mercutio: but it doesn't necesarily help :)
for some reason i seem to get faster lan 10gbe performance with linux 4.3 over linux 4.2.
but i'm still curious why linux 4.2 dips :)
but yeah, hardware is only side of the equation you have software etc too, which can greatly impact performance.
like the old default retransmit time of 3 seconds meant if you lost one of your initial packets you easily wait an extra 3 seconds for a short (say 4k) document.
but especially with smaller files stuff like that can make much more difference than link speed.
***: jpalmer_ has quit IRC (Ping timeout: 276 seconds)
jpalmer has joined #arpnetworks
shafire has joined #arpnetworks
shafire: hi
BryceBot: hi
shafire: can I use the ips from the ipv4 /29 subnet also for other vps?
***: ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: Leaving)
mkb: shafire: yes
up_the_irons: shafire: yup
mkb: obviously only here (well you could tunnel, but that'd be so slow)
up_the_irons: mnathani_: but those foundry switches still do 4096 active vlans; that's why i chose them actually. Nothing else in the price range did that.
RandalSchwartz: happy festivus!
up_the_irons: mercutio: you can default route with just 2000::/3 ? man, ya learn something new every day...
now i'm gonna read up on vxlan too...
shafire: mkb: up_the_irons: can I also bridge the ips?
up_the_irons: shafire: whatever you can do on the same broadcast domain should work
shafire: I am looking for following setup: internet <eth0> VM1 (pfSense [firewall]) <eth1> private network <eth1> VM2 (some linux)
brycec: Yes you can
(Speaking as someone that has stuff behind an OpnSense VM on an ARP dedicated server
)
(of course pfSense wouldn't be "eth")
shafire: how is opensense?
and what do you mean with "eth"?
how is your setup?
brycec: On BSDs, there is no "eth" driver. Depending on the VM setup, you'll either have em or vio.
Opnsense is great
(nb: not a typo, there are only 2 'e' in Opnsense)
And my setup is a standard bridged configuration with Opnsense sitting on the public side, performing bridging+filtering (no NAT) to a private VLAN.
shafire: thats what I want
had you pfsense on your radar too? or directly opnsense?
brycec: I've used pfSense for upwards of a decade :P I'm actually moving away from it to Opnsense.
mercutio: you normally only have eth0
well on vps's.
oh, so you're creating a vlan for eth1 bryce.
brycec: QinQ, baby
mercutio: yeh qinq is a nice idea
i prefer openbsd for firewall over freebsd myself.
pfsense seemed pretty nifty for "just working" when i tried it though
brycec: And Opnsense continues that "just works"-ness
mercutio: i wouldn't think you'd change if that wasn't the case :)
brycec: I love OpenBSD and use it extensively. But for certain scenarios, I need a point-and-click UI I can point less-advanced individuals at.
mercutio: yeah
if using command line and vim etc pf on openbsd is nicer
and there's less crap
freebsd reminded me of slackware when i first used it
with all this dialog stuff and redundant stuff you don't need installed by default
brycec: Not to mention updates/maintenance are a bit simpler - click the update button rather than worrying about what's going to break.
mercutio: pfsense i suspect gets rid of a lot of that at least.
brycec: pfSense is based off NanoBSD ;) (which is FreeBSD with all the crap stripped out)
@wiki NanoBSD
BryceBot: FreeBSD :: FreeBSD is a free Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). Although for legal reasons FreeBSD cannot use the Unix trademark, it is a direct descendant of BSD, which was historically also called "BSD Unix" or "Berkeley Unix". The first version of FreeBSD was released in 1993, and today FreeBSD is the most widely used... http://en.wikipedia.org/wiki/FreeBSD
brycec: (FreeBSD v6 introduced "NanoBSD utility")
(https://www.freebsd.org/doc/en/articles/nanobsd/howto.html for those so inclined)
shafire: and private lan is between vps possible?
cannot find it on the page and the faq is currently not accessable
mercutio: the faq isn't accessible?
normally all of your traffic is on one vlan, and you can communicate between vps's but it's over a single shared interface on each vps.
so you can create tunnels back to one vps, or like brycec was saying you could create a vlan.
shafire: yeah, not accessible: ping support.arpnetworks.com PING tenderapp.com (192.228.96.20): 56 data bytes Request timeout for icmp_seq 0
maybe it's only me, who knows
mercutio: support.arpnetworks.com is working for me
both with http and with ping
brycec: loads for me too
mercutio: i suppose linking to http://support.arpnetworks.com/kb/vps/are-private-ip-addresses-available-for-vps-to-vps-communication won't work for you then
brycec: lol
shafire: no, not working
brycec: Short Answer
Yes
mercutio: can you do a traceroute?
brycec: Long Answer
BryceBot: That's what she said!!
brycec: VPS' belonging to the same account are grouped into the same private VLAN. As such, you may assign any RFC 1918 private address to your interfaces. They will not conflict with any other customer.
Additionally, since the VPS' belong to the same private VLAN, using private addresses for VPS to VPS communication is not necessary. In fact, you can communicate between VPS' using their public IPs and since the traffic will not leave your VLAN, you will not be billed for the traffic.
BryceBot: no
BryceBot: Oh, okay... I'm sorry. 'Long Answer'
shafire: somewhere in voxility.net
brycec: Drop the traceroute in a pastebin to share
mercutio: hmm support.arpnetworks.com is actually hosted with tenderapp
i think voxility is some kind of anti-ddos thing, and my route is going via any2ix so may bypass
shafire: http://pastebin.com/Uxnaz7tC
it worked 2-4h ago
mercutio: oh voxility is your provider?
what country are you in?
shafire: UA
mercutio: heh i don't have anywhere near there to test from
but when i try tracing from various places a lot of routes seem to go over he.net, so i wonder if you can get to www.he.net
shafire: he.net works
mercutio: hmm
https://www.voxility.com/shop/connectivity/internet/looking-glass?hostname=support.arpnetworks.com
that's kind of nifty, not that it's working.
brycec: cute
" 4.|-- FILTER-DDoS"
mercutio: do you have another location you can use it from?
shafire: yeah, I have a backup provider here
brycec: thanks for the information
the looking glass gives an error on all destinations or not?
brycec: I tried support.arpnetworks.com and arpnetworks.com - only support.arpnetworks.com gave an error, and from all sources.
mercutio: because it doesn't even seem to leave voxiility's network, i'd suggest to try asking voxility why it isn't working
***: toeshred has quit IRC (Ping timeout: 272 seconds)
toeshred has joined #arpnetworks
dfshjkl has joined #arpnetworks
erratic has quit IRC (Read error: Connection reset by peer)