#arpnetworks 2015-01-28,Wed

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)
WhoWhatWhen
***KDE_Perry has quit IRC () [01:23]
KDE_Perry has joined #arpnetworks [01:28]
mercutiosounds like your version is too new
you have to downgrade to 6.18 apparently
assuming 6.18 is less than 6.5
maybe you need to upgrade?
because apparently 5.2 is older trhan 5.18
oh apparently it works in 6.14 to 6.18 		[01:40]
brycec'18' > '5' [01:46]
mercutioyeah
it may work again now
routeros is good at breaking things 		[01:46]
BryceBotThat's what she said!! [01:47]
mercutioi seem to remember hearing of version 6.26 being reasonably current? [01:47]
ant6.26 isn't released yet [01:48]
brycecjust 6.26 is their rc
according to http://www.mikrotik.com/download 		[01:48]
mercutiooh
maybe it was 6.25 then 		[01:48]
brycec6.25 is latest stable in the 6.x branch, 5.26 and 4.17 respectively [01:48]
mercutiomaybe i got confused with 5.26 then
isn't routeros 6 way less stable than 5?
*) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used;
scary changelogs (that's for 6.25) 		[01:48]
brycecscarier if "didn't fix..." :P [01:49]
mercutiowhenever i see the changelogs for routeros stuff it always seems to suggest that things are fixed that wen't broken and then were broken
suggesting that things break a lot randomly 		[01:50]
anti never had stability problems with 6. but i only use my mikrotiks as simple wlan access points [01:50]
mercutioi think most of the issues are with mpls, dynamic routing, ppp, queues etc.
so yeah as a dumb switch or bridge it may be stable 		[01:51]
antimho using mikrotiks as switches sucks because of their weird stp implementation (just like linux sucks in that regard) [01:52]
mercutiowell not everyone uses stp :/
i doubt most users of routeros do. 		[01:53]
anti still don't know how to have make a trunk port speak stp properly [01:53]
mercutiomy switch has stp enabled.
but it defaulted that way :/
i used to be using a unifi wireless ap which was pretty unstable.
but i haven't had a single stability issue with tp-link that i replaced it with.
it's capable of running openwrt etc too. but haven't tried yet.
i got a second one so i could :/
i've got another wireless ap as a client bridging to ethernet ports, which is tp-link too. using gargoyle, and that was pretty easy to install. 		[01:53]
.................................................. (idle for 4h5mn)
***jpalmer has joined #arpnetworks [06:01]
jpalmeripv6 appears to be down for me. anyone else? [06:01]
antworks for me [06:01]
jpalmerinteresting. I can't even ping my gateway
nevermind. traceroute shows it's an issue on my ISP's side. it's not making it to the first hop past my ISP's gateway.
wait, that can't be right, cuz I can't ping it from another server in california, either.
ant: can you ping 2607:f2f8:ab28::2 or ::1 ? 		[06:02]
mhoranYes. [06:05]
jpalmerboth are responding? [06:06]
mhoranBoth are responding. [06:06]
antfrom here too [06:07]
jpalmerok, I need to figure this out then. I'm not able to ping it from 3 different networks [06:07]
............ (idle for 58mn)
mkbjpalmet, I can ping both (from ARP) but traceroute to ::2 never finishes [07:05]
m0unds1traceroutes from comcast & linode in dallas both look ok to me [07:14]
.................. (idle for 1h25mn)
***m0unds1 is now known as m0unds [08:39]
............... (idle for 1h11mn)
sjackso has joined #arpnetworks [09:50]
.......................... (idle for 2h6mn)
_Zodiac has joined #arpnetworks
_Zodiac has left 		[11:56]
........ (idle for 39mn)
mnathani__How does centralized logon generally for Linux work in Enterprises today?
Assuming we are not falling back on Active Directory and doing things directly in Linux
NIS ? 		[12:35]
***mnathani__ is now known as mnathani_ [12:41]
brycecldap/kerberos
which is coincidentally the same underpinnings of AD
(ldap for directory, and kerberos for auth)
Though you could do auth with ldap too, but that's less common; the benefits of kerberos outweigh it 		[12:43]
mnathani_is it kind of roll your own solution with kerberos and ldap, or are there system packages that provide a decent out of box experience
perhaps even commercially supported? 		[12:46]
brycecThere are, or have been, some packaged stuff
Novell had something
I haven't touched the area for awhile though
last time I set it up, I used a distro called Zeroshell to serve as my ldap/kerberos root 		[12:47]
...... (idle for 27mn)
mnathani_k [13:15]
......... (idle for 40mn)
RHEL Probably has their own solution
using LDAP and Kerberos 		[13:55]
brycecbrycec shrugs
only think I know about RHEL and derivatives is they have a nice wizard/gui for configuring client machines for it 		[13:58]
BryceBotYER A WIZARD brycec [13:58]
brycecThanks BryceBot [13:58]
BryceBotNo problem, brycec [13:58]
............... (idle for 1h11mn)
***toddf has quit IRC (Ping timeout: 272 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf 		[15:09]
...... (idle for 26mn)
mnathani_http://www.gliffy.com/go/publish/7081735
I am wondering if it would be possible to trunk the link between the Mikrotik and the Catalyst Switch, run 2 Vlans across it
one that will present the Bell Fibe Modem on the same Layer 2 as the Cisco 2811 behind the switch
the other for the Lan behind the Mikrotik 		[15:36]
brycecWhat's the advantage of multiple pppoe sessions? Just more external IP's as opposed to nat? [15:40]
mnathani_more public IPs, yes
allowing me to test vpn tunnels
that actually traverse multiple public addresses 		[15:40]
mercutiowhy separate vlans?
why not just run both pppoe sessions on the same vlan? 		[15:47]
mnathani_as there is one cable between the mikrotik and the catalyst 3750
and the mikrotik already has its pppoe session
and is performing NAT 		[15:47]
mercutiowhy not route the inbound cable into a switch port
have it on a vlan
and have two more ports on teh switch to terminate pppoe sessions.
on lots of routers you can do ppp relay, but i don't think routeros does that 		[15:48]
mnathani_will pcs behind the catalyst be able to connect via pppoe session as well [15:49]
mercutioany that are in the vlan group
you can probably get by with running untagged.
but tagging keeps things nice and separate.
http://forum.mikrotik.com/viewtopic.php?f=1&t=6634
so yeah people want pppoe relay 		[15:49]
mnathani_my google foo landed me on the same page :-) [15:51]
mercutiooh that's from 2006
anyway what i'd do is just plug your incoming internet connection into the switch on say vlan 900
then have routerboard plug into a switch port on vlan 900
then any pc's you want with their own pppoe session you allow vlan 900 as well as their normal lan vlan
if you don't tag you're more likely to pollute random arps out the internet connection, i dunno if you midn that or not.
as well as broadcast traffic
depending on where the bridge/segment finishes, it may go to internet or just an upstream modem.
if it's an upstream modem that just feeds you pppoe i wouldn't worry, but if they're bridging again onto the wider network you probably want to avoid that. 		[15:51]
mnathani_only issue with that is - the internet modem and mikrotik device are like 1 foot apart, the switch however is in the next room and only one cable exists between the rooms [15:55]
mercutiohere cable is a big huge bridged annoyance.
oh.
you could just use a 5 port switch 		[15:55]
mnathani_so thats why I was hoping to run multiple vlans on that cable [15:56]
mercutioactually there's an even more complicated idea.
the routerboard is one with a switch? 		[15:56]
mnathani_it is [15:56]
mercutioyou can run the internet into the switch.
then run ethernet from the switch ports
then plug the switch port on the routerboard into the wan port as well.
i dunno if that's getting too convouled for you :) 		[15:56]
mnathani_could probably just bridge it in software [15:57]
mercutioit's better to be switched than bridged. [15:57]
mnathani_complicated and convoluted I like - allows for greater learning [15:57]
mercutioespecially on lower end routerboards.
ccr's don't have switches though.
and lots of the routerboards have funky switch arrangements, so they'll have two different switches for two different groups of ports. 		[15:57]
mnathani_so actually run a cable between the routed port and the 'switch port'
and internet into another switch port 		[15:58]
mercutiothe wan port and switch port.
so yeah say ports 5 to 8 are just cut off and used as a switch
that goes nowehre.
well doesn't go into routeros at all 		[15:58]
mnathani_they designate port 1 to wan
by default 		[15:59]
mercutiowhat model is it?
that is likely to be a different switch
you're still stuck with cpu forwarding to the second switch, to go out for the normal traffic.
but you're cpu forwarding atm anyway.
well i imagine you are cos you're using nat. 		[15:59]
mnathani_Mikrotik RouterBOARD RB2011UiAS-2HnD-IN [16:00]
mercutiooh fancy
that should be good for 100 megabit+ pppoe
so yeah wouldn't worry too much about cpu 		[16:00]
mnathani_do I still need to worry about VLANs? [16:01]
mercutioAtheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10)
well you're plugging into a vdsl modem aren't you? 		[16:01]
mnathani_yes
that does NAT also 		[16:02]
mercutioyou should be able to get away without
because bridge domain means it shouldn't pass afaik. 		[16:02]
mnathani_however allows pppoe passthrough [16:02]
mercutioyeah so traffic won't leak onto the internet.
is it pppoe relay or are you bridging the ptm interface and the ethernet interface? 		[16:02]
mnathani_all I do is dial pppoe from one of the modems switch ports
and it connects and gives me a public ip 		[16:03]
mercutioa lot of the broadcom modems actually let you do quite advanced stuff.
yeah but uhh
hangon 		[16:03]
mnathani_I could just run a second cable
between one of the modem ports to a switch port on the mikrotik 		[16:04]
mercutioBridge PPPoE Frames Between WAN and Local Ports
my router has under wan service that
but ther'es also a way to just do bridging before that level
under wan service you can do ppp over ethernet, ip over ethernet, or bridging
when adding a connection.
both ways work.
fwiw, it's basically the same on my adsl and vdsl modems, even though they're from different vendors. but they're both broadcom.
http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Example_-_802.1Q_Trunking_with_Atheros_switch_chip_in_RouterOS_v6
looks like you can play with vlans too 		[16:04]
mnathani_where do you seee the bridge pppoe between WAN and local Ports? [16:11]
mercutiois your modem broadcom?
it's under advanced setup -> wan -> edit 		[16:12]
mnathani_don't think they allow options like that
the vendor has it pretty locked down 		[16:12]
mercutiowhat modem is it?
there is one vendor here that uses broadcom and locks it down but you can bypass it 		[16:12]
mnathani_home hub 2000 [16:13]
mercutiobut all the commands are all completely different
i think that's vr9
home hub 1000 is broadcom
and home hub 2000 is meant to be the same as Sagemcom F@st5250 		[16:13]
mnathani_do I need to worry about routing loops if I connect a second ethernet between one of the Internet Modem ports and say Ether3 [16:14]
mercutioyeah it's broadcom [16:14]
mnathani_or perhaps a broadcast storm [16:15]
mercutiodepends on the switching domain.
or broadcast domain or whatever
wan port is usually in a different domain 		[16:15]
mnathani_ether 1 and ether 3 are in different domains [16:15]
RandalSchwartzeither one :) [16:16]
mnathani_except they both connect to a device with 2 ports in the same domain [16:16]
mercutioapparently that pppoe bridge is limited to 35 megabit
i'm still struggling to find good information
can you get a shell on it? 		[16:17]
RandalSchwartzcan you put a ring on it? [16:19]
mercutiooh i think that's the older sagemcom
hmm ok
maybe the /simplest/ solution 		[16:19]
mnathani_don't think I can get a shell [16:20]
mercutiois as you said to plug a second cable from the modem to the routerboard.
then have vlan for it, and have the vlan go to the switch but not into routeros. 		[16:21]
mnathani_will it work if I leave it in the same vlan / untagged even? [16:22]
mercutioprobably.
so yeah just plug lan to lan
and then everything should magically work? 		[16:22]
mnathani_can't wait to try it [16:23]
mercutiobut i dunno if routeros will get confused by pppoe coming in more than one place.
it shouldn't actually. 		[16:23]
mnathani_other residents in the home are using the net so I will wait a while [16:23]
mercutioheh
that reminds me i have stuff to do today while people aren't around.
there's a conference that i was thinking of going to, but it was too expensive in the end. watching video feed instead :)
but the next talk is meant to be about peering. 		[16:23]
mnathani_which conference? [16:29]
mercutionznog
http://www.nznog.org/home/video_full
there's two new internet peering exchanges suddenly in this city
so it went from like 1 to 3 		[16:29]
mnathani_thats good [16:30]
mercutioi dunno how good it is. [16:30]
mnathani_do they interconnect with each other? [16:31]
mercutiothe existing peering exchange was more stable than coresite.
nope.
arp isn't on equinix, which is the other major one in los angeles.
are people meant to go on all 3?
and los angeles is a bigger hub than here. 		[16:31]
mnathani_probably just go on the one closest to their infrastructure? [16:31]
mercutiowell it looks like things are moving towards multiple location points.
so nearest may still mean all 3 :)
it gives some redundancy
and may mean quicker 10gb adoption
but if you use two of them one for in and one for out, to someone, and one of them has a problem you can still have issues. 		[16:32]
mnathani_what city? [16:33]
mercutioauckland
population of about 1.4 million
but covers nz whichi s about 4.5 million i think
it's funny to see how most people have their laptops out while the talks are on. 		[16:33]
mnathani_1:33pm, shouldnt the break be over? [16:34]
mercutioyeah
that's what i was thinking
it looks like more people in there now
i suppose people are slack getting back. 		[16:35]
mnathani_how many folks there do you know? [16:35]
mercutioa few.
it's also harder to recognise people by their backs :)
this music really sucks too.
video quality is surprisingly good though
audio quality more so 		[16:35]
BryceBotThat's what she said!! [16:37]
mercutiofor some reason i find most technical talks are downright hard to see/hear at all.
you have to select 720p manually.
and it'd still be nicer if they did 1080p+ 		[16:37]
mnathani_mine was automatically 720p [16:37]
mercutioi wonder why mine wasn't
maybe it's going to the US
it's using something called livestream or something. i signed up for an account. 		[16:38]
mnathani_just switched to full screen
pretty cool 		[16:38]
mercutioyeah i'm using full screen
dual monitors ftw :) 		[16:38]
mnathani_4k ftw
:-) 		[16:38]
mercutiohaha
my irc is on 4k :)
4k is nice.
finally 		[16:39]
mnathani_how much does it cost to attend in person? and can anyone attend or do you have to be a network operator [16:40]
mercutio$250+accomodation+transport.
anyone can attend. 		[16:40]
mhoranOh goodness. I used to work at Livestream. [16:41]
mercutioit's about a 4 hour drive from here.
there's also lots of free alcohol.
i wonder if arp is on peeringdb. 		[16:41]
mnathani_can
it is 		[16:43]
mercutioyeah they are [16:43]
mnathani_pretty sure I have seen it on there before [16:43]
mercutiohttp://www.peeringdb.com/view.php?asn=25795 [16:43]
mnathani_hard to read the slides though [16:43]
mercutioyeah it's there
yeah their projector sucks
it looks like it's interlaced too. 		[16:43]
mnathani_the email address is like scrolling colours [16:44]
mercutiomost people use the routing servers in nz.
as well as the list for the exchange
he has got a good point
windows hah
and an ie icon even
short password :) 		[16:45]
mnathani_have you ever looked at the sql for peeringdb? [16:56]
mercutionope
i didn't even know there was any 		[16:56]
mnathani_http://www.peeringdb.com/dbexport/peeringdb.sql [16:57]
mercutioi found out about it through that talk :)
did you know about it? 		[16:57]
mnathani_did not [16:57]
mercutioAPE is the normal exchange in auckland.
11 hah 		[16:57]
they charge per megabit to other cities [17:08]
he's hopeful [17:14]
no-one liked my question :) [17:26]
mnathani_"can't do a netflix-comcast to us"
lol 		[17:28]
mercutioyeah
the biggest provider here doesn't peer. 		[17:29]
mnathani_whats the benefit of a bilat vs route-server peering? [17:39]
mercutiobilat means you can easily turn it off when ther'es an issue
it means you make an individual connection to them, and create a bgp session
which can give more control over routing policy easier.
but menas you have to create bgp sessions with extra participant.
it's usually pretty simple to setup bilat, but you don't generally do it with everyone.
like cloudflare was saying how they don't advertise anycast without bi-lat. they were pretty easy to do bi-lat with. 		[17:40]
mnathani_even amazon
bi-lat only 		[17:41]
mercutioamazon are also only in australia
who was that one? 		[17:41]
mnathani_whats the deal with megaport, is that like a special kind of transit [17:42]
mercutiooh sitehost.
yeh.
kind of
intellipath is the special kind of transit
megaport is a new internet exchange with like 9 people on it
but more people getting onto it.
cloudflare peering was actually noticable for web page performance
that's an intersting idea
the other thing about bi-lat is making sure you have contact details. 		[17:42]
....... (idle for 30mn)
mnathani_: what did you think of it? [18:15]
mnathani_interesting
thanks for sharing
its a whole other world out there
for folks used to canada / us networks 		[18:23]
RandalSchwartzcuba - all satellite
would be cable, but the nearest landfall is the US. oops.
in the other direction, 7000ft trench 		[18:24]
brycec@last up_the_irons [18:26]
BryceBotbrycec, I last saw up_the_irons 6 days 23 hours 33 min 8 sec ago saying in a channel: now they call it CoreSite. [18:26]
brycecWow, up_the_irons isn't usually this quiet [18:26]
up_the_ironsno way
6 days?
almost 7 days 		[18:26]
brycecSpeak of the friggin devil [18:26]
mercutiowow [18:27]
mnathani_brycec: almost like you summoned him [18:27]
mercutiomnathani_: peering may actually improve in the US if independant fiber providers take off
while it's comcast/verizon/etc it doesn't really encourage it. 		[18:27]
brycecup_the_irons: Please do me a favour and see if you received the e-mail I sent yesterday? Never got an autoresponse from it. (And now the matter is becoming more urgent, so I sent a second email from an address I know works, and does receive the autoresponse) [18:28]
mercutioi don't know what canada is like. [18:28]
brycec(Pretty, pretty please) [18:28]
up_the_ironsbrycec: what was the email about? [18:28]
brycecVPS upgrade [18:28]
up_the_ironsmy queue is mostly empty now [18:28]
brycec"mostly"
I really have no idea where the email disappeared to, and the Exchange admin is currently unable to help out 		[18:29]
up_the_ironsi see it in the web-based queue, but haven't got it in email yet [18:30]
brycec(but I checked and double-checked the To: address -- referring to the email I sent yesterday)
Yeah today's email was *just* sent, seconds before you appeared
Feel free to PM 		[18:30]
up_the_ironsi see it in my email now [18:33]
brycecThanks up_the_irons. Btw, do you know if your email/ticket system "replies all" (to addresses that were cc'd originally)?
(And sorry to be a pest. I know you have many other customers :) ) 		[18:36]
up_the_ironshonestly i have no idea; never tested it and nobody else ever asked ;) [18:37]
brycecheh
I'm going to assume either "no" or that something is jinky in email between arp and my work mailbox 		[18:38]
mercutiobrycec: you are talking about exchange [18:39]
brycecIt's worked for every other mail I've sent (not that it's saying much... but seems to work for everyone else at the company, including others that have emailed ARP) [18:40]
mercutiook that's weird [18:40]
..... (idle for 20mn)
mnathani_mercutio: we have success. I connected the second cable to the mikrotik, and a VM just connected using pppoe [19:00]
mercutiosweet mnathani_
well that's the simplest possible.
so it's bridging to all the ports.
this should also mean you can access your modem easier. 		[19:00]
mnathani_wonder if layer2 loops would be a problem [19:02]
mercutioshoudln't be a loop [19:02]
mnathani_how would I even detect such a thing [19:02]
mercutioas wan port on rb is different domain
by all of your lights blinking madly.
high pings etc. it's quite obvious normally
and in small networks it's pretty easy to notice/fix.
the problem happens in larger networks, when someone has no idea they've done it.
now they're telling APNIC users they should take addresses from ARIN :)
oh wow ARIn haven't been holding back ip addresses enough, so they've been plumetting quick. 		[19:03]
..... (idle for 23mn)
mnathani_are there any commands to run on the mikrotik to detect broadcast storms / loops
perhaps look at cpu usage? 		[19:31]
mercutioyou could just look at cpu
i have no idea about stp or anything on routeros 		[19:36]
brycec(or notice when connectivity breaks down...)
tcpdump on any machine would help too, just a flood of traffic
(but as for on the device itself, no clue... my routing and firewalls run *BSD) 		[19:36]
mnathani_whats hardware offloading?
in terms of a networking gateway as mentioned on the talk? 		[19:38]
...... (idle for 27mn)
***toddf has quit IRC (Ping timeout: 265 seconds)
toddf has joined #arpnetworks
ChanServ sets mode: +o toddf
jpalmer has quit IRC (Quit: WeeChat 0.4.2) 		[20:05]
mercutiohardware offloading is when you move some of the smarts of network traffic to the network card or switch
most routers are doing it on the switch atm
it uses propietary drivers. 		[20:15]
.... (idle for 15mn)
mnathani_stuff like packet encapsulation? [20:30]
mercutioyeh the switch can do that
most of the atheros switches support it
like used on your router.
routeros support for that stuff is weak afiak
and your router is more powerful than normal cpe's.
i was watcing that talk too
but i got called away, and missed some :( 		[20:30]
BryceBotThat's what she said!! [20:31]
mercutiothe main improvement in cpe's recently has been about power usage. [20:44]
***SpaceDump has quit IRC (Ping timeout: 264 seconds)
SpaceDump has joined #arpnetworks 		[20:48]
............. (idle for 1h1mn)
mercutiomnathani_: there's a talk tomorrow on bufferbloat, that sounds like it may be more interesting than most, as they're trying to go a bit more technical it seems. [21:50]
mnathani_mercutio: one thing I didn't think of earlier, DHCP is enabled on the modem and the mikrotik
connecting the 2 could have clients on the mikrotik side get an Ip from the Internet Modem? 		[21:57]
↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)