| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| mercutio | cdns care about tcp access times i think
and prefer faster loading pages like from cdns actually when i say search engines, i mean google, and it's only what i've heard acf: i have limited anycast usually you use your normal asn for anycast, but you do have to kind of dedicate a /24 to it the most used case for anycast atm is dns and dns resolvers often consult dns servers that aren't the cloesst location. if using anycast you still should have more than one server location err, i mean you shouldn't just advertise a /24 in multiple locations, and all of your name servers as seperate hosts at that location, as if location has an issue thigns can become unreachable. | [00:53] |
| .... (idle for 18mn) | ||
| *** | brycec has quit IRC (*.net *.split)
CaZe has quit IRC (*.net *.split) hazardous has quit IRC (*.net *.split) NiTeMaRe has quit IRC (*.net *.split) Hien has quit IRC (*.net *.split) eryc has quit IRC (*.net *.split) pjs has quit IRC (*.net *.split) BryceBot has quit IRC (*.net *.split) up_the_irons has quit IRC (*.net *.split) josephb has quit IRC (*.net *.split) m0unds has quit IRC (*.net *.split) phlux has quit IRC (*.net *.split) KILLALLHUMANS01 has quit IRC (*.net *.split) mike-burns has quit IRC (*.net *.split) pcn has quit IRC (*.net *.split) meingtsla has quit IRC (*.net *.split) kevr has quit IRC (*.net *.split) KDE_Perry has quit IRC (*.net *.split) mercutio has quit IRC (*.net *.split) twobithacker has quit IRC (*.net *.split) Hien has joined #arpnetworks eryc has joined #arpnetworks hazardous has joined #arpnetworks brycec has joined #arpnetworks CaZe has joined #arpnetworks pjs has joined #arpnetworks NiTeMaRe has joined #arpnetworks BryceBot has joined #arpnetworks up_the_irons has joined #arpnetworks josephb has joined #arpnetworks barjavel.freenode.net sets mode: +o up_the_irons m0unds has joined #arpnetworks phlux has joined #arpnetworks KILLALLHUMANS01 has joined #arpnetworks mike-burns has joined #arpnetworks pcn has joined #arpnetworks meingtsla has joined #arpnetworks kevr has joined #arpnetworks KDE_Perry has joined #arpnetworks mercutio has joined #arpnetworks twobithacker has joined #arpnetworks barjavel.freenode.net sets mode: +o mike-burns novae has quit IRC (Ping timeout: 255 seconds) jpalmer has quit IRC (Ping timeout: 255 seconds) novae has joined #arpnetworks jpalmer has joined #arpnetworks tabthorpe has quit IRC (Ping timeout: 255 seconds) CaZe_ has joined #arpnetworks CaZe has quit IRC (Remote host closed the connection) CaZe_ is now known as CaZe tabthorpe has joined #arpnetworks tabthorpe has quit IRC (Changing host) tabthorpe has joined #arpnetworks | [01:16] |
| plett | mercutio: Anycasting dns resolvers is very commonplace. We do that within our network mainly for resiliance, so resolvers in one city are reachable on the same IPs the clients are using if one set fail
mercutio: Doing it on the authoritative side is slightly more controversial though. When DNS was invented hostnames were never intended to change IP rapidly, or to have different records depending on where you were asking from. It was intended that record caching would keep the answers local in the resolver for popular hosts, and only be re-fetched from the authoritative server once a day/week/month/whatever In that model it doesn't really matter if the authoriative server is 500ms away, as you're only sending it one query a week | [01:29] |
| *** | tabthorpe has quit IRC (*.net *.split)
brycec has quit IRC (*.net *.split) hazardous has quit IRC (*.net *.split) NiTeMaRe has quit IRC (*.net *.split) Hien has quit IRC (*.net *.split) eryc has quit IRC (*.net *.split) pjs has quit IRC (*.net *.split) BryceBot has quit IRC (*.net *.split) up_the_irons has quit IRC (*.net *.split) josephb has quit IRC (*.net *.split) | [01:33] |
| tabthorpe has joined #arpnetworks
Hien has joined #arpnetworks eryc has joined #arpnetworks hazardous has joined #arpnetworks brycec has joined #arpnetworks BryceBot has joined #arpnetworks up_the_irons has joined #arpnetworks josephb has joined #arpnetworks NiTeMaRe has joined #arpnetworks pjs has joined #arpnetworks barjavel.freenode.net sets mode: +o up_the_irons | [01:44] | |
| ............ (idle for 57mn) | ||
| jcv has quit IRC (Ping timeout: 255 seconds)
jcv has joined #arpnetworks | [02:41] | |
| ..... (idle for 20mn) | ||
| mercutio | well now ttl's are like 300 seconds etc plett
peltt: dns resolvers and authorative are both commonly anycast now but it's also common for people to anycast primatry and secondary dns servers it's also common not to but if you anycast to the same dc... one of the cdn's was doing it i think and i'm pretty sure opendns do it too plett it is actually realyl hard to benchmark dns performance though, most isp's are fast for google etc, but when you get to werid domain names they can vary so do you take notice of "average request time" or how quick the less common domain name lookusp are | [03:01] |
| ................................................................... (idle for 5h34mn) | ||
| *** | ant has quit IRC (Ping timeout: 252 seconds)
ant has joined #arpnetworks | [08:40] |
| ..... (idle for 22mn) | ||
| m0unds | you could always test w/dnsbench (late reply)
it can be a handy way to test recursive resolver perf | [09:02] |
| ..... (idle for 20mn) | ||
| brycec | (no later a reply than up_the_irons ...)
He must have overexerted himself last week upgrading 2 hosts | [09:22] |
| *** | ^Erick^ has joined #arpnetworks | [09:30] |
| ............. (idle for 1h2mn) | ||
| ^Erick^ has left "Textual IRC Client: www.textualapp.com" | [10:32] | |
| ............................... (idle for 2h34mn) | ||
| abthorpet has joined #arpnetworks | [13:06] | |
| abthorpet has quit IRC (Remote host closed the connection)
tabthorpe has quit IRC (Remote host closed the connection) | [13:11] | |
| jcv has quit IRC (*.net *.split)
hazardous has quit IRC (*.net *.split) NiTeMaRe has quit IRC (*.net *.split) Hien has quit IRC (*.net *.split) eryc has quit IRC (*.net *.split) pjs has quit IRC (*.net *.split) BryceBot has quit IRC (*.net *.split) up_the_irons has quit IRC (*.net *.split) josephb has quit IRC (*.net *.split) dr_jkl has joined #arpnetworks jcv has joined #arpnetworks Hien has joined #arpnetworks eryc has joined #arpnetworks hazardous has joined #arpnetworks pjs has joined #arpnetworks josephb has joined #arpnetworks up_the_irons has joined #arpnetworks BryceBot has joined #arpnetworks barjavel.freenode.net sets mode: +o up_the_irons | [13:19] | |
| dr_jkl | up_the_irons: wb | [13:22] |
| *** | NiTeMaRe has joined #arpnetworks
brycec has quit IRC (*.net *.split) | [13:23] |
| brycec has joined #arpnetworks | [13:30] | |
| m0unds | http://i.imgur.com/uqmZK9v.png wee | [13:31] |
| brycec | heh
brycec grumbles about Freenode | [13:32] |
| acf_ | nice netsplit there
m0unds: yep m0unds: btw, up_the_irons emailed NTT got the same response as I did | [13:32] |
| m0unds | fantastic | [13:34] |
| brycec | bummer | [13:35] |
| m0unds | it's rendering my use of this vm as a ts/murmur server sort of moot since 80% of my users are on comcast or centurylink
both of which have heavily congested ntt peering during peak hrs | [13:35] |
| acf_ | yeah, I know what you mean | [13:35] |
| m0unds | i moved murmur and teamspeak to a box on my home cable connection temporarily so we can actually use voice
haha | [13:36] |
| acf_ | up_the_irons hasn't been around in a while, maybe he'll do something when he gets back
yeah, it kills voip | [13:36] |
| m0unds | i'd only use ts, but some of the guys who play project reality really like the positional audio stuff you can do w/PR and mumble | [13:36] |
| acf_ | hmm, interesting | [13:37] |
| brycec | @last up_the_irons | [13:37] |
| BryceBot | brycec, I last saw up_the_irons 4 days 19 hours 51 min 15 sec ago saying in a channel: m0unds: roger. | [13:37] |
| brycec | nearly 5 days... | [13:37] |
| acf_ | he'll have a giant /away log to go through | [13:39] |
| m0unds | hahaha | [13:39] |
| .... (idle for 19mn) | ||
| dr_jkl | up_the_irons: my vps is still network-deaf :| | [13:58] |
| ........ (idle for 38mn) | ||
| hazardous | who's roger | [14:36] |
| brycec | "The International Civil Aviation Organization (ICAO) officially defines the word "roger" to mean "I have received all of your transmission."" | [14:38] |
| hazardous | i wonder why roger of all things | [14:44] |
| *** | m0unds has quit IRC (Quit: derf) | [14:47] |
| m0unds has joined #arpnetworks | [14:52] | |
| ..... (idle for 21mn) | ||
| jlgaddis has quit IRC (Ping timeout: 245 seconds) | [15:13] | |
| brycec | hazardous: Before 'r' was romeo in phonetic alphabets, 'roger' was used.
@wiki Voice procedure | [15:22] |
| BryceBot | Voice procedure :: Voice procedure includes various techniques used to clarify, simplify, and standardize spoken communications over two-way radios, in use by the military, in civil aviation, police and fire dispatching systems, citizens' band radio (CB), etc. Specially, for civil aviation - it used to be called aeronautical phraseology. Voice procedure communications are intended to... http://en.wikipedia.org/wiki/Voice%20procedure | [15:22] |
| ....... (idle for 30mn) | ||
| brycec | "Roger" was the U.S. military designation for the letter R (as in received) from 1927 to 1957.[4] | [15:52] |
| dr_jkl | *sigh* | [15:54] |
| BryceBot | *sigh* | [15:54] |
| dr_jkl | no ticket update in 24h for a deaf server :| | [15:58] |
| acf_ | dr_jkl: what exactly is happening? | [16:00] |
| dr_jkl | acf_: account was reactivated from suspension and the vlan is supposedly active but the vps can't ping it's gateway or the world
networking is configured correctly and while the initial response to the ticket was nice and fast, i updated the ticket at around 6pm last night and here we are at 7pm today and i have the cube root of sweet fuck-all to show for it | [16:00] |
| acf_ | out of curiosity, what happens if you run tcpdump on the interface
and try to ping the machine from outside | [16:02] |
| dr_jkl | i can't, because tcpdump isnt installed on this box
and i cant reach the world :D so traceroute stops at r1.lax.arpnetworks.com so it's not my issue | [16:03] |
| acf_ | s1.lax? | [16:04] |
| dr_jkl | r1.lax.arpnetworks.com (208.79.88.2)
thats the last hop before the void | [16:04] |
| acf_ | is that normally the last hop before your box? | [16:05] |
| brycec | So what you do is open hexedit and start copying over tcpdump :p | [16:06] |
| acf_ | lol
or zmodem maybe check the output of ifconfig | [16:06] |
| brycec | Heck you could base64 encode/decode files and paste it through console.arpnetworks.com | [16:06] |
| dr_jkl | acf_: tbh i do not know, i haven't had a reason to poke this box for ~6months | [16:06] |
| acf_ | see if it says it received anything
RX bytes:250505173287 (233.3 GiB) TX bytes:257057917197 (239.4 GiB) also arp -a | [16:06] |
| dr_jkl | my rx/tx counts are in the kilobyte range, the thing is deaf as a post
my arp cache is empty | [16:07] |
| acf_ | ahh darn
well, hope you get that fixed soon I'm sure you'll get a reply within 48 hours of your posting | [16:08] |
| dr_jkl | yeah considering i have to do stuff on this box today i am kinda hoping it gets fixed sooner rather than later | [16:09] |
| brycec | I just up up_the_irons wasn't run over by a bus or similar | [16:09] |
| dr_jkl | up_the_irons: you werent run over by a bus were you | [16:09] |
| brycec | It's very unusual for him to be silent so long | [16:09] |
| acf_ | when did he reply to your support ticket the first time? | [16:10] |
| dr_jkl | brycec: i know... i mean | [16:10] |
| brycec | The upside: Free service until things break down. <.<
>.> (at least for those with working VPSs) | [16:10] |
| dr_jkl | acf_: 6/16/14 @ 06:02pm (T+6 minutes
so it was rly fast | [16:10] |
| brycec | June 16? That would be last night... | [16:11] |
| acf_ | so he was alive then :) | [16:11] |
| dr_jkl | yeah | [16:11] |
| brycec | So where was he??? Why wasn't he here then?
Unless you're referring to the autoresponder... | [16:11] |
| dr_jkl | im just getitng shit from people who need stuff the box provides
and i mean i cant really be mad thing got suspended because the card expired and nobody noticed & the lack of response is very atypical its almost like the ethernet interface isnt attached properly in whatever hypervisor etc is being used | [16:11] |
| acf_ | I think he probably just disabled your vlan config thingy on the router
do you have multiple boxen with arp? | [16:13] |
| dr_jkl | he said he enabled it
acf_: no | [16:13] |
| brycec | Perhaps he reused your IP on another vlan? | [16:13] |
| dr_jkl | thats the thing, he said it was enabled, so i poked around and im like 'nope, use a bigger hammer' | [16:13] |
| acf_ | well, in the mean time, you *could* try brycec's base64 idea
get the .deb or whatever, base64 encode it, write a perl/python script... | [16:14] |
| dr_jkl | i'm not sure i want to put the effort into that for a $10 vps | [16:15] |
| brycec | It can't be that much effort... | [16:15] |
| acf_ | what variant of Linux? | [16:15] |
| dr_jkl | debian wheezy | [16:15] |
| acf_ | oh cool | [16:15] |
| brycec | The binary is only 16,741 lines base64-encoded | [16:16] |
| acf_ | do you have libpcap? | [16:16] |
| dr_jkl | 'only' lol
acf_: probably not - i made this box a mailserver and didnt really put anything else on because i was in a hurry | [16:16] |
| brycec | dr_jkl: just curious, what's the IP of your host? | [16:16] |
| dr_jkl | won't make that mistake again
brycec: 174.136.100.58 | [16:16] |
| brycec | Yep, the router just doesn't know where to go with it. | [16:17] |
| acf_ | dpkg-query -l libpcap0.8
dpkg-query -l libssl1.0.0 dpkg-query -l multiarch-support | [16:17] |
| brycec | So I'm guessing that the VLAN was reenabled, but the router didn't get the /29 readded to it. | [16:17] |
| dr_jkl | acf_: nada | [16:18] |
| acf_ | brycec: ever heard of r1.lax? | [16:18] |
| brycec | yes | [16:18] |
| dr_jkl | brycec: the irritating problem is it's like 30 seconds worth of work for something that has me dead in the water :P | [16:18] |
| brycec | Maybe the Debian ISO has the package? | [16:18] |
| acf_ | oh good idea | [16:18] |
| dr_jkl | brycec: i was given the netinst iso, i doubt it | [16:18] |
| brycec | Or at least boot to one of the other ISOs that has tcpdump on it | [16:18] |
| dr_jkl | if the iso is still there, i mean | [16:18] |
| acf_ | you can change ISOs in the portal
to basically anything | [16:19] |
| brycec | There are some "rescue" ones that might | [16:19] |
| dr_jkl | oh yeah i forgot i can do that
but he only hsa the debian netinst :| dr_jkl uses SUMMON up_the_irons | [16:19] |
| ........... (idle for 51mn) | ||
| *** | mus1cb0x has joined #arpnetworks | [17:11] |
| mus1cb0x | happy to report back that enabling the green status bar (and therefore clock->minutely network traffic for update) has caused my connection to vps on kvr14 to become stable
2 days and no d/c which wouldn't have happened before so is the most likely cause of the silent broken pipe my pf config losing state after some time and treating the connection traffic as unknown? | [17:12] |
| mercutio | mus1cb0x: is this since the node update? | [17:23] |
| mus1cb0x | last monday? | [17:23] |
| mercutio | something like that
i'm on kvr15 so i can't be sure :) | [17:23] |
| mus1cb0x | it seemed like it, however i doubt it now. i think it's a config problem on my end | [17:24] |
| mercutio | i don't really use state with pf myself | [17:24] |
| mus1cb0x | why not? | [17:24] |
| mercutio | i don't see the point
and it can break things :) i hate it when i have a ssh open for a couple of days, adn i type something on it, and it closes and that kind of problem is quite common when using state which means applications have to send regular puluses to stay alive | [17:25] |
| mus1cb0x | yea true | [17:26] |
| mercutio | ssh has rekeying at least
i use the arguement sometimes that state doesn't work with ddos but really on a "good" ddos nothing works | [17:26] |
| mus1cb0x | rekeying? | [17:27] |
| mercutio | ssh changes it's key between client/server | [17:27] |
| erratic | acf_: no response, just requested a quote for a dedi from prq | [17:28] |
| mus1cb0x | i don't get your point on state and ddos 'working' | [17:28] |
| dr_jkl | sadly, the person i was doing the work for has decided to go with another company over arp because of this :|
*shrug* i tried... | [17:28] |
| mus1cb0x | over what dr_jkl? | [17:29] |
| erratic | itll be spensive but tired of waiting and presumably they can get it done Ive had good experiences with them in the past | [17:29] |
| dr_jkl | mus1cb0x: no update to ticket in 24h for a server with a netowrking problem on arp's end
i tried. sorry guys. | [17:29] |
| *** | dr_jkl has left | [17:29] |
| acf_ | erratic: dedi sounds expensive
did they say the could route you a /29 ? it might be nice to have it at prq actually if you're going to be in Europe | [17:30] |
| mus1cb0x | what's prq? | [17:31] |
| acf_ | http://prq.se/ | [17:32] |
| erratic | acf_: waiting to find out from them | [17:32] |
| mus1cb0x | looks good | [17:33] |
| erratic | acf_: yeah I donno it means a lot to me I've wanted this for a long time now and finally I found arp and they seem too busy | [17:34] |
| acf_ | I'd give it a bit more time
usually up_the irons is pretty fast on the response time it's also a really nice service once it's set up | [17:34] |
| erratic | ooo
http://prq.se/?p=special&intl=1 lol | [17:37] |
| mercutio | ddos often overflows state tables | [17:38] |
| acf_ | BryceBot: 625 SEK to USD | [17:38] |
| erratic | its about 90 dollars | [17:38] |
| acf_ | not too bad | [17:39] |
| erratic | it really would make more sense to colo with them
http://prq.se/?p=colo&intl=1 | [17:39] |
| up_the_irons | ...alright, going through a ton of scrollback. This was my b-day weekend and also Father's Day, so i've been pretty afk... | [17:39] |
| acf_ | definitely if you have a nice 1U lying around
up_the_irons: good to see you back | [17:39] |
| mercutio | up_the_irons lives :) | [17:40] |
| acf_ | and happy birthday | [17:40] |
| erratic | happy bday :) | [17:40] |
| mercutio | aol me too happy birthday
is that gemini or cancer gemini i imagine | [17:40] |
| up_the_irons | gemini | [17:41] |
| erratic | acf_: well I know tpb doesn't use prq anymore, wonder if I could contact that neij fellow and get him to colo my box in some unknown location (pirate party data center cough cough) for me | [17:42] |
| mus1cb0x | aol? | [17:42] |
| mercutio | mus1cb0x: people on aol used to say me too to a whole lot of posts
without adding anything useful to the discussion. | [17:42] |
| mus1cb0x | was that just an aol thing? | [17:43] |
| mercutio | no, but aol typified it | [17:43] |
| mus1cb0x | oh | [17:43] |
| erratic | lol/win 4 | [17:43] |
| mercutio | http://www.catb.org/jargon/html/A/AOL-.html | [17:44] |
| brycec | the great up_the_irons returns! | [17:44] |
| mus1cb0x | "See also September that never ended."
hahaha no doubt | [17:44] |
| brycec | acf_: @exch
@exch 625 SEK to USD | [17:45] |
| BryceBot | 625 SEK -> 94.164966172931 USD (as of Tue, 17 Jun 2014 17:00:44 -0700) | [17:46] |
| acf_ | ah thanks brycec | [17:46] |
| brycec | PS happy birthday up_the_irons
today is my lady's birthday... and I'm still at the office :( | [17:46] |
| up_the_irons | ty all for the birthday wishes
@exch 400 eur to usd | [17:49] |
| BryceBot | 400 EUR -> 541.87031959511 USD (as of Tue, 17 Jun 2014 17:00:44 -0700) | [17:49] |
| up_the_irons | mnathani: IPv6 BGP and IPv4 BGP work similarly, yes | [18:03] |
| mnathani | up_the_irons: good to know | [18:12] |
| *** | mus1cb0x has left "WeeChat 0.4.2" | [18:16] |
| up_the_irons | erratic: "do you guys have any clients who need large numbers of instances?" -- I can answer this, but i'm not sure i understand the question...
mnathani: basically, everything is a tagged port | [18:19] |
| erratic | yeah I wreckon anybody would want that would just go with rackspace or ec2
sorry to ask | [18:22] |
| up_the_irons | mnathani: brycec : mercutio : the backup VLAN is indeed a single VLAN, so everyone who has the dedicated NIC for the backup server is on a "shared switch", so-to-speak; and yeah, you can see other customers' backup port | [18:23] |
| mnathani | up_the_irons: so, technically I could request the dedicated NIC on 2 VMs, and pass traffic between them using their link local IPv6 at Gigabit speeds?
and those vms dont necessarily need to be on the same customer account | [18:25] |
| up_the_irons | mnathani: yeah that sounds right | [18:26] |
| mnathani | up_the_irons: cool | [18:26] |
| up_the_irons | erratic: well, we don't have too many customers that have like 30 VMs, but there are some | [18:27] |
| mnathani | up_the_irons: do you create a bridge interface for each VPS to communicate on a different VLAN on each KVR host | [18:27] |
| up_the_irons | bridges are involved, yes
mnathani: no plans for a looking glass in the near future, i just don't have the time to set it up acf_ | I think he uses Qemu/KVM with an in-house management system acf_: ^^ that's correct | [18:28] |
| novae | up_the_irons: Happy birthday! | [18:39] |
| up_the_irons | erratic: btw, i'm sorry for the slow response times; it's not typical. Father's Day and my b-day weekend all at once, so things got behind.
novae: tnx! | [18:39] |
| erratic | sorry about that | [18:41] |
| *** | erratic has quit IRC (Quit: Reconnecting)
erratic has joined #arpnetworks erratic is now known as Guest85668 Guest85668 is now known as erratic_ | [18:48] |
| brycec | I'll volunteer to run+admin the ARP Networks NTP server, up_the_irons :) (I'm already running one http://www.pool.ntp.org/scores/2607:f2f8:a650::3 http://www.pool.ntp.org/scores/174.136.103.130)
(But I'm rubbish on LG, sorry) | [18:56] |
| up_the_irons | brycec: tell me what you need to get started (or if you just want to use your existing one(s), that's cool too) | [18:57] |
| mercutio | looking glass is pretty easy to do with openbsd | [18:58] |
| brycec | up_the_irons: I'd be happy to use my existing one, but it's tied to my account so I'd rather not (what if my CC should fail, then ARP's NTP would be down). It's exceedingly minimal, the "small" package would be more than enough. (Could probably do it in 128MB and 2GB) And since you're familiar with Debian/Ubuntu, I'd say put up a Debian image. | [18:59] |
| acf_ | it would be neat to have a hardware GPS reference on it
not sure about feasablity though | [19:00] |
| mercutio | acf: yeah | [19:00] |
| brycec | That's less feasible... | [19:00] |
| mercutio | it's probably not unfesasable | [19:00] |
| acf_ | if it'll go through the datacenter ceiling? | [19:00] |
| up_the_irons | brycec: ok, i'll have to set up a new VM for it then | [19:01] |
| mercutio | can't ti go through the window | [19:01] |
| brycec | It would require an antenna on the roof and patching the antenna down to the datacenter, probably $$ for it. | [19:01] |
| mercutio | i suppose it depends how close to window it is :) | [19:01] |
| brycec | mercutio: windows... like to the outside world? in the middle of a datacenter? | [19:01] |
| mercutio | ok that sounds complicated bryce | [19:01] |
| acf_ | it might "just work" | [19:01] |
| mercutio | bryce: that's what the dc where iam is like haha
i forget they're not all like that not all datacentres are in basements | [19:01] |
| acf_ | I think arp machines are at 900 N Alameda | [19:02] |
| brycec | source: I've worked with cell companies, which require GPS signal | [19:02] |
| acf_ | it's a post office? | [19:02] |
| brycec | Probably a former post office ;) | [19:02] |
| mercutio | i see windows :) | [19:02] |
| brycec | Big fancy datacenters with all kinds of safeguards and security don't have windows on to the floor | [19:03] |
| acf_ | up_the_irons can see if his phone gets GPS in there? | [19:03] |
| mercutio | http://www.coresite.com/locations/los-angeles | [19:03] |
| brycec | What if there's a storm and the window breaks? | [19:03] |
| mercutio | i'm looking at that top image, which i got when searching for 900 n | [19:03] |
| erratic_ | or an earth quake | [19:03] |
| mercutio | bryce: tehy're reinforced.
well earthquake is more relevant | [19:03] |
| erratic_ | or like that movie right at your door | [19:04] |
| mercutio | i've been in a big earthquake, and server issues wren't that major
the biggest problems were things ilke generator power and refuqeling because of restricted access etc | [19:04] |
| brycec | I'm just going to let up_the_irons answer whether there are windows exposed to the floor... | [19:04] |
| erratic_ | but what about this http://en.wikipedia.org/wiki/Right_at_Your_Door | [19:04] |
| BryceBot | Right at Your Door :: Right at Your Door is a 2006 American thriller film about a couple and follows the events surrounding them when multiple dirty bombs detonate in Los Angeles. Chris Gorak both wrote the screenplay and directed the film in his writing and directorial debuts. It was first screened at the Sundance Film Festival in January 2006 where it was nominated for Cinematography Award and the Grand Jury Prize, winning the Cinematography.. | [19:04] |
| brycec | brycec has to go home anyways | [19:04] |
| erratic_ | lol | [19:04] |
| mercutio | with that flooding in new york i think that was the general problem too | [19:05] |
| up_the_irons | no windows in the suite that my cage is in
there are windows on the same floor | [19:05] |
| erratic_ | Im going to watch this now on netflix | [19:05] |
| mercutio | ok well gps is off :)
well probably off is there cellphone reception there ok? | [19:05] |
| brycec | GPS isn't impossible, but a whole lot more work than it's worth. Being a stratum 2 is plenty. | [19:05] |
| mercutio | general recommendation for ntp servers is 3
or more is the idea to have one arp ntp in the pool? | [19:07] |
| brycec | mercutio: the idea is to have an NTP server on-net, for low-latency and in case The Internet implodes | [19:07] |
| mercutio | in the normal pool? | [19:07] |
| brycec | (It's been requested a few times)
If up_the_irons is okay with it, sure. Or maybe he'd prefer it were ARP customer only | [19:07] |
| mercutio | what if it goes down? what if it has widely wrong time? | [19:08] |
| erratic_ | what if theres a zombie virus out break and the zombies start attacking the servers | [19:08] |
| brycec | mercutio: both of which are addressed in NTP protocol | [19:08] |
| mercutio | the idea of 3 servers or more is that if one has widely inaccruate time, you need 3 of them to balance it out | [19:08] |
| brycec | s/balance it out/invalidate it | [19:09] |
| BryceBot | <mercutio> the idea of 3 servers or more is that if one has widely inaccruate time, you need 3 of them to invalidate it | [19:09] |
| mercutio | heh | [19:09] |
| brycec | *whoosh* | [19:09] |
| BryceBot | Bye brycec! | [19:09] |
| erratic_ | acf_: how is the latency using a tunnel?
prq was guranteed at least 200ms | [19:12] |
| acf_ | depends on where you are
since I'm not too far from lax, I get ~10ms sometimes when Comcast and NTT aren't being stupid :) | [19:12] |
| mercutio | how is the comcast issue going | [19:13] |
| acf_ | afaik not good
up_the_irons got the same response as I did for the Verizon one and nothing has changed on NTT/Comcast end | [19:13] |
| mercutio | did anyone see the level3 blog?
http://blog.level3.com/global-connectivity/observations-internet-middleman/ | [19:14] |
| acf_ | erratic_: I get 154ms from ARP to xs4all.nl fwiw | [19:15] |
| erratic_ | thats cool | [19:15] |
| acf_ | mercutio: yeah, saw that a while ago
very interesting read | [19:15] |
| *** | erratic_ has left | [19:16] |
| mercutio | "interesting" is one way to put it | [19:16] |
| *** | erratic_ has joined #arpnetworks | [19:16] |
| mercutio | the problems are mostly us-centric | [19:16] |
| acf_ | yep. US ISPs suck | [19:16] |
| mercutio | and mostly in areas were monopolys exist | [19:16] |
| acf_ | which is everywhere? | [19:16] |
| mercutio | heh
so if comcast/verizon/at&t have issues to cogent/ntt/level3 which side is to blame | [19:16] |
| erratic_ | yeah I dont understand the us anymore, pretty much everything is comcast | [19:17] |
| mercutio | there's at&t dsl quite commonly available i thought? | [19:17] |
| erratic_ | I wont buy service from them anymore | [19:17] |
| acf_ | Comcast, TWC, AT&T, Cox, Verizon, CenturyLink
that's all of them afaik | [19:17] |
| mercutio | cox is cheap and nasty right?
but still better than the others? | [19:17] |
| acf_ | we have Comcast here, Cox next door
I've heard relatively good things about Cox actually | [19:18] |
| mercutio | that youtube thing was saying that twc and comcast won't compete? | [19:18] |
| acf_ | haven't heard of any peering congestion issues, but that doesn't mean the don't exist
yeah, they have their regional monopolies | [19:18] |
| mercutio | i've heard bad things about comcast and verizon | [19:18] |
| acf_ | they want to merge, and they're arguing that it won't reduce competition | [19:18] |
| mercutio | and i've heard that at&t is ok if you wsant a cheap slow service. | [19:19] |
| acf_ | verizon sucks super duper bad | [19:19] |
| erratic_ | yep yep yep
f*** verizon | [19:19] |
| mercutio | at&t is like $30/month for a cheap plan? | [19:19] |
| erratic_ | they will never get a dime from me
acf_: frontier ? | [19:19] |
| mercutio | i get disconcerted when i read price for 6 months | [19:19] |
| erratic_ | frontier did some pretty stupid stuff when I used them | [19:19] |
| acf_ | frontier is old verizon afaik. I guess I should count them? | [19:19] |
| mercutio | $25 for 3 megabit for 6 months | [19:20] |
| acf_ | http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-snloca-dsl
look at the graph for ec2 | [19:20] |
| mercutio | dunno how much it changes to | [19:20] |
| erratic_ | yeah theyre pretty much fios (which is nice and terrible support wise) | [19:20] |
| acf_ | http://kremvax.acfsys.net/smokeping.cgi?target=Remote.verizon-snloca
non DSL router in the same building as from the previous one we don't have fios here I heard they stopped deploying it completely? | [19:20] |
| mercutio | so how much of the market does comcast have? | [19:23] |
| *** | dj_goku has quit IRC (Remote host closed the connection) | [19:23] |
| acf_ | here, probably Verizon's only market is people who don't know what the Internet is
everybody else has Comcast Verizon's speed/service is just unbearable | [19:23] |
| mercutio | is it just a location thing? | [19:24] |
| acf_ | idk about other places. I would guess it's pretty much the same everywhere for DSL
fios is very competitive though Comcast and Verizon compete aggressively in areas with fios | [19:24] |
| mercutio | i dunno my friend had verizon and it seemed to have ok speeds, just terrible peering
it was vdsl oh and it had higher pings | [19:25] |
| acf_ | strange. was it on the west or east coast?
they're independent systems I think | [19:25] |
| mercutio | kansas?
what is that considered | [19:25] |
| acf_ | not sure | [19:26] |
| mercutio | middle
if you look at a map, it seems it's bsaically in the middle of the US | [19:26] |
| acf_ | yeah, DSL uses an error correction algorithm that basically adds 32ms
atleast ADSL | [19:26] |
| mercutio | dsl varies in that respect, but yes
my adsl has 10 msec pings to next hop | [19:26] |
| acf_ | probably east coast system. I've never seen vdsl anywhere around here
I guess your adsl is on "fastpath" | [19:27] |
| erratic_ | I want candy and cookies and cupcakes | [19:27] |
| mercutio | "is Kanasas on the east or west coast?" "Neither, it's right in the middle"
it's really hard to determine which it is isn't it yeah my adsl is fast path | [19:27] |
| acf_ | Verizon won't do fast path here | [19:28] |
| mercutio | vdsl on fast path is more like 5 msec | [19:28] |
| acf_ | that would be nice to have | [19:28] |
| mercutio | there's a low interleaving settings too, which is aruond 9 msec extra ping | [19:28] |
| erratic_ | Im gonna go buy some food
(not food cupcakes) | [19:29] |
| gizmoguy | 64 bytes from 114.134.4.74: icmp_req=1 ttl=62 time=4.62 ms
thats my vdsl | [19:30] |
| acf_ | nice | [19:30] |
| mercutio | yeah so you're on fast path
it's close enough to 5 msec | [19:30] |
| gizmoguy | yeah i am on the second best vdsl noise profile i think | [19:31] |
| acf_ | looks like VDSL is only available where fios is | [19:31] |
| m0unds | up_the_irons: happy birthday | [19:31] |
| acf_ | it's like a fttn thing | [19:31] |
| m0unds | they like to rip out your POTS wiring for FTTN
btw | [19:31] |
| mercutio | do you have 10 megabit upload? | [19:31] |
| m0unds | the copper going to your NID will be removed in favor of that GPON thing
except in cases where you have legacy land line for things like alarm dialers | [19:31] |
| mercutio | m0unds: keep the copper! | [19:32] |
| m0unds | i wouldn't let verizon touch my house | [19:32] |
| up_the_irons | m0unds: tnx! | [19:32] |
| m0unds | they also don't svc my area
https://encrypted.google.com/search?hl=en&q=verizon%20house%20fire ^ | [19:32] |
| acf_ | lol | [19:32] |
| mercutio | oh up_the_irons you're on comcast right? | [19:32] |
| m0unds | their installers have a history of drilling into elec utility, gas utility, sewage, etc | [19:32] |
| mercutio | so you get to experience the comcast congestino for yourself :)
i am kind of curious what will happen with NZ domestic transit with all these fibre plans etc coming out, and the biggest isp not peering | [19:32] |
| up_the_irons | mercutio: twc | [19:36] |
| mercutio | up_the_irons: oh, so no issues to them? | [19:36] |
| up_the_irons | not that i can tell | [19:37] |
| mercutio | usually congestion issues are easily noticable with ssh
doo doo doo, i have this weird hourly spike at 37 past the hour and it just hit | [19:37] |
| acf_ | up_the_irons: any plans for the Comcast/Verizon/CentryLink issues?
I know you're busy, just wondering what you think it would be best to do next NTT basically said "screw off" | [19:41] |
| up_the_irons | can anyone come up with a Cisco route-map that says "if the route is from Verizon, set local pref to XXX"
or, "if route is from ASN 12345, set local pref" | [19:43] |
| mercutio | i would prepend not set local pref | [19:43] |
| up_the_irons | that could work too, i think.. | [19:44] |
| staticsafe | staticsafe tries to remember CCNP route knowledge | [19:44] |
| mercutio | yeh prepend works
and local preference is messier | [19:45] |
| acf_ | mercutio: you had some other peer weighting idea earlier? | [19:45] |
| mercutio | nah just prepepnding? i just think verizon, comcast, at&t should be prepepnded?
i usually prepend routes with cogent anywehere in them too | [19:45] |
| acf_ | well, I'm not qualified, but I'll look into it | [19:46] |
| mercutio | i've done it in zebra years back
but i been using openbgp recently it's where you have match ip address ... you have to change it to the source-as oh i remember my other weighting idea that was simpler now just change the weight for level3/ntt so if the as path length is the same it prefers levl3 which means checking that the lengths are the same first | [19:47] |
| acf_ | mercutio: change it to match the source as?
I found this | [19:50] |
| mercutio | so if localpref, bgp path length, are the same, .. then weight can tip the balance | [19:50] |
| acf_ | http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html | [19:50] |
| m0unds | yea | [19:50] |
| mercutio | so show ip bgp route 69.252.80.75 first
and check length is the same | [19:51] |
| m0unds | comcast has that public route server if you want to look at fwd from comcast | [19:51] |
| acf_ | would match as-path work? | [19:51] |
| mercutio | yes
it's regexp frmo memory | [19:52] |
| acf_ | you just put as 701 in the list, and match as-path and prepend if it matched? | [19:52] |
| mercutio | then set as-path prepend <arp asn>
which is 25795 hmm arp stopped advertising so many routes to me i used to see the any2ix ones i imagine that's since the routes shifted off the old router | [19:53] |
| acf_ | ip as-path access-list crappylist permit _701_
route-map crappymap permit match as-path crappylist as-path prepend 25795 | [19:57] |
| mercutio | think you need someting more like ^.701$ | [19:57] |
| acf_ | ah ok | [19:58] |
| mercutio | it's not a directly connected peer, does _701_ mean something?
err mean anywehre | [19:58] |
| acf_ | _: Matches a comma, left brace, right brace, the beginning of an input string, the end of an input string, or a space.
afaik, if as 701 is in the path, it will match, right? | [19:58] |
| mercutio | and does set weight +1 work?
or do you haev to define weights yeah i think that's the case | [19:59] |
| acf_ | idk about this bgp stuff | [20:00] |
| mercutio | but normally it's free anywhere | [20:00] |
| acf_ | I'm just making it up | [20:00] |
| mercutio | acutally it may be that it's only if it immediately ocnnected still | [20:00] |
| acf_ | for as-path ? | [20:00] |
| mercutio | and it's good practice to always do it based on 701$ or such
f you want only the networks that have passed through AS 4 to enter AS 3 from Router 3, you can apply an inbound filter on Router 3. ip as-path access-list 1 permit _4_ yeah so i think it does mean anywehre If you want to deny all the networks that have originated in AS 4 and permit all other routes to enter AS 3 from Router 3, you can apply an inbound filter at Router 3, as follows: ip as-path access-list 1 deny _4$ ip as-path access-list 1 permit .* | [20:00] |
| acf_ | oh cool
so that works _701$ | [20:02] |
| mercutio | yeah and _703
actually maybe just do _701_ and _703_ and get them anywehre as they are used as transit networks too | [20:02] |
| acf_ | that would probably be best
we want to push everything that goes via Verizon over Level3 anyway | [20:03] |
| mercutio | # bgpctl show rib transit-as 703 | wc -l
34206 # bgpctl show rib source-as 703 | wc -l 167 # bgpctl show rib transit-as 701 | wc -l 30111 # bgpctl show rib source-as 701 | wc -l 2900 kind of well verizon is safer than most thinsg as they're only in the US but for instance, if verizon was in japan, it'd probably be better over ntt as NTT is Japanese provider | [20:03] |
| acf_ | but not if they still had crappy peering with NTT | [20:05] |
| mercutio | primarily | [20:05] |
| up_the_irons | hence the problem of traffic engineering by ASN alone | [20:05] |
| mercutio | up_the_irons: which is why i say influence, rather than enforce
and more in favour of prepending, or setting weight, than setting local prefernce up_the_irons: can you check the as path lengths? | [20:05] |
| up_the_irons | i believe so
i'm not really a route-map guru, i just know the basics | [20:07] |
| mercutio | heh | [20:09] |
| acf_ | so bgp neighborhood
defines a group of routes? like North America only? | [20:09] |
| mercutio | show ip bgp route <ip> from memory
err show ip route | [20:09] |
| acf_ | *bgp community? | [20:10] |
| erratic_ | the feds took everything, they even took my tr-808 maaaan | [20:10] |
| mercutio | community is provider dependant, and usually tells you which country a route announces from
or where it's learned from | [20:10] |
| erratic_ | erratic_ offers qfc cookies to channel | [20:12] |
| acf_ | could you weight/prepend based on community?
and asn to only weight/prepend Verizon routes in North America? | [20:12] |
| up_the_irons | since i'm not a Verizon customer, i won't necessarily get their communities | [20:16] |
| acf_ | ok, got it | [20:18] |
| mercutio | acf: just do it on path, but yes you can
but you'd have to look at ntt's communitiys that ntt say when something is learned from verizon and the matching as path is less problematic http://www.us.ntt.net/support/policy/routing.cfm#communities verizon are only in north america i think but communities for ntt for US learned routes appears to be 2914:10-- | [20:20] |
| acf_ | according to
http://www.peeringdb.com/view.php?asn=701 Geographic Scope: Global | [20:23] |
| mercutio | it may be peering locations | [20:24] |
| acf_ | I'd be less concerned about Comcast and CentutyLink though | [20:24] |
| mercutio | but do they have customers overseas
oh hangon duh verizon is alter.net they're in new zealand even | [20:24] |
| acf_ | yeah, so I think that would be a problem
or maybe it won't be? | [20:24] |
| mercutio | i bet nz is bad too though via ntt | [20:24] |
| acf_ | yeah
so Level3 is good anyway for those routes too | [20:24] |
| mercutio | i think it's 703 used in NZ
well we still need to check as path length | [20:25] |
| acf_ | AS703 is marked as
Geographic Scope: Asia Pacific fwiw | [20:25] |
| mercutio | yeah and it's on peering port in nz
although it says 100 megabit haha | [20:26] |
| acf_ | is it really? | [20:26] |
| mercutio | no idea | [20:26] |
| acf_ | that's kind of suckey | [20:26] |
| mercutio | i'll see if they're on the route-servers
nah they're not | [20:26] |
| acf_ | darn | [20:27] |
| mercutio | pings of like 1 msec
so they're probably not even local to it it's not varying much though i'm so used to routers that vary pings heaps | [20:27] |
| acf_ | verizon's seem to be okay actually | [20:28] |
| mercutio | like ping a juniper and it's like 0.5 msec, 1.1 msec | [20:28] |
| .... (idle for 16mn) | ||
| *** | wacker has joined #arpnetworks | [20:44] |
| acf_ | this is cool
http://oreilly.com/catalog/bgp/chapter/ch06.html Example 6-4: Setting the Local Preference depending on AS path | [20:53] |
| mercutio | yeah that basically tells you how it works
prepending is in there too match from 60.234.80.173 transit-as 174 set prepend-neighbor 1 that's how you do it in openbgpd i kind of like that way myself :) | [20:54] |
| *** | novae has quit IRC (Ping timeout: 252 seconds) | [20:56] |
| acf_ | up_the_irons: would you consider doing this? ^
ip as-path access-list 4 permit _701_ ip as-path access-list 4 deny .* | [20:57] |
| mercutio | @up_the_irons ? can anyone come up with a Cisco route-map that says "if the route is from Verizon, set local pref to XXX" | [20:58] |
| acf_ | route-map crappyisp permit 10
set as-path prepend 25795 that's the Cisco syntax afaik | [20:58] |
| *** | novae has joined #arpnetworks | [20:59] |
| acf_ | it's basically copied from that tutorial above | [20:59] |
| mercutio | they usually have names | [20:59] |
| acf_ | the access-list s? | [20:59] |
| mercutio | yeah | [20:59] |
| acf_ | ip as-path access-list crappyasns permit _701_ | [20:59] |
| mercutio | permit 10 is a number normally
s/crappy/congested/ | [21:00] |
| BryceBot | <acf_> ip as-path access-list congestedasns permit _701_ | [21:00] |
| acf_ | fair enough
I'm looking at Example 6-6: Prepending the AS path | [21:00] |
| mercutio | and usui think you can stick the as-path straight in the route map too
but maybe having it in access list is better | [21:01] |
| acf_ | idk. it didn't look like it in the cisco docs | [21:01] |
| mercutio | http://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp3.pdf | [21:01] |
| acf_ | Autonomous system path access list. An integer from 1 to 199. | [21:02] |
| mercutio | oh
ok you're right :) god i hate ciscso :) | [21:02] |
| acf_ | I tend toward the junipers | [21:03] |
| mercutio | does juniper implement weight?
Weight is a Cisco proprietary thing and cannot be used with a Juniper device. Maybe you could use preference (not local-preference). | [21:05] |
| acf_ | I don't do bgp with either one | [21:06] |
| mercutio | ahh | [21:06] |
| acf_ | I would definitely play around with it if I could get my hands on an ASN | [21:06] |
| mercutio | you don't need an asn, you just need a router
just make up an ASN :) and get a bgp feed | [21:07] |
| acf_ | really? you can use a private asn?
how about IP announcements? | [21:07] |
| mercutio | yes, you can't advertise any routes
but you can at least get a list of routes :) you could advertise routes if the provider stripped off your asn, and you owned that IP block.. there's some private ones like 65020 The first and last ASNs of the original 16-bit integers, namely 0 and 65535, and the last ASN of the 32-bit numbers, namely 4,294,967,295 are reserved and should not be used by operators. ASNs 64,512 to 65,534 of the original 16-bit AS range, and 4,200,000,000 to 4,294,967,294 of the 32-bit range are reserved for Private Use by RFC 6996, meaning they can be used internally but should not be announced to the global Internet. All other ASNs are subject to assignment by IANA.2w | [21:07] |
| acf_ | so private ASNs are like RFC1918 | [21:09] |
| mercutio | yeh
i'm using a private asn somwehere err i was | [21:09] |
| acf_ | will providers (like HE or something) let you do BGP with their IP blocks?
ie, without an ARIN allocation | [21:10] |
| mercutio | i was using 65461
when i had bird on a private vm nope i don't thin so i mean i don't think you can readvertise it | [21:10] |
| acf_ | darn. so it's basically impossible for individuals to do BGP? | [21:12] |
| mercutio | with ipv6 it's recommended to not advertise anything less than /32 to the itnernet
peering exchagnes are generally ok with /48s though | [21:12] |
| acf_ | I was reading that | [21:12] |
| mercutio | yeah most individuals doing bgp have legacy ip blocks
before it got insanely expensive | [21:12] |
| acf_ | NTT says they're okay with /48 though | [21:12] |
| mercutio | it depends how far it gets | [21:12] |
| acf_ | mainly I guess ARIN just won't issue allocations to individuals | [21:13] |
| mercutio | also, if someone else is advertising the /32 and you advertise the /48, and it can still go via the normal /32
you shoudl be safe i think arin will probably you just need to form some kind of use case start a vps business ors oemthing :/ | [21:13] |
| staticsafe | you also need $$$$ | [21:13] |
| acf_ | I asked them actually :(
http://paste.unixcube.org/k/958025 | [21:13] |
| mercutio | that too
oh so you nede registered business name just start a company is it easy there? | [21:13] |
| acf_ | not sure, never done it | [21:14] |
| mercutio | acf incorporated | [21:14] |
| acf_ | lol if I could | [21:15] |
| mercutio | anyway, you'd need more than one provider
you can often advertise providers addresses you just need to get permission first. | [21:16] |
| acf_ | I was thinking doing anycast might be fun | [21:17] |
| mercutio | on ipv4 or ipv6? | [21:17] |
| acf_ | so I could get providers in multiple locations
doesn't matter too much, just for experimenting with it whatever is easier | [21:17] |
| mercutio | i see
hostvirtual will do that on their own ip address space. but they're some expensive setup fee | [21:18] |
| acf_ | do that == let you announce their addresses?
or give you VMs in different places with anycast hmm "(includes LOA so it can be used outside of our network)" | [21:18] |
| mercutio | http://pastebin.com/raw.php?i=TDuPg7vj
damn i hate captcha's i got it wrong ilke 4 times | [21:20] |
| acf_ | wow that's expensive | [21:21] |
| mercutio | exactly
i think 2 is the best way to go in general but i think it's prohibitatively expensive it'd be cool if arp could do that cheap when they get two locations, as i iamgine a few people would ilke to play | [21:21] |
| acf_ | yeah, I was thinking about that actually | [21:23] |
| mercutio | there's no way you can do less than a /24 | [21:23] |
| acf_ | I'm sure it could be done pretty cheap
over all the customers | [21:23] |
| mercutio | and he's charging $1/ip/month | [21:23] |
| acf_ | you just have to announce one /24 in both locations, right? | [21:23] |
| mercutio | so it'd be similar to $250/month cost for ip usage
yeah but i'd want to be able to pull ip there are various ways to go about that | [21:23] |
| acf_ | what are those? | [21:25] |
| mercutio | but you'd want to tunnel between locations | [21:25] |
| acf_ | that's definitely what I'd do | [21:25] |
| mercutio | bgp on virtual machine, a bgp trigger mechanism outside the virtual machien
so that when it's down it gets pulled a host check that takes it out when it doesn't respond but for it to continue working, you'd need to be able to reach between the virtual machine facilities you could also have the same ip on more than one virtual machine in one location you could do the whole thing with software load balancer and not actually have the /32 on the machines too i think that in itself it wouldn't really make money if it was at affordable cost. it's just a cool thing to do. | [21:25] |
| acf_ | yeah, I see what you mean
it would be fun though | [21:27] |
| mercutio | hmm, i have /24 at arp
if we could get a shared vlan it'd be kind of nifty to have local route-server that accept's private asn's, /30s, etc.. and to be able to advertise a /32 based on acl or such, that can be advertised frmo multiple locations i mean in theory the backup network works for that atm, but that'd be kind of misuse of resources. | [21:29] |
| acf_ | so, like an internal BGP network? | [21:35] |
| mercutio | yeah | [21:36] |
| hazardous | comedy option: pay jump.ro $50 for a /24 | [21:36] |
| mercutio | i mean it's not like much traffic would go over it :)
but it lets you play a little | [21:37] |
| acf_ | so it wouldn't be connected to the public internet, right? | [21:37] |
| mercutio | yeah | [21:37] |
| acf_ | sounds nifty | [21:38] |
| mercutio | so the idea would be to encourage up_the_irons to have an opt-in vlan for talking betwen each other | [21:38] |
| acf_ | would that be on a separate NIC? | [21:38] |
| mercutio | nah
well separate virtual nic | [21:38] |
| acf_ | right
I mean, that is what the backup network is right? | [21:38] |
| mercutio | yeah
it'd be just like the backup network | [21:39] |
| acf_ | maybe up_the_irons would just rename the 'backup network' to the 'internal inter-customer communication network' | [21:40] |
| mercutio | i don't think that's a good idea
i think is good to keep it separate | [21:41] |
| acf_ | yeah, I see your point | [21:41] |
| mercutio | probably only 5 people would use it | [21:43] |
| acf_ | it shouldn't be too difficult though | [21:44] |
| mercutio | i think the biggest problem with the anycast thing is bandwidth accounting | [21:44] |
| acf_ | is it done using SNMP now? | [21:45] |
| mercutio | yeh
on the switch port | [21:45] |
| acf_ | you would have to aggregate the data from the switches at both locations I guess | [21:45] |
| mercutio | which means trafifc has to come through that port
but i was hoping that route-server traffic could be zero-rated :) | [21:45] |
| acf_ | ah
I guess the backup network is? | [21:46] |
| mercutio | yeh | [21:46] |
| acf_ | any idea how that works for dedicated customers?
(ie, no virtual NICs) | [21:47] |
| mercutio | so like right now, a limited ip address pool could be used for anycast from multiple servers
rather than locations but you'd have to route via normal link for accounting to work and maintain acl's so people don't advertise each other's ip's | [21:47] |
| acf_ | oh I see
so you would advertize a /30 to the bgp router from multiple boxen | [21:48] |
| mercutio | well the /30 to route server is a bit different
as that would be just for sharing traffic you advertise /32s for anycast normally | [21:48] |
| acf_ | /32 ipv4? | [21:49] |
| mercutio | yaeh for ipv4
you'd probably do a /128 for ipv6 but lots of people are using /64s you could do either. | [21:49] |
| acf_ | why use a /32 or /128? I didn't think you were supposed to do that | [21:50] |
| mercutio | because they're floating ip's | [21:51] |
| acf_ | ah | [21:51] |
| mercutio | you don't reach anything else on the same network
you route to get to them | [21:51] |
| acf_ | makes sense
so you'd have a route server with a /28 routed statically to it from arp and we would all announce /32s to it from different boxen? | [21:52] |
| mercutio | yeah | [21:52] |
| acf_ | that sounds easy enough | [21:52] |
| mercutio | then when tehre's two locations, you have openvpn tunnel or such between them
so that traffic can come in from one location, and hit a box in the other location | [21:53] |
| acf_ | right | [21:53] |
| mercutio | but you still send outbound traffic normally
actually this is slightly more complicated. as i'm pretty sure arp is filtering using random source ip's. | [21:54] |
| acf_ | they are
I did a test a while ago :) | [21:54] |
| mercutio | so you'd also need a bypass rule per customer to allow sending from that ip out their normal internet link | [21:54] |
| acf_ | or perhaps just whitelist the blocks announced at both locatons? | [21:55] |
| mercutio | or to use source-routing to send out route server
yeah i actually haven't heard anything about the second location recently | [21:55] |
| acf_ | I think up_the irons has been really busy with other stuff recently | [21:56] |
| mercutio | we shouldn't say his name
it probably beeps :) | [21:57] |
| acf_ | does it match without the second _? | [21:57] |
| mercutio | no idea
oh i see what you didd there | [21:57] |
| i also have 202.49.64.0/24 advertised from my personal vm
which has bgp too i did it on my personal vm first but like 202.49.64.0/24 and 202.49.65.0/24 were basically not being used oh oops :) i meant to say it in private haha but yeah i been doing anycast for a while | [22:09] | |
| .... (idle for 15mn) | ||
| hazardous | you have two /24's on a single vps?! | [22:25] |
| mercutio | one is on vps and one is on dedicated
you nede to use /24 for anycast | [22:28] |
| ..... (idle for 23mn) | ||
| mnathani | not to worry mercutio : [FBI] has logged your ip prefixes for consumption by search engines and the like. :-) | [22:52] |
| mercutio | haha
oh god does that mean i'll get more spam trying to buy ip adddreses for spamming from or "rent" can i cull it somehow for the coming ip shortage | [22:53] |
| ..... (idle for 23mn) | ||
| *** | acf_ has quit IRC (*.net *.split)
z310 has quit IRC (*.net *.split) | [23:19] |
| acf_ has joined #arpnetworks
z310 has joined #arpnetworks | [23:24] | |
| .... (idle for 17mn) | ||
| up_the_irons | acf_: i would consider it, but i don't know the "Cisco" way of doing it | [23:41] |
| mercutio | the route-map syntax you mean?
acf figured it out | [23:43] |
| up_the_irons | i didn't see an all-in-one paste
just some ideas | [23:54] |
| mercutio | ahh ok
i'll find it he should really have pastebin'ed it :) http://pastebin.com/raw.php?i=B11AEnMd erk that's missing a bit isn't it it needs match as-path 4 in the route-map bit | [23:54] |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
