cdns care about tcp access times i think and prefer faster loading pages like from cdns actually when i say search engines, i mean google, and it's only what i've heard acf: i have limited anycast usually you use your normal asn for anycast, but you do have to kind of dedicate a /24 to it the most used case for anycast atm is dns and dns resolvers often consult dns servers that aren't the cloesst location. if using anycast you still should have more than one server location err, i mean you shouldn't just advertise a /24 in multiple locations, and all of your name servers as seperate hosts at that location, as if location has an issue thigns can become unreachable. mercutio: Anycasting dns resolvers is very commonplace. We do that within our network mainly for resiliance, so resolvers in one city are reachable on the same IPs the clients are using if one set fail mercutio: Doing it on the authoritative side is slightly more controversial though. When DNS was invented hostnames were never intended to change IP rapidly, or to have different records depending on where you were asking from. It was intended that record caching would keep the answers local in the resolver for popular hosts, and only be re-fetched from the authoritative server once a day/week/month/whatever In that model it doesn't really matter if the authoriative server is 500ms away, as you're only sending it one query a week well now ttl's are like 300 seconds etc plett peltt: dns resolvers and authorative are both commonly anycast now but it's also common for people to anycast primatry and secondary dns servers it's also common not to but if you anycast to the same dc... one of the cdn's was doing it i think and i'm pretty sure opendns do it too plett it is actually realyl hard to benchmark dns performance though, most isp's are fast for google etc, but when you get to werid domain names they can vary so do you take notice of "average request time" or how quick the less common domain name lookusp are you could always test w/dnsbench (late reply) it can be a handy way to test recursive resolver perf (no later a reply than up_the_irons ...) He must have overexerted himself last week upgrading 2 hosts up_the_irons: wb http://i.imgur.com/uqmZK9v.png wee heh nice netsplit there m0unds: yep m0unds: btw, up_the_irons emailed NTT got the same response as I did fantastic bummer it's rendering my use of this vm as a ts/murmur server sort of moot since 80% of my users are on comcast or centurylink both of which have heavily congested ntt peering during peak hrs yeah, I know what you mean i moved murmur and teamspeak to a box on my home cable connection temporarily so we can actually use voice haha up_the_irons hasn't been around in a while, maybe he'll do something when he gets back yeah, it kills voip i'd only use ts, but some of the guys who play project reality really like the positional audio stuff you can do w/PR and mumble hmm, interesting @last up_the_irons brycec, I last saw up_the_irons 4 days 19 hours 51 min 15 sec ago saying in a channel: m0unds: roger. nearly 5 days... he'll have a giant /away log to go through hahaha up_the_irons: my vps is still network-deaf :| who's roger "The International Civil Aviation Organization (ICAO) officially defines the word "roger" to mean "I have received all of your transmission."" i wonder why roger of all things hazardous: Before 'r' was romeo in phonetic alphabets, 'roger' was used. @wiki Voice procedure Voice procedure :: Voice procedure includes various techniques used to clarify, simplify, and standardize spoken communications over two-way radios, in use by the military, in civil aviation, police and fire dispatching systems, citizens' band radio (CB), etc. Specially, for civil aviation - it used to be called aeronautical phraseology. Voice procedure communications are intended to... http://en.wikipedia.org/wiki/Voice%20procedure "Roger" was the U.S. military designation for the letter R (as in received) from 1927 to 1957.[4] *sigh* *sigh* no ticket update in 24h for a deaf server :| dr_jkl: what exactly is happening? acf_: account was reactivated from suspension and the vlan is supposedly active but the vps can't ping it's gateway or the world networking is configured correctly and while the initial response to the ticket was nice and fast, i updated the ticket at around 6pm last night and here we are at 7pm today and i have the cube root of sweet fuck-all to show for it out of curiosity, what happens if you run tcpdump on the interface and try to ping the machine from outside i can't, because tcpdump isnt installed on this box and i cant reach the world :D so traceroute stops at r1.lax.arpnetworks.com so it's not my issue s1.lax? r1.lax.arpnetworks.com (208.79.88.2) thats the last hop before the void is that normally the last hop before your box? So what you do is open hexedit and start copying over tcpdump :p lol or zmodem maybe check the output of ifconfig Heck you could base64 encode/decode files and paste it through console.arpnetworks.com acf_: tbh i do not know, i haven't had a reason to poke this box for ~6months see if it says it received anything RX bytes:250505173287 (233.3 GiB) TX bytes:257057917197 (239.4 GiB) also arp -a my rx/tx counts are in the kilobyte range, the thing is deaf as a post my arp cache is empty ahh darn well, hope you get that fixed soon I'm sure you'll get a reply within 48 hours of your posting yeah considering i have to do stuff on this box today i am kinda hoping it gets fixed sooner rather than later I just up up_the_irons wasn't run over by a bus or similar up_the_irons: you werent run over by a bus were you It's very unusual for him to be silent so long when did he reply to your support ticket the first time? brycec: i know... i mean The upside: Free service until things break down. <.< >.> (at least for those with working VPSs) acf_: 6/16/14 @ 06:02pm (T+6 minutes so it was rly fast June 16? That would be last night... so he was alive then :) yeah So where was he??? Why wasn't he here then? Unless you're referring to the autoresponder... im just getitng shit from people who need stuff the box provides and i mean i cant really be mad thing got suspended because the card expired and nobody noticed & the lack of response is very atypical its almost like the ethernet interface isnt attached properly in whatever hypervisor etc is being used I think he probably just disabled your vlan config thingy on the router do you have multiple boxen with arp? he said he enabled it acf_: no Perhaps he reused your IP on another vlan? thats the thing, he said it was enabled, so i poked around and im like 'nope, use a bigger hammer' well, in the mean time, you *could* try brycec's base64 idea get the .deb or whatever, base64 encode it, write a perl/python script... i'm not sure i want to put the effort into that for a $10 vps It can't be that much effort... what variant of Linux? debian wheezy oh cool The binary is only 16,741 lines base64-encoded do you have libpcap? 'only' lol acf_: probably not - i made this box a mailserver and didnt really put anything else on because i was in a hurry dr_jkl: just curious, what's the IP of your host? won't make that mistake again brycec: 174.136.100.58 Yep, the router just doesn't know where to go with it. dpkg-query -l libpcap0.8 dpkg-query -l libssl1.0.0 dpkg-query -l multiarch-support So I'm guessing that the VLAN was reenabled, but the router didn't get the /29 readded to it. acf_: nada brycec: ever heard of r1.lax? yes brycec: the irritating problem is it's like 30 seconds worth of work for something that has me dead in the water :P Maybe the Debian ISO has the package? oh good idea brycec: i was given the netinst iso, i doubt it Or at least boot to one of the other ISOs that has tcpdump on it if the iso is still there, i mean you can change ISOs in the portal to basically anything There are some "rescue" ones that might oh yeah i forgot i can do that but he only hsa the debian netinst :| happy to report back that enabling the green status bar (and therefore clock->minutely network traffic for update) has caused my connection to vps on kvr14 to become stable 2 days and no d/c which wouldn't have happened before so is the most likely cause of the silent broken pipe my pf config losing state after some time and treating the connection traffic as unknown? mus1cb0x: is this since the node update? last monday? something like that i'm on kvr15 so i can't be sure :) it seemed like it, however i doubt it now. i think it's a config problem on my end i don't really use state with pf myself why not? i don't see the point and it can break things :) i hate it when i have a ssh open for a couple of days, adn i type something on it, and it closes and that kind of problem is quite common when using state which means applications have to send regular puluses to stay alive yea true ssh has rekeying at least i use the arguement sometimes that state doesn't work with ddos but really on a "good" ddos nothing works rekeying? ssh changes it's key between client/server acf_: no response, just requested a quote for a dedi from prq i don't get your point on state and ddos 'working' sadly, the person i was doing the work for has decided to go with another company over arp because of this :| *shrug* i tried... over what dr_jkl? itll be spensive but tired of waiting and presumably they can get it done Ive had good experiences with them in the past mus1cb0x: no update to ticket in 24h for a server with a netowrking problem on arp's end i tried. sorry guys. erratic: dedi sounds expensive did they say the could route you a /29 ? it might be nice to have it at prq actually if you're going to be in Europe what's prq? http://prq.se/ acf_: waiting to find out from them looks good acf_: yeah I donno it means a lot to me I've wanted this for a long time now and finally I found arp and they seem too busy I'd give it a bit more time usually up_the irons is pretty fast on the response time it's also a really nice service once it's set up ooo http://prq.se/?p=special&intl=1 lol ddos often overflows state tables BryceBot: 625 SEK to USD its about 90 dollars not too bad it really would make more sense to colo with them http://prq.se/?p=colo&intl=1 ...alright, going through a ton of scrollback. This was my b-day weekend and also Father's Day, so i've been pretty afk... definitely if you have a nice 1U lying around up_the_irons: good to see you back up_the_irons lives :) and happy birthday happy bday :) aol me too happy birthday is that gemini or cancer gemini i imagine gemini acf_: well I know tpb doesn't use prq anymore, wonder if I could contact that neij fellow and get him to colo my box in some unknown location (pirate party data center cough cough) for me aol? mus1cb0x: people on aol used to say me too to a whole lot of posts without adding anything useful to the discussion. was that just an aol thing? no, but aol typified it oh lol/win 4 http://www.catb.org/jargon/html/A/AOL-.html the great up_the_irons returns! "See also September that never ended." hahaha no doubt acf_: @exch @exch 625 SEK to USD 625 SEK -> 94.164966172931 USD (as of Tue, 17 Jun 2014 17:00:44 -0700) ah thanks brycec PS happy birthday up_the_irons today is my lady's birthday... and I'm still at the office :( ty all for the birthday wishes @exch 400 eur to usd 400 EUR -> 541.87031959511 USD (as of Tue, 17 Jun 2014 17:00:44 -0700) mnathani: IPv6 BGP and IPv4 BGP work similarly, yes up_the_irons: good to know erratic: "do you guys have any clients who need large numbers of instances?" -- I can answer this, but i'm not sure i understand the question... mnathani: basically, everything is a tagged port yeah I wreckon anybody would want that would just go with rackspace or ec2 sorry to ask mnathani: brycec : mercutio : the backup VLAN is indeed a single VLAN, so everyone who has the dedicated NIC for the backup server is on a "shared switch", so-to-speak; and yeah, you can see other customers' backup port up_the_irons: so, technically I could request the dedicated NIC on 2 VMs, and pass traffic between them using their link local IPv6 at Gigabit speeds? and those vms dont necessarily need to be on the same customer account mnathani: yeah that sounds right up_the_irons: cool erratic: well, we don't have too many customers that have like 30 VMs, but there are some up_the_irons: do you create a bridge interface for each VPS to communicate on a different VLAN on each KVR host bridges are involved, yes mnathani: no plans for a looking glass in the near future, i just don't have the time to set it up acf_ | I think he uses Qemu/KVM with an in-house management system acf_: ^^ that's correct up_the_irons: Happy birthday! erratic: btw, i'm sorry for the slow response times; it's not typical. Father's Day and my b-day weekend all at once, so things got behind. novae: tnx! sorry about that I'll volunteer to run+admin the ARP Networks NTP server, up_the_irons :) (I'm already running one http://www.pool.ntp.org/scores/2607:f2f8:a650::3 http://www.pool.ntp.org/scores/174.136.103.130) (But I'm rubbish on LG, sorry) brycec: tell me what you need to get started (or if you just want to use your existing one(s), that's cool too) looking glass is pretty easy to do with openbsd up_the_irons: I'd be happy to use my existing one, but it's tied to my account so I'd rather not (what if my CC should fail, then ARP's NTP would be down). It's exceedingly minimal, the "small" package would be more than enough. (Could probably do it in 128MB and 2GB) And since you're familiar with Debian/Ubuntu, I'd say put up a Debian image. it would be neat to have a hardware GPS reference on it not sure about feasablity though acf: yeah That's less feasible... it's probably not unfesasable if it'll go through the datacenter ceiling? brycec: ok, i'll have to set up a new VM for it then can't ti go through the window It would require an antenna on the roof and patching the antenna down to the datacenter, probably $$ for it. i suppose it depends how close to window it is :) mercutio: windows... like to the outside world? in the middle of a datacenter? ok that sounds complicated bryce it might "just work" bryce: that's what the dc where iam is like haha i forget they're not all like that not all datacentres are in basements I think arp machines are at 900 N Alameda source: I've worked with cell companies, which require GPS signal it's a post office? Probably a former post office ;) i see windows :) Big fancy datacenters with all kinds of safeguards and security don't have windows on to the floor up_the_irons can see if his phone gets GPS in there? http://www.coresite.com/locations/los-angeles What if there's a storm and the window breaks? i'm looking at that top image, which i got when searching for 900 n or an earth quake bryce: tehy're reinforced. well earthquake is more relevant or like that movie right at your door i've been in a big earthquake, and server issues wren't that major the biggest problems were things ilke generator power and refuqeling because of restricted access etc I'm just going to let up_the_irons answer whether there are windows exposed to the floor... but what about this http://en.wikipedia.org/wiki/Right_at_Your_Door Right at Your Door :: Right at Your Door is a 2006 American thriller film about a couple and follows the events surrounding them when multiple dirty bombs detonate in Los Angeles. Chris Gorak both wrote the screenplay and directed the film in his writing and directorial debuts. It was first screened at the Sundance Film Festival in January 2006 where it was nominated for Cinematography Award and the Grand Jury Prize, winning the Cinematography.. lol with that flooding in new york i think that was the general problem too no windows in the suite that my cage is in there are windows on the same floor Im going to watch this now on netflix ok well gps is off :) well probably off is there cellphone reception there ok? GPS isn't impossible, but a whole lot more work than it's worth. Being a stratum 2 is plenty. general recommendation for ntp servers is 3 or more is the idea to have one arp ntp in the pool? mercutio: the idea is to have an NTP server on-net, for low-latency and in case The Internet implodes in the normal pool? (It's been requested a few times) If up_the_irons is okay with it, sure. Or maybe he'd prefer it were ARP customer only what if it goes down? what if it has widely wrong time? what if theres a zombie virus out break and the zombies start attacking the servers mercutio: both of which are addressed in NTP protocol the idea of 3 servers or more is that if one has widely inaccruate time, you need 3 of them to balance it out s/balance it out/invalidate it the idea of 3 servers or more is that if one has widely inaccruate time, you need 3 of them to invalidate it heh *whoosh* Bye brycec! acf_: how is the latency using a tunnel? prq was guranteed at least 200ms depends on where you are since I'm not too far from lax, I get ~10ms sometimes when Comcast and NTT aren't being stupid :) how is the comcast issue going afaik not good up_the_irons got the same response as I did for the Verizon one and nothing has changed on NTT/Comcast end did anyone see the level3 blog? http://blog.level3.com/global-connectivity/observations-internet-middleman/ erratic_: I get 154ms from ARP to xs4all.nl fwiw thats cool mercutio: yeah, saw that a while ago very interesting read "interesting" is one way to put it the problems are mostly us-centric yep. US ISPs suck and mostly in areas were monopolys exist which is everywhere? heh so if comcast/verizon/at&t have issues to cogent/ntt/level3 which side is to blame yeah I dont understand the us anymore, pretty much everything is comcast there's at&t dsl quite commonly available i thought? I wont buy service from them anymore Comcast, TWC, AT&T, Cox, Verizon, CenturyLink that's all of them afaik cox is cheap and nasty right? but still better than the others? we have Comcast here, Cox next door I've heard relatively good things about Cox actually that youtube thing was saying that twc and comcast won't compete? haven't heard of any peering congestion issues, but that doesn't mean the don't exist yeah, they have their regional monopolies i've heard bad things about comcast and verizon they want to merge, and they're arguing that it won't reduce competition and i've heard that at&t is ok if you wsant a cheap slow service. verizon sucks super duper bad yep yep yep f*** verizon at&t is like $30/month for a cheap plan? they will never get a dime from me acf_: frontier ? i get disconcerted when i read price for 6 months frontier did some pretty stupid stuff when I used them frontier is old verizon afaik. I guess I should count them? $25 for 3 megabit for 6 months http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-snloca-dsl look at the graph for ec2 dunno how much it changes to yeah theyre pretty much fios (which is nice and terrible support wise) http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-snloca non DSL router in the same building as from the previous one we don't have fios here I heard they stopped deploying it completely? so how much of the market does comcast have? here, probably Verizon's only market is people who don't know what the Internet is everybody else has Comcast Verizon's speed/service is just unbearable is it just a location thing? idk about other places. I would guess it's pretty much the same everywhere for DSL fios is very competitive though Comcast and Verizon compete aggressively in areas with fios i dunno my friend had verizon and it seemed to have ok speeds, just terrible peering it was vdsl oh and it had higher pings strange. was it on the west or east coast? they're independent systems I think kansas? what is that considered not sure middle if you look at a map, it seems it's bsaically in the middle of the US yeah, DSL uses an error correction algorithm that basically adds 32ms atleast ADSL dsl varies in that respect, but yes my adsl has 10 msec pings to next hop probably east coast system. I've never seen vdsl anywhere around here I guess your adsl is on "fastpath" I want candy and cookies and cupcakes "is Kanasas on the east or west coast?" "Neither, it's right in the middle" it's really hard to determine which it is isn't it yeah my adsl is fast path Verizon won't do fast path here vdsl on fast path is more like 5 msec that would be nice to have there's a low interleaving settings too, which is aruond 9 msec extra ping Im gonna go buy some food (not food cupcakes) 64 bytes from 114.134.4.74: icmp_req=1 ttl=62 time=4.62 ms thats my vdsl nice yeah so you're on fast path it's close enough to 5 msec yeah i am on the second best vdsl noise profile i think looks like VDSL is only available where fios is up_the_irons: happy birthday it's like a fttn thing they like to rip out your POTS wiring for FTTN btw do you have 10 megabit upload? the copper going to your NID will be removed in favor of that GPON thing except in cases where you have legacy land line for things like alarm dialers m0unds: keep the copper! i wouldn't let verizon touch my house m0unds: tnx! they also don't svc my area https://encrypted.google.com/search?hl=en&q=verizon%20house%20fire ^ lol oh up_the_irons you're on comcast right? their installers have a history of drilling into elec utility, gas utility, sewage, etc so you get to experience the comcast congestino for yourself :) i am kind of curious what will happen with NZ domestic transit with all these fibre plans etc coming out, and the biggest isp not peering mercutio: twc up_the_irons: oh, so no issues to them? not that i can tell usually congestion issues are easily noticable with ssh doo doo doo, i have this weird hourly spike at 37 past the hour and it just hit up_the_irons: any plans for the Comcast/Verizon/CentryLink issues? I know you're busy, just wondering what you think it would be best to do next NTT basically said "screw off" can anyone come up with a Cisco route-map that says "if the route is from Verizon, set local pref to XXX" or, "if route is from ASN 12345, set local pref" i would prepend not set local pref that could work too, i think.. yeh prepend works and local preference is messier mercutio: you had some other peer weighting idea earlier? nah just prepepnding? i just think verizon, comcast, at&t should be prepepnded? i usually prepend routes with cogent anywehere in them too well, I'm not qualified, but I'll look into it i've done it in zebra years back but i been using openbgp recently it's where you have match ip address ... you have to change it to the source-as oh i remember my other weighting idea that was simpler now just change the weight for level3/ntt so if the as path length is the same it prefers levl3 which means checking that the lengths are the same first mercutio: change it to match the source as? I found this so if localpref, bgp path length, are the same, .. then weight can tip the balance http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html yea so show ip bgp route 69.252.80.75 first and check length is the same comcast has that public route server if you want to look at fwd from comcast would match as-path work? yes it's regexp frmo memory you just put as 701 in the list, and match as-path and prepend if it matched? then set as-path prepend which is 25795 hmm arp stopped advertising so many routes to me i used to see the any2ix ones i imagine that's since the routes shifted off the old router ip as-path access-list crappylist permit _701_ route-map crappymap permit match as-path crappylist as-path prepend 25795 think you need someting more like ^.701$ ah ok it's not a directly connected peer, does _701_ mean something? err mean anywehre _: Matches a comma, left brace, right brace, the beginning of an input string, the end of an input string, or a space. afaik, if as 701 is in the path, it will match, right? and does set weight +1 work? or do you haev to define weights yeah i think that's the case idk about this bgp stuff but normally it's free anywhere I'm just making it up acutally it may be that it's only if it immediately ocnnected still for as-path ? and it's good practice to always do it based on 701$ or such f you want only the networks that have passed through AS 4 to enter AS 3 from Router 3, you can apply an inbound filter on Router 3. ip as-path access-list 1 permit _4_ yeah so i think it does mean anywehre If you want to deny all the networks that have originated in AS 4 and permit all other routes to enter AS 3 from Router 3, you can apply an inbound filter at Router 3, as follows: ip as-path access-list 1 deny _4$ ip as-path access-list 1 permit .* oh cool so that works _701$ yeah and _703 actually maybe just do _701_ and _703_ and get them anywehre as they are used as transit networks too that would probably be best we want to push everything that goes via Verizon over Level3 anyway # bgpctl show rib transit-as 703 | wc -l 34206 # bgpctl show rib source-as 703 | wc -l 167 # bgpctl show rib transit-as 701 | wc -l 30111 # bgpctl show rib source-as 701 | wc -l 2900 kind of well verizon is safer than most thinsg as they're only in the US but for instance, if verizon was in japan, it'd probably be better over ntt as NTT is Japanese provider but not if they still had crappy peering with NTT primarily hence the problem of traffic engineering by ASN alone up_the_irons: which is why i say influence, rather than enforce and more in favour of prepending, or setting weight, than setting local prefernce up_the_irons: can you check the as path lengths? i believe so i'm not really a route-map guru, i just know the basics heh so bgp neighborhood defines a group of routes? like North America only? show ip bgp route from memory err show ip route *bgp community? the feds took everything, they even took my tr-808 maaaan community is provider dependant, and usually tells you which country a route announces from or where it's learned from could you weight/prepend based on community? and asn to only weight/prepend Verizon routes in North America? since i'm not a Verizon customer, i won't necessarily get their communities ok, got it acf: just do it on path, but yes you can but you'd have to look at ntt's communitiys that ntt say when something is learned from verizon and the matching as path is less problematic http://www.us.ntt.net/support/policy/routing.cfm#communities verizon are only in north america i think but communities for ntt for US learned routes appears to be 2914:10-- according to http://www.peeringdb.com/view.php?asn=701 Geographic Scope: Global it may be peering locations I'd be less concerned about Comcast and CentutyLink though but do they have customers overseas oh hangon duh verizon is alter.net they're in new zealand even yeah, so I think that would be a problem or maybe it won't be? i bet nz is bad too though via ntt yeah so Level3 is good anyway for those routes too i think it's 703 used in NZ well we still need to check as path length AS703 is marked as Geographic Scope: Asia Pacific fwiw yeah and it's on peering port in nz although it says 100 megabit haha is it really? no idea that's kind of suckey i'll see if they're on the route-servers nah they're not darn pings of like 1 msec so they're probably not even local to it it's not varying much though i'm so used to routers that vary pings heaps verizon's seem to be okay actually like ping a juniper and it's like 0.5 msec, 1.1 msec this is cool http://oreilly.com/catalog/bgp/chapter/ch06.html Example 6-4: Setting the Local Preference depending on AS path yeah that basically tells you how it works prepending is in there too match from 60.234.80.173 transit-as 174 set prepend-neighbor 1 that's how you do it in openbgpd i kind of like that way myself :) up_the_irons: would you consider doing this? ^ ip as-path access-list 4 permit _701_ ip as-path access-list 4 deny .* @up_the_irons ? can anyone come up with a Cisco route-map that says "if the route is from Verizon, set local pref to XXX" route-map crappyisp permit 10 set as-path prepend 25795 that's the Cisco syntax afaik it's basically copied from that tutorial above they usually have names the access-list s? yeah ip as-path access-list crappyasns permit _701_ permit 10 is a number normally s/crappy/congested/ ip as-path access-list congestedasns permit _701_ fair enough I'm looking at Example 6-6: Prepending the AS path and usui think you can stick the as-path straight in the route map too but maybe having it in access list is better idk. it didn't look like it in the cisco docs http://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp3.pdf Autonomous system path access list. An integer from 1 to 199. oh ok you're right :) god i hate ciscso :) I tend toward the junipers does juniper implement weight? Weight is a Cisco proprietary thing and cannot be used with a Juniper device. Maybe you could use preference (not local-preference). I don't do bgp with either one ahh I would definitely play around with it if I could get my hands on an ASN you don't need an asn, you just need a router just make up an ASN :) and get a bgp feed really? you can use a private asn? how about IP announcements? yes, you can't advertise any routes but you can at least get a list of routes :) you could advertise routes if the provider stripped off your asn, and you owned that IP block.. there's some private ones like 65020 The first and last ASNs of the original 16-bit integers, namely 0 and 65535, and the last ASN of the 32-bit numbers, namely 4,294,967,295 are reserved and should not be used by operators. ASNs 64,512 to 65,534 of the original 16-bit AS range, and 4,200,000,000 to 4,294,967,294 of the 32-bit range are reserved for Private Use by RFC 6996, meaning they can be used internally but should not be announced to the global Internet. All other ASNs are subject to assignment by IANA.2w so private ASNs are like RFC1918 yeh i'm using a private asn somwehere err i was will providers (like HE or something) let you do BGP with their IP blocks? ie, without an ARIN allocation i was using 65461 when i had bird on a private vm nope i don't thin so i mean i don't think you can readvertise it darn. so it's basically impossible for individuals to do BGP? with ipv6 it's recommended to not advertise anything less than /32 to the itnernet peering exchagnes are generally ok with /48s though I was reading that yeah most individuals doing bgp have legacy ip blocks before it got insanely expensive NTT says they're okay with /48 though it depends how far it gets mainly I guess ARIN just won't issue allocations to individuals also, if someone else is advertising the /32 and you advertise the /48, and it can still go via the normal /32 you shoudl be safe i think arin will probably you just need to form some kind of use case start a vps business ors oemthing :/ you also need $$$$ I asked them actually :( http://paste.unixcube.org/k/958025 that too oh so you nede registered business name just start a company is it easy there? not sure, never done it acf incorporated lol if I could anyway, you'd need more than one provider you can often advertise providers addresses you just need to get permission first. I was thinking doing anycast might be fun on ipv4 or ipv6? so I could get providers in multiple locations doesn't matter too much, just for experimenting with it whatever is easier i see hostvirtual will do that on their own ip address space. but they're some expensive setup fee do that == let you announce their addresses? or give you VMs in different places with anycast hmm "(includes LOA so it can be used outside of our network)" http://pastebin.com/raw.php?i=TDuPg7vj damn i hate captcha's i got it wrong ilke 4 times wow that's expensive exactly i think 2 is the best way to go in general but i think it's prohibitatively expensive it'd be cool if arp could do that cheap when they get two locations, as i iamgine a few people would ilke to play yeah, I was thinking about that actually there's no way you can do less than a /24 I'm sure it could be done pretty cheap over all the customers and he's charging $1/ip/month you just have to announce one /24 in both locations, right? so it'd be similar to $250/month cost for ip usage yeah but i'd want to be able to pull ip there are various ways to go about that what are those? but you'd want to tunnel between locations that's definitely what I'd do bgp on virtual machine, a bgp trigger mechanism outside the virtual machien so that when it's down it gets pulled a host check that takes it out when it doesn't respond but for it to continue working, you'd need to be able to reach between the virtual machine facilities you could also have the same ip on more than one virtual machine in one location you could do the whole thing with software load balancer and not actually have the /32 on the machines too i think that in itself it wouldn't really make money if it was at affordable cost. it's just a cool thing to do. yeah, I see what you mean it would be fun though hmm, i have /24 at arp if we could get a shared vlan it'd be kind of nifty to have local route-server that accept's private asn's, /30s, etc.. and to be able to advertise a /32 based on acl or such, that can be advertised frmo multiple locations i mean in theory the backup network works for that atm, but that'd be kind of misuse of resources. so, like an internal BGP network? yeah comedy option: pay jump.ro $50 for a /24 i mean it's not like much traffic would go over it :) but it lets you play a little so it wouldn't be connected to the public internet, right? yeah sounds nifty so the idea would be to encourage up_the_irons to have an opt-in vlan for talking betwen each other would that be on a separate NIC? nah well separate virtual nic right I mean, that is what the backup network is right? yeah it'd be just like the backup network maybe up_the_irons would just rename the 'backup network' to the 'internal inter-customer communication network' i don't think that's a good idea i think is good to keep it separate yeah, I see your point probably only 5 people would use it it shouldn't be too difficult though i think the biggest problem with the anycast thing is bandwidth accounting is it done using SNMP now? yeh on the switch port you would have to aggregate the data from the switches at both locations I guess which means trafifc has to come through that port but i was hoping that route-server traffic could be zero-rated :) ah I guess the backup network is? yeh any idea how that works for dedicated customers? (ie, no virtual NICs) so like right now, a limited ip address pool could be used for anycast from multiple servers rather than locations but you'd have to route via normal link for accounting to work and maintain acl's so people don't advertise each other's ip's oh I see so you would advertize a /30 to the bgp router from multiple boxen well the /30 to route server is a bit different as that would be just for sharing traffic you advertise /32s for anycast normally /32 ipv4? yaeh for ipv4 you'd probably do a /128 for ipv6 but lots of people are using /64s you could do either. why use a /32 or /128? I didn't think you were supposed to do that because they're floating ip's ah you don't reach anything else on the same network you route to get to them makes sense so you'd have a route server with a /28 routed statically to it from arp and we would all announce /32s to it from different boxen? yeah that sounds easy enough then when tehre's two locations, you have openvpn tunnel or such between them so that traffic can come in from one location, and hit a box in the other location right but you still send outbound traffic normally actually this is slightly more complicated. as i'm pretty sure arp is filtering using random source ip's. they are I did a test a while ago :) so you'd also need a bypass rule per customer to allow sending from that ip out their normal internet link or perhaps just whitelist the blocks announced at both locatons? or to use source-routing to send out route server yeah i actually haven't heard anything about the second location recently I think up_the irons has been really busy with other stuff recently we shouldn't say his name it probably beeps :) does it match without the second _? no idea oh i see what you didd there i also have 202.49.64.0/24 advertised from my personal vm which has bgp too i did it on my personal vm first but like 202.49.64.0/24 and 202.49.65.0/24 were basically not being used oh oops :) i meant to say it in private haha but yeah i been doing anycast for a while you have two /24's on a single vps?! one is on vps and one is on dedicated you nede to use /24 for anycast not to worry mercutio : [FBI] has logged your ip prefixes for consumption by search engines and the like. :-) haha oh god does that mean i'll get more spam trying to buy ip adddreses for spamming from or "rent" can i cull it somehow for the coming ip shortage acf_: i would consider it, but i don't know the "Cisco" way of doing it the route-map syntax you mean? acf figured it out i didn't see an all-in-one paste just some ideas ahh ok i'll find it he should really have pastebin'ed it :) http://pastebin.com/raw.php?i=B11AEnMd erk that's missing a bit isn't it it needs match as-path 4 in the route-map bit