i thought dpdk was only on linux
and that freebsd had netmap.  am i mistaken?
there's a /new/ ssl flaw it seems.  logjam.
ahh it's only if you have export grade ciphers enabled
...and we have a new website!
although your guys' DNS may take time to update
Ooo, pretty.
it's a lot bolder than the old site
nice
those images are pretty impressive looking on 4k
well impressive not on 4k too :)
up_the_irons: looks nice
Nice hardware shots.
up_the_irons: Huzzah!
(Were we always serving the website over v6? If not, yay for that too)
up_the_irons: Just a thought - the hover/highlight/tooltip/alt text on the images in the carousel should be something along the lines of "These are not stock photos but actual ARP hardware."
up_the_irons: awesome new site
is it hosted on a dedicated now? Or another vps
@weather yyz
Toronto-Pearson International, Ontario: Partly Cloudy ☁ 63°F (17°C), Humidity: 27%, Wind: From the NW at 9 MPH Gusting to 18 MPH -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=43.67722321,-79.63055420 or re-request this with: @weather -v yyz
I suspect it's a VPS. Can't imagine a pretty static website like ours needing 8 cores and 8GB of RAM to serve.
Not to mention it would be a relatively large investment if he used a dedi box from inventory that could normally be earning him monthly income.
Still you have me thinking whether there's a good way to remotely determine whether a host is virtualized
if you could find out its MAC address - that would be a start
but you would have to be on the same VLAN
KVM / QEMU Mac vs SuperMicro etc
Yeah good thinking
alas the website is behind a router
at least for my ip blocks
for dedicated, it could potentially share say a logging server, or backup server rather than its own dedicated "dedi server"
brycec: I think I know another way to test
wget http://arpnetworks.com/100mb.bin from your dedi and see if it exceeds 100mbit
nice
never mind
404
lol yeah
I was going to say it exceeds 100Mbit from my VPS but...
I tested it from home and was confused unntil I saw the size :p
up_the_irons: FYI you broke the /100mb.bin speedtest with the new website
I shoud have realized that even at 30MB/s it didn't take long enough
support.arpnetworks.com being dog-slow for anyone else or is it jut my connection?
nvm just me
up_the_irons: http://support.arpnetworks.com/kb/main/ip-address-for-ping-tests needs updating (or fixing)
anyone come across a firefox / chrome extension that allows you to specify get dns address from authoritative server fresh, rather than use cached responses, would help test while propagation takes place, without resorting to manually editing hosts files
mnathani_: what about just clearing Chrome's DNS cache?
chrome://net-internals/#dns
(And of course one could just set the TTL's low ahead of time to minimize most propagation)
brycec: i judged based on ping if something is dedicated or vm :/
brycec: it was for me too last night
(support being slow)
oh that speed test worked for me last night when i checked it, but it must have been going to the old server
mnathani_: i just edited /etc/hosts myself :)
but i only did it for www
it seemes the speed test is at .
hmm nz had cable cut for internet
i wonder if that will make my net slow
I didn't need to do anything re:arpnetworks.com's update.
it was "live" when up_the_irons announced it.
(not that I had "www.arpnetworks.com" cached anywhere...)
i use camelcamelcamel a lot and forget about it
and then it emails me
lol
Dammit, missed a one-day $20 price drop by just 1 day.
on what?
http://www.amazon.com/dp/B0073W6YDA/
Amazon: "IOGEAR 2-Port Dual-Link DVI Cable KVM with Audio (GCS982U)"
that kind of thing is probably cheaper on ebay
It was $95 yesterday
oh it does dual-link dvi
not just dual dvi
Yeah, bit of a niche product
Though supposedly this will do it for $30 http://www.ebay.com/itm/StarTech-10-ft-4-in-1-USB-Dual-Link-DVI-D-KVM-Switch-Cable-w-Audio-Microphon-/291286882111?pt=LH_DefaultDomain_0&hash=item43d20d173f
I'm weary...
i just use synergy :/
it's so handy being able to cut and paste etc.
but if you don't have space for another monitor..
When most products are $100 and this is $30, I question whether it's accurately listed.
mercutio: Yeeeaaah, or money for another 27" display :P Plus I don't need to use two computers simultaneously with it
I just don't want to unplug-replug when I switch computers
http://www.ebay.com/itm/Thinklogical-Velocitykvm-8-Velocity-8-KVM-Receiver-Extensuon-Dual-Link-DVI-/151449592509?pt=LH_DefaultDomain_0&hash=item23431962bd
i wonder what this is :)
i can't see the back
yes you can
oh click right arrow :)
not sure if UX failure, or mercutio failure :p
yeh it should auto scroll :)
i found a datasheet anyway
I just read the description from the front of the unit
it's not really what you want
still kind of nifty :)
lol, noooo not by a long shot :p
Great if I had to drive a video wall or similar, I suppose
Oh cool it looks like I can find the same $30 dual-link kvm on Amazon (for $30)
actually for cheaper
maybe it's worth trying
although is that just a cable?
ohshit, no, it's just a cable
http://www.ebay.com/itm/StarTech-2-Port-High-Resolution-USB-DVI-Dual-Link-KVM-Switch-w-Audio-/251967162711?pt=LH_DefaultDomain_0&hash=item3aaa69c957
can't really fault them, they do say it... it just didn't stand out to me.
Yeah probably complements that
the other one looked nicer
probably why http://www.amazon.com/dp/B0073W6YDA/ ended up on my list :p
Amazon: "IOGEAR 2-Port Dual-Link DVI Cable KVM with Audio (GCS982U)"
yeah that's there too
it's more expensive on ebay for me
Though I do tend to prefer detachable cables.
but if i sort by price it doesn't show stufuf that doesn't ship to me
well you can use normal cables probably
(I wonder if I could just use usb cables I have laying around and cheap DL DVI cables off Monoprice with the $55 switch
lol
yeh probably
3ft cable is $4.31 on Monoprice
and has the benefit of letting me "customise" the length
i'd want one of mine to be longer than that at least.
ahh.
i wouldn't bother with audio :/
me either
(my tower sits just behind my monitor, so I don't need much length)
heh i'm using a really really short network cable
i think it's 60 cm
that's not /that/ short
it is for computer to computer
it's like 2 feet?
yeah 23"
I have something about that long here too. Again, don't need much - I have a switch on my desk
but because it's infiniband, it was much cheaper that way.
Ah IB
32 gigabit :/
i shoudl fix linux on my windows computer and see how fast it can go
i expect to only get like 20 gigabit out of it
but in windows it's more like 10 gigabit with samba
mercutio: are you doing ram to ram transfers, if not I would like to know what disks can sustain 10 gigabit reads / writes
/dev/md1:
 Timing buffered disk reads: 4606 MB in  3.00 seconds = 1534.74 MB/sec
ssd raid :)
that's basically the limit on onboard sata.
there's 4x pci-e 2 for 20gbit then with 8/10 encoding pushing you to 16 gigabit.
then sata overhead etc
i7 processor?
i7-4770 on linux server
i7-3770 on windows desktok
both with ddr3-2000 @ cas 9 latency i'm pretty sure
but samba isn't multithreaded so it can use 100% cpu on one core of i7-4770
i'm using zfs for normal data though
and have lz4 compression enabled..
i have a feeling performance would be slightly higher with ext4.
but higher speeds are just nifty, i more care about not getting slow, snapshots, checksumming, redundancy
and by using ssd's it's easier to backup over the net
because you're not tempted to stick big files on there too much
brycec: I could clear my local dns cache, but most likely the upstream recursive dns server (either my ISP or Google DNS) has an old cache entry in there as well
mnathani_: dnsmasq automatically propogates /etc/hosts if you use that.
it's pretty handy for home networks.
so I would point local hosts to that designated name server box running dnsmasq?
yeh
and you get a local dns cache out of it too
not to mention single point of faliure
s/faliure/failure
<mnathani_> not to mention single point of failure
I guess I could have 2 setup and use as primary and secondary dns
for home just having single dns is fine
you can alwyas set secondary to an extenral
i have a local resolver with Google Public DNS as a backup
i don't have any backup on my windows host i think
DHCP all the things
staticsafe: did your prefix ever get the right as path via NTT and Cogent?
yeah no backup
mnathani_: haven't checked
i can always change it if i have a hardware meltdown or something
i'd rather fix it if there is an issue though
does dnsmasq have a feature where it re-requests records as they are expiring so as to have a perpetual cache?
nope
unbound's doesn't really help in home situations much though
it's only if it's requested in the last 10% or something
so it more helps if you have a busy cache.
unbound's prefetch feature is indeed useless for small caches
it would be more useful for a ISP running resolver for their clients
basically unbound doesn't want to create significant extra dns load
so it's pretty conservative.
and i mean unbound is REALLY popular now.
so if unbound was aggressive people would probably notice.
i mean there's probably still more bind etc than unbound out there
but a lot of isp type situations have shifted to it.
yeah tonnes of BIND out there
and it's the more used dns that tend to have moved :)
especially since BIND comes preinstalled with some distros
*cough*
i hate bind.
i think arp is using bind and unbound for recursive
i wonder if prefetch is enabled.
i used to do dnsmasq and powerdns to have different servers for recursive.
authoritative at arp is poweredns with bind slave
but now days i just use unbound, and if there's an issue there's an issue.
i'm talking about recursive.
unbound is recursive only.
s/poweredns/powerdns
<mnathani_> authoritative at arp is powerdns with bind slave
i still haven't tried nsd :)
keep meaning to
powderdns recursor isn't too bad.  but the authorative looked a bit ick to me
mercutio: what do you guys use at $dayjob for recursive
unbound.
*3
load balanced?
nope.
there's anycast on primary though
but 1 gets all the load.
hmm, haven't enabled dnssec yet though
we've got a list of blocked domains here too.
I love nsd. Don't think I'll ever look back at bind after I started using nsd. Super easy.
it got in the news, becauuse the list added baidu
I could switch to NSD for my auth. slaves, still need to use BIND for the master though
if its a simple dns block, cant your subscribers just use google dns or such
(And I used to love bind)
it's published by the fbi, then emailed to providers in nz.
staticsafe: What's keeping you on bind, if you don't mind my asking?
mnathani_: yeh they could, but it's really dodgy stuff.
well it's meant to be.
i use the auto-magic DNSSEC signing ability
(There are some things Bind can do that nsd canot)
in BIND
Ah
i skimmed through it, but it's huge
but that only needs to exist on the master
i completely missed baidu being on it
probably because it doesn't look like a word to me.
almost all of my zones are signed, even my PTR zones for my IPs
(I have no idea what automagic dnssec thing in bind you're talking about.)
Nice
it automatically signs and maintains signatures on domains
makes DNSSEC much less painful
i can't even sign my domains, because i use tinydns.
and don't have tcp enabled for dns.
even
yuck
well tcp for dns is yuck :/
*shrug*
I should look into signing my zones someday...
Seems like it's just one extra step when making changes at least, run ldns-signzone
brycec: dont forget to provide your registrar with your zone signing key records zsk to place in the parent zone
yeah
hopefully you wont get a rep who goes DNS what? when you mention DNSSEC support
heh, which is why I use Gandi
they are a bit more expensive I recall
than say namecheap or godaddy
yeah
http://wiki.gandi.net/en/domains/dnssec
ugh, godaddy
m0unds: http://steamcommunity.com/sharedfiles/filedetails/?id=446246422
i need that armor on all my vehicles
argh, steamcommunity is dragging its ass something fierce
lol - first autocomplete when typing namecheap was dnssec
(A quick Google suggests that Namecheap doesn't support DNSSEC, so I'll have to store in DLV)
(Then again looks like DLV is not long for this world either https://ripe70.ripe.net/wp-content/uploads/presentations/81-RIPE-DLV-timeline-20150513.pdf)
yeah
Apparently it's a requirement to be ICANN-accredited
2013 "near future" https://twitter.com/Namecheap/status/294872690102267905
TWITTER: @mdjanic Ah, we're adding DNSSEC support in the near future. Hang tight :) (Fri Jan 25 18:21:42 +0000 2013, in reply to @mdjanic)
2013 heh
LOL Godaddy: https://twitter.com/GoDaddy/status/294874487713849344
TWITTER: @mdjanic We'd certainly love to have your business :) ^C (Fri Jan 25 18:28:51 +0000 2013, in reply to @mdjanic)
that's... wow. I mean, I hate GoDaddy, but how the hell are they the "winner" in this?
For what little good it will do me https://twitter.com/brycied00d/status/601185958042697728
TWITTER: Hey @ICANN how is @Namecheap still accredited? TWO YEARS since the 2013 RAA and still no DNSSEC - clearly violating their RAA. (Thu May 21 00:41:16 +0000 2015)
i think its because they are still reselling Enom
namesilo is another one I can recommend
you have a point, eNom is in breach of their RAA
Corrected/tweaked https://twitter.com/brycied00d/status/601187245828263936
TWITTER: @ICANN I guess that as @Namecheap is reselling @enom, it's really eNom that is in breach of their 2013 RAA. @icann_president @NameCheapCEO (Thu May 21 00:46:23 +0000 2015, in reply to @brycied00d)
(And yes kids, I did double-check that eNom, Inc - the name on my whois record - is on ICANN's accredited list having signed the 2013 RAA)
++
(ty)
Enom is probably one of the biggest registrars
due to their resellers
Indeed they are huge
you would think banks and other institutions would really be a big DNSSEC driver. Preventing Man in the Middle DNS attacks.
So how can we be 5+ years later without dnssec?
image finally loaded staticsafe - reminds me of the tech-centric gang in saints row 3
Except that banks etc don't represent a large customer to registrars
Banks are a handful of domains, and a registrar loses <$1000 if a bank changes to a dnssec reg.
they probably go to niche registrars online portfolio managers
markmonitor.com etc
I thought ^ was an enom reseller
(Apparently I'm wrong/thinking of something else/it's changed)
Oh look I have a new follower
:-)
m0unds: brycec mnathani_ : thanks!
brycec: it was on v6 b4 too
cool
brycec: i wonder how one sets the toolip/hover text...  i'll ask the designer
mnathani_: still vps
perhaps the network test file should reside on a dedi for people to burst to 1gig
I think the alt attribute for img
(There are actually a handful of ways to do it. "alt" was the main method through HTML 4. HTML5 added tooltip and some other stuff, not to mention the things you can do with Javascript and custom elements)
brycec: fixed speed test link in kb
word
+1 for dedicated speed test
maybe have the ookla speed test?
it "kind of sucks" but it tests upload too
up_the_irons: FYI the KB link should be updated to https://
ie.  a link you can curl (curl'ing the http:// just returns the 301)
don't think kb supports https?
I meant the link provided ON the kb
curl -v http://arpnetworks.com/files/100mb.bin == 301
oh right
there's a blanket rewrite
Yea
h
it's still not a+ on ssleay test :(
(Ideally the speedtest would be allowed to be http:// I think)
i'm not sure why it isn't.
brycec: done
brycec: ssl compression used to be common, and i really hated https speed tests
because they'd often give false numbers.
i think arp's using random data, not sure though
but shouldn't have ssl compression enabled anyway
I'm maxing 100mbps from the file to my ded :/
i'm getting 3MB/sec
from vdsl.
4 now.
(And yes that 100mbps was ipv4)
(I got it over v6 too, but that's no surprise)
yeh it's still on a vm
VM's can have GbE connections
/dev/null            47%[=========>            ]  47.13M  11.1MB/s   eta 5s    ^C
ditto ^
The only reason I mention this is that it will look like ARP only has 100mbps connection to the Internet for anyone testing with >100mbps pipe.
i'm getting 96.8mb/sec
(which for all intents and purposes can be rounded up 3.2mbps to 100 :P)
err megabytes/sec that is
Really?? I'm still maxing at 11.1MB/s
yeh i'm using a different location
http://mirrors.arpnetworks.com/speedtest/100mb.bin
Oh ha
yeah I get GbE to the mirror
much better :P
I wonder why that link isn't in KB..
it is
lol the page was *just* updated
heh
yeah
90 seconds ago
I never noticed this before (a 5 year-old KB article) that the VM host machines only have a single 100mbps connection
http://support.arpnetworks.com/kb/vps/what-is-the-uplink-speed-of-a-vps
"Each VPS shares a 100 Mbps uplink with other VPS's running on the same host machine."
brycec: that's still the case.
i was a bit apprehensive about that when i first got my vps
but in practice it never seems to be an issue
except if someone ddos's.
I thought there were some people testing gigabit to VPS
My VPS' second NIC is GbE
acf__: it's not the default though
I'd always assumed the hosts had GbE and the guests were just limited to 100mbps to keep from overloading the link
nope
(I understand that assumption was wrong now)
yeh i questioned it when i first got my vps
is it because the hosts just happen to have fast ethernet cards
nah the hosts have gigabit cards.
or is that done intentionally to limit the rate?
it's the switch ports that are 100 megabit.
It's the switch
heh
interesting
the switch ports are "good" 100 megabit though.
(Quality Cisco stuff)
there is bad 100 megabit?
ie they don't have stupidly short queues.
There's cheap
ah
if you have three hosts on a cheap gigabit switch try doing concuurrent access to one port from both
if you send at all more than a gigabit to one port they tend to not behave well.
before switching was common, intel ethernet used to be faster because it was more aggressive.
vps hosts' primary interface plug into s1.lax, a Cisco 4500 with 48 port 10/100 Mbps linecard.  7 years ago, when I got it, that was expensive.  that's why it's not 1gbps :)
can you get  a cheap gigabit line card second hand now for it?
http://www.ebay.com/itm/Cisco-WS-X4548-GB-RJ45V-V05-Gigabit-PoE-Line-Card-From-Working-Catalyst-4507R-/191437209907?pt=LH_DefaultDomain_0&hash=item2c928c0133
?
:D
that's what i found acf
you don't want poe
can you just turn it off?
maybe
Still ends up being a waste of parts, power (even off), something else to break, etc
also if there's an issue, there's a lot of dependency on s1 atm
yea..
do you know if they hot swap?
2015-02-28   s1.lax uptime is 6 years, 17 hours, 48 minutes
http://www.ebay.com/itm/Cisco-WS-X4548-GB-RJ45-Gigabit-Line-Cards-f-Catalyst-4506-4500-Switch-/291457935757?pt=LH_DefaultDomain_77&hash=item43dc3f298d
or http://www.ebay.com/itm/Cisco-WS-X4548-GB-RJ45-CATALYST-4500-Enhanced-48-Port-Gigabit-Module-/311360341076
50 euro
$30 for mine and it's near LA
that's better
bt it's poe
buuut
is it? didn't see that in the title
it's in the description
oh i see in the descr
Did Cisco make these cards withOUT poe?? That's all I'm finding
well both have the same model code
maybe they didn't.
(your 50EUR is poe too)
yeah i couldn't read the language
it may have said in english
It certainly doesn't look like it has enough "guts" to be POE, but what do I know
it'll be 5w per port or something
the newer poe does more power ouutput
http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/catalyst-4500-series-line-cards/product_data_sheet0900aecd802109ea.html says NOT POE
the old stuff is fine for phones
why would POE be an issue?
the "V" variant is POE
cool
well it says poe in description
(And you can see the difference pictured too - lots of power supply for poe)
but no V in the model
it's hard to know
how much does a 4500 cost now
http://www.ebay.com/itm/Cisco-Catalyst-4500-Series-Chassis-w-3-extra-cards-2x-1300w-Power-Supplies-/201311024324?pt=LH_DefaultDomain_0&hash=item2edf1274c4
So assuming the photos are of the actual hardware, you can tell it's definitely not the 'V"
of couurse then there's "getting rid of it"
Oh wow up_the_irons, only $300, reeeeaal expensive </sarcasm>
well they only support 100k routes
Later gents
(didn't we hit that last year?)
so they've probably devalued a lot now
we hit 512k last year
that was a fun day
the first day or the second day?> :)
ie the leak, or when the proper size got to 512k
last i knew it was about 536k now
I don't remember when I noticed all of the problems
but apparently Microsoft, etc... were effected
*affected
ok it's abouut 537 to 547k now for me
hmm 7 years ago is actually a long time
brycec: dirt cheap now
brycec: mercutio : they certainly hot swap
are you planning to migrate off that?
I actually have 2x of the 48 port gigabit cards in storage.  but it made more sense to build out s7.lax and slowly migrate there.
have you changed plans at all? :P
I remember s7 was acting super strange a while back..
wasn't it an upstream on s?
it was acting strange so that kinda just got put on hold
oh it was.
hmm
what about using linux and normal layer2 switches?
or layer3 switches and a hybrid
i dont like software routing cuz they tend to melt under ddos, and considering older cisco gear is still very good and now cheap, why go software
software routing is usually fine with normal levels of ddos, as fine as anything is, really.
ie packet loss, high latency can happen
and blackholing, having enough bandwidth can fix
so if automatically blackholing, it doesn't really matter too much, and takes load off transit links.
all good in theory
gigabit isn't really an issues with linux, it's multi-10 gigabit where it's not so great.
-s
i've seen issues
but maybe things have changed since i last tested it
quite a few things have changed, including in route caches etc.
iptables is still a pita :)
yup but at least ferm makes it tolerable
it depends what ethernet cards you're using still too.
my most recent issue with opensource and ddos was openbsd with an old hp server with broadcom ethernet, where the ethernet wedged.
it was the old broadcom though.  uuhh, before bnx2.
and it recovered fine, and only took down that interface so impact wasn't too bad
adn it came back in a minute or two
a minute or two downtime on a cisco interface would be unheard of, which is why i like it (except of course, if you loop it and stp disables the int)
yeh s1 has been stable.
http://www.ebay.com/itm/Brocade-ICX6610-48-I-Switch-48x1Gbe-4x10Gbe-Uplinks-10GbE-LICENSE-/131356325666?pt=LH_DefaultDomain_0&hash=item1e95727722
what about using something like that?
http://www.brocade.com/products/all/switches/product-details/icx-6610-switch/features.page
layer3 switch, with bgp, ospf, sflow etc.
although i think bgp needs license.
up_the_irons: not sure if you care but the 100mb.bin file on the website (eg. the bottom of /vps under "Bandwidth" points to the https_/files/ file not the mirrors.arpnetworks.com file.
And is it just my imagination or did pricing get tweaked on the dedicated boxes?
archive.org says I'm losing my mind. Okay.
Just seems silly - Starter @ $129 + the RAM and HDD to bring it to "All-Purpose" is only $159/mo but All-Purpose is 169/mo
Same goes with Starter->Medium. Difference is a single $10 RAM upgrade, but the difference in price is $20.
ssshhhh! don't tell the customers! :P
I guess those who read carefully know to just pay upgrades on a Starter :p
lol acf__
I think up_the_irons has mentioned the non linearity for $129 to $149 where its only a $10 upgrade
he always charges $149 for the 16gb box
(it applies to the "large" box too)
http://irclogger.arpnetworks.com/irclogger_log/arpnetworks?date=2015-02-03,Tue&sel=129#l125
Unless you have a second drive bringin you to All-Purpose (or maybe he just likes me)
holy... I've noticed this before LOL
(I thought this all seemed familiar)
dejavu
round and round we go
I've come full circle with #arpnetworks... guess I either quit or idle for eternity.
brycec: probably my fault