***: kevr_ has quit IRC (Changing host)
kevr_ has joined #arpnetworks
kevr_ is now known as kevr mnathani: ] ***: tabthorpe has quit IRC (Quit: leaving)
tabthorpe has joined #arpnetworks
tabthorpe has quit IRC (Changing host)
tabthorpe has joined #arpnetworks
mike-burns has quit IRC (Quit: WeeChat 1.0.1)
mike-burns has joined #arpnetworks
ChanServ sets mode: +o mike-burns mus1cbox: ya im not looking forward to using ipv6. so fucking long staticsafe: just use DNS brycec: ^ mus1cbox: how would you assign an ipv6 ip to a new machine, before it's even up and has a chance to be configured with dns?
or maybe it is the dns server brycec: Plus if you have a brain like mine, it's easy to remember /64 portion plett: mus1cbox: SLAAC brycec: dhcpv6 can register with dns
or use mdns
or just stop caring about addresses...
(i.e. slaac) mus1cbox: oh
so you guys are having a fine experience running ipv6? mercutio: static: no-one uses dns on ipv6 brycec: Huh ^? mercutio: dns reverse lookups bascially don't exist. mus1cbox: wtf why not brycec: uh... what? ^?
mercutio: you trolling? mercutio: because providers never seem to configure it? brycec: Because... DNS still a thing, including PTR. mercutio: brycec: do some traceroutes over ipv6...
you'll quickly see 8/10 or more ipv6 addresses have no reverse dns brycec: lazy providers... Half my v4 hops across comcast don't have ptr's. Doesn't mean nobody DNS' on IPv4 though. mercutio: like tracing www.google.com from arp has 0 dns reverse lookups. brycec: Nah, it has 1 - google's mercutio: not here mus1cbox: seems ipv6 is reducing network accessibility for admins brycec: 11. iad23s23-in-x03.1e100.net 0.0% 6 68.4 68.5 68.4 68.7 0.2 mercutio: http://pastebin.com/raw.php?i=kFTYJ0W6 plett: mercutio: That's not a v6 thing, Google suck at adding v4 PTR records as well as v6 mercutio: weird traceroute isn't working with udp or icmp wioth ipv4
oh just timing oitu hop
10 pa-in-f106.1e100.net (74.125.25.106) 30.763 ms 30.771 ms 30.612 ms
i got one google lookup mus1cbox: is it true ipv6 is less secure? brycec: No
It's as-secure as v4
generally mercutio: mus1cbox: lots of users don't do firewalls on ipv6.
and were relying on nat for "firewall" on ipv4. brycec: there are some security/privacy extensions available to v6 too
As a technology, it's as-secure mercutio: so you may find suddenly you can accept incoming connections when you coiuldn't before. brycec: It's just the same as before "everybody" was NAT'ing mercutio: there are some neighour exhaustion issues too. mus1cbox: ah brycec: (and "everybody" used global v4 addresses) mus1cbox: what's neighbor exhaustion? mercutio: brycec: yes, but now people have the internet that used to not.
mus1cbox: it's when your subnet gets scanned and your router struggles to deal with checking out who is there.
it's kind of like the "too large bridge domain" issue with ipv4.
http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf mus1cbox: oh
ty
does ipv6 improve susceptibility to ddos? mercutio: uhh
ddos is a complex issue.
you can trivially overload switches etc.
it should be fixed sometime. m0unds: the only improvement to ddos susceptibility is that lots of zombie boxes used to attack stuff don't have ipv6 connectivity yet mus1cbox: hahha
security through lack of connectivity :P mercutio: m0unds: i thought hetzner etc had ipv6 now? m0unds: mercutio: could be, i have no idea
but there are still tons of compromised residential machines being used as attack sources mercutio: oh wtf
this is worse on that gear than i thought
1 pps of traffic with random ipv6 source address can full ndp table. mus1cbox: pps? mercutio: oh that's coming forom inside the network
packet per second mus1cbox: you don't mean petabyte do you?
oh phew mercutio: this is sounding worse and worse :)
that's on nexus 5500
with juniper it's slightly better apparently. m0unds: yes, faster cpu, more ram mus1cbox: death by 1pbs
pps*
yea i think next time i buy networking gear i'll replace cisco with juniper mercutio: so yeah don't use l3 switches for ipv6? m0unds: there are pitfalls with either
mercutio: yeah, haha mercutio: i hate dhcp
i hate arp
not arp networks
arp the protocol m0unds: YOU BASTARD
GET OUT mercutio: i hate neighbour discovery m0unds: i hate my neighbors mus1cbox: m0unds: choosing a name like arp networks, you have to expect some confusion mercutio: heh m0unds: mus1cbox: i know it mercutio: i actually kind of think there should just be a secure key between ethernet devices
with maximum advertised ip's etc./
and dynamic routing type stuff with filters.
and cut out bridging type systems
but if using neighbour discovery you could still limit individual users to using too many addresses etc
there's a discussion on nznog about ipv6 prefix size to allocate to end users. mus1cbox: what's the thinking? mercutio: not much currently.
not the best time of year to get responses :)
whenever i see an interesting post i hope people have interesting replys. but often the good posts don't get many answers.
i'm about to redo my raid... fun times.
going from 3 to 4 drives and new raid array is going to be slightly annoying
as don't have enough sata ports :( ***: novae_ has quit IRC (Ping timeout: 265 seconds)
novae has joined #arpnetworks mus1cbox: do you use zfs? mercutio: yes
and mdadm
i'm using mdadm in raid 10, and zfs in raid-z
but going to do raid 10 for both i think
but raid 0 for bulk storage.
and just backup over network to hard-disk system
this is ssd only :)
only got 3x120gb atm though
and upgrading to 2x250 and 2x480
trying to decide on layout.. i'm thinking like 32gb for mdadm per disk, 4gb for swap, 16gb for proxy, 200gb for zfs
maybe 192gb for zfs, i have to short stroke a bit more the 250s i think.
then like 220x2 extra for zfs raid 0
fuck it i'll just do the root first :)
i hate grub up_the_irons: +1 JC_Denton: lilo felt so much easier mercutio: JC_Denton: does lilo support uefi?
i probably should research other boot loaders. staticsafe: no it doesn't brycec: elilo does
@wiki elilo BryceBot: LILO (boot loader) :: LILO (LInux LOader) is a boot loader for Linux and was the default boot loader for most Linux distributions in the years after the popularity of loadlin. Today, most distributions use GRUB as the default boot loader. Overview LILO does not depend on a specific file system, and can boot an operating system (e.g., Linux kernel images) from floppy disks... http://en.wikipedia.org/wiki/LILO%20%28boot%20loader%29 -: dne prefers syslinux - recent versions have EFI support mercutio: interesting.
i really just want to be able to select a few different kernels to boot jpalmer: how many people will stop following me on twitter, if I tweet about a powershell post? :P mercutio: heh
only one way to find out :)
Timing buffered disk reads: 4660 MB in 3.00 seconds = 1552.74 MB/sec
nice and fast raid :) ***: SpeedBus has quit IRC (Quit: SpeedBus@CrownCloud.net) mus1cbox: https://www.youtube.com/watch?v=sV_bDXgeg7Q BryceBot: YouTube People: "Counterfeiting : Documentary on the Business of Counterfeits and Knock-Offs" by The New School (1h 35m 17s), 892,712 views, 2,727 likes and 256 dislikes. Uploaded 2013-10-01T03:56:12.000Z. mus1cbox: interesting watch, esp for anyone who takes pharmaceutical drugs m0unds: hahaha, i got a ps3 eye camera for doing head tracking in ARMA and flight sims
my wife was freaked out moving her head and having it pan the view around mus1cbox: step 1. step 2, Fabio.
(http://www.fabioifc.com/) mercutio: that does sound a little disorientating
uh oh i'm reading slashdot again. bots are scanning github to steal amazon ec2 keys. mus1cbox: how could that be, git users are soooo smart mercutio: heh