| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | dj_goku has quit IRC (Remote host closed the connection) | [02:05] |
| .................................................. (idle for 4h7mn) | ||
| dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host) dj_goku has joined #arpnetworks | [06:12] | |
| ....... (idle for 30mn) | ||
| nathani has quit IRC (Quit: WeeChat 1.4) | [06:42] | |
| ..................... (idle for 1h44mn) | ||
| mnathani | how would I go about adding the link local IPv6 /128 route for backup out to eth1 so I dont have to do %eth1 on Ubuntu | [08:26] |
| ................ (idle for 1h16mn) | ||
| brycec | I'm not sure I understand what you mean... If you're specifying a route to a LL address of *course* you have to include the interface.
To alter that behaviour would, at a minimum, require removing fe80::/8 from all other interfaces, and then whatever other hoops you have to jump through to get $tools to not require an interface suffix. | [09:42] |
| *** | nathani has joined #arpnetworks | [09:50] |
| .... (idle for 15mn) | ||
| mnathani | I was going by the trello suggestion: "If there were an IPv6 address for the backup server, all customers could add the address as a /128 to the routing tables on their VPS's to go via the link-local for the backup server over the dedicated interface." | [10:05] |
| brycec | (Now I'm trying to wrap my head around that) | [10:06] |
| mnathani | perhaps the person who suggested that wanted a global unicast routable IPv6 AAAA record and not a link local | [10:06] |
| brycec | That could be
Which would annihilate the poor IPv6 router | [10:06] |
| mnathani | it should only be acceible via backup interface
ie: not routed to IPv6 router or global internet for that matter | [10:07] |
| .................... (idle for 1h36mn) | ||
| *** | fIorz has joined #arpnetworks | [11:43] |
| fIorz | up_the_irons: it seems like the IPv6 routing from the LA to the FFM location is somehow broken, traceroute ends at some HE router two hops or so from 2607:f2f8:0:102::4, while it works just fine from elsewhere | [11:45] |
| ..................... (idle for 1h43mn) | ||
| up_the_irons | fIorz: yeah we're aware of that; it's because we're migrating to a new router and our NTT session used to carry a static route (which we migrated to the new router)
brycec: mnathani : the suggestion had mentioned link-local mnathani: you always have to qualify a link-local address by %interface, if you have more than one link-local address fIorz: I should set up a static to a different endpoint... OK that was easy It's working now | [13:28] |
| brycec | up_the_irons: New router... still running OpenBSD 3.9 though? :P | [13:42] |
| up_the_irons | OpenBSD 5.9 | [13:43] |
| brycec | About damn time :)
And just in time for 6.0 no less | [13:43] |
| up_the_irons | Yeah | [13:44] |
| fIorz | up_the_irons: now I am talking to a different webserver than via ipv4!? (in particular with a different(/worse) TLS setup) | [13:54] |
| up_the_irons | Not sure which webserver you're referring to | [13:55] |
| brycec | Huzzah ARP. Company's main DC lost its Internet (apparently, I'm hearing it 3rd/4th/5th-hand) but the distributed/replicated services I stood up on our ARP instances are, of course, still chugging along. | [13:55] |
| fIorz | up_the_irons: 2607:f2f8:0:102::4, or portal.a.c | [13:55] |
| up_the_irons | I wonder if we're not proxying IPv6 from our SSL termination endpoint
mercutio: ^^ | [13:56] |
| brycec | brycec wishes his company's monitoring wasn't run out of that DC however. *sigh* Always something. | [13:57] |
| fIorz | https://www.ssllabs.com/ssltest/analyze.html?d=portal.arpnetworks.com&s=2607%3af2f8%3a0%3a102%3a0%3a0%3a0%3a4 | [13:57] |
| up_the_irons | brycec: nice :)
fIorz: yeah that's how it was before we used a different SSL endpoint | [13:57] |
| fIorz | yeah, IPv6 can do time travel :-)
(also, keeping the old endpoint available at all is a security problem, even if the DNS isn't pointing to it, as a MitM doesn't really care about DNS) | [13:59] |
| up_the_irons | right | [14:02] |
| ...... (idle for 26mn) | ||
| I've turned this into a Trello card under Known Issues:
https://trello.com/c/F6SS2RE1/15-portal-ipv6-endpoint-has-old-ip-should-proxy-through-newer-endpoint-with-stronger-ssl-termination Votes welcome! | [14:28] | |
| mnathani | I am still confused about the /128 IPv6 Route as mentioned by the other Trello Card for backup
I was under the assumption that adding the route with the AAAA record would somehow eliminate the need to specify the interface %eth1 or whatever | [14:30] |
| up_the_irons | No, that's not the case
All link-local addresses must be qualified, since the same subnet (fe80::/64) exists on all interfaces by default I kept having to tell people our backup server IPv6 address, now at least the hostname can be queried toddf: FYI, I wanted to acknowledge your feature request emails; I simply haven't had time to add them to Trello yet, but I will do so this week | [14:32] |
| .... (idle for 15mn) | ||
| toddf | up_the_irons: no worries, just .. much more experienced elsewhere these days, and I hope they are useful/constructive criticism ;-) | [14:49] |
| ................................................................... (idle for 5h30mn) | ||
| up_the_irons | toddf: Yes, they are useful and appreciated! | [20:19] |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |