#arpnetworks 2014-06-15,Sun

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***grepidemic has quit IRC (Quit: leaving)
pinkus has joined #arpnetworks
[07:00]
..... (idle for 20mn)
RandalSchwartz has quit IRC (Remote host closed the connection) [07:24]
.............................. (idle for 2h29mn)
pinkus has quit IRC (Quit: WeeChat 0.3.8) [09:53]
........... (idle for 51mn)
grepidemic has joined #arpnetworks [10:44]
mus1cb0x has joined #arpnetworks [10:56]
mus1cb0xanother night, another broken pipe to kvr14
it's getting predictable at this point
[10:56]
m0undsmus1cb0x: what sort of pattern are you seeing with it? does it coincide with elevated traffic to your vps or something? [11:02]
mus1cb0xyea so i shell in to a regular user, run tmux, and tail -f access.log
i monitor traffic to a web site
so i wake up, or whenever it happens, and i've learned to type a letter then delete it, to check if the connection is still live
then it immediately shits out to broken pipe and my prompt
so i have to ssh back in and tmux attach
[11:03]
m0undsis the machine you're connecting from going to sleep?
or is it shutting its nic/wlan-if down to conserve power or something to that effect?
[11:06]
mus1cb0xno because my ssh connection to a different vps (on a diff kvr) isn't dying
that one is fbsd 9.2 also
the only difference is that one uses screen vs tmux, not sure if that could be a cause
[11:07]
m0undswhat os are you connecting from?
if you're able to figure out what precise time your session drops, i'd suggest checking the logs of both the remote box and your workstation/laptop/whatever to see if there's some event that lines up
[11:08]
mus1cb0xos x
well that's tough because it's usually while i'm asleep
[11:10]
m0undsbut the other session never drops at all? [11:12]
mus1cb0xi wouldn't say never, but more rarely
what's odd is last week and back, it was the other way around
kvr14's vps never dropped
now it drops the most
[11:13]
m0undshuh. [11:14]
...................... (idle for 1h46mn)
Erick-Is the quality of arpnetworks's VPS very good? [13:00]
plettmus1cb0x: You should have keepalives enabled in your ssh client. That would at least solve the problem of you having to type a character to discover that the session has been dead for hours, and could actually solve the problem if it's being caused by some over-zealous stateful firewall closing the session because it's too idle [13:02]
acf_I think ssh -o TCPKeepAlive ... or /etc/ssh/ssh_config of course [13:03]
mus1cb0xah i do have a pretty nailed down firewall on this vps
Erick-: yea it is
i'm sure the issue i'm having is 'something else'
i'm using iterm plett, know which option it is to enable keep alives?
oh i can put it server side?
[13:12]
plettmus1cb0x: I can't answer about iterm, I've never used it. But yes, it could be used from either end [13:15]
mus1cb0xserver side ftw! [13:15]
plettEnabling it at the server side won't solve the situation of pressing a key and finding that the session died hours ago
As, once the session has died, the server will know all about it with its keepalives, but can't tell the client about it because the session has died!
[13:15]
mus1cb0xaha [13:17]
plettIt might still solve the problem though, if it's being caused by NAT timeouts or stateful firewalls [13:23]
Erick-thanks mus1cb0x
Are they quick to set up?
[13:32]
acf_usually they are provisioned within 1 business day I think [13:37]
Erick-nice
thanks
[13:37]
brycecmus1cb0x: Another "diagnostic" - connect to IRC from kvr14, see if that connection also drops. [13:47]
..................... (idle for 1h41mn)
***erratic has joined #arpnetworks [15:28]
erraticwhen I try to connect with realvnc it just drops my connection and doesn't say anything wth am I supposed to do [15:28]
***erratic has quit IRC (Ping timeout: 245 seconds)
erratic_ has joined #arpnetworks
[15:42]
erratic_PING 1402872136 552232
Error 502 - Bad Request
The server could not resolve your request for uri: http://console.cust.arpnetworks.com/
what is this?
oooo nm
figured it out :D
[15:42]
.... (idle for 15mn)
mercutiowhat was it? [16:00]
erratic_you just ssh to it and it gives you a tintin++ thing where you can get to a serial console
after you upload your ssh public key on the portal manager
it might be pointless to ask this yet since i don't even have a dns server setup yet but I read on the FAQ that I can setup reverse zones and handle my own RDNS
and I'd like to do that, and I know i can set it up because I've done it before but how do you handle it on your side
do I have to do updates from my dns server or something?
[16:00]
acf_there are options in the portal to delegate RDNS afaik [16:03]
brycecerratic_: it's in the portal
^^
[16:03]
erratic_alright I'll take another look in a sec [16:03]
brycechttps://portal.arpnetworks.com/accounts/0/dns_records/reverse_dns [16:03]
erratic_I haven't made it that far
yes I saw this
but this is for managing the records through the site and I would like to manage the ptr records in my own dns server
oh wait
nm I found it I guess I just specify an NS record instead of ptr records
[16:03]
brycecYep [16:04]
erratic_got it thank you
++ service btw by far the best I've ever seen (but thats only because the things I care about are things like how you have dns setup)
I really like that
I've been waiting years for people to figure that out lol
do you guys have any clients who need large numbers of instances ?
[16:05]
acf_you'd have to ask up_the_irons
we're customers here
[16:07]
mus1cb0xbrycec: good idea, ty i'll do that [16:20]
brycec(as explained in the /topic)
mus1cb0x: Yep - bound to be data crossing at all times, including periodic keep-alive pings between client and server. Plus the channel can watch and see when you get disconnected.
[16:30]
........ (idle for 39mn)
***httpducks has quit IRC (Ping timeout: 245 seconds) [17:10]
..................... (idle for 1h40mn)
grepidemic has quit IRC (Remote host closed the connection) [18:50]
...... (idle for 26mn)
mnathaniup_the_irons: how does ARP manage VLANS per host on different NICs and present them to the various VPSen
up_the_irons: is there a lot of work that goes in to adding a new VPS for an existing customer to stretch that VLAN to the respective KVR host
Also do the ubuntu kvr hosts trunk to the different switches on their physical nics to be able to carry multiple VLANs?
[19:16]
mercutioi imagine so
i imagine every vlan goes to every kvr, but i don't nkow for sure :)
but otherwise it sounds harder to maintain
[19:28]
..... (idle for 20mn)
mnathaniI guess I am wondering if all traffic to the physical nic would be tagged 802.1q or will some traffic remain untagged on the same interface for management and other purposes [19:49]
***erratic_ has quit IRC (Ping timeout: 240 seconds) [19:52]
erratic has joined #arpnetworks
erratic is now known as Guest84122
[20:04]
..... (idle for 23mn)
brycecAs I understand it, all customer traffic remains tagged right up to the router.
I would assume the hosts' management networks are untagged for simplicity, but that's just a guess.
brycec loves the magic of vlans
I wonder if up_the_irons has the switches configured to only pass a customer's vlan on the customer's KVR host(s) and the router
(It's logical, from a congestion point of view, but it does add a little overhead to management)
[20:28]
m0undsi imagine he does - the cacti graphs show specific vlan #s [20:32]
mnathaniwould up_the_irons need to create bridge interfaces for each customer vlan on each host that has a vps, probably automated and scripted but still needs to be done
not really sure how vlans work with kvm
[20:33]
***cpinkus has joined #arpnetworks [20:37]
brycecYes there's a tap bridge
Speaking from my own kvm experience, and working with up_the_irons to get the dedicated connection to the backup server setup with a big MTU
It would be interesting to see "ifconfig -a" from a full host
[20:42]
mnathaniNow on the backup server side, it would be a physical interface. Would the vlan tag be stripped somewhere along the way?
up_the_irons: and no, I am not looking to steal your architecture / design and start my own hosting company. Just curious how you run things
[20:49]
brycecmnathani: It's never stripped, it arrives tagged at the backup server, and up_the_irons just added another interface (eg. eth0.1463)
As far as the "direct" connection goes.
If you don't have a dedicated interface setup, you're just hitting the router
To clarify: It's a dedicated VLAN, separate from the "customer VLAN," bridged to another interface on your VM (I named my bu-vlan), and an interface on the backup host. And each side uses the ipv6 link-local address of the other.
[20:58]
mnathanithat would mean the backup server would have to have a trunk interface that carries vlans? [21:02]
brycecYes
Doesn't need to be "trunked," just carries tagged traffic
[21:02]
mnathaniI guess I am used to cisco terminology for a switch : access port = 1 vlan, trunk port = multiple vlans tagged [21:03]
brycecheh
I'm always astounded by the varying dictionaries
[21:05]
mnathaniwas there a benefit to using ipv6 link local vs say some rfc1918 ipv4 space? [21:09]
brycecWhere I "come from," a "trunk" could mean a port carrying multiple vlans tagged, or a LAGG interface
mnathani: IPv6 link-local is based on the interface MAC, so no need to come up with (manage) addresses, they're just the auto-generated MACs
[21:09]
mnathaniwhat kind of transfer rates do you get to the backup box? [21:11]
brycecHWaddr 52:54:00:2b:83:74 inet6 addr: fe80::5054:ff:fe2b:8374/64 Scope:Link
fast (enough)? Haven't tested lately.
"The way it works is I gave your VPS a 2nd NIC. And the plumbing on the backend connects this NIC to our Customer Backup VLAN (happens to be VLAN 71, spanned over one of our GigE links). It's like your VPS is now connected to a 2nd switch, which also happens to have a link to the backup server."
^ What up_the_irons explained to me about the backup host
[21:11]
mnathaniin that case, you could potentially reach other customers VPS via the backup link? [21:20]
brycecmnathani: Last I tested, I was seeing ~320mbps [21:20]
mercutioand set up a peering exchange haha [21:20]
brycecmnathani: No [21:20]
mnathaniEven if they too were setup with the 2nd NIC and connected to VLAN 71? [21:22]
brycecBut they would get a different VLAN
At least, that's my understanding... And I only see my host (and his) on my interface (IPv6 ND)
[21:23]
mnathanifrom up_the_irons message it seems there is 1 VLAN designated for Customer Backup. This way it would simplify configuration as he would not need to reconfigure the backup server each time a new customer is added to the backup vlan.
I might be mistaken however
[21:25]
brycecYeah I see that too [21:25]
mnathaniup_the_irons can clear this up eventually [21:25]
brycecbrycec nods [21:26]
Guest84122dipdopdup [21:38]
PING 1402893998 866800 [21:46]
***Guest84122 is now known as erratic [21:46]
mercutiowhy are you pinging [21:46]
erraticcant tell if im connected or not
https://gist.github.com/paigeadele/5d433c88454827d06650
[21:47]
BryceBotGist: "https://gist.github.com/5d433c88454827d06650" [21:47]
erraticwhat do I do when it sez attach to reopen [21:48]
acf_type ctrl+E c ? maybe? [21:50]
erraticyes thats what it does when I do the ctrl +E co
it just says attach to reopen wtf that means
doesnt do me any good
[21:51]
acf_well, idk
you could try other things
like "down a console"
or "disconnect"
or "attach read/write"
[21:54]
erraticf force attach read/write m display the message of the day
think that worked, lemme check
there we go
damn, I donno why I didnt think to try the help menu
this popcorn Im eating is making me dumb
I had an even weirder problem earlier
where I couldn't get in through ssh, which is hy I was trying to get back via serial but I just checked ssh and it works now and nothing has changed
[21:57]
acf_hmm, strange
could you ping it?
[22:01]
erraticno
seems fine now
[22:02]
acf_likely something in the container I think
if it happens again, do a traceroute to it, see if it can get to the router before your vps
[22:05]
erraticjust curious if anyone here has tried brokering their ipv6 block via openvpn? I got it to work but I dont think it should work...
acf_: good point, I haven't done this kinda stuff in almost a year so I've forgotten how to take care of myself
my mind has been occupied with getting this idea working which it does, but I donno if I like how it works
its bridge mode
[22:09]
acf_with tap?
or tun
[22:10]
erraticyes tap, but basically I had to ...
one sec
[22:11]
acf_when you bridge eth0 with tap0 [22:12]
erraticitll be easier if I just throw it all into gist and show you [22:12]
acf_go for it
it would probably be better to ask for your /48 to be routed
[22:12]
erraticthats what Im wondering I donno what thats about but Im guessing htats worth investigating
https://gist.github.com/paigeadele/b638b3fddf0fa10504d1
[22:13]
BryceBotGist: "https://gist.github.com/b638b3fddf0fa10504d1" [22:13]
acf_http://support.arpnetworks.com/kb/main/what-is-the-difference-between-my-ipv6-64-assigned-space-and-48-allocated-space [22:13]
erraticneedless to say with that configuration the openvpn clients dont get an addr but I was gonna make a script to dhclient on the client tap
and also setup the route to the vpn via the current default route
wouldnt be necesarry though I guess if its just ipv6
one sec lemme read that thing you sent
[22:14]
acf_dhclient for ipv6?
I wouldn't use dhcp for ipv6
the "right" way to do that is to get your ipv6 /48 routed
and assign tap0/tun0 2607:f2f8:...:2::1/64
[22:15]
erraticwas gonna setup dhcpd on the server for it so I could update ddns and stuff
really im just playing around trying to learn
[22:16]
acf_to give vpn clients addresses? [22:16]
erraticI think I'll request the /48 real quick so I can do that [22:16]
acf_yeah. note that it'll break your ipv6 for a bit [22:17]
erraticthats ok
this isn't super time sensitive
[22:17]
acf_so basically, you configure eth0 to the address fe80::2 [22:17]
erraticif I can get it to do all the stuff I want it to do I'll probably pay it up for a year [22:17]
acf_and make fe80::1%eth0 the default route [22:17]
erraticand run some servers again, and use it to give vpn clients (servers) internet addresses [22:18]
acf_then you can route/use the /48 however you want [22:18]
erraticah nice [22:18]
acf_IPv6 only or IPv4 too? [22:18]
erraticI was thinking either or would be handy
but primarily ipv6
just because its free
[22:19]
acf_cool. ipv6 is nice [22:19]
erraticyeah Ive never been a fan of nat or paying for ipv4 internet blocks
it would be nice to have some address in at least semi routable address space
I would imagine the availabilty isnt too bad
[22:20]
acf_<up_the_irons> 00:16:55 up 1423 days, 21:20, 2 users, load average: 10.43, 10.38, 8.92 [22:22]
***cpinkus has quit IRC (Quit: WeeChat 0.4.3) [22:22]
acf_that's a kvm host [22:22]
erraticlooks good [22:22]
acf_yeah arp is awesome [22:22]
erraticIm just new to ipv6 so Im not sure how available it is for people to access [22:23]
acf_adoption is getting better
it's still near zero though
newer Windows versions will automatically configure themselves for IPv6 if it's available on the network
Comcast has support now
and many home routers/gateway devices also have support
but few people I know have them
and Verizon DSL (the other telecom monopoly here) has no support
from a user's perspective though, IPv6 adoption is actually okay
[22:24]
erratichow about in europe? [22:26]
acf_google, yahoo, wikipedia, etc... have support
idk about europe
[22:26]
erraticI'm moving to gr for a month at the end of this month and then berlin or amsterdam in a month or so after that [22:27]
acf_I'd guess a similar situation, where end users still lack equipment/connectivity/etc...
that's cool
you can always have a tunnel for yourself
[22:27]
erraticthis is true [22:28]
mercutioi think even eastern europe is pretty connected
it's places like africa that are bad fro onnectivity
[22:28]
acf_yeah, Europe has good connectivity afaik
idk about IPv6 though, it's a differenty story
[22:29]
mercutioit's worse in the US than Europe I think
beacuse ARIN has more IP?
[22:29]
erraticcool just put in a support request for the /48 [22:32]
brycecfwiw tun-ipv6 works just fine
And please stop CTCP PING'ing the channel...
If you want to "ping" something, CTCP PING a bot, like BryceBot
or even:
@ping
[22:40]
BryceBotbrycec: Pong! Round-trip time: 0.2743 seconds. [22:41]
brycec(BryceBot CTCP PINGs you.) [22:41]
erraticis a /64 smaller than a /48? [22:48]
acf_yep
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#Subnet_masks
[22:49]
BryceBotClassless Inter-Domain Routing :: Classless Inter-Domain Routing (CIDR, pronunciation: /ˈsʌɪ.dr/ or /ˈsi.dr/) is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the ra [22:49]
erraticah right duh [22:49]
mnathanierratic: there are about 65000 /64 in a single /48 [22:59]
brycecHopefully that's enough for you ;) [23:09]
erraticyeah I mean [23:09]
milki@ping [23:10]
BryceBotmilki: Pong! Round-trip time: 3.0324 seconds. [23:11]
milkio.O [23:11]
brycecO.o [23:11]
***mus1cb0x has left "WeeChat 0.4.2" [23:12]
erraticacf_: whats the advantage you had in mind for a /48 vs the /64 again? [23:13]
acf_really just that it's routed
and that you have more than one /64
some RFC somewhere basically says that you should never divide a /64 up
[23:14]
brycecAlso, you can't "legally" split a /64
^
[23:14]
acf_so now you have a bunch of them [23:14]
brycecRouting in many things will break if you subdivide a /64 [23:15]
erraticdo I have to setup bgp for it or something? [23:15]
acf_no
you can just use static routes
http://en.wikipedia.org/wiki/IP_forwarding_algorithm
[23:15]
BryceBotIP forwarding algorithm :: The IP forwarding algorithm, commonly known as IP routing, is a specific implementation of routing for IP networks and gives a more directed approach in forwarding datagrams over a network. In order to achieve a successful transfer of data the algorithm uses a routing table to select a next-hop router as the next destination for a datagram. The IP address that is selected is known as the next-hop address. When several. [23:16]
brycecARP handled the BGP - they advertise their /32 to the world, and route the individual /48 and /64s to each guest/customer. [23:16]
acf_so, rather than just bridging the network interface over openvpn
like a network switch/ethernet cord
you can use your VPS to route IPv6 packets
[23:17]
erraticohhhhhh I get it
I think sorta
I think Id still have to do a bridge wouldn't I?
[23:17]
acf_nope [23:18]
brycecjust routing [23:18]
acf_you have to enable IP forwarding in your kernel
and add routes
[23:18]
erraticno nat? [23:18]
acf_route add -6 2607:f2f8:a0e0:2::/64 gw fe80::2%tap0 [23:18]
brycecNAT... on ipv6??? lololol [23:18]
acf_if tap0 is configured with fe80::1 [23:18]
erratic... Im sorry Im a noob! [23:18]
acf_that routes the block 2607:f2f8:a0e0:2::/64 over tap0
so packets directed toward any address in your /48 will come into your vps
and the kernel will use its routing table to figure out where to send them
[23:18]
erraticgot it [23:19]
acf_and since your IPv6 default route points back to ARP [23:19]
erraticyeah that will certainly make it easier (better than using a bridge too) [23:20]
acf_any packets from your vpn clients with other destinations will just go to arp [23:20]
brycecerratic: IPv6 addresses are publicly routable. With over an undectillion addresses... [23:20]
erraticbrycec: I'll still probably want to setup a 6to4 tunnel though won't I ? [23:20]
brycecI don't see why [23:21]
erratictheres just a lot of stuff that isn't ipv6 yet [23:21]
acf_6to4 is just another tunnel mechanism [23:22]
erraticso if my vpn clients are routing all traffic over the vpn (default gw config)
they wouldn't be able to access networks that are ipv4 only without a 6 to 4 tunnel
[23:22]
brycecWhy wouldn't they just use the v4 over the vpn? [23:22]
erraticI don't have ipv4 addresses for them [23:23]
acf_so that would make them v6 only, right?
if you don't have ipv4 addresses for them?
[23:23]
erraticthats the idea [23:23]
acf_so 6to4 won't help you get ipv4 unfortunately
http://en.wikipedia.org/wiki/6to4
[23:23]
BryceBot6to4 :: 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. 6to4 is especially relevant during the initial phases of deployment to full, native IPv6... [23:23]
acf_thanks brycebot [23:24]
BryceBotNo problem, acf_ [23:24]
erraticwell i guess, I could setup the interface with a 6 addr from from the block allocated to me as well as a ipv4 lan ip address
and do nat for the ipv4 lan addresses
I donno I see
will figure it out
[23:24]
acf_yep
unless you want to pay for a /29
that'll give you five usable hosts
[23:25]
erraticI was thinking about it just because its nice to have [23:25]
acf_(with justification of course)
you can probably get it routed like your ipv6 blick
s/blick/block/
[23:25]
BryceBot<acf_> you can probably get it routed like your ipv6 block [23:26]
erraticreally?
I was under the impression that wasn't possible unless you did ppp or something
[23:26]
acf_why would you need ppp? [23:26]
erraticor pppoe [23:26]
acf_for what? [23:26]
erraticwell, how would you route ipv4 address through an ipv4 address without nat? [23:27]
acf_just like with ipv6 [23:27]
milkiinterns [23:27]
acf_IPv6 and IPv4 routing are basically the same [23:28]
erraticI'll ask and see if they can, if they think so I'll try it how much is a /29 from arp [23:29]
acf_according to
https://www.arpnetworks.com/order?product=vps&vps_special=1
$5
if you want it routed, you'll need to keep your existing /30
and have it routed to your current IP
because there is no fe80::... in IPv4
make sure to mention that
you want it routed in the support request
[23:39]
erraticI should have added it when I had the chance
asked
they're prob not gonna answer tonight
have a nice evening acf_, thank you and see you later
brycec: same
goodnight
[23:39]
acf_erratic: you as well [23:39]
erraticacf_: RE keeping /30 -- that makes a lot more sense, thank you
crashing now
ttyl
[23:47]
***erratic has quit IRC (Ping timeout: 240 seconds) [23:51]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)