed in the host I'm not so sure about that... I would imagine the host kernel would only care (do any kind of lookup) if the interface were "up" and configured on the host. In my personal setups, I have an interface defined for the vlan (e.g. eth0.1234) and bridge VBox to that, but no additional configuration is done, the host doesn't care, the packets are simply detagged and handed off but I've not tcpdump'ed that to confirm The host kernel must be doing the bridging though. If you ask brctl on the host, I bet it has the MAC addresses on that vlan stored in the kernel I've not tried it, I'm just wondering if it's a sensible thing to try this isn't linux bridging though, there's no brctl.. VBox (by whatever voodoo) simply opens eth0.1234 and sips on that If I brctl, I get no command found ;) If it's not linux bridging, it must be snooping on the frames as they come out of the ethernet driver Which sounds scary to me :) But yes, that would avoid the host having to know anything about the L2 network being used well at least my logic was sound :p plett: Why would the "snooping on the frames [directly]" be scary? I'm not sure, really. It just seems like a very hardware-specific way of doing things (and fwiw I believe it's "tapped" through vboxdrv or one of the vboxnet modules, but I couldn't be certain) plett: staticsafe brycec : i've seen hosts become completely unresponsive with < 100 Mbps DDoS when the host is responsible for routing; i've never seen that happen with bridging. how odd, irssi didnt highlight that... hah nixbag and I are doing the hussle on a new 8x blade chassis! (rackin', stackin', cablin', sticker'in) wat, no ustream? heh what kind of two-bit VPS host are you? :p LOL oh man, srsly, we *should* ustream it i have 2 security cameras still IN THEIR BOX from 4 years ago when i first got my cage wow.... you ARE a two-bit vps host (except for costing closer to 60 bits) (also I would've gone with s/sticker'/label/) STICKER'IN http://www.flickr.com/photos/51184165@N00/8537425159/ well I stand corrected :p wow, my very first data center picture with a person in it: http://www.flickr.com/photos/51184165@N00/8538575234/in/set-72157631847234896/ nixbad is cablin' away *nixbag all the cables are blue indeed god i want one of those =p that actually seems pretty cheap for 8 machines if you consider the cpu + memory is only $400