<!-- Some styling for better description lists --><style type='text/css'>dt { font-weight: bold;float: left;display:inline;margin-right: 1em} dd { display:block; margin-left: 2em}</style> ***: mkb has quit IRC (Remote host closed the connection) mrsaint: any outage now? <br> my traceroute ends up at <br> 9 GIGLINX-INC.car2.LosAngeles1.Level3.net (4.30.195.86) 203.131 ms 202.774 ms 202.614 ms <br> 10 * * * <br> and my node down :( mercutio: is your host on kvr04? mrsaint: no idea. :) mercutio: i'd say it probably is mrsaint: yeah :) mercutio: planned maintenance <br> it should be back in a few minutes <br> literally mrsaint: I cant see it in the portal where it is located :) <br> aah now I see. Yes its on kvr04 if its the same as vnc that I would expect it to be :) mercutio: is it back now? <br> yes it is mrsaint: yes mercutio: cool mrsaint: let me see if my reboots worked :) <br> do actually seems soo :) mercutio: sweet mrsaint: but somehow quagga starts on reboots on empty conf mercutio: change to bird mrsaint: so I have to paste conf into it again soo wierd.. :) <br> Might do in future :) mercutio: is it using Quagga.conf or whatever ***: tabthorpe has quit IRC (Remote host closed the connection) mrsaint: Just that I have 10 nodes with same setup now and it all is good. mercutio: quagga's config is messy mrsaint: Yes.. it is.. <br> but it starts on empty conf.. soo I paste bgp+routemaps/accesslist from .sav file and it works. :) mercutio: weird mrsaint: yes.. :) mercutio: it used to have each daemon with it's own config file <br> then Zebra.conf mrsaint: but anyways its all good :) mercutio: from memory <br> and Zebra.conf would be like a master file <br> but it meant there was this weird kind of double up mrsaint: yeah.. but I use vtysh mercutio: yeah <br> which puts it into the master one <br> sorry i'm a little rusty <br> but i seem to recall that master worked better mrsaint: np. :) <br> I do have it on my 10g routers working just fine.. :) <br> its just my virtual setup that things not always stay on reboots. <br> but as I know it its a easy fix. mercutio: bbs <br> gl :) <br> <u>mrsaint</u>: did you get the e-mail about the maintenance? mrsaint: <u>mercutio</u>: yeah but didnt reflect much at it :) mercutio: ahh right mrsaint: guess im constantly tiried with small baby girl at home and way to much work. :) mercutio: heh plett: <u>mrsaint</u>: Out of interest, what are you using the BGP for? Internet facing, or internal routing inside vpn tunnels? mrsaint: <u>plett</u>: announce /24 for anycast. plett: DNS? mrsaint: in this case on many locations with vps :) <br> yes dns.. and trying some web :) plett: I can't imagine web traffic will work quite as well mrsaint: yeah it actually does :) <br> try www.mainstreamhosting.net :) <br> see if it works plett: Firefox can't establish a connection to the server at www.mainstreamhosting.net. <br> (yes, for real, not pulling your leg) mrsaint: oh thats interesting. <br> whre did you end up? show me last 3 jumps in route? <br> coz it works for me plett: 6.|-- linx-10ge.lon1.uk.portlane.net 0.0% 10 3.9 10.7 3.4 39.1 13.8 <br> 7.|-- v-router-lon.mainstreamhosting.net 0.0% 10 3.4 3.6 3.4 3.9 0.0 <br> 8.|-- web-anycast.mainstreamhosting.net 0.0% 10 3.9 3.6 3.3 3.9 0.0 mrsaint: oh.. let me check the london box <br> try now plett: Yep. Works now :) mrsaint: Yeah.. varnish had died. <br> its a dynamic page with mysql on the backend soo its quite interesting how well it does work. plett: More nagios'ing required? mrsaint: Yeah <br> should work :) as long as backend is reachable and same route is active atleast :) <br> but now time for lunch here.. ttl plett: Why are you doing anycast for the web traffic? Just because you can, or for DoS resilience etc? mrsaint: Just coz I can :) plett: Fair enough. That's a good answer :) mrsaint: and I wasted /24 subnet for 1 service? dns.. why not put my own page on a second ip :) <br> :) plett: I would probably have used the anycast DNS to return geo-ip CNAMEs for the web servers mrsaint: varnish do cache alot and the content is rather static. <br> yeah will play with that to at later stage. plett: As you just know that at some point someone will want a long-running http session, some websockets thing or a big download, and BGP will move them when they don't want it mrsaint: Yeah know. But I dont have much on my page. its static content. hehe. <br> but now off to food. plett: Now, if you were doing something even crazier like sharing pfsync state between all the boxes so that any node could just carry on with the existing TCP session, that would be awesome :) <br> Cool. Bye :) mrsaint: hehe :) wont do that.. from eu to thai to japan and us :) mercutio: <u>plett</u>: there's ways to make that less of an issue <br> but ime if web sites load slow most people click reload <br> of course there are probably morons who wait forever :) <br> but if a connection doesn't even do a tcp reset, then people will reload <br> or they'll go to another page <br> if you do a reset for unknown tcp connections it might speed some people up <br> then they can just click reload <br> plett.. i'm actually interested in this sharing state between locations thing <br> plett.. you don't have any idea of some easy way to do that with linux do you? it would also need to not reset connections it doesn't knwo about yet. <br> so that asymmetric routing would work normally <br> it's part of my transparent tcp proxy idea plett: <u>mercutio</u>: It wouldn't actually work. It isn't just the IP traffic which needs state syncing, you would need the web servers on each node to share state about every connection. mercutio: that should be doable plett: Even if you did write a custom web server to do that, the overheads in syncing all that would be crazy. You /might/ get away with it between two machines in the same room, but doing it between continents would be crazy mercutio: the biggest problem i see is that if traffic comes in before it's received the state information <br> you have to delay sending reject packets. <br> not necessarily plett.. if it's many connections you could do compression of sorts. <br> my idea is slightly different though <br> i want a mitm transparent tcp proxy <br> and to be able to send outgoing traffic out whatever path, and have bgp in multiple locations that takes traffic in <br> and when traffic comes in it can create a mitm tcp proxy <br> and in that situation, if you have more than one way to communicate, if a connection moves you could always copy the state <br> like request the state of the connection <br> and then you can just have multiple paths <br> and protect against network issues rather than server outages. <br> for local server outages you could copy all state information between two hosts too plett: I'm now wondering if you could do something like syncookies where another node could identify that it was valid traffic and know what to do with it based on the contents of the traffic itself, without having any previous knowledge of the session. mercutio: well my idea is for a fully transparent tcp proxy <br> so if necessary it could always just tunnel all of the data as is closer to the source origin <br> if something else has state plett: I think that /might/ be possible, but now we're either into complete batshit insane territory or industry-changing retire-at-40-to-the-bahamas territory <br> <u>mercutio</u>: What's the use case? What's the underlying problem you're trying to solve? mercutio: so like the idea is you have connection a that connects to c, a sends to c, b is in between the two and recieves from c, so it creates a new local tcp connection and bounces all the traffic b<>c back to a, as in b<>a <br> <u>plett</u>: well if there's packet loss rtt really kills performance <br> and performance goes up with shorter rtt <br> so having a tcp proxy half way in between cna improve performance <br> basically it's about tcp acceleration <br> so like, new zealand to california is around 130 msec, california to uk is around 130 msec <br> new zealand to uk is around 260msec <br> so transparently tcp proxying in california improves performance a lot <br> especially if there's loss <br> but you're very unlikely over the normal internet to get 200 megabit between uk and nz plett: For a small number of users, I'd just host a SOCKS proxy in california mercutio: then you have a california ip :) <br> i wrote something non transparent already <br> although it was just for web, and using squid. <br> and it made web browsing around 20% faster. plett: <u>mercutio</u>: That sounds like a challenge. Have you got a web server in .nz which can serve 200 Mb to me? I can test it from here in .uk ;) mercutio: yeh sure plett: <u>mercutio</u>: 2015-09-29 10:30:00 (2.37 MB/s) - `testfile.zip' saved [209715200/209715200] <br> <u>mercutio</u>: From arp: 2015-09-29 10:31:25 (4.75 MB/s) - `testfile.zip' saved [209715200/209715200] mercutio: weird <br> i got faster than that with arp <br> oh from dedicated though plett: Mine's just a shared vps, but I can sustain a faster speed than that back to the UK (I do each night when I back it up) mercutio: yeah dunno what's with that <br> i didn't download the whole thing <br> but at 90 megabytes it was at 16.7megabytes/sec <br> so you see, mitm in california could easily improve rate <br> you can transparently tcp proxy incoming traffic easily <br> but it's outgoing traffic that's the challenge <br> so it's pretty easy to see that it can benefit <br> but if you want seamless transparent tcp proxying then it's a bit of a challenge plett: <u>mercutio</u>: Hmm. Host a SOCKS proxy in cali, but using a .nz IP announced by BGP? mercutio: yeah i want the IP to stay the same though <br> i got some first hop transparent proxying going btw <br> there's a few gotchas with that even <br> was running into state issues with iptables <br> but that hardly made any difference tbh <br> and still has the issue that you don't get tcp connection timed out, connection refused etc <br> so what i want to do is intercept after connection is established <br> it's all just ideas atm though plett: <u>mercutio</u>: Do you need to support failover between nodes during a connection? <br> i.e. half way through a large file download, BGP changes its mind and directs the client to another node <br> If the client will accept a RST at that point and re-connect and carry on from where it left off, then you don't need anything fancy mercutio: <u>plett</u>: not doing failover at first <br> i want to do proof of concept first plett: <u>mercutio</u>: Then a bsd box running relayd at each node might work well enough mercutio: funny you mention that, i tried relayd early on <br> the problem is like say to japan, often can send out good paths here <br> but traffic will come back in via the US <br> so you don't want to send out the US <br> but what if for some reason traffic came back to US before NZ had sent state information to US <br> like say bufferbloat issue or such <br> also bsd's tcp stack is worse than linux for performance <br> i think really would need to do kernel modifications to do it well <br> but i haven't looked into it yet <br> if there's some way for userland to hook state information and what to do about rejecting connections etc it'd be good <br> i dunno if there is or not though <br> and really where i want to start is making tcp smoother :) <br> err ssh smoother <br> cos it's easy to benchmark a lot without using heaps of bandwidth <br> the idea makes sense to you though right? it's just hard.. plett: I can see why you'd want to do it. If it's for file distribution via HTTP though, building your own CDN with some varnish nodes around the globe and adding some geo-ip dns on top of it is probably much easier than making TCP behave differently mercutio: yeh i want to do it for user experience <br> it's much easier from a cdn pov <br> i prefer apache traffic server to varnish, but accelerating web sites is much easier. mrsaint: <u>plett</u>: pretty much my idea to have static content sites on varnish with nginx backend locally and backup remotely. mercutio: <u>mrsaint</u>: do you have any database stuff for your site? mrsaint: and just make sure I have stable providers of my hosts.. most of them is on my network anyways. mercutio: that seems to be the biggest issue, i suppose you can create static content from dynamic database etc. mrsaint: <u>mercutio</u>: I do.. :) but as its joomla currently and I dont change content its pretty much stable static data mercutio: i love push caching <br> i've been using cloudflare for a bit for some personal stuff, and there's actually quite a bit of delay mrsaint: I just like to test it out.. I have a customer with 2 static page sites that Im gonna distribute out on the servers on thursday and see how it goes :) <br> www.mainstreamhosting.se is on cloudflare it also has mysql backend. mercutio: with things like cloudflare when you test from random locations with low accessed site it will often need to pull mrsaint: yes. mercutio: and it doesn't pull from it's other caches <br> it pulls straight from origin <br> i think mixing pushing/pull is good if lots of content <br> i mean ideally i'd like to see lots of pull caches everywhere <br> and push caches reasonably nearby mrsaint: Just need to find more VPS providers in the US that supports bgp :) <br> they dont really grow on trees :) mercutio: there's not many i looked ages ago mrsaint: maybe colo/box rental places with bgp support? :) mercutio: i reckon having a few good nodes is better than heaps of them though mrsaint: yeah but atleast two in the us I would like to have. <br> redundancy per region :) mercutio: yeah i understand BryceBot: That's what she said!! mrsaint: hehe ***: qbit has joined #arpnetworks <br> qbit is now known as Guest16723 <br> Guest16723 is now known as qbit <br> mkb has joined #arpnetworks mkb: hmm my server turned off in the night -: mkb must have been on that server that was upgraded ***: hycer- is now known as hycer mrsaint: can someone do hostlookup for www.geo.mainstreamhosting.net ? brycec: www.geo.mainstreamhosting.net is an alias for web-anycast-lon.mainstreamhosting.net. <br> web-anycast-lon.mainstreamhosting.net has address 46.246.65.37 mrsaint: interesting :) <br> where you located? brycec: That was from North Carolina, US <br> From Washington state, US, I get anycast-arp.mainstreamhosting.net. mrsaint: ah yeah.. I dont do real geoip.. as I do have 1000 domains in the dns.. and views today I will have to load all the zones in all views. <br> and I cant anymore load same zonefile multiple times and I dont want to load 20k domains or soo due to diff views :) <br> thats nice :) <br> but atleast I can keep the sessions to the "same" box now.. ***: m0unds has quit IRC (Quit: WeeChat 1.1.1) mrsaint: tweaked it.. host www.geo.mainstreamhosting.net what does it give you guys anyone? plett: <u>mrsaint</u>: www.geo.mainstreamhosting.net is an alias for web-anycast-lon.mainstreamhosting.net. <br> Which makes sense for me mrsaint: ok dns located there? <br> whats your dns you lookup on host -t ns geo.mainstreamhosting.net ? <br> could still be my old plett: geo.mainstreamhosting.net name server dns1.mainstreamhosting.net. mrsaint: ah good.. then its correct <br> testing out geo acls <br> but its good then I dare launching my customer website on thursday :) plett: $ dig +short chaos txt hostname.bind @dns-anycast.mainstreamhosting.net. <br> "dns-anycast-lon.mainstreamhosting.net" mrsaint: yeah well its not the server it should be looking up against. <br> I think I need to change my soa <br> I do have dns1 in soa plett: No, but it would look there to find the ns record for geo.mainstreamhosting.net , so that's presumably where the anycasting is happening mrsaint: hehe. yeah well its just lookup the subzone geo plett: Or rather, the geo-ip mrsaint: that is pointed to a specific server where I do geo magic <br> I deligate geo IN NS dns1 in mainstreamhosting.net zone. <br> im gonna make sure the traffic from canada and us ends up in arp server. if possible. that is my maingoal. The customer has bought traffic for a site in canada. ( gaming site) and uk and nl <br> soo I want to direct the traffic to those specific mirrors. <br> would be fun if it worked. mercutio: i have done geo direction with tinydns <br> it mostly worked <br> doing the /8s to various places. the main issue was universitys etc. <br> if you anycast dns then you could answer with different results depending on what dns server it hit ***: pyvpx_ has joined #arpnetworks <br> ben2 has joined #arpnetworks <br> toeshred has quit IRC (Ping timeout: 246 seconds) <br> pyvpx has quit IRC (Ping timeout: 246 seconds) <br> mercutio has quit IRC (Ping timeout: 246 seconds) <br> toeshred has joined #arpnetworks mnathani_: https://www.facebook.com/notes/facebook-engineering/more-details-on-todays-outage/431441338919 ***: ben2 is now known as mercutio gizmoguy: <u>mnathani_</u>: isn't that from 2010? staticsafe: it is <br> i just shared that in another channel too rofl gizmoguy: I did as well <br> and then checked the date mercutio: hah mnathani_: lol <br> my bad <br> someone posted it on NANOG mercutio: heh <br> nanog is getting more and more average staticsafe: i've been ignoring it for the last couple of weeks, doesn't look like I missed much mjp__: nanog <br> whats that staticsafe: nanog.org