another night, another broken pipe to kvr14 it's getting predictable at this point mus1cb0x: what sort of pattern are you seeing with it? does it coincide with elevated traffic to your vps or something? yea so i shell in to a regular user, run tmux, and tail -f access.log i monitor traffic to a web site so i wake up, or whenever it happens, and i've learned to type a letter then delete it, to check if the connection is still live then it immediately shits out to broken pipe and my prompt so i have to ssh back in and tmux attach is the machine you're connecting from going to sleep? or is it shutting its nic/wlan-if down to conserve power or something to that effect? no because my ssh connection to a different vps (on a diff kvr) isn't dying that one is fbsd 9.2 also the only difference is that one uses screen vs tmux, not sure if that could be a cause what os are you connecting from? if you're able to figure out what precise time your session drops, i'd suggest checking the logs of both the remote box and your workstation/laptop/whatever to see if there's some event that lines up os x well that's tough because it's usually while i'm asleep but the other session never drops at all? i wouldn't say never, but more rarely what's odd is last week and back, it was the other way around kvr14's vps never dropped now it drops the most huh. Is the quality of arpnetworks's VPS very good? mus1cb0x: You should have keepalives enabled in your ssh client. That would at least solve the problem of you having to type a character to discover that the session has been dead for hours, and could actually solve the problem if it's being caused by some over-zealous stateful firewall closing the session because it's too idle I think ssh -o TCPKeepAlive ... or /etc/ssh/ssh_config of course ah i do have a pretty nailed down firewall on this vps Erick-: yea it is i'm sure the issue i'm having is 'something else' i'm using iterm plett, know which option it is to enable keep alives? oh i can put it server side? mus1cb0x: I can't answer about iterm, I've never used it. But yes, it could be used from either end server side ftw! Enabling it at the server side won't solve the situation of pressing a key and finding that the session died hours ago As, once the session has died, the server will know all about it with its keepalives, but can't tell the client about it because the session has died! aha It might still solve the problem though, if it's being caused by NAT timeouts or stateful firewalls thanks mus1cb0x Are they quick to set up? usually they are provisioned within 1 business day I think nice thanks mus1cb0x: Another "diagnostic" - connect to IRC from kvr14, see if that connection also drops. when I try to connect with realvnc it just drops my connection and doesn't say anything wth am I supposed to do PING 1402872136 552232 Error 502 - Bad Request The server could not resolve your request for uri: http://console.cust.arpnetworks.com/ what is this? oooo nm figured it out :D what was it? you just ssh to it and it gives you a tintin++ thing where you can get to a serial console after you upload your ssh public key on the portal manager it might be pointless to ask this yet since i don't even have a dns server setup yet but I read on the FAQ that I can setup reverse zones and handle my own RDNS and I'd like to do that, and I know i can set it up because I've done it before but how do you handle it on your side do I have to do updates from my dns server or something? there are options in the portal to delegate RDNS afaik erratic_: it's in the portal ^^ alright I'll take another look in a sec https://portal.arpnetworks.com/accounts/0/dns_records/reverse_dns I haven't made it that far yes I saw this but this is for managing the records through the site and I would like to manage the ptr records in my own dns server oh wait nm I found it I guess I just specify an NS record instead of ptr records Yep got it thank you ++ service btw by far the best I've ever seen (but thats only because the things I care about are things like how you have dns setup) I really like that I've been waiting years for people to figure that out lol do you guys have any clients who need large numbers of instances ? you'd have to ask up_the_irons we're customers here brycec: good idea, ty i'll do that (as explained in the /topic) mus1cb0x: Yep - bound to be data crossing at all times, including periodic keep-alive pings between client and server. Plus the channel can watch and see when you get disconnected. up_the_irons: how does ARP manage VLANS per host on different NICs and present them to the various VPSen up_the_irons: is there a lot of work that goes in to adding a new VPS for an existing customer to stretch that VLAN to the respective KVR host Also do the ubuntu kvr hosts trunk to the different switches on their physical nics to be able to carry multiple VLANs? i imagine so i imagine every vlan goes to every kvr, but i don't nkow for sure :) but otherwise it sounds harder to maintain I guess I am wondering if all traffic to the physical nic would be tagged 802.1q or will some traffic remain untagged on the same interface for management and other purposes As I understand it, all customer traffic remains tagged right up to the router. I would assume the hosts' management networks are untagged for simplicity, but that's just a guess. I wonder if up_the_irons has the switches configured to only pass a customer's vlan on the customer's KVR host(s) and the router (It's logical, from a congestion point of view, but it does add a little overhead to management) i imagine he does - the cacti graphs show specific vlan #s would up_the_irons need to create bridge interfaces for each customer vlan on each host that has a vps, probably automated and scripted but still needs to be done not really sure how vlans work with kvm Yes there's a tap bridge Speaking from my own kvm experience, and working with up_the_irons to get the dedicated connection to the backup server setup with a big MTU It would be interesting to see "ifconfig -a" from a full host Now on the backup server side, it would be a physical interface. Would the vlan tag be stripped somewhere along the way? up_the_irons: and no, I am not looking to steal your architecture / design and start my own hosting company. Just curious how you run things mnathani: It's never stripped, it arrives tagged at the backup server, and up_the_irons just added another interface (eg. eth0.1463) As far as the "direct" connection goes. If you don't have a dedicated interface setup, you're just hitting the router To clarify: It's a dedicated VLAN, separate from the "customer VLAN," bridged to another interface on your VM (I named my bu-vlan), and an interface on the backup host. And each side uses the ipv6 link-local address of the other. that would mean the backup server would have to have a trunk interface that carries vlans? Yes Doesn't need to be "trunked," just carries tagged traffic I guess I am used to cisco terminology for a switch : access port = 1 vlan, trunk port = multiple vlans tagged heh I'm always astounded by the varying dictionaries was there a benefit to using ipv6 link local vs say some rfc1918 ipv4 space? Where I "come from," a "trunk" could mean a port carrying multiple vlans tagged, or a LAGG interface mnathani: IPv6 link-local is based on the interface MAC, so no need to come up with (manage) addresses, they're just the auto-generated MACs what kind of transfer rates do you get to the backup box? HWaddr 52:54:00:2b:83:74 inet6 addr: fe80::5054:ff:fe2b:8374/64 Scope:Link fast (enough)? Haven't tested lately. "The way it works is I gave your VPS a 2nd NIC. And the plumbing on the backend connects this NIC to our Customer Backup VLAN (happens to be VLAN 71, spanned over one of our GigE links). It's like your VPS is now connected to a 2nd switch, which also happens to have a link to the backup server." ^ What up_the_irons explained to me about the backup host in that case, you could potentially reach other customers VPS via the backup link? mnathani: Last I tested, I was seeing ~320mbps and set up a peering exchange haha mnathani: No Even if they too were setup with the 2nd NIC and connected to VLAN 71? But they would get a different VLAN At least, that's my understanding... And I only see my host (and his) on my interface (IPv6 ND) from up_the_irons message it seems there is 1 VLAN designated for Customer Backup. This way it would simplify configuration as he would not need to reconfigure the backup server each time a new customer is added to the backup vlan. I might be mistaken however Yeah I see that too up_the_irons can clear this up eventually dipdopdup PING 1402893998 866800 why are you pinging cant tell if im connected or not https://gist.github.com/paigeadele/5d433c88454827d06650 Gist: "https://gist.github.com/5d433c88454827d06650" what do I do when it sez attach to reopen type ctrl+E c ? maybe? yes thats what it does when I do the ctrl +E co it just says attach to reopen wtf that means doesnt do me any good well, idk you could try other things like "down a console" or "disconnect" or "attach read/write" f force attach read/write m display the message of the day think that worked, lemme check there we go damn, I donno why I didnt think to try the help menu this popcorn Im eating is making me dumb I had an even weirder problem earlier where I couldn't get in through ssh, which is hy I was trying to get back via serial but I just checked ssh and it works now and nothing has changed hmm, strange could you ping it? no seems fine now likely something in the container I think if it happens again, do a traceroute to it, see if it can get to the router before your vps just curious if anyone here has tried brokering their ipv6 block via openvpn? I got it to work but I dont think it should work... acf_: good point, I haven't done this kinda stuff in almost a year so I've forgotten how to take care of myself my mind has been occupied with getting this idea working which it does, but I donno if I like how it works its bridge mode with tap? or tun yes tap, but basically I had to ... one sec when you bridge eth0 with tap0 itll be easier if I just throw it all into gist and show you go for it it would probably be better to ask for your /48 to be routed thats what Im wondering I donno what thats about but Im guessing htats worth investigating https://gist.github.com/paigeadele/b638b3fddf0fa10504d1 Gist: "https://gist.github.com/b638b3fddf0fa10504d1" http://support.arpnetworks.com/kb/main/what-is-the-difference-between-my-ipv6-64-assigned-space-and-48-allocated-space needless to say with that configuration the openvpn clients dont get an addr but I was gonna make a script to dhclient on the client tap and also setup the route to the vpn via the current default route wouldnt be necesarry though I guess if its just ipv6 one sec lemme read that thing you sent dhclient for ipv6? I wouldn't use dhcp for ipv6 the "right" way to do that is to get your ipv6 /48 routed and assign tap0/tun0 2607:f2f8:...:2::1/64 was gonna setup dhcpd on the server for it so I could update ddns and stuff really im just playing around trying to learn to give vpn clients addresses? I think I'll request the /48 real quick so I can do that yeah. note that it'll break your ipv6 for a bit thats ok this isn't super time sensitive so basically, you configure eth0 to the address fe80::2 if I can get it to do all the stuff I want it to do I'll probably pay it up for a year and make fe80::1%eth0 the default route and run some servers again, and use it to give vpn clients (servers) internet addresses then you can route/use the /48 however you want ah nice IPv6 only or IPv4 too? I was thinking either or would be handy but primarily ipv6 just because its free cool. ipv6 is nice yeah Ive never been a fan of nat or paying for ipv4 internet blocks it would be nice to have some address in at least semi routable address space I would imagine the availabilty isnt too bad 00:16:55 up 1423 days, 21:20, 2 users, load average: 10.43, 10.38, 8.92 that's a kvm host looks good yeah arp is awesome Im just new to ipv6 so Im not sure how available it is for people to access adoption is getting better it's still near zero though newer Windows versions will automatically configure themselves for IPv6 if it's available on the network Comcast has support now and many home routers/gateway devices also have support but few people I know have them and Verizon DSL (the other telecom monopoly here) has no support from a user's perspective though, IPv6 adoption is actually okay how about in europe? google, yahoo, wikipedia, etc... have support idk about europe I'm moving to gr for a month at the end of this month and then berlin or amsterdam in a month or so after that I'd guess a similar situation, where end users still lack equipment/connectivity/etc... that's cool you can always have a tunnel for yourself this is true i think even eastern europe is pretty connected it's places like africa that are bad fro onnectivity yeah, Europe has good connectivity afaik idk about IPv6 though, it's a differenty story it's worse in the US than Europe I think beacuse ARIN has more IP? cool just put in a support request for the /48 fwiw tun-ipv6 works just fine And please stop CTCP PING'ing the channel... If you want to "ping" something, CTCP PING a bot, like BryceBot or even: @ping brycec: Pong! Round-trip time: 0.2743 seconds. (BryceBot CTCP PINGs you.) is a /64 smaller than a /48? yep http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#Subnet_masks Classless Inter-Domain Routing :: Classless Inter-Domain Routing (CIDR, pronunciation: /ˈsʌɪ.dr/ or /ˈsi.dr/) is a method for allocating IP addresses and routing Internet Protocol packets. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the ra ah right duh erratic: there are about 65000 /64 in a single /48 Hopefully that's enough for you ;) yeah I mean @ping milki: Pong! Round-trip time: 3.0324 seconds. o.O O.o acf_: whats the advantage you had in mind for a /48 vs the /64 again? really just that it's routed and that you have more than one /64 some RFC somewhere basically says that you should never divide a /64 up Also, you can't "legally" split a /64 ^ so now you have a bunch of them Routing in many things will break if you subdivide a /64 do I have to setup bgp for it or something? no you can just use static routes http://en.wikipedia.org/wiki/IP_forwarding_algorithm IP forwarding algorithm :: The IP forwarding algorithm, commonly known as IP routing, is a specific implementation of routing for IP networks and gives a more directed approach in forwarding datagrams over a network. In order to achieve a successful transfer of data the algorithm uses a routing table to select a next-hop router as the next destination for a datagram. The IP address that is selected is known as the next-hop address. When several. ARP handled the BGP - they advertise their /32 to the world, and route the individual /48 and /64s to each guest/customer. so, rather than just bridging the network interface over openvpn like a network switch/ethernet cord you can use your VPS to route IPv6 packets ohhhhhh I get it I think sorta I think Id still have to do a bridge wouldn't I? nope just routing you have to enable IP forwarding in your kernel and add routes no nat? route add -6 2607:f2f8:a0e0:2::/64 gw fe80::2%tap0 NAT... on ipv6??? lololol if tap0 is configured with fe80::1 ... Im sorry Im a noob! that routes the block 2607:f2f8:a0e0:2::/64 over tap0 so packets directed toward any address in your /48 will come into your vps and the kernel will use its routing table to figure out where to send them got it and since your IPv6 default route points back to ARP yeah that will certainly make it easier (better than using a bridge too) any packets from your vpn clients with other destinations will just go to arp erratic: IPv6 addresses are publicly routable. With over an undectillion addresses... brycec: I'll still probably want to setup a 6to4 tunnel though won't I ? I don't see why theres just a lot of stuff that isn't ipv6 yet 6to4 is just another tunnel mechanism so if my vpn clients are routing all traffic over the vpn (default gw config) they wouldn't be able to access networks that are ipv4 only without a 6 to 4 tunnel Why wouldn't they just use the v4 over the vpn? I don't have ipv4 addresses for them so that would make them v6 only, right? if you don't have ipv4 addresses for them? thats the idea so 6to4 won't help you get ipv4 unfortunately http://en.wikipedia.org/wiki/6to4 6to4 :: 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. 6to4 is especially relevant during the initial phases of deployment to full, native IPv6... thanks brycebot No problem, acf_ well i guess, I could setup the interface with a 6 addr from from the block allocated to me as well as a ipv4 lan ip address and do nat for the ipv4 lan addresses I donno I see will figure it out yep unless you want to pay for a /29 that'll give you five usable hosts I was thinking about it just because its nice to have (with justification of course) you can probably get it routed like your ipv6 blick s/blick/block/ you can probably get it routed like your ipv6 block really? I was under the impression that wasn't possible unless you did ppp or something why would you need ppp? or pppoe for what? well, how would you route ipv4 address through an ipv4 address without nat? just like with ipv6 interns IPv6 and IPv4 routing are basically the same I'll ask and see if they can, if they think so I'll try it how much is a /29 from arp according to https://www.arpnetworks.com/order?product=vps&vps_special=1 $5 if you want it routed, you'll need to keep your existing /30 and have it routed to your current IP because there is no fe80::... in IPv4 make sure to mention that you want it routed in the support request I should have added it when I had the chance asked they're prob not gonna answer tonight have a nice evening acf_, thank you and see you later brycec: same goodnight erratic: you as well acf_: RE keeping /30 -- that makes a lot more sense, thank you crashing now ttyl