mercutio: http://nzix.net/peers.html
static: what about it?
static: the silly visualisation thingy?
I thought it was cool
i didn't?
such a killjoy mercutio
i tried looking around at it
i can't tell what's connected to what, too much data
all it seems to say to me is that vocus is huge
the clustering is cool
so the right side of the map is new zealand
lol i totally remember phtml; fuck i'm old
i nwver understood why people didn't do cgi's in c back then.
considering the cpus were slow, and memory was limited
cgi's in perl were much easier
and perl was really slow/bloaty
it was fast enough
mercutio: http://nzix.net/nzix-map/#HIX-CITYLINK-NZ-AP%20Hamilton%20Internet%20Exchange%20%28Citylink%29,NZ
best IX in NZ right there
well id id find the web too slow in general :)
so i stuck to irc hah
i can't see it gizmo?
it's just showing the wide map
actually mod_perl wasn't too bad
mercutio: exactly
or does linking the fragment not work?
up_the_irons: ntp reminder
anyway do a search for HIX and click on it
brycec: where did we leave off?  i think i swapped the conversation from my mind; need more RAM!
brain RAM
ok
i can't believe they called it hix
hix finds chix instead
whcih is tiny
hix is right below chix...
oh it didn't bring up the search results the frist time for some reason
his has less connections than plain :/
DTS is at HIX too, it's just not showing up for some reason
maybe with ufb more people will connect to it
http://www.nmix.net/
oh dear, this looks like it's from the 90s
it sure is
1997, in fact
is it meant to be 256 colour friendly
hy is there dithering in the anti aliasing
10/100 switch for servers and router conenctivity
the main peering in nz started in 99
but there was some peering before that
but gizmo will know more about that than me i imagine
http://www.nmix.net/people.html
nice graphs
The page on pricing for connecting to the NMIX is due to be updated.
so what happened to nmix?
yeah so I think it all started with "NZIX"
I even found the email post from Lindsay when it was decomissioned - http://list.waikato.ac.nz/pipermail/nznog/2001-August/003161.html
ahh
unfortunately it's a little hard to search for "NZIX" now :)
yeah
haha - http://wand.net.nz/wits/nzix/1/
we have network traces!
Capture Start (Local) Thu Nov 12 10:56:44 1998
Capture End (Local) Sun Apr 11 14:11:12 1999
Packets Captured 238 million
lolz. back when the internet was easy
do you read nznog gizmo?
yup
see the post just now?
i don't quite get it
from Dean?
i can't see any labels
yeh
i just see lots of circles with a - in the middle
the AS numbers are written in the circles
oh
it's tiny writing
at least they are when I load the PDF in google doc
and google docs won't zoom in enough
zoom in man
get better eyes
i'm at maximum zoom!
google drive the app is currently unreachable
gah
lol up_the_irons no worries, I know exactly what you mean
(Also my computer was just throwing a swapping fit)
hmm even when i sdave the image and zoom it's hard to read the numbers
brycec: haha
up_the_irons: You asked if ARP should just point at my own, I suggested ARP has its own instance unattached to my account. You asked what was needed, I said a "small" would be more than enough. (think I gave some specific specs, don't remember) Oh, and Debian Wheezy for the image.
ah ok
hmm can you print it?
it doesn't work for me
(I'll leave the ARP management user on there, I'll set it up with user-login only +sudo for management, I'll set up ntpd and apticron, then I'm hands-off just letting it run, plus updates)
roger that
brycec: think of a spiffy hostname
dingus
time
I was going to say "ntp1" bug dingus is good. So is hiccup
Also, tick, or tock
or ticktock
you could always cname ntp1 to it
he probably will, but the admin side still gets a special name...
a super scientific study of drug mentions on twitter has ruled that albuquerque is the meth capital of the us
"by a landslide"
haha
go figure people might talk about breaking bad on twitter
not naming it dingus
SPOILER ALERT
and denver is the stoner capital?
lol
JERK
try again :)
CO
yea
whatsit
up_the_irons: zeit
up_the_irons: Chronos
throbbingdumptruck
LOL
uhh
filet-o-fish
ant: YES
ant wins
I'm down with zeit
@wiki Zeit
Zeit :: Zeit (English: Time) is the third album by the German electronic music group Tangerine Dream. A double LP, it was released in August 1972, being the first release featuring Peter Baumann, who joined then-current members Christopher Franke and Edgar Froese.      Overview  The style of this album is slower and more atmospheric than their previous albums. Its atmospheric drone... http://en.wikipedia.org/wiki/Zeit
brycec: chronos is good too, but i like the German flair of zeit
yard-o-beef
m0unds has strange ideas on hostnames :)
tangerine dream ftw
mine are all named after pelican songs
m0unds: LOL
haha
m0unds: what aer your own boxes called?
sirius, pulse, mammoth
not quite so bad :)
also wangsmith
m0unds: tangerine dream could almost be a porn star name
hahaha, yeah
probably is a stripper's name somewhere
srsly
What /hasn't/ been used as a stripper's name?
yard-o-beef
i hope
well, maybe a male stripper's name
or filet-o-fish i guess, that'd be pretty bad too
lol
next time i go to a strip club i'm tellin' them my name is "yard-o-beef".  I will report on the results.
;)
hahah
do strip clubs ask names?
Usually only when you're coming in the back door
the strippers do
i thought they were kind of impersonal places.
ahh just to get you to like them so you give them money
yup
i'd just say i was john doe probably
they always ask names, try to be all friendly and stuff
ahh ok
up_the_irons: what dif you think of acf's route-map?
mercutio: looked promising
cool.
what's "z" in hacker...
in l33t speak?
yep
1337
i think it's just z?
h4ckt3hpl4n4t
what if it had to be a number... or a-f...  you might see where i'm going with this...
so like z317
lol
for zeit
yeah but i can't use 'z' in the IPv6 address :)
UP_7|-|3_1r0|\|$ 1$ 1|\|70 L337?
http://www.brenz.net/services/l337Maker.asp
maybe just ::3317 will do
just do f00f or something
hahaha
b1ff
2317
b00b5
lol
ofh it shoudl be 4 letters.
2 = z, close enough
i'm boring and just use a, b, c, d, e, f etc
zeit's IPv6 will be: 2607:f2f8:0:102::2317
upon second glance, that is as boring as anything else... bah
next time, b00b
yeah ther's no nice way to make ipv6 addresses look nice
thats what DNS is for,  making ip's look nice :P
7.1.3.2.0.0.0.0.0.0.0.0.0.0.0.0.2.0.1.0.0.0.0.0.8.f.2.f.7.0.6.2.ip6.arpa. 86400 IN PTR zeit.arpnetworks.com.
I guess one part has been taken care of
It's all ready to go, i just need brycec to give me his pub key so he can login
does it have its own vlan?
heh, i'm sure people ask more technical questions here than other providers :)
it's on one of our regular VLANs
whats the max mtu supported on the dedicated nics for the backup lan?
9K
nice
i wish "the internet" supported large mtu's
up_the_irons: is there a sample /etc/sysconfig/network-scripts/ifcfg-eth1 script for CentOS for use with the dedicated NIC
my attempt to initialize the NIC: Bringing up interface eth1:  Device does not seem to be present, delaying initialization.
no sample.  it's just a regular NIC
the link-local that you should be able to reach is: fe80::21b:21ff:fe93:3e08
I notice pretty consistently my ssh connection drops, it could possibly be due to the internet connection I'm on but I doubt this because I've never had problems before?
also I'd like to know how this person is able to talk to my broadcast
[252089.854106] iptables denied: IN=eth0 OUT= MAC=52:54:00:27:25:50:00:0d:65:ab:c8:bf:08:00 SRC=71.6.135.131 DST=206.125.168.79 LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=49532 PROTO=TCP SPT=32560 DPT=80 WINDOW=3474 RES=0x00 SYN URGP=0
wait nevermind it was blocked but still
I did not know that was even possible.
[root@cgirun ~]# ping6 -I eth1 fe80::21b:21ff:fe93:3e08
PING fe80::21b:21ff:fe93:3e08(fe80::21b:21ff:fe93:3e08) from fe80::5054:ff:feb7:223e eth1: 56 data bytes
64 bytes from fe80::21b:21ff:fe93:3e08: icmp_seq=1 ttl=64 time=1.29 ms
up_the_irons: success!
mnathani: awesome!
Guest32787: what's the other MAC?
that does indeed look weird
https://gist.github.com/paigeadele/92d7290e761e56e88a43
Gist: "https://gist.github.com/92d7290e761e56e88a43"
pretty happy with it over all
both of those give me 500 errors
Guest32787: well, to the rest of the internet, they don't know it's a broadcast.  broadcast addresses are routed the same way.  i don't think my core is going to deny that as a valid address even if it *is* the broadcast on your vlan.  i suspect the same would happen if someone sent a packet to your network number (the all zeros subnet address)
so, *shrug*, i think it's normal
yeah I think so too
I've never setup a network this way sadly so its just unusual to me
different stuff to look for
I just decided it would be fun to start up my windows vm, and configure the network adapter to bridge my laptop's vpn adapter and see if I can configure a static v4/v6 address for it and it worked
I kinda wish it didnt' because, the vpn client connects to openvpn, which deals/pushes a config based on the CN of the client certificate
and I wish it would only allow IP settings as per that config to be allowed for that client but oh well
http://www.petros-project.com/
up_the_irons: can I possibly pay for my service for the months to come in advance?
and possibly later if necesarry on a case by case basis just pay an additional $5 for 200GB of extra bandwidth when needed?
erratic: you can just deny access to broadcast address
lots of people block it for various reasons
up_the_irons: how do I verify if my mtu setting is working when accessing the backup server?
things like: ping6 -M do -s 8972 fe80::21b:21ff:fe93:3e08%eth1  dont seem to work
you are using ipv6
you need to go smaller
mercutio: already done
28 bytes is for ipv4
ping6 fe80::5054:ff:feb7:223e%eth1 -M do -s 10500
I meant 1500, does not work
perhaps not all switches have jumbo frames enabled
not all hosts accept large pings too
just see if tcp/ip traffic works
tcpdump
and check what the mtu says
ls works in a directory when I am connected via the linklocal ssh to the backup server from my vps, but ls -l does not work.
verified using 2 different vps
not sure if it has to do with the 9000 byte mtu
set the MTU back to 1500 and things are working now
there may be a mtu issue somewhere in the middle :)
pmtu doesn't work usually
i imagine his switches are fine, adn it may be the linux host that it goes via
IIRC up_the_irons may have to set the MTU of your bridge to the backup VLAN
^
was just thinking that
lol
oh or that
Hey m0unds quick question - how much bandwidth (network/disk) does one of your cameras chew up?
um, lowest bitrate we're using is on wlan segments and that's 1mbit/sec
typical is 2mbit
That's no tooooo bad.
that's 720p @ 30ips, h264 2mbit
Was talking with a guy tasked with quoting cctv for a school
ah
(And wondered what kind of storage was required)
"hey, I know a guy..."
yeah, it's not too bad
This school ended up with 900 cameras, and they wanted all video stored off-site
Much laughing was laughed.
900 cameras at a school?
wtf
hahah
Big school I guess, maybe multiple campuses.
ah
okay, then that makes sense
i was thinking..high school or something
(I really don't know)
offsite video wouldn't be too bad, assuming offsite could mean different location within like 70km
dark fibre?
It was for some city's public schools, and the way he talked, it was for one school. But doesn't matteer.
yea
lol
School district was definitely looking to cheap out, so no fibre
ah, so magic remote video storage
Regardless, that's ~3GBps...
mnathani: for your host on kvr29, try the mtu thing again
yeah, a bit goofy
bridge was still 1500, as well as physical int; looks like i never made that change on that host (need to add it to puppet)
m0unds: Not very smart people are involved too... not surprising, really. I'm waiting for a multicast flood :D
bwahaha
we're gonna be adding some cameras at an admin building about 7mi from this facility
our IS dept is having 70 pairs of SM run between here and there
Fun fun!
yup
Welp I'm out again... adios
ttyl
up_the_irons: 9000 byte mtu on kvr29 is a go.: 8408 bytes from fe80::21b:21ff:fe93:3e08: icmp_seq=1 ttl=64 time=1.13 ms
probably something similar on kvr02
any performance difference?
sent 395 bytes  received 1857525269 bytes  30702903.54 bytes/sec
atleast 1.5 times faster
without the 9000 mtu:
sent 395 bytes  received 1857525269 bytes  20081358.53 bytes/sec
is there a way to cycle the colours assigned to nicks in weechat?
brycec and m0unds got assigned the same color and now I have a page full of cyan. (They had a lot of back and forth messages in the last hour)
lol mnathani I know what you mean
especially hard to read things with nicks of the same length
I gues I could just quit weechat and re-join
no go: still the same colours for brycec and m0unds
mnathani: If it's like the irssi plugin, it's based on the length of the nick
wee, my AC blew up
eek
At least you had AC to blow up :p
up_the_irons: zeit's setup
brycec: is it limited to respond only to ARP addresses? Or will it be part of a larger pool - open to all ?
I set it up publicly
Even part of pool.ntp.org
up_the_irons is free to object
http://www.pool.ntp.org/scores/2607:f2f8:0:102::2317 http://www.pool.ntp.org/scores/208.79.89.249
brycec: cool
Only 100mbps so don't flood it >.>
<.<
(or maybe it's mirrors.arpnetworks.com that's 100mbps)
ntpdate: 20 Jun 01:11:05 ntpdate[2086]: step time server 208.79.89.249 offset -170.759611 sec
sheesh mnathani
haha, i don't think houses exist in NM without some form of climate control
unless you live in a 200 year old half-buried adobe thing in taos or something
haha
m0unds: Up on the Canadian border (or close to) they do. Well most new houses have central heat/cool. But apartments are lucky if they have a little wall/window unit.
yeah, i had a friend who lived in victoria and didn't have AC
but i said NM :)
not cananadada
my buddy's apt in southern california didn't have AC either, now that i think about it (seal beach area)
harsh
is it just me or is verizon/comcast looking better tonight
not Verizon
according to smokeping anyway
comcast has 0 packets dropped with 100 packets
comcast is super intermittent
http://kremvax.acfsys.net/smokeping.cgi?target=Remote.comcastnet
oh wow
and verizon is slightly intermittent
maybe i was just lucky
now i'm finding loss
ah
have you tried curl with smokeping?
you mean instead of fping?
I haven't
or as well
it's pretty good for showing throughput
I'll have to configure that up
it's not too bad
http://pastebin.com/2TNdU3tb
i forced ipv4 and noproxy
as i have http_proxy in envronment and restarted smokeping
and ipv6 gives different performance to ipv4, and when you connect via hostname it can often default to it
giving misleading results.
thanks for the config
I'll drop it in
i have a few targets
i just gave one as an example
i do most of my testing on port 24 to bypass proxies
bypass proxies?
where is the traffic proxied?
transparent proxies
anywhere
I actually wasn't aware that existed
on the public internet
traffic is transparent proied on most isp's here
how can a transparent proxy be detected?
is it stuff is forefront or squid?
lots of them spoof the client ip these days
tcptraceroute is usually the easisest way
why would they want/need to have them?
performance, bandwith savings
i'm in favour of proxying tbh
i wish things like wikipedia would cache better though
and it means if there's connections like wifi it tends to improve performance
or overloaded web sties
3g networks do it soemetimes too afaik
mnathani: roger on the 9000 mtu
brycec: thanks for setting up zeit!  i don't mind it being part of pool.ntp.org, as long as that dumb monlist thing is turned off (e.g. the NTP amp. attacks we saw a couple months ago)
up_the_irons: quick question
is it possible for arp metal customers to be on the backup network?
you are already on gigabit LAN, so whats the point?
perhaps the jumbo frames, maybe
yeah
jumbo frames, and inter-customer connectivity
acf_: i haven't done that before.  all ports are access ports (not trunk), or in non-cisco speak, they are untagged ports.  so i can't give ARP Metal customers the backup vlan tag.  However, with some modifications, it's not impossible.
up_the_irons: any idea why the 9000mtu wouldnt work on my kvr02 VPS?
up_the_irons: Yep, long-patched in ntp, And i've double-checked it.
so port wuold have to be switched to trunk
brycec: did you install something like fail2ban or apf/bfd for the ntp server to deal with brute force attempts
mnathani: cuz i haven't made the same changes as i did on kvr29
brycec: awesome, tnx
brycec: the ssh port should be changed; cheap way to avoid a potential of problems
acl ssh?
to all who would like to beta test zeit (our new official NTP server, thanks to brycec), you can use: zeit.arpnetworks.com
mnathani: fail2ban
up_the_irons: sure, one sec
up_the_irons: everything looking clean with your tcpdumps?
yeah, not much traffic :)
not yet anyways
My ARP VPS has 602 hosts in its monlist, but it's been public for a little while
cool
mnathani: your kvr02 vps should be good to go with mtu 9k now also