↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When | |
---|---|---|---|
*** | grepidemic has quit IRC (Quit: leaving)
pinkus has joined #arpnetworks | [07:00] | |
..... (idle for 20mn) | |||
RandalSchwartz has quit IRC (Remote host closed the connection) | [07:24] | ||
.............................. (idle for 2h29mn) | |||
pinkus has quit IRC (Quit: WeeChat 0.3.8) | [09:53] | ||
........... (idle for 51mn) | |||
grepidemic has joined #arpnetworks | [10:44] | ||
mus1cb0x has joined #arpnetworks | [10:56] | ||
mus1cb0x | another night, another broken pipe to kvr14
it's getting predictable at this point | [10:56] | |
m0unds | mus1cb0x: what sort of pattern are you seeing with it? does it coincide with elevated traffic to your vps or something? | [11:02] | |
mus1cb0x | yea so i shell in to a regular user, run tmux, and tail -f access.log
i monitor traffic to a web site so i wake up, or whenever it happens, and i've learned to type a letter then delete it, to check if the connection is still live then it immediately shits out to broken pipe and my prompt so i have to ssh back in and tmux attach | [11:03] | |
m0unds | is the machine you're connecting from going to sleep?
or is it shutting its nic/wlan-if down to conserve power or something to that effect? | [11:06] | |
mus1cb0x | no because my ssh connection to a different vps (on a diff kvr) isn't dying
that one is fbsd 9.2 also the only difference is that one uses screen vs tmux, not sure if that could be a cause | [11:07] | |
m0unds | what os are you connecting from?
if you're able to figure out what precise time your session drops, i'd suggest checking the logs of both the remote box and your workstation/laptop/whatever to see if there's some event that lines up | [11:08] | |
mus1cb0x | os x
well that's tough because it's usually while i'm asleep | [11:10] | |
m0unds | but the other session never drops at all? | [11:12] | |
mus1cb0x | i wouldn't say never, but more rarely
what's odd is last week and back, it was the other way around kvr14's vps never dropped now it drops the most | [11:13] | |
m0unds | huh. | [11:14] | |
...................... (idle for 1h46mn) | |||
Erick- | Is the quality of arpnetworks's VPS very good? | [13:00] | |
plett | mus1cb0x: You should have keepalives enabled in your ssh client. That would at least solve the problem of you having to type a character to discover that the session has been dead for hours, and could actually solve the problem if it's being caused by some over-zealous stateful firewall closing the session because it's too idle | [13:02] | |
acf_ | I think ssh -o TCPKeepAlive ... or /etc/ssh/ssh_config of course | [13:03] | |
mus1cb0x | ah i do have a pretty nailed down firewall on this vps
Erick-: yea it is i'm sure the issue i'm having is 'something else' i'm using iterm plett, know which option it is to enable keep alives? oh i can put it server side? | [13:12] | |
plett | mus1cb0x: I can't answer about iterm, I've never used it. But yes, it could be used from either end | [13:15] | |
mus1cb0x | server side ftw! | [13:15] | |
plett | Enabling it at the server side won't solve the situation of pressing a key and finding that the session died hours ago
As, once the session has died, the server will know all about it with its keepalives, but can't tell the client about it because the session has died! | [13:15] | |
mus1cb0x | aha | [13:17] | |
plett | It might still solve the problem though, if it's being caused by NAT timeouts or stateful firewalls | [13:23] | |
Erick- | thanks mus1cb0x
Are they quick to set up? | [13:32] | |
acf_ | usually they are provisioned within 1 business day I think | [13:37] | |
Erick- | nice
thanks | [13:37] | |
brycec | mus1cb0x: Another "diagnostic" - connect to IRC from kvr14, see if that connection also drops. | [13:47] | |
..................... (idle for 1h41mn) | |||
*** | erratic has joined #arpnetworks | [15:28] | |
erratic | when I try to connect with realvnc it just drops my connection and doesn't say anything wth am I supposed to do | [15:28] | |
*** | erratic has quit IRC (Ping timeout: 245 seconds)
erratic_ has joined #arpnetworks | [15:42] | |
erratic_ | PING 1402872136 552232
Error 502 - Bad Request The server could not resolve your request for uri: http://console.cust.arpnetworks.com/ what is this? oooo nm figured it out :D | [15:42] | |
.... (idle for 15mn) | |||
mercutio | what was it? | [16:00] | |
erratic_ | you just ssh to it and it gives you a tintin++ thing where you can get to a serial console
after you upload your ssh public key on the portal manager it might be pointless to ask this yet since i don't even have a dns server setup yet but I read on the FAQ that I can setup reverse zones and handle my own RDNS and I'd like to do that, and I know i can set it up because I've done it before but how do you handle it on your side do I have to do updates from my dns server or something? | [16:00] | |
acf_ | there are options in the portal to delegate RDNS afaik | [16:03] | |
brycec | erratic_: it's in the portal
^^ | [16:03] | |
erratic_ | alright I'll take another look in a sec | [16:03] | |
brycec | https://portal.arpnetworks.com/accounts/0/dns_records/reverse_dns | [16:03] | |
erratic_ | I haven't made it that far
yes I saw this but this is for managing the records through the site and I would like to manage the ptr records in my own dns server oh wait nm I found it I guess I just specify an NS record instead of ptr records | [16:03] | |
brycec | Yep | [16:04] | |
erratic_ | got it thank you
++ service btw by far the best I've ever seen (but thats only because the things I care about are things like how you have dns setup) I really like that I've been waiting years for people to figure that out lol do you guys have any clients who need large numbers of instances ? | [16:05] | |
acf_ | you'd have to ask up_the_irons
we're customers here | [16:07] | |
mus1cb0x | brycec: good idea, ty i'll do that | [16:20] | |
brycec | (as explained in the /topic)
mus1cb0x: Yep - bound to be data crossing at all times, including periodic keep-alive pings between client and server. Plus the channel can watch and see when you get disconnected. | [16:30] | |
........ (idle for 39mn) | |||
*** | httpducks has quit IRC (Ping timeout: 245 seconds) | [17:10] | |
..................... (idle for 1h40mn) | |||
grepidemic has quit IRC (Remote host closed the connection) | [18:50] | ||
...... (idle for 26mn) | |||
mnathani | up_the_irons: how does ARP manage VLANS per host on different NICs and present them to the various VPSen
up_the_irons: is there a lot of work that goes in to adding a new VPS for an existing customer to stretch that VLAN to the respective KVR host Also do the ubuntu kvr hosts trunk to the different switches on their physical nics to be able to carry multiple VLANs? | [19:16] | |
mercutio | i imagine so
i imagine every vlan goes to every kvr, but i don't nkow for sure :) but otherwise it sounds harder to maintain | [19:28] | |
..... (idle for 20mn) | |||
mnathani | I guess I am wondering if all traffic to the physical nic would be tagged 802.1q or will some traffic remain untagged on the same interface for management and other purposes | [19:49] | |
*** | erratic_ has quit IRC (Ping timeout: 240 seconds) | [19:52] | |
erratic has joined #arpnetworks
erratic is now known as Guest84122 | [20:04] | ||
..... (idle for 23mn) | |||
brycec | As I understand it, all customer traffic remains tagged right up to the router.
I would assume the hosts' management networks are untagged for simplicity, but that's just a guess. brycec loves the magic of vlans I wonder if up_the_irons has the switches configured to only pass a customer's vlan on the customer's KVR host(s) and the router (It's logical, from a congestion point of view, but it does add a little overhead to management) | [20:28] | |
m0unds | i imagine he does - the cacti graphs show specific vlan #s | [20:32] | |
mnathani | would up_the_irons need to create bridge interfaces for each customer vlan on each host that has a vps, probably automated and scripted but still needs to be done
not really sure how vlans work with kvm | [20:33] | |
*** | cpinkus has joined #arpnetworks | [20:37] | |
brycec | Yes there's a tap bridge
Speaking from my own kvm experience, and working with up_the_irons to get the dedicated connection to the backup server setup with a big MTU It would be interesting to see "ifconfig -a" from a full host | [20:42] | |
mnathani | Now on the backup server side, it would be a physical interface. Would the vlan tag be stripped somewhere along the way?
up_the_irons: and no, I am not looking to steal your architecture / design and start my own hosting company. Just curious how you run things | [20:49] | |
brycec | mnathani: It's never stripped, it arrives tagged at the backup server, and up_the_irons just added another interface (eg. eth0.1463)
As far as the "direct" connection goes. If you don't have a dedicated interface setup, you're just hitting the router To clarify: It's a dedicated VLAN, separate from the "customer VLAN," bridged to another interface on your VM (I named my bu-vlan), and an interface on the backup host. And each side uses the ipv6 link-local address of the other. | [20:58] | |
mnathani | that would mean the backup server would have to have a trunk interface that carries vlans? | [21:02] | |
brycec | Yes
Doesn't need to be "trunked," just carries tagged traffic | [21:02] | |
mnathani | I guess I am used to cisco terminology for a switch : access port = 1 vlan, trunk port = multiple vlans tagged | [21:03] | |
brycec | heh
I'm always astounded by the varying dictionaries | [21:05] | |
mnathani | was there a benefit to using ipv6 link local vs say some rfc1918 ipv4 space? | [21:09] | |
brycec | Where I "come from," a "trunk" could mean a port carrying multiple vlans tagged, or a LAGG interface
mnathani: IPv6 link-local is based on the interface MAC, so no need to come up with (manage) addresses, they're just the auto-generated MACs | [21:09] | |
mnathani | what kind of transfer rates do you get to the backup box? | [21:11] | |
brycec | HWaddr 52:54:00:2b:83:74 inet6 addr: fe80::5054:ff:fe2b:8374/64 Scope:Link
fast (enough)? Haven't tested lately. "The way it works is I gave your VPS a 2nd NIC. And the plumbing on the backend connects this NIC to our Customer Backup VLAN (happens to be VLAN 71, spanned over one of our GigE links). It's like your VPS is now connected to a 2nd switch, which also happens to have a link to the backup server." ^ What up_the_irons explained to me about the backup host | [21:11] | |
mnathani | in that case, you could potentially reach other customers VPS via the backup link? | [21:20] | |
brycec | mnathani: Last I tested, I was seeing ~320mbps | [21:20] | |
mercutio | and set up a peering exchange haha | [21:20] | |
brycec | mnathani: No | [21:20] | |
mnathani | Even if they too were setup with the 2nd NIC and connected to VLAN 71? | [21:22] | |
brycec | But they would get a different VLAN
At least, that's my understanding... And I only see my host (and his) on my interface (IPv6 ND) | [21:23] | |
mnathani | from up_the_irons message it seems there is 1 VLAN designated for Customer Backup. This way it would simplify configuration as he would not need to reconfigure the backup server each time a new customer is added to the backup vlan.
I might be mistaken however | [21:25] | |
brycec | Yeah I see that too | [21:25] | |
mnathani | up_the_irons can clear this up eventually | [21:25] | |
brycec | brycec nods | [21:26] | |
Guest84122 | dipdopdup | [21:38] | |
PING 1402893998 866800 | [21:46] | ||
*** | Guest84122 is now known as erratic | [21:46] | |
mercutio | why are you pinging | [21:46] | |
erratic | cant tell if im connected or not
https://gist.github.com/paigeadele/5d433c88454827d06650 | [21:47] | |
BryceBot | Gist: "https://gist.github.com/5d433c88454827d06650" | [21:47] | |
erratic | what do I do when it sez attach to reopen | [21:48] | |
acf_ | type ctrl+E c ? maybe? | [21:50] | |
erratic | yes thats what it does when I do the ctrl +E co
it just says attach to reopen wtf that means doesnt do me any good | [21:51] | |
acf_ | well, idk
you could try other things like "down a console" or "disconnect" or "attach read/write" | [21:54] | |
erratic | f force attach read/write m display the message of the day
think that worked, lemme check there we go damn, I donno why I didnt think to try the help menu this popcorn Im eating is making me dumb I had an even weirder problem earlier where I couldn't get in through ssh, which is hy I was trying to get back via serial but I just checked ssh and it works now and nothing has changed | [21:57] | |
acf_ | hmm, strange
could you ping it? | [22:01] | |
erratic | no
seems fine now | [22:02] | |
acf_ | likely something in the container I think
if it happens again, do a traceroute to it, see if it can get to the router before your vps | [22:05] | |
erratic | just curious if anyone here has tried brokering their ipv6 block via openvpn? I got it to work but I dont think it should work...
acf_: good point, I haven't done this kinda stuff in almost a year so I've forgotten how to take care of myself my mind has been occupied with getting this idea working which it does, but I donno if I like how it works its bridge mode | [22:09] | |
acf_ | with tap?
or tun | [22:10] | |
erratic | yes tap, but basically I had to ...
one sec | [22:11] | |
acf_ | when you bridge eth0 with tap0 | [22:12] | |
erratic | itll be easier if I just throw it all into gist and show you | [22:12] | |
acf_ | go for it
it would probably be better to ask for your /48 to be routed | [22:12] | |
erratic | thats what Im wondering I donno what thats about but Im guessing htats worth investigating
https://gist.github.com/paigeadele/b638b3fddf0fa10504d1 | [22:13] | |
BryceBot | Gist: "https://gist.github.com/b638b3fddf0fa10504d1" | [22:13] | |
acf_ | http://support.arpnetworks.com/kb/main/what-is-the-difference-between-my-ipv6-64-assigned-space-and-48-allocated-space | [22:13] | |
erratic | needless to say with that configuration the openvpn clients dont get an addr but I was gonna make a script to dhclient on the client tap
and also setup the route to the vpn via the current default route wouldnt be necesarry though I guess if its just ipv6 one sec lemme read that thing you sent | [22:14] | |
acf_ | dhclient for ipv6?
I wouldn't use dhcp for ipv6 the "right" way to do that is to get your ipv6 /48 routed and assign tap0/tun0 2607:f2f8:...:2::1/64 | [22:15] | |
erratic | was gonna setup dhcpd on the server for it so I could update ddns and stuff
really im just playing around trying to learn | [22:16] | |
acf_ | to give vpn clients addresses? | [22:16] | |
erratic | I think I'll request the /48 real quick so I can do that | [22:16] | |
acf_ | yeah. note that it'll break your ipv6 for a bit | [22:17] | |
erratic | thats ok
this isn't super time sensitive | [22:17] | |
acf_ | so basically, you configure eth0 to the address fe80::2 | [22:17] | |
erratic | if I can get it to do all the stuff I want it to do I'll probably pay it up for a year | [22:17] | |
acf_ | and make fe80::1%eth0 the default route | [22:17] | |
erratic | and run some servers again, and use it to give vpn clients (servers) internet addresses | [22:18] | |
acf_ | then you can route/use the /48 however you want | [22:18] | |
erratic | ah nice | [22:18] | |
acf_ | IPv6 only or IPv4 too? | [22:18] | |
erratic | I was thinking either or would be handy
but primarily ipv6 just because its free | [22:19] | |
acf_ | cool. ipv6 is nice | [22:19] | |
erratic | yeah Ive never been a fan of nat or paying for ipv4 internet blocks
it would be nice to have some address in at least semi routable address space I would imagine the availabilty isnt too bad | [22:20] | |
acf_ | <up_the_irons> 00:16:55 up 1423 days, 21:20, 2 users, load average: 10.43, 10.38, 8.92 | [22:22] | |
*** | cpinkus has quit IRC (Quit: WeeChat 0.4.3) | [22:22] | |
acf_ | that's a kvm host | [22:22] | |
erratic | looks good | [22:22] | |
acf_ | yeah arp is awesome | [22:22] | |
erratic | Im just new to ipv6 so Im not sure how available it is for people to access | [22:23] | |
acf_ | adoption is getting better
it's still near zero though newer Windows versions will automatically configure themselves for IPv6 if it's available on the network Comcast has support now and many home routers/gateway devices also have support but few people I know have them and Verizon DSL (the other telecom monopoly here) has no support from a user's perspective though, IPv6 adoption is actually okay | [22:24] | |
erratic | how about in europe? | [22:26] | |
acf_ | google, yahoo, wikipedia, etc... have support
idk about europe | [22:26] | |
erratic | I'm moving to gr for a month at the end of this month and then berlin or amsterdam in a month or so after that | [22:27] | |
acf_ | I'd guess a similar situation, where end users still lack equipment/connectivity/etc...
that's cool you can always have a tunnel for yourself | [22:27] | |
erratic | this is true | [22:28] | |
mercutio | i think even eastern europe is pretty connected
it's places like africa that are bad fro onnectivity | [22:28] | |
acf_ | yeah, Europe has good connectivity afaik
idk about IPv6 though, it's a differenty story | [22:29] | |
mercutio | it's worse in the US than Europe I think
beacuse ARIN has more IP? | [22:29] | |
erratic | cool just put in a support request for the /48 | [22:32] | |
brycec | fwiw tun-ipv6 works just fine
And please stop CTCP PING'ing the channel... If you want to "ping" something, CTCP PING a bot, like BryceBot or even: @ping | [22:40] | |
BryceBot | brycec: Pong! Round-trip time: 0.2743 seconds. | [22:41] | |
brycec | (BryceBot CTCP PINGs you.) | [22:41] | |
erratic | is a /64 smaller than a /48? | [22:48] | |
acf_ | yep
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#Subnet_masks | [22:49] | |
BryceBot | Classless Inter-Domain Routing :: Classless Inter-Domain Routing (CIDR, pronunciation: /ˈsʌɪ.dr/ or /ˈsi.dr/) is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the ra | [22:49] | |
erratic | ah right duh | [22:49] | |
mnathani | erratic: there are about 65000 /64 in a single /48 | [22:59] | |
brycec | Hopefully that's enough for you ;) | [23:09] | |
erratic | yeah I mean | [23:09] | |
milki | @ping | [23:10] | |
BryceBot | milki: Pong! Round-trip time: 3.0324 seconds. | [23:11] | |
milki | o.O | [23:11] | |
brycec | O.o | [23:11] | |
*** | mus1cb0x has left "WeeChat 0.4.2" | [23:12] | |
erratic | acf_: whats the advantage you had in mind for a /48 vs the /64 again? | [23:13] | |
acf_ | really just that it's routed
and that you have more than one /64 some RFC somewhere basically says that you should never divide a /64 up | [23:14] | |
brycec | Also, you can't "legally" split a /64
^ | [23:14] | |
acf_ | so now you have a bunch of them | [23:14] | |
brycec | Routing in many things will break if you subdivide a /64 | [23:15] | |
erratic | do I have to setup bgp for it or something? | [23:15] | |
acf_ | no
you can just use static routes http://en.wikipedia.org/wiki/IP_forwarding_algorithm | [23:15] | |
BryceBot | IP forwarding algorithm :: The IP forwarding algorithm, commonly known as IP routing, is a specific implementation of routing for IP networks and gives a more directed approach in forwarding datagrams over a network. In order to achieve a successful transfer of data the algorithm uses a routing table to select a next-hop router as the next destination for a datagram. The IP address that is selected is known as the next-hop address. When several. | [23:16] | |
brycec | ARP handled the BGP - they advertise their /32 to the world, and route the individual /48 and /64s to each guest/customer. | [23:16] | |
acf_ | so, rather than just bridging the network interface over openvpn
like a network switch/ethernet cord you can use your VPS to route IPv6 packets | [23:17] | |
erratic | ohhhhhh I get it
I think sorta I think Id still have to do a bridge wouldn't I? | [23:17] | |
acf_ | nope | [23:18] | |
brycec | just routing | [23:18] | |
acf_ | you have to enable IP forwarding in your kernel
and add routes | [23:18] | |
erratic | no nat? | [23:18] | |
acf_ | route add -6 2607:f2f8:a0e0:2::/64 gw fe80::2%tap0 | [23:18] | |
brycec | NAT... on ipv6??? lololol | [23:18] | |
acf_ | if tap0 is configured with fe80::1 | [23:18] | |
erratic | ... Im sorry Im a noob! | [23:18] | |
acf_ | that routes the block 2607:f2f8:a0e0:2::/64 over tap0
so packets directed toward any address in your /48 will come into your vps and the kernel will use its routing table to figure out where to send them | [23:18] | |
erratic | got it | [23:19] | |
acf_ | and since your IPv6 default route points back to ARP | [23:19] | |
erratic | yeah that will certainly make it easier (better than using a bridge too) | [23:20] | |
acf_ | any packets from your vpn clients with other destinations will just go to arp | [23:20] | |
brycec | erratic: IPv6 addresses are publicly routable. With over an undectillion addresses... | [23:20] | |
erratic | brycec: I'll still probably want to setup a 6to4 tunnel though won't I ? | [23:20] | |
brycec | I don't see why | [23:21] | |
erratic | theres just a lot of stuff that isn't ipv6 yet | [23:21] | |
acf_ | 6to4 is just another tunnel mechanism | [23:22] | |
erratic | so if my vpn clients are routing all traffic over the vpn (default gw config)
they wouldn't be able to access networks that are ipv4 only without a 6 to 4 tunnel | [23:22] | |
brycec | Why wouldn't they just use the v4 over the vpn? | [23:22] | |
erratic | I don't have ipv4 addresses for them | [23:23] | |
acf_ | so that would make them v6 only, right?
if you don't have ipv4 addresses for them? | [23:23] | |
erratic | thats the idea | [23:23] | |
acf_ | so 6to4 won't help you get ipv4 unfortunately
| [23:23] | |
BryceBot | 6to4 :: 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. 6to4 is especially relevant during the initial phases of deployment to full, native IPv6... | [23:23] | |
acf_ | thanks brycebot | [23:24] | |
BryceBot | No problem, acf_ | [23:24] | |
erratic | well i guess, I could setup the interface with a 6 addr from from the block allocated to me as well as a ipv4 lan ip address
and do nat for the ipv4 lan addresses I donno I see will figure it out | [23:24] | |
acf_ | yep
unless you want to pay for a /29 that'll give you five usable hosts | [23:25] | |
erratic | I was thinking about it just because its nice to have | [23:25] | |
acf_ | (with justification of course)
you can probably get it routed like your ipv6 blick s/blick/block/ | [23:25] | |
BryceBot | <acf_> you can probably get it routed like your ipv6 block | [23:26] | |
erratic | really?
I was under the impression that wasn't possible unless you did ppp or something | [23:26] | |
acf_ | why would you need ppp? | [23:26] | |
erratic | or pppoe | [23:26] | |
acf_ | for what? | [23:26] | |
erratic | well, how would you route ipv4 address through an ipv4 address without nat? | [23:27] | |
acf_ | just like with ipv6 | [23:27] | |
milki | interns | [23:27] | |
acf_ | IPv6 and IPv4 routing are basically the same | [23:28] | |
erratic | I'll ask and see if they can, if they think so I'll try it how much is a /29 from arp | [23:29] | |
acf_ | according to
https://www.arpnetworks.com/order?product=vps&vps_special=1 $5 if you want it routed, you'll need to keep your existing /30 and have it routed to your current IP because there is no fe80::... in IPv4 make sure to mention that you want it routed in the support request | [23:39] | |
erratic | I should have added it when I had the chance
asked they're prob not gonna answer tonight have a nice evening acf_, thank you and see you later brycec: same goodnight | [23:39] | |
acf_ | erratic: you as well | [23:39] | |
erratic | acf_: RE keeping /30 -- that makes a lot more sense, thank you
crashing now ttyl | [23:47] | |
*** | erratic has quit IRC (Ping timeout: 240 seconds) | [23:51] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |