up_the_irons: brycec: nice! brycec: Feb 12 00:08:09 vps3 smokeping[16901]: FPing6: probing 53 targets with step 60 s and offset 37 s.
Feb 12 00:08:09 vps3 smokeping[16902]: FPing: probing 159 targets with step 60 s and offset 1 s.
wheee up_the_irons: brycec: how does that work anyway, like your smokeping is running on your VPS here, but it says "median RTT to ARP", so it seems like it is going to itself
i guess what i'm asking is, what exactly is it measuring brycec: Hm, how odd... can't ping6 hurricane01.ring.nlnog.net (times out)
up_the_irons: "from ARP" used to say "from <hostname>" but I changed it to ARP to give a better global perspective
er, *from ARP
up_the_irons: where does it say "to ARP"? up_the_irons: oh i meant "from" brycec: oh heh
well the "from ARP" just means "from my VPS on kvr07 to arpnetworks01.ring.nlnog.net"
Which isn't overly useful I suppose, but the slaves are also hitting arpnetworks01.ring.nlnog.net
(And those slaves are also identified as "from <provider/ISP>" up_the_irons: so the others (Chunkhost, Comcast, etc...) all feed into this "main" smokeping? brycec: yes up_the_irons: cool
is Comcast your residential ISP, or is that somewhere else?
TWC could be residential OR data center end brycec: Smokeping has a nifty master/slave architecture. The master and slaves both also collect data, but the master receives it all, stores it, graphs, etc
Comcast is my home connection up_the_irons: cool brycec: TWC is a "business-class cable customer" up_the_irons: ok
neato brycec: (I thought I'd documented soem of these details on the smokeping page... I'm wrong, apparently)
I plan to turn up another slave in an IO datacenter in the next few days too
(IO does their own multi-homing "blended internet") up_the_irons: which IO data center? brycec: Phoenix up_the_irons: maybe you did document it, but i haven't found it :) brycec: I didn't find it either ;)
A client of mine has a half-cab in http://www.io.com/colocation/io-phoenix/ so I'll slip a slave in there.
Fun fact: That picture is not from the Phoenix DC. Dunno where from... but it's not in Phoenix :p up_the_irons: "No Monthly Recurring Fees for Cross-Connects", now that'd save me some money brycec: heh up_the_irons: i would say 80% of data center pics are not the actual data center
pisses me off
;) brycec: Makes sense though, pricing-wise. Only pay for the resources (some guy) used. Afterwards, your stuff is just laying in a tray overhead... why should that cost money?
In my limited interactions, I like IO up_the_irons: yeah, cross connects are a RAPE mercutio: was there just a network problem? brycec: not afaik up_the_irons: not that i saw brycec: Why, would you like one? mercutio: hah i think nodeping is having issues
how can thinks go up without going down brycec: hahaha
they went down, but the down notification was lost due to things being down? mercutio: oh it's changing numbers rnadomly up_the_irons: like a BOSS mercutio: so my cellphone don't group brycec: Is that like blinking lights randomly, to look busy? mercutio: heh
cloud core routers have a lcd
i mean seriously, if a router is working who wants to look at a lcd up_the_irons: srsly brycec: I can see how nodeping might be having some issues actually
https://smokeping.cobryce.com/?target=Internet.HENet.Europe.HEtserv11ams1v4 https://smokeping.cobryce.com/?target=Internet.HENet.Europe.HEtserv28waw1v4
both showing massive loss to ARP in the last few minutes mercutio: i'm not impressed by nodeping
oh wow
bah he tunnels
omg i wish amazon wouldn't email me about stuff i stuck in my cart
it emails me all the time
there seemed to be a little bit of a dip
but it wsa more liek total outage for a bit brycec: (returning to normal) mercutio: then ping came back less than before the outage
so i wonder if where was some hw chnage somewhere?
actually it's not total outage it's 19/20 packets dropped
but to my mind that means total outage :) -: brycec sticks that in the SLA fine-print -- "service still available, does not count as downtime" brycec: :P mercutio: oh weird minimum ping went interesting
suggesting los angels to nz
rather than la -> sj -> nz
i wodner if any2ix fell over temp
i don't think there's any way to view sessions ? up_the_irons: but are those graphs measuring tunnels?
seems like a lot of moving parts there mercutio: gah why is my irc suddenly laggy
it's wihtin nz
i think it's probably ddos
gah brycec: up_the_irons: my graphs are just from the VPS to the IP in the graph title. no tunneling up_the_irons: ah ok brycec: And if there's any way I can make that clearer, let me know up_the_irons: cuz the list on the left says tunnels brycec: I'll rename it ;) up_the_irons: OK:) dne: staticsafe: the smokeping webapp can be run as a PSGI app, if that helps :) -: brycec is running his as fastcgi
dne runs his using starman brycec: Otherwise all this attention would be crushing me :)
@imdb Starman BryceBot: [MOVIE] Title: Starman | Year: 1984 | Rating: 7.0 | Genre: Adventure, Drama, Romance | IMDB Link: http://imdb.com/title/tt0088172 mercutio: mm
my whole dsl died brycec: ouch mercutio: ikr brycec: You didn't really need it though, the DSL that is, right? I mean... there are plenty of sheep. dne: brycec: http://search.cpan.org/dist/Starman/ mercutio: haha brycec: dne: yeah, that was #7 in my Google mercutio: i dunno what happened yet
or how many people dropped, but it wasn't just me i know
my ssh stayed up :) brycec: I want to add historical traceroutes to my smokeping... But I can't decide on a user interface :( mercutio: damnit i think it dying again :( brycec: up_the_irons: one other note: the v6 connectivity on Chunkhost, Comcast, and TWC is provided by HE tunnels. So the data may be "skewed" a bit :( up_the_irons: brycec: ok brycec: (Sorry, not much I can do about "native" v6 connectivity on those) up_the_irons: yeah
lots of packet loss on HE lon2 and ams1 nodes right now mercutio: apparently that ddos attack thing was bigger in europe than the US
i didn't really notice anything with that ddos fwiw
other than people talking about it :) brycec: y'all are the only I've heard of it :p BryceBot: <mercutio> i ofap oetppfip fp e kitgpebiu pi p:) brycec: damnit perl mercutio: what mike-burns: Did we just get Klingon'ed? brycec: y// in perl meets sed's "use any symbol as a delineator" mercutio: haha brycec: so y''
But I'm blaming perl for y//. <3 sed up_the_irons: y'all are smokin' crack BryceBot: <brycec> ButaI'mabrcmingapekrafokay//.a<3ased up_the_irons: YES brycec: well done. Now just lie on your side, the paramedics are on their way up_the_irons: my gawd, the mail gem rocks
https://github.com/mikel/mail ant: woah...that was a lot of scrollback mercutio: sometimes the channel is idle for a whole day basically..
not recently though up_the_irons: yeah, lately there's been a lot of activity ant: some more lines and it had maxed out my scrollback buffer up_the_irons: haha mercutio: i found weechat is automatically logging
makes it easier to search for urls.. brycec: lol
up_the_irons: Is there some reason I can ping my gw 174.136.103.129 but traceroutes fail? (apologies if it's a dumb question)
up_the_irons: I also have weirdness trying to traceroute to arpnetworks.com (I get just the first hope 174.136.103.129 and everything else times out) up_the_irons: brycec: hmmm not sure brycec: (ipv4 btw)
v6 seems fine up_the_irons: paste mtr report brycec: mmkay
hm, mtr is happy, traceroute is not. -: brycec is up way past bedtime :/ brycec: Makes me think I should be using mtr instead of traceroute in my logging
up_the_irons: yep, traceroute -I works (ICMP ECHO) mercutio: traceourte is udp
oh
i'm slow brycec: heh
me too
apparently up_the_irons: i always thought traceroute used icmp
ya learn something new every day!
ok, udp by default ant: using udp allows one to use traceroute as a regular user (at least under linux) brycec: and without setuid'ing
as mtr is ant: yeah mercutio: it does on windows
i think up_the_irons: so, interesting:
regular 'traceroute', for v4, uses UDP
but for v6, uses ICMP6
wait, n/m
i'm wrong
UDP for both mercutio: heh
i usuaully use mtr --report btw bryce
it works pretty well up_the_irons: brycec: anyway, the answer is, iptables on arpnetworks.com server is blocking something. i can see the traceroute if i disable it. mercutio: cos often you want more than 3 pings to a destination even when doing a traceroute
if there's an actual issue..
if you just want to know the path, then mtr --report --report-cycles=1 is probably faster
traceroute takes ages while it times out
the only problem with mtr --report is that it cuts off the end of hostnames
and some hostnames don't map back to ip's
but you can use -n as well to get around that
often when tehre are actual outages, there'll be looping etc, or changed paths
while bgp reconverges
also for some reason mtr --report can often drop a single packet brycec: mercutio: actually my mtr line for logging is: mtr --report --report-wide --report-cycles 1 -o "N " google.com mercutio: so if there's 10% packet loss it doesn't relaly mean anything brycec: --report-wide ;) 02:49:10 < mercutio> the only problem with mtr --report is that it cuts off the end of hostnames mercutio: oh i haven't tried report-wide
it still doesn't fix the issue that some things don't resolve brycec: I'm not concerned about actual ping times or loss in this case, just looking to record the route.
heh mercutio: ok
i mean forwrad lookup
it does reverse lookup but some things only work in one direction
traceroute shows both brycec: traceroute also does AS lookup :) mercutio: true
but you shouldn't need that brycec: true, but I think it's neat mercutio: whois.radb.net/whois: Servname not supported for ai_socktype
hmm
wonder why my -A option isn't working
in theory asn support could be added to mtr ant: i'm wondering where's the issue here: http://pastebin.com/nQDqXDuc . is it ntt? or telia? up_the_irons: ant: i can reach it over ntt
from London ant: hm..
brb lunch
ree up_the_irons: reee ant: ok. now i totally suspect telia
when i try it with nagios.teuchert.org (same machine, just another ip address from the same /64) instead of wnd1 everything is fine.
and i already had such issues in the past up_the_irons: ouch ant: now the issue is gone ***: toddf has quit IRC (Quit: leaving)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
abthorpet has joined #arpnetworks
mjp_ has joined #arpnetworks
KDE_Perr1 has joined #arpnetworks
DaCa_ has joined #arpnetworks
KDE_Perry has quit IRC (*.net *.split)
DaCa has quit IRC (*.net *.split)
tabthorpe has quit IRC (*.net *.split)
mjp has quit IRC (*.net *.split) brycec: Yep. http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes-us-europe.aspx toddf: note that cloudfare serves both coinbase and btc-e brycec: Among many others :p ***: ant has quit IRC (Ping timeout: 245 seconds)
ant has joined #arpnetworks
pjs has quit IRC (Read error: Connection reset by peer)
pjs has joined #arpnetworks
pjs is now known as Guest53036 mercutio: brycec: news articles were a bit skimp on the ddos brycec: Not surprising mercutio: itnews.com.au is the first one i read brycec: It was linked off /. mercutio: a lot of others were like 12 hours later or osmething
ahh ok someone posted to nznog
which is like nanog but for new zealand with less posts :) ***: RandalSchwartz has joined #arpnetworks RandalSchwartz: weird. Why won't my arp server connect to freenode? m0unds: any specific server? RandalSchwartz: tried a few m0unds: i'm connected now via ipv6
to asimov.freenode.net RandalSchwartz: I'll have to try again later m0unds: wait, no
i'm on v4
haha ***: m0unds has quit IRC (Quit: reload)
m0unds has joined #arpnetworks m0unds: hm
seems ok RandalSchwartz: weird… says my nick already in use
must've sorta connected already
Oh heh… it's this adium ***: RandalSchwartz is now known as Randal
RandalSchwartz has joined #arpnetworks
RandalSchwartz has quit IRC (Remote host closed the connection)
Randal has left
grepidemic has quit IRC (Read error: Connection reset by peer)
grepidemic has joined #arpnetworks brycec: lolol ***: RandalSchwartz has joined #arpnetworks RandalSchwartz: There. back on again. ***: Guest53036 is now known as pjs
grepidemic has quit IRC (Ping timeout: 272 seconds)
abthorpet has quit IRC (Ping timeout: 272 seconds)
mnathani has quit IRC (Ping timeout: 272 seconds)
[FBI] has quit IRC (Ping timeout: 272 seconds)
[FBI] starts logging #arpnetworks at Wed Feb 12 18:21:14 2014
[FBI] has joined #arpnetworks m0unds: AAAAHHHH ***: jlgaddis has quit IRC (*.net *.split)
jpalmer_ has quit IRC (Ping timeout: 260 seconds)
tabthorpe has joined #arpnetworks
tabthorpe has quit IRC (Changing host)
tabthorpe has joined #arpnetworks
hive-mind has quit IRC (Remote host closed the connection)
grepidemic has quit IRC (*.net *.split)
hive-mind has joined #arpnetworks
dj_goku has joined #arpnetworks
pcn has quit IRC (Ping timeout: 260 seconds)
mnathani has joined #arpnetworks
jpalmer has joined #arpnetworks
pcn has joined #arpnetworks
KDE_Perry has joined #arpnetworks
grepidemic has joined #arpnetworks
hive-mind has quit IRC (Ping timeout: 265 seconds)
KDE_Perr1 has quit IRC (*.net *.split)
acf_ has quit IRC (*.net *.split)
brycec has quit IRC (*.net *.split)
hive-mind has joined #arpnetworks
acf_ has joined #arpnetworks
jlgaddis has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
dj_goku_ has joined #arpnetworks
dj_goku_ has quit IRC (Changing host)
dj_goku_ has joined #arpnetworks
brycec has joined #arpnetworks brycec: <><
*<.<
>.> ***: dj_goku has quit IRC (Ping timeout: 260 seconds)
mercutio has quit IRC (Ping timeout: 264 seconds)
mercutio has joined #arpnetworks
grepidemic has quit IRC (Ping timeout: 245 seconds)
grepidemic has joined #arpnetworks
gizmoguy has quit IRC (Ping timeout: 272 seconds)
gizmoguy has joined #arpnetworks
gizmoguy has quit IRC (Remote host closed the connection)
gizmoguy has joined #arpnetworks mnathani: for a Vmware VM purposed as a firewall to provide NAT services to other VMs would you recommend IPcop, Pfsense or some other firewall distro? brycec: pfSense
I fucking <3 pfSense
so much. m0unds: yea, i didn't even know ipcop still existed jbergstroem: +1 dat m0unds: pfsense for sure up_the_irons: we have at least a couple handful of customers using pfSense, seems very popular m0unds: it's a good fw - i used it for like 5-6 years
and m0n0wall before it mercutio: i tried it once briefly
i prefer straight openbsd
but i like cli
as far as web ui's goes it seemed ok though m0unds: yea, pretty well designed ui
pretty flexible too, but i prefer cli as well mercutio: there's also freebsd/pf as an option
freebsd 10 added smp support to pf
but i think for most people it isn't really necessary m0unds: yea mnathani: I am trying to get pfSense working as a router to route between different subnets
it says: ID ##apple Batch ##apple Evaluators Name1. Size2. Depth3.Nec Tiss Type4. Amt Nec Tiss5. Gran Tissue Type6. Amt Gran Tissue7. Edges8. Peri ulcer skinTotal
oops
it says DO not enter static routes for networks assigned on any interface of this firewall
my bad, windows box had local firewall on (wasnt responding to pings) brycec: lol
was gonna say that it "just works" :P
and be sure that there are pass rules in place
On the topic of pfSense, the interface is great and full-featured. It's solid and well-documented, I can turn it over to less-experienced persons. At the same time, i still have CLI access (and serial access) to perform more in-depth debugging. mnathani: how is the OpenVPN integration? brycec: Works just fine
And I think with the latest release, I didn't have to add any manual configs
*parameters
(I use both client and server functions, btw) mnathani: up_the_irons: surely you mean dedicated customers running pfSense in a VM rather than VPS customers?
pfSense is really awesome from what I gather so far.
just came across: https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker brycec: tunnelbroker even links to that