#arpnetworks 2015-03-03,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
antmercutio: from sort(1): "*** WARNING *** The locale specified by the environment affects sort order. Set LC_ALL=C to get the traditional sort order that uses native byte values." [01:08]
mercutiohmm mine doesn't show that [01:11]
antmercutio: got that from a debian wheezy machine [01:12]
mercutioyeah i can't find a way to repeat
it does say that in the man page though
oh i thought you meant it outputted that
[01:14]
anttry "A" and ".a" with en_US.UTF-8 and de_DE.UTF-8
no it just said so in the man page
[01:14]
mercutioyeah
i only use sort to do uniq :/
so as long as it sorts i don't worry too much
and it's usually on numbers anyway
[01:15]
..................................................................................... (idle for 7h4mn)
mkbthe order wasn't case sensitiv elike it ususually is [08:20]
brycecmkb: what is your locale normally? [08:21]
mkbLANG=en_US.UTF-8 on these machines [08:22]
m0undspatrick.georgi-clan.de/2015/02/17/intel-boot-guard/
err, wrong channel
[08:22]
mkbI can't reproduce, but I've heard of grep matching the wrong case too [08:23]
brycecHuh, peculiar. [08:23]
mkblocales are a UI thing and sort is used for a lot more than that so it doesn't seem to make sense to have sort change behavior on different locales
I mean there's a lot of scripts that didn't expect sort to do anything more than by byte number
[08:24]
brycecYeah it's well-known and documented that if you want consistent and cross-platform results in your programs/scripts, you set LC_*=C before calling out to anything. [08:24]
mkbI've had LC_ALL=C LC_CTYPE=en_US.UTF-8 on my desktop for a while since that's all that OpenBSD supports anyway
I guess I'll have to make sure I put that in .profile everywhere else
[08:25]
brycecfwiw i can reproduce it on my Linux desktop. Normally, only variable set is LANG=en_CA.UTF-8 and sort does not function case-sensitive. If I unset that, or set LC_ALL=C, it's case-sensitive. [08:27]
............................ (idle for 2h16mn)
***dwarren has quit IRC (Remote host closed the connection)
dj_goku has quit IRC (Ping timeout: 244 seconds)
[10:43]
...... (idle for 25mn)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
[11:10]
.......................... (idle for 2h9mn)
_Zodiac has joined #arpnetworks
_Zodiac has left
[13:19]
........................... (idle for 2h13mn)
djkrikke-2 has joined #arpnetworks [15:32]
djkrikke-2Hi, I'm looking for some common practices on datacenter ip subnetting [15:32]
up_the_ironsRFC 3531 comes to mind (it also works for IPv4, despite its title). It's how we allocate blocks to customers. [15:44]
djkrikke-2up_the_irons: I'm more interested in the technical aspect, like vlans and inter-vlan routing
like, is it common practice to VLAN customers?
[15:45]
mercutiodjkrikke-2: no
djkrikke-2: arp does though
it's common practice to just stick everyone in a huge bridge domain
not that common practice is a good thing
[15:48]
djkrikke-2mercutio: I see
mercutio: doesn't that generate a huge amount of broadcast traffic on switches?
[15:52]
mercutiodjkrikke-2: most don't have mac address limits or ip restrictions or reverse path filtering.
djkrikke-2: yes
djkrikke-2: find a random cheap vps like vultr adn do tcpdump -p -l -n -i eth0 ! port 22
the cable network here got so bad that routers started failing under the heavy arp load
[15:53]
djkrikke-2mercutio: do you know a good solution? [15:56]
mercutiodjkrikke-2: well you can do what arp does, you can also do pppoe, and i am struggling to figure out what the best way is
with virtual machines, i've been experiementing with just having ip route default dev eth0 src <src ip>
and having a single /32 routed to it.
[15:56]
djkrikke-2mercutio: I was thinking of keeping a big subnet, but creating vlans, combined with proxy arp on the gateway [15:57]
mercutiothen those routes are picked up by routing domain on the host and propogated. [15:58]
***_Zodiac has joined #arpnetworks
_Zodiac has left
[15:59]
djkrikke-2mercutio: what exactly does that ip route command do? [16:00]
mercutiofor physical machines i kind of like the idea of just having routed /29 tbh
djkrikke-2: it means you don't have a gateway, and it relies on proxy arp to get out
so you can have a netmask of 255.255.255.255 on the ip
[16:00]
djkrikke-2oh, so you don't configure a gateway, but tell everything to go through eth0, and proxy arp answers on this? [16:00]
mercutioyeh
well you have a gateway of the ethernet interface
is this for physical machines or virtual machines?
[16:01]
djkrikke-2well physical, but I'm interested in your approach :)
so you have netmask 255.255.255.255 and a gateway ip
do you really need proxy arp then?
you just use the gateway for everything?
[16:01]
mercutioproxy arp was because i have stuff in bridge mode still
the gateway is just the ethernet interface
i don't know if need proxy arp or not
but it's enabled
if it's physical i would say that a /29 per user is better
the other thing you can do is you can have a /30 in rfc1913 space and route a /29 to /32 to them
depending on how much space they want
and use a normal gateway but you have like ip route add default via 192.168.32.77 src 4.2.2.2
or wehatever ip you give them
i prefer /30 to /31 as it means you can always have low ip for gateway
which is the first ip of the block too
the way arp is doing it uses up a lot of ip addresses.
it's not necessarily bad - and if there were lots of ip addresses available then other hackish solutions wouldn't be so advantageous
but it's getting harder and more expensive to buy ip addresses.
like people are buying old companies to get ip address space!
actually i'm in apnic zone, and arin is apparently not so bad.
[16:02]
djkrikke-2mercutio: yes that's the reason why I'm thinking about this subject, I'm looking into ways to optimize the ip usage
if you need a public ip for every subnet, wel..
[16:08]
mercutiowhat kind of customers are you servicing?
as much as i hate the huge bridge domain, most people don't seem to care :/
[16:08]
djkrikke-2mercutio: it's for a local computer science club [16:08]
mercutiowith hundreds of users? [16:09]
djkrikke-2not hundreds :) [16:09]
mercutiolike 30? [16:09]
djkrikke-2but I'm a computer science student myself, so I'm always thinking about optimal solutions
something like that yes
[16:09]
mercutiowith 30 it's probably fine to just have a /28 and two broadcast and gateway
or /27 if it's acutally 30, rather than nearly 30
oh god
make that /27 and /26
i went off by one :/
[16:10]
djkrikke-2mercutio: or... we could keep a big subnet, put them in 3 vlans and proxy arp? [16:11]
mercutiothere are pros and cons. one of the reasons peopel are doing it that way is that some people are doing two router solutions, with 3 ip addresses used for routers.
so each router has an ip on the subnet, then there's one that bounces between them
traffic can be forwarded from either to the host, and out the bouncing one
well the thing is vlans complicate things.
if you have a small setup then suddenly it means you're the only one who understands how it works.
[16:11]
djkrikke-2mercutio: the reason why we want to isolate several "groups" is because it's for testing purposes [16:13]
mercutioso usually i'd vote in favour of not increasing complexity too much, unless it's necessary.
ok
it's necessary then
[16:13]
djkrikke-2so we want the traffic to be forced through the firewall
and that works with proxy arp and vlans
[16:13]
mercutioyeah [16:13]
djkrikke-2but I was thinking, can't large hosting providers save on ip's by using this strategy [16:14]
mercutiolarge hosting providers usually have heaps of ip addresses they got earlier. [16:14]
djkrikke-2instead of subnetting, just use vlans per user and filter broadcast traffic [16:14]
mercutioit's small and medium providers that hav higher requirements for ip's [16:14]
djkrikke-2and use a large block [16:14]
mercutiosmall providers don't usually have expertise, and medium providers ..
well that's where innovation can happen i suppose
i actually have been thinking about pppoe per user more and more recently
now there's in kernel etc for ppp
it's not really that high overhead
[16:14]
djkrikke-2mercutio: I'm not that familiar with pppoe, but it's some kind of tunnel right? [16:16]
mercutioyeah kind of
8 byte overhead
well it can be 6 i think
but yeah 8 is normal overhead spoken of
basically it means you have a radius server, a ppp server.
the ppp server deals with terminating the connections, the radius server deals with authentication and accounting
bringing easy talleys of data done, making it easy to disconnect users, add ip addresses etc.
and not wasting ip's
that said i'm familiar with ppp/radius so it doesn't seem such a big complexity to me
http://sourceforge.net/projects/accel-ppp/
so you can use something like that
oh which can do rate limits too
[16:16]
up_the_ironsdjkrikke-2: it is not common to VLAN customers, but I do it because it makes sense and customers like it
djkrikke-2: you're right in that the way most providers do things, it makes arp storms a problem
[16:20]
djkrikke-2up_the_irons: just for internal isolation? So that they can have internal traffic?
or with filtering in between?
mercutio: rate limiting is pretty interesting too ;)
[16:20]
up_the_ironsdjkrikke-2: well it simply makes sense that each customer have a private network; it segregates things nicely [16:21]
mercutiodjkrikke-2: i have isp background so radius/ppp is more familiar to me too [16:21]
up_the_ironsdjkrikke-2: also, it allows mixing of services easily; some customers have VMs and also dedicated servers, or VMs and colo [16:22]
djkrikke-2up_the_irons: That makes sense, but you combine it with subnetting right?
so that for outer-vlan traffic, the gateway is always used?
[16:24]
up_the_ironsi'm not sure what exactly you're referring to when you say subnetting; that's a very general term
yes gateway is always used for outside traffic
[16:24]
djkrikke-2I mean that every customer has a separate subnet, like for example a /29 [16:25]
up_the_ironsyes [16:25]
djkrikke-2up_the_irons: allright
don't you think that's a waste of public ip's, when you need a gateway for every subnet?
[16:26]
mercutiogo rfc1918 :)
oh djkrikke-2 another way people in more commercial environments do things is sometimes direct to direct nat
like one to one mapping... so they'll have internal subnets everywhere, and just remap from an external ip to an internal ip
[16:27]
djkrikke-2mercutio: yes, I was thinking about that too. But...NAT [16:28]
mercutiodjkrikke-2: it's not like normal nat evilness
you can do it stateless
so 1-to-1 mappiung
[16:29]
djkrikke-2mercutio: true, but you can't for example configure a cpanel with an internal ip, then it will create dns records with internal ip's etc
or sip sessions
[16:29]
up_the_ironsdjkrikke-2: it does tend to use IPs, yes [16:31]
brycec(And steak does tend to use cows. The world is imperfect, but you do what you gotta do.) [16:33]
mercutiodjkrikke-2: i don't use cpanel [16:33]
djkrikke-2brycec: maybe we can solve that cow problem too :)
No I'm just wondering if there are better solutions, that's all
[16:33]
mercutioit's more common with people using load balancers etc.
which cpanel isn't really aimed towards.
ipv6 makes everything less painful.
so i registered localdomain.nz does that mean that people with search paths are going to hit my domain?
[16:34]
up_the_ironsdjkrikke-2: i'm not aware of better solutions, but i haven't investigated it in a long time; do tell if you find something promising :) [16:38]
djkrikke-2up_the_irons: well my idea is to have a router that knows about all the ips and vlans
then you can create a vlan per customer, take a big subnet, and let the router handle the arp proxying
[16:39]
mercutiodjkrikke-2: he's terminating on cisco, which makes these more complicated setups a bit more troublesome.
linux makes it easier to shoot yourself in the foot
[16:40]
up_the_ironsdjkrikke-2: so you would have a large subnet, but separate VLANs. how would you prevent one node from taking another's IP?
and yeah, i only do hardware packet forwarding for main traffic
[16:40]
djkrikke-2up_the_irons: if the router knows about the IP's in a specific vlan, it can take that into account?
so that when the same IP is in another VLAN, nothing happens?
[16:41]
BryceBotThat's what she said!! [16:41]
brycecSo, MAC pinning
(or static MAC)
Which isn't very flexible for the customer
[16:42]
mercutioi hate mac pinning [16:42]
djkrikke-2well, the customer is always in his VLAN?
more IP pinning
[16:42]
mercutiotbh, pppoe is the easiest solution :/
but it does add a little of complexity to each userr.
[16:43]
djkrikke-2hmm, ok, it's 2 am over here so I'm going to get some sleep. Thanks for the discussion brycec, up_the_irons and mercutio :) [16:49]
mercutiodjkrikke-2: it's a complicated topic
'night
[16:49]
djkrikke-2Thank you [16:49]
up_the_ironsdjkrikke-2: on cisco, you can't have the same subnet be in two separate VLANs
djkrikke-2: 'nite!
[16:50]
.................. (idle for 1h26mn)
m0undssophos sent me fancy unicorn socks [18:16]
***_Zodiac has joined #arpnetworks
_Zodiac has left
[18:24]
................................... (idle for 2h52mn)
jlgaddis has quit IRC (Ping timeout: 250 seconds) [21:16]
jlgaddis has joined #arpnetworks [21:21]
........... (idle for 50mn)
DaCa has quit IRC (Remote host closed the connection) [22:11]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)