***: pinkus has joined #arpnetworks
RandalSchwartz has quit IRC (Remote host closed the connection)
pinkus has quit IRC (Quit: WeeChat 0.3.8)
grepidemic has joined #arpnetworks
mus1cb0x has joined #arpnetworks mus1cb0x: another night, another broken pipe to kvr14
it's getting predictable at this point m0unds: mus1cb0x: what sort of pattern are you seeing with it? does it coincide with elevated traffic to your vps or something? mus1cb0x: yea so i shell in to a regular user, run tmux, and tail -f access.log
i monitor traffic to a web site
so i wake up, or whenever it happens, and i've learned to type a letter then delete it, to check if the connection is still live
then it immediately shits out to broken pipe and my prompt
so i have to ssh back in and tmux attach m0unds: is the machine you're connecting from going to sleep?
or is it shutting its nic/wlan-if down to conserve power or something to that effect? mus1cb0x: no because my ssh connection to a different vps (on a diff kvr) isn't dying
that one is fbsd 9.2 also
the only difference is that one uses screen vs tmux, not sure if that could be a cause m0unds: what os are you connecting from?
if you're able to figure out what precise time your session drops, i'd suggest checking the logs of both the remote box and your workstation/laptop/whatever to see if there's some event that lines up mus1cb0x: os x
well that's tough because it's usually while i'm asleep m0unds: but the other session never drops at all? mus1cb0x: i wouldn't say never, but more rarely
what's odd is last week and back, it was the other way around
kvr14's vps never dropped
now it drops the most m0unds: huh. Erick-: Is the quality of arpnetworks's VPS very good? plett: mus1cb0x: You should have keepalives enabled in your ssh client. That would at least solve the problem of you having to type a character to discover that the session has been dead for hours, and could actually solve the problem if it's being caused by some over-zealous stateful firewall closing the session because it's too idle acf_: I think ssh -o TCPKeepAlive ... or /etc/ssh/ssh_config of course mus1cb0x: ah i do have a pretty nailed down firewall on this vps
Erick-: yea it is
i'm sure the issue i'm having is 'something else'
i'm using iterm plett, know which option it is to enable keep alives?
oh i can put it server side? plett: mus1cb0x: I can't answer about iterm, I've never used it. But yes, it could be used from either end mus1cb0x: server side ftw! plett: Enabling it at the server side won't solve the situation of pressing a key and finding that the session died hours ago
As, once the session has died, the server will know all about it with its keepalives, but can't tell the client about it because the session has died! mus1cb0x: aha plett: It might still solve the problem though, if it's being caused by NAT timeouts or stateful firewalls Erick-: thanks mus1cb0x
Are they quick to set up? acf_: usually they are provisioned within 1 business day I think Erick-: nice
thanks brycec: mus1cb0x: Another "diagnostic" - connect to IRC from kvr14, see if that connection also drops. ***: erratic has joined #arpnetworks erratic: when I try to connect with realvnc it just drops my connection and doesn't say anything wth am I supposed to do ***: erratic has quit IRC (Ping timeout: 245 seconds)
erratic_ has joined #arpnetworks erratic_:
PING 1402872136 552232

Error 502 - Bad Request
The server could not resolve your request for uri: http://console.cust.arpnetworks.com/
what is this?
oooo nm
figured it out :D mercutio: what was it? erratic_: you just ssh to it and it gives you a tintin++ thing where you can get to a serial console
after you upload your ssh public key on the portal manager
it might be pointless to ask this yet since i don't even have a dns server setup yet but I read on the FAQ that I can setup reverse zones and handle my own RDNS
and I'd like to do that, and I know i can set it up because I've done it before but how do you handle it on your side
do I have to do updates from my dns server or something? acf_: there are options in the portal to delegate RDNS afaik brycec: erratic_: it's in the portal
^^ erratic_: alright I'll take another look in a sec brycec: https://portal.arpnetworks.com/accounts/0/dns_records/reverse_dns erratic_: I haven't made it that far
yes I saw this
but this is for managing the records through the site and I would like to manage the ptr records in my own dns server
oh wait
nm I found it I guess I just specify an NS record instead of ptr records brycec: Yep erratic_: got it thank you
++ service btw by far the best I've ever seen (but thats only because the things I care about are things like how you have dns setup)
I really like that
I've been waiting years for people to figure that out lol
do you guys have any clients who need large numbers of instances ? acf_: you'd have to ask up_the_irons
we're customers here mus1cb0x: brycec: good idea, ty i'll do that brycec: (as explained in the /topic)
mus1cb0x: Yep - bound to be data crossing at all times, including periodic keep-alive pings between client and server. Plus the channel can watch and see when you get disconnected. ***: httpducks has quit IRC (Ping timeout: 245 seconds)
grepidemic has quit IRC (Remote host closed the connection) mnathani: up_the_irons: how does ARP manage VLANS per host on different NICs and present them to the various VPSen
up_the_irons: is there a lot of work that goes in to adding a new VPS for an existing customer to stretch that VLAN to the respective KVR host
Also do the ubuntu kvr hosts trunk to the different switches on their physical nics to be able to carry multiple VLANs? mercutio: i imagine so
i imagine every vlan goes to every kvr, but i don't nkow for sure :)
but otherwise it sounds harder to maintain mnathani: I guess I am wondering if all traffic to the physical nic would be tagged 802.1q or will some traffic remain untagged on the same interface for management and other purposes ***: erratic_ has quit IRC (Ping timeout: 240 seconds)
erratic has joined #arpnetworks
erratic is now known as Guest84122 brycec: As I understand it, all customer traffic remains tagged right up to the router.
I would assume the hosts' management networks are untagged for simplicity, but that's just a guess. -: brycec loves the magic of vlans brycec: I wonder if up_the_irons has the switches configured to only pass a customer's vlan on the customer's KVR host(s) and the router
(It's logical, from a congestion point of view, but it does add a little overhead to management) m0unds: i imagine he does - the cacti graphs show specific vlan #s mnathani: would up_the_irons need to create bridge interfaces for each customer vlan on each host that has a vps, probably automated and scripted but still needs to be done
not really sure how vlans work with kvm ***: cpinkus has joined #arpnetworks brycec: Yes there's a tap bridge
Speaking from my own kvm experience, and working with up_the_irons to get the dedicated connection to the backup server setup with a big MTU
It would be interesting to see "ifconfig -a" from a full host mnathani: Now on the backup server side, it would be a physical interface. Would the vlan tag be stripped somewhere along the way?
up_the_irons: and no, I am not looking to steal your architecture / design and start my own hosting company. Just curious how you run things brycec: mnathani: It's never stripped, it arrives tagged at the backup server, and up_the_irons just added another interface (eg. eth0.1463)
As far as the "direct" connection goes.
If you don't have a dedicated interface setup, you're just hitting the router
To clarify: It's a dedicated VLAN, separate from the "customer VLAN," bridged to another interface on your VM (I named my bu-vlan), and an interface on the backup host. And each side uses the ipv6 link-local address of the other. mnathani: that would mean the backup server would have to have a trunk interface that carries vlans? brycec: Yes
Doesn't need to be "trunked," just carries tagged traffic mnathani: I guess I am used to cisco terminology for a switch : access port = 1 vlan, trunk port = multiple vlans tagged brycec: heh
I'm always astounded by the varying dictionaries mnathani: was there a benefit to using ipv6 link local vs say some rfc1918 ipv4 space? brycec: Where I "come from," a "trunk" could mean a port carrying multiple vlans tagged, or a LAGG interface
mnathani: IPv6 link-local is based on the interface MAC, so no need to come up with (manage) addresses, they're just the auto-generated MACs mnathani: what kind of transfer rates do you get to the backup box? brycec: HWaddr 52:54:00:2b:83:74 inet6 addr: fe80::5054:ff:fe2b:8374/64 Scope:Link
fast (enough)? Haven't tested lately.
"The way it works is I gave your VPS a 2nd NIC. And the plumbing on the backend connects this NIC to our Customer Backup VLAN (happens to be VLAN 71, spanned over one of our GigE links). It's like your VPS is now connected to a 2nd switch, which also happens to have a link to the backup server."
^ What up_the_irons explained to me about the backup host mnathani: in that case, you could potentially reach other customers VPS via the backup link? brycec: mnathani: Last I tested, I was seeing ~320mbps mercutio: and set up a peering exchange haha brycec: mnathani: No mnathani: Even if they too were setup with the 2nd NIC and connected to VLAN 71? brycec: But they would get a different VLAN
At least, that's my understanding... And I only see my host (and his) on my interface (IPv6 ND) mnathani: from up_the_irons message it seems there is 1 VLAN designated for Customer Backup. This way it would simplify configuration as he would not need to reconfigure the backup server each time a new customer is added to the backup vlan.
I might be mistaken however brycec: Yeah I see that too mnathani: up_the_irons can clear this up eventually -: brycec nods Guest84122: dipdopdup

PING 1402893998 866800
***: Guest84122 is now known as erratic mercutio: why are you pinging erratic: cant tell if im connected or not
https://gist.github.com/paigeadele/5d433c88454827d06650 BryceBot: Gist: "https://gist.github.com/5d433c88454827d06650" erratic: what do I do when it sez attach to reopen acf_: type ctrl+E c ? maybe? erratic: yes thats what it does when I do the ctrl +E co
it just says attach to reopen wtf that means
doesnt do me any good acf_: well, idk
you could try other things
like "down a console"
or "disconnect"
or "attach read/write" erratic: f force attach read/write m display the message of the day
think that worked, lemme check
there we go
damn, I donno why I didnt think to try the help menu
this popcorn Im eating is making me dumb
I had an even weirder problem earlier
where I couldn't get in through ssh, which is hy I was trying to get back via serial but I just checked ssh and it works now and nothing has changed acf_: hmm, strange
could you ping it? erratic: no
seems fine now acf_: likely something in the container I think
if it happens again, do a traceroute to it, see if it can get to the router before your vps erratic: just curious if anyone here has tried brokering their ipv6 block via openvpn? I got it to work but I dont think it should work...
acf_: good point, I haven't done this kinda stuff in almost a year so I've forgotten how to take care of myself
my mind has been occupied with getting this idea working which it does, but I donno if I like how it works
its bridge mode acf_: with tap?
or tun erratic: yes tap, but basically I had to ...
one sec acf_: when you bridge eth0 with tap0 erratic: itll be easier if I just throw it all into gist and show you acf_: go for it
it would probably be better to ask for your /48 to be routed erratic: thats what Im wondering I donno what thats about but Im guessing htats worth investigating
https://gist.github.com/paigeadele/b638b3fddf0fa10504d1 BryceBot: Gist: "https://gist.github.com/b638b3fddf0fa10504d1" acf_: http://support.arpnetworks.com/kb/main/what-is-the-difference-between-my-ipv6-64-assigned-space-and-48-allocated-space erratic: needless to say with that configuration the openvpn clients dont get an addr but I was gonna make a script to dhclient on the client tap
and also setup the route to the vpn via the current default route
wouldnt be necesarry though I guess if its just ipv6
one sec lemme read that thing you sent acf_: dhclient for ipv6?
I wouldn't use dhcp for ipv6
the "right" way to do that is to get your ipv6 /48 routed
and assign tap0/tun0 2607:f2f8:...:2::1/64 erratic: was gonna setup dhcpd on the server for it so I could update ddns and stuff
really im just playing around trying to learn acf_: to give vpn clients addresses? erratic: I think I'll request the /48 real quick so I can do that acf_: yeah. note that it'll break your ipv6 for a bit erratic: thats ok
this isn't super time sensitive acf_: so basically, you configure eth0 to the address fe80::2 erratic: if I can get it to do all the stuff I want it to do I'll probably pay it up for a year acf_: and make fe80::1%eth0 the default route erratic: and run some servers again, and use it to give vpn clients (servers) internet addresses acf_: then you can route/use the /48 however you want erratic: ah nice acf_: IPv6 only or IPv4 too? erratic: I was thinking either or would be handy
but primarily ipv6
just because its free acf_: cool. ipv6 is nice erratic: yeah Ive never been a fan of nat or paying for ipv4 internet blocks
it would be nice to have some address in at least semi routable address space
I would imagine the availabilty isnt too bad acf_: <up_the_irons> 00:16:55 up 1423 days, 21:20, 2 users, load average: 10.43, 10.38, 8.92 ***: cpinkus has quit IRC (Quit: WeeChat 0.4.3) acf_: that's a kvm host erratic: looks good acf_: yeah arp is awesome erratic: Im just new to ipv6 so Im not sure how available it is for people to access acf_: adoption is getting better
it's still near zero though
newer Windows versions will automatically configure themselves for IPv6 if it's available on the network
Comcast has support now
and many home routers/gateway devices also have support
but few people I know have them
and Verizon DSL (the other telecom monopoly here) has no support
from a user's perspective though, IPv6 adoption is actually okay erratic: how about in europe? acf_: google, yahoo, wikipedia, etc... have support
idk about europe erratic: I'm moving to gr for a month at the end of this month and then berlin or amsterdam in a month or so after that acf_: I'd guess a similar situation, where end users still lack equipment/connectivity/etc...
that's cool
you can always have a tunnel for yourself erratic: this is true mercutio: i think even eastern europe is pretty connected
it's places like africa that are bad fro onnectivity acf_: yeah, Europe has good connectivity afaik
idk about IPv6 though, it's a differenty story mercutio: it's worse in the US than Europe I think
beacuse ARIN has more IP? erratic: cool just put in a support request for the /48 brycec: fwiw tun-ipv6 works just fine
And please stop CTCP PING'ing the channel...
If you want to "ping" something, CTCP PING a bot, like BryceBot
or even:
@ping BryceBot: brycec: Pong! Round-trip time: 0.2743 seconds. brycec: (BryceBot CTCP PINGs you.) erratic: is a /64 smaller than a /48? acf_: yep
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#Subnet_masks BryceBot: Classless Inter-Domain Routing :: Classless Inter-Domain Routing (CIDR, pronunciation: /ˈsʌɪ.dr/ or /ˈsi.dr/) is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the ra erratic: ah right duh mnathani: erratic: there are about 65000 /64 in a single /48 brycec: Hopefully that's enough for you ;) erratic: yeah I mean milki: @ping BryceBot: milki: Pong! Round-trip time: 3.0324 seconds. milki: o.O brycec: O.o ***: mus1cb0x has left "WeeChat 0.4.2" erratic: acf_: whats the advantage you had in mind for a /48 vs the /64 again? acf_: really just that it's routed
and that you have more than one /64
some RFC somewhere basically says that you should never divide a /64 up brycec: Also, you can't "legally" split a /64
^ acf_: so now you have a bunch of them brycec: Routing in many things will break if you subdivide a /64 erratic: do I have to setup bgp for it or something? acf_: no
you can just use static routes
http://en.wikipedia.org/wiki/IP_forwarding_algorithm BryceBot: IP forwarding algorithm :: The IP forwarding algorithm, commonly known as IP routing, is a specific implementation of routing for IP networks and gives a more directed approach in forwarding datagrams over a network. In order to achieve a successful transfer of data the algorithm uses a routing table to select a next-hop router as the next destination for a datagram. The IP address that is selected is known as the next-hop address. When several. brycec: ARP handled the BGP - they advertise their /32 to the world, and route the individual /48 and /64s to each guest/customer. acf_: so, rather than just bridging the network interface over openvpn
like a network switch/ethernet cord
you can use your VPS to route IPv6 packets erratic: ohhhhhh I get it
I think sorta
I think Id still have to do a bridge wouldn't I? acf_: nope brycec: just routing acf_: you have to enable IP forwarding in your kernel
and add routes erratic: no nat? acf_: route add -6 2607:f2f8:a0e0:2::/64 gw fe80::2%tap0 brycec: NAT... on ipv6??? lololol acf_: if tap0 is configured with fe80::1 erratic: ... Im sorry Im a noob! acf_: that routes the block 2607:f2f8:a0e0:2::/64 over tap0
so packets directed toward any address in your /48 will come into your vps
and the kernel will use its routing table to figure out where to send them erratic: got it acf_: and since your IPv6 default route points back to ARP erratic: yeah that will certainly make it easier (better than using a bridge too) acf_: any packets from your vpn clients with other destinations will just go to arp brycec: erratic: IPv6 addresses are publicly routable. With over an undectillion addresses... erratic: brycec: I'll still probably want to setup a 6to4 tunnel though won't I ? brycec: I don't see why erratic: theres just a lot of stuff that isn't ipv6 yet acf_: 6to4 is just another tunnel mechanism erratic: so if my vpn clients are routing all traffic over the vpn (default gw config)
they wouldn't be able to access networks that are ipv4 only without a 6 to 4 tunnel brycec: Why wouldn't they just use the v4 over the vpn? erratic: I don't have ipv4 addresses for them acf_: so that would make them v6 only, right?
if you don't have ipv4 addresses for them? erratic: thats the idea acf_: so 6to4 won't help you get ipv4 unfortunately
http://en.wikipedia.org/wiki/6to4 BryceBot: 6to4 :: 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. 6to4 is especially relevant during the initial phases of deployment to full, native IPv6... acf_: thanks brycebot BryceBot: No problem, acf_ erratic: well i guess, I could setup the interface with a 6 addr from from the block allocated to me as well as a ipv4 lan ip address
and do nat for the ipv4 lan addresses
I donno I see
will figure it out acf_: yep
unless you want to pay for a /29
that'll give you five usable hosts erratic: I was thinking about it just because its nice to have acf_: (with justification of course)
you can probably get it routed like your ipv6 blick
s/blick/block/ BryceBot: <acf_> you can probably get it routed like your ipv6 block erratic: really?
I was under the impression that wasn't possible unless you did ppp or something acf_: why would you need ppp? erratic: or pppoe acf_: for what? erratic: well, how would you route ipv4 address through an ipv4 address without nat? acf_: just like with ipv6 milki: interns acf_: IPv6 and IPv4 routing are basically the same erratic: I'll ask and see if they can, if they think so I'll try it how much is a /29 from arp acf_: according to
https://www.arpnetworks.com/order?product=vps&vps_special=1
$5
if you want it routed, you'll need to keep your existing /30
and have it routed to your current IP
because there is no fe80::... in IPv4
make sure to mention that
you want it routed in the support request erratic: I should have added it when I had the chance
asked
they're prob not gonna answer tonight
have a nice evening acf_, thank you and see you later
brycec: same
goodnight acf_: erratic: you as well erratic: acf_: RE keeping /30 -- that makes a lot more sense, thank you
crashing now
ttyl ***: erratic has quit IRC (Ping timeout: 240 seconds)