up_the_irons: This may be of interest then ;) https://smokeping.cobryce.com/?target=Internet.NLNOGRING  (I only just added it, so it's still empty)
brycec: nice!
Feb 12 00:08:09 vps3 smokeping[16901]: FPing6: probing 53 targets with step 60 s and offset 37 s.
Feb 12 00:08:09 vps3 smokeping[16902]: FPing: probing 159 targets with step 60 s and offset 1 s.
wheee
brycec: how does that work anyway, like  your smokeping is running on your VPS here, but it says "median RTT to ARP", so it seems like it is going to itself
i guess what i'm asking is, what exactly is it measuring
Hm, how odd... can't ping6 hurricane01.ring.nlnog.net (times out)
up_the_irons: "from ARP" used to say "from <hostname>" but I changed it to ARP to give a better global perspective
er, *from ARP
up_the_irons: where does it say "to ARP"?
oh i meant "from"
oh heh
well the "from ARP" just means "from my VPS on kvr07 to arpnetworks01.ring.nlnog.net"
Which isn't overly useful I suppose, but the slaves are also hitting arpnetworks01.ring.nlnog.net
(And those slaves are also identified as "from <provider/ISP>"
so the others (Chunkhost, Comcast, etc...) all feed into this "main" smokeping?
yes
cool
is Comcast your residential ISP, or is that somewhere else?
TWC could be residential OR data center end
Smokeping has a nifty master/slave architecture. The master and slaves both also collect data, but the master receives it all, stores it, graphs, etc
Comcast is my home connection
cool
TWC is a "business-class cable customer"
ok
neato
(I thought I'd documented soem of these details on the smokeping page... I'm wrong, apparently)
I plan to turn up another slave in an IO datacenter in the next few days too
(IO does their own multi-homing "blended internet")
which IO data center?
Phoenix
maybe you did document it, but i haven't found it :)
I didn't find it either ;)
A client of mine has a half-cab in http://www.io.com/colocation/io-phoenix/ so I'll slip a slave in there.
Fun fact: That picture is not from the Phoenix DC. Dunno where from... but it's not in Phoenix :p
"No Monthly Recurring Fees for Cross-Connects", now that'd save me some money
heh
i would say 80% of data center pics are not the actual data center
pisses me off
 ;)
Makes sense though, pricing-wise. Only pay for the resources (some guy) used. Afterwards, your stuff is just laying in a tray overhead... why should that cost money?
In my limited interactions, I like IO
yeah, cross connects are a RAPE
was there just a network problem?
not afaik
not that i saw
Why, would you like one?
hah i think nodeping is having issues
how can thinks go up without going down
hahaha
they went down, but the down notification was lost due to things being down?
oh it's changing numbers rnadomly
like a BOSS
so my cellphone don't group
Is that like blinking lights randomly, to look busy?
heh
cloud core routers have a lcd
i mean seriously, if a router is working who wants to look at a lcd
srsly
I can see how nodeping might be having some issues actually
https://smokeping.cobryce.com/?target=Internet.HENet.Europe.HEtserv11ams1v4 https://smokeping.cobryce.com/?target=Internet.HENet.Europe.HEtserv28waw1v4
both showing massive loss to ARP in the last few minutes
i'm not impressed by nodeping
oh wow
bah he tunnels
omg i wish amazon wouldn't email me about stuff i stuck in my cart
it emails me all the time
there seemed to be a little bit of a dip
but it wsa more liek total outage for a bit
(returning to normal)
then ping came back less than before the outage
so i wonder if where was some hw chnage somewhere?
actually it's not total outage it's 19/20 packets dropped
but to my mind that means total outage :)
:P
oh weird minimum ping went interesting
suggesting los angels to nz
rather than la -> sj -> nz
i wodner if any2ix fell over temp
i don't think there's any way to view sessions ?
but are those graphs measuring tunnels?
seems like a lot of moving parts there
gah why is my irc suddenly laggy
it's wihtin nz
i think it's probably ddos
gah
up_the_irons: my graphs are just from the VPS to the IP in the graph title. no tunneling
ah ok
And if there's any way I can make that clearer, let me know
cuz the list on the left says tunnels
I'll rename it ;)
OK:)
staticsafe: the smokeping webapp can be run as a PSGI app, if that helps :)
Otherwise all this attention would be crushing me :)
@imdb Starman
[MOVIE] Title: Starman | Year: 1984 | Rating: 7.0 | Genre: Adventure, Drama, Romance | IMDB Link: http://imdb.com/title/tt0088172
mm
my whole dsl died
ouch
ikr
You didn't really need it though, the DSL that is, right? I mean... there are plenty of sheep.
brycec: http://search.cpan.org/dist/Starman/
haha
dne: yeah, that was #7 in my Google
i dunno what happened yet
or how many people dropped, but it wasn't just me i know
my ssh stayed up :)
I want to add historical traceroutes to my smokeping... But I can't decide on a user interface :(
damnit i think it dying again :(
up_the_irons: one other note: the v6 connectivity on Chunkhost, Comcast, and TWC is provided by HE tunnels. So the data may be "skewed" a bit :(
brycec: ok
(Sorry, not much I can do about "native" v6 connectivity on those)
yeah
lots of packet loss on HE lon2 and ams1 nodes right now
apparently that ddos attack thing was bigger in europe than the US
i didn't really notice anything with that ddos fwiw
other than people talking about it :)
y'all are the only I've heard of it :p
<mercutio> i ofap oetppfip fp e kitgpebiu pi p:)
damnit perl
what
Did we just get Klingon'ed?
y// in perl meets sed's "use any symbol as a delineator"
haha
so y''
But I'm blaming perl for y//. <3 sed
y'all are smokin' crack
<brycec> ButaI'mabrcmingapekrafokay//.a<3ased
YES
well done. Now just lie on your side, the paramedics are on their way
my gawd, the mail gem rocks
https://github.com/mikel/mail
woah...that was a lot of scrollback
sometimes the channel is idle for a whole day basically..
not recently though
yeah, lately there's been a lot of activity
some more lines and it had maxed out my scrollback buffer
haha
i found weechat is automatically logging
makes it easier to search for urls..
lol
up_the_irons: Is there some reason I can ping my gw 174.136.103.129 but traceroutes fail? (apologies if it's a dumb question)
up_the_irons: I also have weirdness trying to traceroute to arpnetworks.com (I get just the first hope 174.136.103.129 and everything else times out)
brycec: hmmm not sure
(ipv4 btw)
v6 seems fine
paste mtr report
mmkay
hm, mtr is happy, traceroute is not.
Makes me think I should be using mtr instead of traceroute in my logging
up_the_irons: yep, traceroute -I works (ICMP ECHO)
traceourte is udp
oh
i'm slow
heh
me too
apparently
i always thought traceroute used icmp
ya learn something new every day!
ok, udp by default
using udp allows one to use traceroute as a regular user (at least under linux)
and without setuid'ing
as mtr is
yeah
it does on windows
i think
so, interesting:
regular 'traceroute', for v4, uses UDP
but for v6, uses ICMP6
wait, n/m
i'm wrong
UDP for both
heh
i usuaully use mtr --report btw bryce
it works pretty well
brycec: anyway, the answer is, iptables on arpnetworks.com server is blocking something.  i can see the traceroute if i disable it.
cos often you want more than 3 pings to a destination even when doing a traceroute
if there's an actual issue..
if you just want to know the path, then mtr --report --report-cycles=1 is probably faster
traceroute takes ages while it times out
the only problem with mtr --report is that it cuts off the end of hostnames
and some hostnames don't map back to ip's
but you can use -n as well to get around that
often when tehre are actual outages, there'll be looping etc, or changed paths
while bgp reconverges
also for some reason mtr --report can often drop a single packet
mercutio: actually my mtr line for logging is: mtr --report --report-wide --report-cycles 1 -o "N      " google.com
so if there's 10% packet loss it doesn't relaly mean anything
--report-wide ;) 02:49:10 < mercutio> the only problem with mtr --report is that it cuts off the end of hostnames
oh i haven't tried report-wide
it still doesn't fix the issue that some things don't resolve
I'm not concerned about actual ping times or loss in this case, just looking to record the route.
heh
ok
i mean forwrad lookup
it does reverse lookup but some things only work in one direction
traceroute shows both
traceroute also does AS lookup :)
true
but you shouldn't need that
true, but I think it's neat
whois.radb.net/whois: Servname not supported for ai_socktype
hmm
wonder why my -A option isn't working
in theory asn support could be added to mtr
i'm wondering where's the issue here: http://pastebin.com/nQDqXDuc . is it ntt? or telia?
ant: i can reach it over ntt
from London
hm..
brb lunch
ree
reee
ok. now i totally suspect telia
when i try it with nagios.teuchert.org (same machine, just another ip address from the same /64) instead of wnd1 everything is fine.
and i already had such issues in the past
ouch
now the issue is gone
Yep. http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes-us-europe.aspx
note that cloudfare serves both coinbase and btc-e
Among many others :p
brycec: news articles were a bit skimp on the ddos
Not surprising
itnews.com.au is the first one i read
It was linked off /.
a lot of others were like 12 hours later or osmething
ahh ok someone posted to nznog
which is like nanog but for new zealand with less posts :)
weird.  Why won't my arp server connect to freenode?
any specific server?
tried a few
i'm connected now via ipv6
to asimov.freenode.net
I'll have to try again later
wait, no
i'm on v4
haha
hm
seems ok
weird… says my nick already in use
must've sorta connected already
Oh heh… it's this adium
lolol
There.  back on again.
AAAAHHHH
<><
*<.<
>.>
for a Vmware VM purposed as a firewall to provide NAT services to other VMs would you recommend IPcop, Pfsense or some other firewall distro?
pfSense
I fucking <3 pfSense
so much.
yea, i didn't even know ipcop still existed
+1 dat
pfsense for sure
we have at least a couple handful of customers using pfSense, seems very popular
it's a good fw - i used it for like 5-6 years
and m0n0wall before it
i tried it once briefly
i prefer straight openbsd
but i like cli
as far as web ui's goes it seemed ok though
yea, pretty well designed ui
pretty flexible too, but i prefer cli as well
there's also freebsd/pf as an option
freebsd 10 added smp support to pf
but i think for most people it isn't really necessary
yea
I am trying to get pfSense working as a router to route between different subnets
it says: ID ##apple Batch ##apple Evaluators Name1. Size2. Depth3.Nec Tiss Type4. Amt Nec Tiss5. Gran Tissue Type6. Amt Gran Tissue7. Edges8. Peri ulcer skinTotal
oops
it says DO not enter static routes for networks assigned on any interface of this firewall
my bad, windows box had local firewall on (wasnt responding to pings)
lol
was gonna say that it "just works" :P
and be sure that there are pass rules in place
On the topic of pfSense, the interface is great and full-featured. It's solid and well-documented, I can turn it over to less-experienced persons. At the same time, i still have CLI access (and serial access) to perform more in-depth debugging.
how is the OpenVPN integration?
Works just fine
And I think with the latest release, I didn't have to add any manual configs
*parameters
(I use both client and server functions, btw)
up_the_irons: surely you mean dedicated customers running pfSense in a VM rather than VPS customers?
pfSense is really awesome from what I gather so far.
just came across: https://doc.pfsense.org/index.php/Using_IPv6_on_2.1_with_a_Tunnel_Broker
tunnelbroker even links to that