[00:27] *** Guest86400 is now known as easymac [00:28] *** easymac is now known as Guest45044 [01:28] *** Guest45044 is now known as easymac [01:29] *** easymac is now known as Guest19993 [02:29] *** Guest19993 is now known as easymac [02:30] *** easymac is now known as Guest49233 [02:50] *** ziyourenxiang has joined #arpnetworks [03:07] mercutio: still, i'm surprised the "engineer" hasn't heard of it from others; he must be new [03:09] i dunno i don't have high expectations [03:09] i hardly expect "engineers" to understand mtu [03:09] i think the problem is that these days a lot of people do courses and cram study and forget huge amounts of stuff [03:10] i would hope they would understand MTU... if not, what makes them even qualified for the job? [03:10] ccna? :) [03:11] knowing subnet maths [03:12] i guess i haven't look at it that way... someone off the street, knowing nothing, gets CCNA, then gets a network engineer job? they still seem underqualified if they only got the CCNA [03:13] wow, don't visit #freenode-newyears [03:13] (i warned you) [03:16] * up_the_irons wanders off [03:30] *** Guest49233 is now known as easymac [03:31] *** easymac is now known as Guest16064 [03:36] yeah you've been around a bit long [03:36] it changed :) [03:36] or you're lucky [03:36] and it's not like that over there so much [03:53] apparently ccna does cover mtu a bit [03:53] although it seems to suggest that routers do fragmentation [03:55] i can't remember hearing about mtu in icnd1 or icnd2 [03:55] oh..there it is [03:55] one more thing i forgot [04:08] what's icnd? [04:09] oh another name for ccna? [04:09] ant: would you call yourself a network engineer? [04:10] tbh, i dunno how people are meant to learn the vast amounts of stuff that's relevant these days [04:11] i still don't know much about node.js etc [04:11] BAREMETAL!!! [04:11] and apparently it's really big these days [04:11] * mercutio wonders what made byrcebot say that [04:14] mercutio: icnd (interconnecting cisco networking devices) 1 and 2 are the courses which prepare for the ccna exam [04:15] mercutio: and i don't have a clue what "network engineer" would even mean [04:15] heh [04:15] btw. i think "node.js" triggers BryceBot [04:15] BAREMETAL!!! [04:16] i was looking up systems engineer before [04:16] node.js [04:16] BAREMETAL!!! [04:16] apparently sys engineer > sys admin [04:16] i've always considered myself a sys admin [04:16] but apparently sys admin now means someone who looks at graphs [04:16] whereas systems engineer implements things [04:16] so i assume network engineer is someone who implements networks [04:17] i assume network technician is what they call someone that responds to trouble tickets [04:17] it all gets pretty confusing really [04:18] oh hmm, node.js isn't a baremetal thing though [04:18] BAREMETAL!!! [04:20] well, there are some titles which are backed by certificates, like ccna/ccnp/rhce/..., so there one can assume some (minimal) knowledge. but apart from that i can call myself whatever i want [04:21] ime ccna doesn't seem to many anything [04:21] ccnp is slightly significant though [04:21] yeah. you don't need to know much to get an ccna [04:21] and visa versa [04:21] not having it doesn't really mean you don't know things [04:21] and there are also "leaked" exam questions which you can learn by hard... [04:22] some companies like juniper or cisco certifications though [04:22] even if they only use one of them [04:22] just like some places like university degrees in any field [04:22] i think it just proves you have a bit of commitment [04:23] imo the icna courses are also quite good to get some basic networking knowledge [04:23] actually, according to corporate lore, that's just for HR to filter the CVs. [04:24] heh [04:24] i must admit i don't have much experience in such areas [04:24] but from what i've heard most jobs gets heaps of applicants [04:25] and certifications like ccna are pretty comon [04:25] but experience not so much [04:25] CCIEs are supposed to be the prized ones. [04:27] to become a ccie you actually need to know stuff and have the experience [04:31] ohh yes [04:31] CCIE exams are 'a bit' more complicated :D [04:31] *** Guest16064 is now known as easymac [04:32] *** easymac is now known as Guest48034 [04:37] mercutio: isn't it true for ipv4 that routers do fragmentation? [04:46] *** Guest48034 has quit IRC (Quit: leaving) [04:52] mercutio: or did you mean that modern implementations use pmtu discovery und thus the routers don't have much to fragment? [04:54] * ant is now reading http://stack.nil.com/ipcorner/IP_Fragmentation/ [04:56] ip pmtu does not always work, and is not possible on udp [04:56] pmtud even [04:57] according to the link i posted it depends on the application for udp [04:58] well, yes but the routers will never do it [04:59] can someone here with js disabled in their browser check out www.coindev.org and tell me what the bottom left bitcoin donate button does? [05:00] GluffiS: isn't pmtud always done by the host? [05:00] no [05:00] routers can do it also, to determine if fragmentation is needed [05:01] but I would not trust pmtud :D [05:01] exacvtly [05:01] at least cisco routers has options for pmtud :D [05:02] better to keep track of your mtu :) [05:03] * GluffiS normally builds small networks :D [05:04] i'd like to see internet mtus go above 1.5k [05:04] networks can't be too small to have mtu related problems..i remember having them at home [05:05] yeh adsl and cable networks it's common with [05:05] dialup it was too [05:05] and vpns [05:05] mss clamping is well known now but it didn't used to be [05:05] tunneling over mpls networks is horrible :D [05:06] mpls networks usually have jumbo frames or baby jumbo frames and so you're usually fine [05:06] over the internet is a different story [05:06] true... [05:06] my work is mainly off internet ;) [05:06] are you doing mpls over the internet? [05:07] or do you have mpls connections provdided by someone else? [05:08] i love it how this channel is off topic so much [05:08] but generally when people have an issue someone will pay attention to them, and even then it's not that often [05:08] mpls providede by someone else :D [05:09] GluffiS: yeh so they'll have jumbo or baby jumbo frames on their network [05:09] and give you 1500 mtu, right? [05:09] well, my findings told me that somewhere arounde 1300 was the way to go for that system :) [05:10] oh what [05:10] how lame :/ [05:10] hehe :D [05:11] l2tp over the internet is around there somewhere i think [05:11] using udp [05:11] ie the old l2tp not the new one [05:11] l2tp v3 is nice [05:12] v2 is more common [05:12] probably, but v3 has nice qos options... [05:12] huh [05:13] it can copy , at least on cisco, the dscp value from the orginal packet to the tunnled packet :D [05:14] well that's not a feature of l2tp but an implementation detail [05:15] probably :D [05:15] openbsd is gaining l2tp support [05:16] but that's one of the areas that lags behind in open source / unix platforms. [05:16] i'm no network guru... mainly dabble around with networking, firewalls, voip and stuff [05:16] OpenBSD and networking is awesome :D [05:16] their vrf implementation is really nice [05:16] mostly [05:16] they need better vrf support :/ [05:16] haha [05:17] well i had a play with it [05:17] well, compare it to Linux :) [05:17] heh yeah [05:18] i want to see openbgpd get more efficient [05:18] but i really like openbgpd [05:18] but for some reason cisco is way quicker at loading bgp tables [05:18] someone benchmarked it [05:19] and cisco was beating openbgpd on much lower end cpus [05:19] well, cisco does BGP for a living :D [05:19] that was when used as route server [05:19] yeah [05:19] but cpu sppeed is way faster [05:19] so it should be possible to speed it up [05:19] yes, they will get there :D [05:20] i believe that to be true [05:20] how far did you get with vrfs on openbsd btw? [05:20] i was struggling to get it working right with bgp [05:21] i did not do anything fancy , needed a lot of diffrerent networks for some firewall migration [05:29] https://www.ams-ix.net/downloads/ams-ix-route-server-implementations-performance.pdf [05:29] thjis is what i saw about cisco being faster with converging than openbgpd [05:29] *** r0ni has joined #arpnetworks [05:30] ok [05:33] well, a ASR cisco box is expensive as hell :D [05:33] it's still a slower cpu [05:33] yes [05:33] but they have spent a couple of millions in devloping the software :D [05:33] heh [05:33] well it still means it's possible to get more efficient [05:33] absolutley [05:34] which is what counts really [05:34] you can never solve bad code with hardware [05:34] like when people talk about making a faster web server [05:34] it's like static web pages go at line rate on modern hardware [05:34] with whatever server [05:34] heh yeah to a point [05:35] but yeah algorithams matter [05:35] but there are limits [05:35] on that note, intel have made zlib faster apparently [05:35] nice [05:35] (by using more cpu instructions) [05:35] but for some reason no-one was trying to make zlib faster it seemed [05:36] even though it's damn coommonn anod bottlenecks easily [05:36] lbzip2/pbzip2 are actually faster than gzip on modern cpus [05:36] cos they parallelise [05:36] hehe yes... paralelling is cruicial these days [05:36] well with low compression values [05:36] that still compresses better than zlib [05:36] yeah [05:37] that's where openbsd needs to catch up :) [05:37] and get rid of their giaint lock [05:37] i imagine some of what makes openbgpd slower is interacting with the kernel [05:37] openbsd has nerver been fast ;) [05:37] fast, secure, cheap - choose two. :-) [05:39] it's usuually just one :) [05:41] heh [05:42] openbsd is pretty fast for UP stuff really [05:47] i acutually had a beer with Theo Da Raadt 10 yeras ago or so :D [05:47] what was he like [05:48] well, regular nerd :) a bit nerdier than most [05:48] he seems like he has the right attitude towards things in a way to me [05:48] yes [05:48] unlike rms etc :/ [05:48] yeah omg [05:48] stallman feels like more of a clown [05:48] looking at openbsd hackathon photos makes me feel less geeky :/ [05:48] hehe [05:48] i've met rms heh [05:48] i didn't stick around though [05:49] he wasn't very interesting [05:50] there were a discussion regarding bugfixing on that event and Alan Cox asked why Theo did not use the built in debugger in GCC, 'It to slow, its faster to just read the 180mb of code, then you might find something else to fix' [05:50] haha [05:50] i hated gcc's debugger when i first tried it [05:50] i ended up just using printf :/ [05:50] hehe [05:51] but then i used it for backtraces [05:51] havn't written C since school :P [05:51] i haven't done much C recently [05:51] trying to get back into it [05:51] well, I fixed some kernel stuff ages ago when struggeling with the nvidia drivers :D [05:52] cool [05:52] never submitted the patch though [05:52] i know how that is [05:52] i fixed s/pdif on audio driver on openbsd [05:52] err added s/pdif support [05:52] but never submitted anything [05:52] :D [05:52] for cmi8738 [05:52] i just wanted to be able to listen to music [05:52] this happened on a friday evening with a lot of cursing [05:53] i ended up taking code from netbsd [05:53] iirc [05:53] and i was surprised i managed to do it :) [05:53] hehe [05:54] hmm i added higher initcwnd support to openbsd before it wsa implemented too [05:54] but that was pretty easy [05:54] hehe [05:55] and reduced the initial retransmit timeout [05:55] hmm i wonder if openbsd has decreased that yet [05:55] linux has now [05:55] for some reason people pay more attention to the initial window size thing, when both of them were proposed by google at around the same time [05:55] basically normally there's a 3 second timeout in retransmits in initial packets [05:56] and it can be safely decreased to 1 second these days [05:56] saving a couple of seconds [05:56] easy to reproduce with 5% packet loss [05:56] :D [05:56] and the difference can be noticable [05:57] it only matters when you have packet loss in the beginning of connections though [05:57] and no one really cares :D [05:57] i dunno, dsl networks here had 5 to 15% packet lsos for a while [05:58] that's how i got interested [05:58] i dunno how common it is [05:59] i imagine it's still common in places like india [05:59] and happens on some wifi connectinos at long distance [06:01] people with dlink wifi equipment is probably interested [06:01] must be the crappiest piece of network hardware I ever bought [06:01] there's actually more stuff that can be improved for wireless networks [06:02] normal tcp/ip congestion control doesn't work that well with the variable latency variance of wifi [06:03] freebsd's got a new algoritham that's meant to work better in such situations but i haven't tested what it's like for wifi yet [06:03] CAIA Delay-Gradient (CDG) congestion control [06:03] algorithm [06:03] as soon as I get some cabling to the other side of the house I will literally set my dlink AP on fire [06:03] ahh this is it [06:04] that bad is it? [06:04] yes [06:04] you've set it to 20 mhz already? [06:04] use it as bridge [06:04] i bridge for my wifi too [06:05] cisco 1142 in the other end :D the dlink just dies and has to be restarted [06:05] oh [06:05] you mean you have a bridge off it [06:05] it just stops forwarding packets [06:05] yes [06:05] have you tried openwrt on it? [06:05] it cant :( [06:05] 1360 DAP [06:05] i had a d-link 504t adsl modem [06:05] everywehere says they're crap [06:06] was real stable on openwrt [06:06] just need a drill and some rj45 contacts :D [06:06] one of the few adsl modems supported for adsl in openwrt [06:06] ok [06:06] a bit old now though [06:06] the cpu can't keep up with adsl > 16 mbit [06:06] you mean freebsd has such good coverage of wifi drivers that they dream up algorithms to optimize tcp/ip over wifi? :-) [06:07] i am thinkg of getting me a dsl wic for my 1841 router :D [06:07] ziy: it'll help a freebsd web server send to an end user on wifi too [06:07] ah. [06:07] i have no idea what freebsd is like for wifi [06:07] * ziyourenxiang would love to run freebsd on his netbook. [06:08] i only came across it cos i was wondering what was new in freebsd 10 [06:08] but it's actually in freebsd 9.2 too [06:08] i'm using a tp-link wireless router with openwrt [06:09] but it's bridging rather than doing anything [06:09] just between wifi and ethernet [06:09] and my normal linux box runs the dhcp server etc [06:09] well in theory [06:09] iv'e acutally stopped using wifi [06:10] * GluffiS is happy with his 1142 AP, it can do 40mhz also :D [06:10] 3g works well enough on my cellphone [06:10] 20 mhz is often more stable than 40 mhz [06:10] depending on how crowded your area is [06:10] it seems pretty common to have wifi issues these days though [06:11] and i'd rather see everyone shift to 20 mhz [06:11] it's not crowded... [06:11] closest neighbour is 100m away [06:11] oh you live rural ok [06:12] yes, crappy phone wires though, get 8mbit dsl only [06:12] damn [06:12] can you get two adsl connections and bond them? [06:12] nope [06:12] single line to the house? [06:13] is it adsl1 or adsl2+ at 8 mbit? [06:13] well, I guess I can get 12-18mbit on my line acutally [06:13] 2+ [06:13] ahh ok [06:13] 12 mbit is ok [06:13] my ISP refuses to deliver vdsl :D [06:13] how come? [06:14] they haven't upgraded the dslam yet [06:14] you may not get much more downstream, but you'd get more upstream at least [06:14] ahh [06:14] here having vdsl available means fibre fed [06:15] ahh [06:15] not having vdsl available means it could still be atm fed [06:15] and atm fed can mean congestion [06:15] fibre here is 10Mbps ethernet as slowest :D [06:15] fibre to the dslam i mean [06:15] ahh [06:16] the dlsam is fibre :D [06:16] so having a vdsl capable exchange is good [06:16] well that's a good start [06:16] just they have no vdsl line cards? [06:16] * GluffiS is in sweden, fibre is almost everywhere [06:16] see if you can get some other people in the area to put in requests for vdsl [06:16] yes :D [06:17] i'm in new zealand [06:17] hh [06:17] mercutio, happy new year :-) [06:17] a long long way way :/ [06:17] haha [06:17] yes it's 2014 here :/ [06:17] not that it makes any diff to me [06:17] i didn't een get drunk :/ [06:18] sweden has good net speeds right? [06:19] yes [06:20] if you live in the city 100Mbps is not uncommon :d [06:20] heh [06:20] is it gpon? [06:20] some ISP's even offer gig :D [06:21] nope, copper usually [06:21] oh curious [06:21] is this like apartments? [06:21] but fibre is coming, mostly to new villas [06:21] yep [06:21] apparently sweden is using something called AON [06:21] which i've never heard of [06:22] it may be dated though [06:22] don't think it's that widespread [06:23] i think gpon is taking off [06:23] yes [06:23] CAIA Delay-Gradient (CDG) congestion control [06:23] algorithm [06:23] oops [06:23] http://www.swedentelecom.com/solutions/fttx-gpon/ [06:23] looks lie one isp is doing gpon at least [06:23] and that's curious, it came up in english :) [06:24] and they doing hardware nat [06:24] cool. [06:25] current routers are going to struggle with gigabit speeds [06:25] yes... biggest ISP is still Telia, TSIC :D [06:25] TSIC are tier1 :D [06:25] i've heard of telia [06:26] they are huge [06:26] so yeah they must be big [06:26] cos i don't hear much about sweden [06:26] but they're all blonde over there right? [06:27] abba wasn't all blonde :-) [06:27] haha yes [06:27] they are doing stupid stuff like selling voip over adsl :) [06:28] what's stupid about that? [06:28] which is interesting when you pay for POTS [06:28] voip has some advantages over pots anyway [06:28] no [06:28] it hasn't [06:28] yes, it does. [06:28] voip is crap :D [06:28] can be crap [06:29] POTS always works [06:29] i dunno my phone line been having issues :/ [06:29] not mine [06:29] here it does [06:29] my line been crackling [06:29] and i've had it somewhere else before [06:29] and my parents had it once [06:29] if your line crackles too bad it can go off hook randomly [06:29] and then you can't receive phone calls [06:29] the weird thing is my dsl is stable [06:29] well, when they teard down the phoneline with a woodcutting machine it went dead [06:30] *** ese has quit IRC (*.net *.split) [06:30] *** plett has quit IRC (*.net *.split) [06:30] else , it always works [06:30] but yeah overall pots is still more reliable than voip [06:30] ersp. with regards to power outages etc [06:30] even in powerouttakes :D [06:30] well as long as you plug in a legacy phone :/ [06:30] voip over 3g is horrible :D [06:30] in the dark [06:31] yes [06:31] i've done voip over 3g [06:31] it was ok [06:31] it works... [06:31] modem over voip also kinda works [06:31] it depends on the jitter of the provider [06:31] but i was doing it with 80 msec ping [06:31] :E [06:31] on 3g [06:31] i would never pay for voip over adsl :D [06:32] why not i used to do it [06:32] but i use an alternatve voip provider [06:32] and it had cheaper phone calls [06:32] well, I still have to pay for copper [06:32] now i seem to get good value out of cellphone :/ [06:32] it used to be you could cut the cost of ringing cellphones down heaps here by using voip [06:32] ok [06:33] but now can get 120 minutes or something [06:33] of mixed minutes from cellphone [06:33] we used to pay 79cents/minute for cellphone calls on land line [06:33] calling is ridiculusly cheap here [06:33] and my cellphone plan used to be 49centres/minute to the same provider, and $1.40/minute to other networks [06:34] we got flatrate cellphone plans for like 25USD a month [06:34] then voip providers were like 35 cents/minute or something [06:34] call anyone domestic :D [06:34] i don't even know how much calling cellphones costs from landline here now [06:34] seems expensive :D [06:34] it's 5c/min on voip and 10c/min on landline domestic as normal rate here [06:34] i didn't say it was cheap [06:35] we don't have other options though :/ [06:35] businesses pay like 5c/min for local calls too [06:35] i htink the differens between dsl only copper and dsl with pots copper is like 2USD a month [06:35] but residential get free local calling [06:35] ahh [06:35] here the difference is about $20/month i think [06:36] *** ese has joined #arpnetworks [06:36] *** plett has joined #arpnetworks [06:36] which iz nd [06:36] is nzd [06:36] :D [06:36] but often there's discount of $10/month if you have tolls through your isp [06:36] hehe [06:36] so it ends up being $10/month difference or such [06:36] so even as backup it's not silly [06:36] sweden is really cheap for calling :D [06:36] heh [06:37] how much do phone lines cost there? [06:37] it's $45 nzd here [06:37] i can probably work out conversion rate [06:37] you use SEK right? [06:37] i guess 20USD a mon [06:37] mothn [06:37] yes [06:37] that's 237.57 SEK [06:37] hehe [06:37] that's just for a phone line no internet [06:37] yeah, around 22NZD for just phone here [06:38] i think the cheapest naked dsl are about $60 [06:38] hehe [06:38] and the cheapest DSL+POTS is about $70 [06:38] to me, it's the phone line that's overcharged [06:38] rather than the internet [06:39] i think my colleague pays like 45NZD a month for 100Mbps fiber at his house :D [06:39] cos the thing is for $19/month you can get cellphone prepay plan for 120 minutes of calling, 1gb of data, and unlimited text [06:39] well, time to go to new years party :D [06:39] hehe [06:39] ok [06:39] hf [06:39] hf [06:39] heh [06:53] *** heavysixer has joined #arpnetworks [06:53] *** ChanServ sets mode: +o heavysixer [06:55] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang) [07:02] *** ese has quit IRC (Read error: Connection reset by peer) [07:03] *** ziyourenxiang has joined #arpnetworks [07:03] *** ziyourenxiang has quit IRC (Client Quit) [07:04] *** ese has joined #arpnetworks [07:12] *** heavysixer has quit IRC (Quit: heavysixer) [07:13] *** heavysixer has joined #arpnetworks [07:13] *** ChanServ sets mode: +o heavysixer [07:24] haha, that's one thing that benefits people living in geographically tiny places - cheap to deploy fast infrastructure [07:35] *** milki has quit IRC (Ping timeout: 272 seconds) [07:38] *** heavysixer has quit IRC (Quit: heavysixer) [07:41] *** heavysixer has joined #arpnetworks [07:41] *** ChanServ sets mode: +o heavysixer [07:42] *** qbit has quit IRC (Remote host closed the connection) [07:43] *** qbit has joined #arpnetworks [07:47] *** demahai has joined #arpnetworks [07:48] *** qbit has quit IRC (Remote host closed the connection) [07:48] *** qbit has joined #arpnetworks [07:53] *** qbit has quit IRC (Remote host closed the connection) [07:53] *** qbit has joined #arpnetworks [08:02] *** demahai has quit IRC (K-Lined) [08:08] *** heavysixer has quit IRC (Quit: heavysixer) [08:10] *** forgotten has joined #arpnetworks [08:11] curious if anyone has a horrible experience attempting to use IPv6 and connections to freenode. Or any irc network for that matter. [08:11] god aweful slow. barely useable. etc [08:13] forgotten: openbsd? [08:14] m0unds: yes. [08:14] other people here have similar issues w/openbsd and ipv6 w/freenode [08:14] gotcha [08:14] *** Hien_ has joined #arpnetworks [08:15] forgotten: which IRC client? [08:15] irssi [08:15] even just ping6 outs to google takes 1000ms for the first response tho [08:15] whoa [08:16] *** milki has joined #arpnetworks [08:17] I'm doing it right now [08:17] No issues [08:17] *** ameise has joined #arpnetworks [08:17] you could try using /set server_connect_timeout to 5min to see if that prevents you from timing out in irssi, but that sounds like something else is screwy if it's taking 1 sec to get a response from google [08:17] phlux: are you using openbsd? [08:17] Ah, no [08:17] FreeBSD [08:17] same here, no problems either [08:18] (freebsd) [08:19] digging thru irc logs that google finds [08:20] *** heavysixer has joined #arpnetworks [08:20] *** ChanServ sets mode: +o heavysixer [08:22] *** CaZe`_ has joined #arpnetworks [08:23] *** Hien has quit IRC (Ping timeout: 240 seconds) [08:23] *** RandalSchwartz has quit IRC (Ping timeout: 240 seconds) [08:23] *** staticsafe-znc has quit IRC (Ping timeout: 240 seconds) [08:23] *** twobithacker has quit IRC (Ping timeout: 240 seconds) [08:23] *** ant has quit IRC (Ping timeout: 240 seconds) [08:24] *** NiTeMaRe has quit IRC (Ping timeout: 240 seconds) [08:24] *** xiphias has quit IRC (Ping timeout: 240 seconds) [08:24] *** CaZe` has quit IRC (Ping timeout: 240 seconds) [08:24] *** xiphias has joined #arpnetworks [08:24] *** ameise is now known as ant [08:25] *** xiphias has quit IRC (Changing host) [08:25] *** xiphias has joined #arpnetworks [08:31] yeah right now i have like 50 to 75 percent packet loss on ipv6 :(. according to "mtr -6 www.google.com" [08:31] can't seem to find anything related on the web [08:33] *** staticsafe-znc has joined #arpnetworks [08:33] *** NiTeMaRe has joined #arpnetworks [08:35] anyone seen up_the_irons ? [08:36] never in person ;-) [08:36] *** lteo has quit IRC (Ping timeout: 245 seconds) [08:37] heh [08:37] *** lteo has joined #arpnetworks [08:38] lteo: lol [08:40] *** NiTeMaRe has quit IRC (Ping timeout: 240 seconds) [08:47] *** twobithacker has joined #arpnetworks [08:55] forgotten: are you using the default /64 or did you have your /48 set up? [08:56] *** xiphias has quit IRC (Ping timeout: 240 seconds) [08:56] *** xiphias has joined #arpnetworks [08:57] *** xiphias has quit IRC (Ping timeout: 240 seconds) [08:57] *** staticsafe-znc has quit IRC (Ping timeout: 240 seconds) [08:57] *** xiphias has joined #arpnetworks [08:57] m0unds: default /64 [08:58] hm [08:58] *** xiphias has quit IRC (Changing host) [08:58] *** xiphias has joined #arpnetworks [08:58] do you see packet loss if you just ping6 or mtr -6 the gateway? [08:59] yep i get same amount to the first hop of the gateway [08:59] when going to google [08:59] running it by itself instantly goes to 40%, between 40 and 50% [09:00] *** NiTeMaRe has joined #arpnetworks [09:00] *** staticsafe-znc has joined #arpnetworks [09:00] *** heavysixer has quit IRC (Quit: heavysixer) [09:04] open a ticket - i had a similar issue last week; in my case, it was a config issue w/the redundant switch [09:04] *** forgotte1 has joined #arpnetworks [09:05] mtr is still showing 33% loss. But PF was blocking some icmp6 stuff. have that resolved. [09:07] this seems way more useable than before. i am able to type now at least lol [09:07] not seeing any ipv6 releated blocks in PF. at all. [09:08] do you still see packet loss if you temporarily disable pf? [09:09] *** NiTeMaRe has quit IRC (Ping timeout: 240 seconds) [09:12] *** NiTeMaRe has joined #arpnetworks [09:18] think i might have found something related [09:18] http://openbsd.7691.n7.nabble.com/4-8-current-tcpdump-pflog-unaligned-libpcap-packets-td170588.html [09:19] m0unds: and yes i have it disabled now. and am getting 60% loss to the Gateway addres [09:19] 1. 2607:f2f8:a768::1 65.5% 30 0.7 0.7 0.4 1.5 0.3 [09:19] so now my link is probably unrelated after trying this [09:26] Well that's neat [09:26] I mtr google myself (from my Debian host) and part way throughthe second packet, ithe whole connection hangs for 6 seconds or so. [09:27] Did that twice in a row [09:28] fwiw forgotte1 I'm seeing packet loss sporadically, both to the gateway (55pkts, 1.7%) and to Google (70pkts 4.1%) [09:28] mine will somewhat hang occationally too. which makes the loss spike higher [09:29] brycec: good to know. and that is from a debian vm ? [09:29] my lag shows 8.02 in irssi. on the ipv6 con right now. heh [09:29] yep [09:29] so it seems like an arp issue then. not an obsd issue. [09:30] I blame ARP's transit [09:30] * brycec always plays the transit [09:30] what host are you on? [09:30] kvr07 [09:31] im on kvr29 [09:31] I still see more problems with Freenode than any other IRC network, so I always chalk it up to Freenode [09:32] cept we are testing packet loss to goggle. and just the arp gateway lol [09:32] or i am [09:32] heh [09:32] The packet loss I'm seeing is highly intermittent [09:32] I restarted mtr, 100 packet, no loss [09:33] same here [09:33] 0.0% all the way to google since i restarted it [09:34] and suddenly, loss [09:34] (through the whole chain) [09:35] now seeing some loss [09:35] 11% [09:35] yep [09:35] something is majorly screwy. [09:35] those damn ubuntu servers ! [09:35] :P [09:35] hopefully I'll have time to re-setup smokeping today [09:49] *** heavysixer has joined #arpnetworks [09:49] *** ChanServ sets mode: +o heavysixer [09:53] *** forgotte1 has quit IRC (Quit: leaving) [09:53] *** forgotten has quit IRC (Quit: leaving) [09:53] *** avj has joined #arpnetworks [09:54] *** forgotten has joined #arpnetworks [10:30] *** heavysixer has quit IRC (Read error: Connection reset by peer) [10:31] *** heavysixer has joined #arpnetworks [10:31] *** ChanServ sets mode: +o heavysixer [10:32] *** heavysixer has quit IRC (Client Quit) [10:53] *** CaZe`_ has quit IRC () [12:02] *** heavysixer has joined #arpnetworks [12:02] *** ChanServ sets mode: +o heavysixer [12:23] *** heavysixer has quit IRC (Quit: heavysixer) [12:41] *** forgotten has quit IRC (Quit: leaving) [13:41] *** heavysixer has joined #arpnetworks [13:41] *** ChanServ sets mode: +o heavysixer [14:10] *** heavysixer has quit IRC (Quit: heavysixer) [14:15] *** heavysixer has joined #arpnetworks [14:15] *** ChanServ sets mode: +o heavysixer [14:30] *** heavysixer has quit IRC (Quit: heavysixer) [15:07] *** josephb has quit IRC (Ping timeout: 245 seconds) [15:07] *** josephb has joined #arpnetworks [15:56] *** lteo has quit IRC (Ping timeout: 245 seconds) [15:56] *** lteo has joined #arpnetworks [16:07] 1.93.25.234 is trying to hack me right now [16:52] China is trying to hack a server? Unbelievable!! I've never heard of such a thing ever in my whole life. [16:53] my first intrusion attempt :) [16:53] i sent auth log to the noc of the registered an, confirmed sshd is configured to not allow root login, now i'm conifguring pf. next i'll install fail2ban [16:54] * brycec has never, ever received a response from CNNIC. Nor has it ever appeared to do any good. [16:55] what's cnnic? [16:56] @wiki CNNIC [16:56] China Internet Network Information Center :: The China Internet Network Information Center (simplified Chinese: 中国互联网络信息中心; traditional Chinese: 中國互聯網絡信息中心; pinyin: Zhōngguó Hùlián Wǎngluò Xìnxī Zhōngxīn), or CNNIC, was founded as a non-profit organization on June 3, 1997. CNNIC is the administrative agency responsible for... http://en.wikipedia.org/wiki/China%20Internet%20Network%20Information% [16:57] ah [16:57] if they don't shape up ill just block their entire ip [16:57] block [16:58] Just block China. It's not like you want anything to do with them [16:58] And heck, it's only 4,940 CIDR blocks [16:59] do you block all of china? [17:00] I'm confident that at this rate, fail2ban will take care of that for me [17:43] robonerd: you can disable password auth [17:44] mercutio and go to ssh key auth? [17:44] robonerd: yeh [17:44] yep, i'll be getting to that after fail2ban [17:44] it's good to run both right? [17:44] i dunno about you, but i find encrypted key with unlocking it works best for me [17:44] if i use too many passwords i'll just be tempted to write them down, or cut and paste, or type the password into the wrong place. [17:45] i haven't typed any passwords into irc by accident yet though [17:45] can't you make as many mistakes with a key file? [17:45] what if file gets corrupt or w/e [17:45] i dunno, to my mind it makes sense to have an alpha numeric password for root [17:45] in case you need to get in via oob [17:45] but for normal user it only matters if you use sudo :/ [17:46] you kinda lost me with those last 2. catch me up? [17:46] and from that perspective if aynone hacks your user account they can get root [17:46] so it makes more sene to me to just log in as root to do root things, and as a user to do user things. [17:46] and keep them seggregated. [17:46] if the file gets corrupt? [17:46] files don't normally get corrupt. but in case yo lose your hard-drive you can have your key in multiple places [17:47] and if it's encrypted then you just unlock it once. [17:47] after i fail2ban_enable="Y" in rc.conf, then what? to enable fail2van with pf, please [17:49] i assume you need to reboot, if it's in rc.conf, but there may be some way to reread it [17:50] oh i lost you sorry i am losing myself :/ [17:50] too much coffee [17:50] with a key file, you can encrypt or have it not encrypted [17:50] if you have a key file unencrypted you can just copy it to every host you connect from, and connect with no passwrod at all [17:51] if you encrypt it you have to type an unlock passphrase on the key file to connect to a remote host [17:51] which is the same for all hosts you connect to with that key [17:51] but if you use something like ssh-agent, you can type that unlock passphrase once, and keep reconnecting to different hosts [18:12] <-- always surprised to learn people still use passwords for SSH auth [18:17] *** laotzi has joined #arpnetworks [18:17] *** laotzi has quit IRC (Client Quit) [18:18] *** laotzi has joined #arpnetworks [18:26] *** heavysixer has joined #arpnetworks [18:26] *** ChanServ sets mode: +o heavysixer [18:39] *** laotzi has quit IRC (Quit: Lost terminal) [18:39] *** heavysixer has quit IRC (Quit: heavysixer) [18:39] *** laotzi has joined #arpnetworks [19:47] *** CaZe has joined #arpnetworks [21:06] brycec: I use keys, but what do you do when you are on a new machine, do you have to keep a copy of your key handy? Passwords are a lot more portable [22:04] mnathani: I'm not saying never-ever-ever-ever-use passwords. There is a time, albeit briefly, for their use. In-person, freshly setup, etc. My surprise comes from those who use passwords daily, as if they were perfectly secure, etc. [22:05] *** TheHiTCH_ has quit IRC () [22:06] *** TheHiTCHO has joined #arpnetworks [22:06] Bryce's rules for basic security: Disable ssh login as root (or if you really must, key-only). If you can, disable password ssh altogether; if you cannot, at least setup two-factor. And yeah, you should probably have a passphrase on your key, and keep backup copies of your key in safe places, and while we're at it, use different keys for different machines/networks/etc. [22:33] you only need your public key [22:33] which you can stick on a web site or such if need be [22:33] ie you can give your public key out freely and not worry about it. It's the private key you have to keep secure. [22:34] what i tend to do is set a bad password, then stick key on, then change to a better password [22:44] *** CaZe has quit IRC (Ping timeout: 245 seconds) [22:44] *** CaZe` has joined #arpnetworks [22:45] *** CaZe` is now known as CaZe [23:52] can someone try to own my arp vps and see how the sec is?