--- Log opened Mon Apr 16 00:00:11 2018 --- Day changed Mon Apr 16 2018 00:00 < wiresharked> phirephly: Like thiojoe said, 802.11ax is supposed to help in crowded environments 00:00 < jorja> THAT IS WHAT THEY PAY FOR 00:00 < phirephly> wiresharked, exactly 00:00 < wiresharked> But your house would not really be the kind of setup that 802.11ax is good for 00:01 < phirephly> wiresharked, I can see 15 SSIDs from my house. WiFi sucks here due to density 00:01 < wiresharked> And interference 00:01 < Criggie> jorja: your user pays for 4 Mbit of internet, okay. Is it going slower than that ? 00:02 < jorja> if someone had 4Mbs internet do they need to have a wirelss ac standard router or would any router work? 00:02 < jorja> I just want a yes or no answer 00:02 < phirephly> jorja, Yes, any router will work 00:02 < Criggie> jorja: "no" 00:02 < wiresharked> Oh, and you mean CTS 00:02 < Criggie> any router will be fine. 00:39 < mynameisdebian> If I do NSLOOKUP on loans.support is get 52.24.155.13. If I try to ping that address it fails. However, I have another domain at that address (steamcheap.com) that I can ping just fine. Yet, if I add loans.support to my Hosts file I can connect to the website and the VHOST entry directs me to the appropriate folder. Anyone have any ideas? 00:40 < mawk> it's not the same IP mynameisdebian 00:41 < phirephly> 52 vs 54 mynameisdebian 00:41 < jorja> if someone had 4Mbs internet do they need to have a wirelss ac standard router or would any router work? 00:42 < meingtsla> hahahaha 00:43 < phirephly> Can someone just go mail jorja a WRT54GL so we can be done with it? 00:44 < meingtsla> He left right after that time 00:44 < phirephly> he didn't really want our advise anyways 00:49 < tds> mynameisdebian: they both have different A records, steamcheap.com is 52.24.155.13, loans.support resolves to 54.24.155.13 which is unreachable 00:55 < mynameisdebian> o 00:56 < mynameisdebian> tds: thx, not sure how I failed to notice that 00:56 < mynameisdebian> tds really appreciate you taking a moment 00:57 < tds> yeah, it took me far too long to see it, I only noticed it in the hex v6 addresses my resolver was also generating 00:58 < mynameisdebian> oh good to know v6 is good for something after all j/k :) 00:59 < mynameisdebian> pirephly: Hey man just saw you mentioned the same 00:59 < mynameisdebian> mawk: you too 00:59 < mynameisdebian> thanks to you both 01:00 < tds> oops, I'm blind and missed those messages, sorry 01:04 < fnDross> mynameisdebian: coffee time! 01:07 < mynameisdebian> fnDross: TBH I stayed up all night trying to right these programs I've been trying to write for months, and as always I ran into an issue of FF forcing updates and causing crazy incompatibilities between Selenium/FF/Marionette/GeckoDriver/Other things. I thought I had handled it but I was wrong. I downgraded and used apt-hold to try to lock it at v47, but the FF update somehow broke the setup, which I had spent some time 01:07 < mynameisdebian> trying to figure out. There were these recent changes that have broken every single script I've tried to write in Selenium in the past 6 months. I can't even get a stable dev environment. 01:07 < mynameisdebian> "trying to write" lol 01:10 < mynameisdebian> Pulling my hair out because I wasted about 24 hours on the same thing again. 01:15 < jorja> if someone had 4Mbs internet do they need to have a wirelss ac standard router or would any router work? 01:17 < rewt> any router would work; the only advantage of anything faster than 4Mbps would be when communicating directly on the lan 01:17 < azizLIGHT> can anyone recommend a dual wan failover router please 01:19 < azizLIGHT> i want to connect two sources of internet and have the router provide main source to all devices unless its down, then provide the backup 01:19 < azizLIGHT> and to minitor main internet when its back up, and to switch 01:29 < Blueking> anyone knows when asus RT-AX88U hit shelves ? 01:36 < azizLIGHT> Blueking: im in the market for a router. why get rt-ax88u ? 01:37 < Blueking> want new feature aimesh 01:37 < Blueking> tho would need to buy 2-3 of em 01:38 < Blueking> rt-ac68U doesn't qualify 01:38 < azizLIGHT> whats aimesh, sorry forignorance 01:39 < Blueking> rt-ac68u doesn't support MU-MIMO 01:39 < Blueking> aimesh mesh network 01:40 < Blueking> I have two asus routers set AP mode but it's pain when you move around inside house one stays on weak signal even one are beside the other router 01:42 < Blueking> and I have been reading upgrading some of asus routers that support aimesh are unstable, nodes disapear 01:43 < drac_boy> hi 01:44 < drac_boy> sorry to ask but just wondering...does PoE giga basically mix power and data on same wire like you do with model train dcc? 01:45 < Blueking> drac_boy from what I know answer are yes 01:48 < drac_boy> blueking thanks, I was getting a little curious knowing that eth and fast eth left the power on unused pins but giga used all of them after all 01:48 < SporkWitch> drac_boy: yes, PoE delivers device power over the same cable as data. A power injector is a box with a data in, a power in (usually a standard power cable like a desktop PSU), and a data+power out. It's commonly used by VoIP phones 01:48 < vvande> Blueking, I bet it's got to do with interference. Perhaps some routers deal better with that, but I can cover 3 floors in a large house with an Asus RT-N16 and down the block also. My old Netgear did the same. 01:48 < jorja> if someone had 4Mbs internet do they need to have a wirelss ac standard router or would any router work? 01:49 < Blueking> vvande paper thin walls or ? 01:49 < SporkWitch> Blueking: Asus' stock firmware has settings to set what signal level to do the handoff on, and some other features relating to it 01:49 < SporkWitch> jorja: 4Mbps could be handled by 802.11b lol 01:49 < Blueking> SporkWitch seems nodes that are wired looses connection to other nodes/primary unit 01:50 < jorja> they where told they needed a wireless ac standard that is why I was asking 01:50 < jorja> they know nothing about routers 01:50 < SporkWitch> Blueking: haven't set it up myself, just know i've seen the settings. I have a different setup, where I'm actually using a different SSID to segregate antisocial apple devices from roommates that were knocking anything non-apple off the network 01:51 < SporkWitch> the older router handles the apple traffic, the shiny AC-3100 handles my suff :) 01:51 < Blueking> SporkWitch due mine GF have apple shitty phone I can't use hidden ssid.. tho found out later that hidden ssid are more unsecure than visible ssid.. 01:51 < drac_boy> blueking dunno if you find that funny or not but I still have one custom cable I made many years ago for my laptop .. a rj14 ethernet cable (much lighter and slight more agile re running long wire onto living room sofa sitting position etc) :) 01:51 < SporkWitch> jorja: with only 4Mbps downstream, they most certainly do not need 802.11AC lol 01:52 < drac_boy> only need 10/100 anyway so 4 pins was enough :P 01:52 < SporkWitch> Blueking: not an issue with hidden or unhidden in this case, but something about apple devices trying to use all channels at once, in violation of the RFCs. The apple stuff behaves fine, but it knocks everybody else off that's trying to talk on that router. 01:53 < Blueking> hmm havn't faced that problem 01:53 < SporkWitch> Blueking: someone in here identified the root cause; i was planning to get a shiny new router anyway, so it just made sense to segregate; 'lo and behold, issue gone. 01:54 < Blueking> SporkWitch tho I am using custum firmware on mine asus routers and using vlan tagging on lan ports and wifi 01:54 < MR-D05> is there a good way to see what CDN files a domain uses? 01:54 < Blueking> merlin firmware 01:54 < vvande> Blueking, not paper thin - but very thick lumber - (100 year old building) 01:55 < Blueking> SporkWitch wich router you plan get ? 01:55 < SporkWitch> Blueking: i don't believe it was any issue with the router. wasn't pegging CPU or anything, and it could handled any number of apple devices that the roommates connected, but as soon as ONE of those apple devices connected, all the non-apple stuff would start flaking out, from my chromecast to my ps4 lol 01:55 < SporkWitch> Blueking: the older one is an RT-N66R, the newer an AC-3100 01:56 < Blueking> plan using it's routing feature or disable routing ? 01:57 < Blueking> not sure how mesh setup would be like if I doesn't want to use wifi router as router but basical AP mode in some way if it support that 01:57 < SporkWitch> Blueking: when i got the second, yeah, i just set the older one to AP mode, the 3100 as primary router. Simply keeping the apple devices to themselves resolved the issue, but that was already known from prior testing. 01:58 < SporkWitch> dunno about mesh, but the stock firmware definitely supports AP roaming, and has settings to tell it at what signal strength it should tell clients to switch 01:58 < Blueking> you could have apple devices connect on guest network ? 01:59 < SporkWitch> IIRC, that would end up taking either the 2.4GHz or 5GHz radios, so i couldn't offer both on the main anymore (it would also break access to the chromecast and other stuff on the LAN) 01:59 < Blueking> what asus routers do support AP roaming btw ? 01:59 < SporkWitch> all of them? 01:59 < SporkWitch> the stock firmware is ridiculous lol 02:00 < Blueking> rt-n66u and rt-ac66u ? 02:00 < dogbert2> AC-3100 seems b33fy 02:01 < dogbert2> SporkWitch...I have a D-Link AC1750...****ing thing doesn't even have SNMP available in the GUI 02:01 < SporkWitch> 66u/r is basically the same device, as far as i can find, and offers those features, last i looked 02:01 < dogbert2> My Lexmark printer for $80 has that in the firmware :) 02:01 < SporkWitch> dogbert2: what'd you expect? it's a dlink lol 02:01 < SporkWitch> and yeah, the 3100 is a monster; i love it lol 02:02 < dogbert2> SporkWitch...yeah, when it breaks, I'll get a better Wireless Router 02:03 < SporkWitch> i've got 1Gbps down fibre now, and between it and the 2x2 radio in my new (amusingly, asus) router, I vary between 300-600 Mbps down on speedtest.net; i get 99% of advertised rates when wired, unfortunately the only GbE cable i have is only long enough to connect the fibre modem to it lol 02:03 < dogbert2> though my Libre Computer (Le Potato) is pretty bad ass for a RPi clone :) 02:03 < SporkWitch> new laptop rather, but i figure you guessed that 02:04 < Blueking> roaming assistance = AP roaming ? 02:04 < SporkWitch> yup 02:04 < Blueking> hmm I see it's disabled.. 02:04 < dogbert2> SporkWitch...are you trying to d/l a TB of pr0n in less than 30 mins? 02:05 < Blueking> but to use AP roaming one need to have asus routers talk to eachother/login somehow ? 02:05 < SporkWitch> dogbert2: comes in handy for game updates and no worrying about roommates saturating the link with their jersey shore bullshit lol 02:05 < dogbert2> bwhahaha 02:05 < SporkWitch> dogbert2: and it's only 110/mo including the static ip 02:06 < dogbert2> Jersey Shore is a waste of bandwidth 02:06 < dogbert2> I get 30-35/3 for $40 02:07 < SporkWitch> honestly, the 100Mbps upstream is of more use to me; can stream plex while i'm at the office. also planning to move a lot of my hosting in-house once i can afford some hardware; can easily cut my hosting costs down to 5 bucks to just maintain a backup SMTP relay if the connection or main server goes down 02:07 < Blueking> SporkWitch but to use AP roaming one need to have asus routers talk to eachother/login somehow ? 02:08 < SporkWitch> Blueking: pretty sure it sends a signal saying "hey, you're getting weak, try the other one"; check the documentation, it's quite good 02:08 < Blueking> just wonder what's different with mesh/mu-mimo.. 02:10 < Blueking> I mean people who uses asus routers in AP mode want to test aimesh 02:10 < dogbert2> heh...some of this fan produced star trek is actually pretty good on youtube 02:10 < Blueking> thus they believe mesh makes it better in some way if it works 02:10 < SporkWitch> dogbert2: with discovery as the new baseline, it's not like it would take much in comparison lol 02:10 < dogbert2> SporkWitch...cox cable, being the assholes they are won't give me a static IP, and the turds block ports also :P 02:10 < drac_boy> dogbert2 it'll take 10 hours but I could do it in 5 if I have to :) 02:11 < SporkWitch> dogbert2: the orville is a better star trek show than the new star trek lol 02:23 < Blueking> hmm wasn't easy to dig up stuff about aimesh, what makes it better than old routers (n66u/ac66u), worth get new one for new features ? 02:42 < Success> how good/bad/common/uncommon is 0.85 megabits per second down and 0.30 megabits per second up 02:42 < Success> 129 ms latency 02:43 < Peng_> How many channels did you ask that in? 02:44 < Success> 1 02:44 < Success> (this one) 02:44 < Success> oh and Mozilla#firefox but i figured here would be more appropriate 02:45 < Success> so i guess 2 total my bad 02:45 < Logg> how "good" it is depends on what the plan you're paying for is supposed to provide 02:46 < Success> like if you personally had to use said interweb how infuriating would it be or is that pretty decent/usable 02:47 < Peng_> Can hardly stream anime in HD at that speed. I would be miserable. 02:47 < Logg> can't stream 720p, no. 02:47 < Peng_> Would streaming 480p work? Barely? 02:48 < Success> hmm lemme try 02:48 * Success is waiting for youtube.com to load 02:48 < Logg> just look at a sample file's bitrate 02:51 < Success> LOL youtube vp9 360p = 1 Mbps; 480p = 2.5Mbps rip 02:52 < Logg> doesn't sound true. but regarding your original question, call your isp if you aren't getting close to the speed you pay for over a range of speed tests to multiple servers at multiple times of day. 03:03 < Success> oh sorry that was the recommended upload speed my bad 03:23 < cr1t1cal> what is the difference between transmission rate and throughput? 03:27 < vvande> I think, rate is how fast it is going - throughput is how much has gone through iow it involves time 03:28 < cr1t1cal> vvande: iow? 03:29 < vvande> in other words 03:29 < vvande> in any case, I'm just guessing :) 03:30 < vvande> I don't know the specifics of the application here. 03:30 < cr1t1cal> please dont guess 03:30 < cr1t1cal> you are getting mixed up with propagation rate 03:31 < vvande> ok 03:34 < vvande> in any case, people use the terms differently 04:00 < puff> Hi, I'm trying to get an old HP laserjet 8150 working. Unfortunately the config page isn't printing right and I can't read the IP address on it. Trying to figure out how to figure out the address. My router is a mikrotik rb 750, I'm on xubuntu. 04:01 < jorja> NETGEAR AC1200 Dual Band Wi-Fi Router 04:02 < jorja> if someone had 4Mbs internet do they need to have a wirelss ac standard router or would any router work? 04:02 < sirwilliam> ARP scan. 04:02 < `7hr34t_hvntr> any splunkers about 04:02 < `7hr34t_hvntr> i need to figure out how to create a field for the first IP seen in a raw field 04:02 < Logg> check your dhcp server logs, puff 04:04 < puff> Logg: Hm, does the mikrotik keep logs? 04:04 < Logg> I haven't used one. find a status page if the router is acting as the dhcp server, it can show connected clients sometimes 04:05 < Logg> or you can arp for the printer if you know its mac address... sometimes on a sticker on the back 04:05 < puff> It shows the leases, yeah. 04:06 < puff> Didn't see the MAC address anywhere on it, I'll go take another look. 04:06 < Ben64> can find it from the router or nmap 04:08 < puff> Somebody on #mikrotik told me HP uses port 9100, so scannign for that now... 04:09 < puff> Whee, that worked. 04:12 < vvande> I think that's the standard printing port for everybody. CUPS will work on that. 04:13 < puff> Hm, hp-setup is still reporting I'm using the "advanced" "manual discovery", but it still says it can't see the printer on the netowrk. 04:16 < vvande> another thing to try would be http://localhost:631 if you have CUPS installed 04:17 < puff> CUPS found it, printed a test page, now lets see if the test page printed... 04:19 < puff> Test page printed, looks like crap, next step is to sort that out. A friend who rehabs these things for fun says the first thing to try is just printing 30-40 pages and see if it clears up. 04:19 < puff> Logg, Ben64, vvande: Thanks! 04:20 < jorja> if someone had 4Mbs internet do they need to have a wirelss ac standard router or would any router work? 04:21 < Logg> jorja, you were already answered 04:22 < jorja> No one has answered 04:23 < Ben64> the internet speed isn't why you would need different wireless, depends more on how fast you want to transfer within the network, and outside interference 04:23 < phirephly> jorja, Several of us told you that any router will work. 04:24 < phirephly> It being a pleasant experience is a different matter, but that depends on your standards for a router 04:24 < Logg> you only need a router supporting 802.11ac (1300Mbps) if you need to communicate on your lan faster than 802.11n (300Mbps) 04:25 < Ben64> or 2.4ghz is completely saturated 04:25 < Ben64> and you're pretty much never getting the speeds that they say 04:37 < phirephly> Well, just finished this weeks project: A few of my buddies and I decided to create our own Internet Exchange to save on the number of cross connects we needed http://blog.thelifeofkenneth.com/2018/04/creating-internet-exchange-for-even.html 04:38 < sirwilliam> part 04:38 < sirwilliam> lol 04:39 < jorja> they where told to go with ac standard and they do not understand why 07:12 < comet23> what's the best place to find an it internship without any experience whatsoever and no college? 07:17 < Logg> comet23, get a cert related to the field of IT that you're interested in, then try volunteering for a church 07:19 < comet23> is there a way to get a company to pay for your cert? 07:22 < Logg> you could try. 10:32 < disposable2> if i buy a dualport 100Gbps NIC and plug it into a pci express 3.0 16x slot (max throughput 126.4 Gbps), will the ports fight for available bandwidth or do i HAVE to set 1 port to 100Gbps and the other to 25Gbps speeds? 10:32 < endre> refer to the specs sheet 10:33 < endre> and also driver 10:33 < disposable2> endre: i don't have a particular card in mind. i'm asking "in general" for now. 10:34 < endre> i see 10:44 < hugge> disposable2: you can activate both 10:46 < hugge> but the bus-speed will cap out early as you know 10:47 < hugge> but the usecase for those things isnt to max out the bus speed anyway 10:48 < tezogmix> hey how is the tplink unmanaged switch (the 8 port all metal casing)? I just purchased that one (latest revision) 10:49 < tezogmix> I have an asus ac86u router and was going to hook that up to it 10:49 < endre> tezogmix: should work 10:51 < tezogmix> I also picked up today a refurbished hp enterprise desktop (hp 6300) with intel gigabit nic/w7-64.... I have an old laptop from that same time era 2012 (both are i5's and w764) but the laptop is usb 2.0 and the desktop is usb 3.0 10:52 < tezogmix> from some other irc channels, it was suggested that it should be possible for me to use the current download management software that I have installed on my laptop to have the data transferred to external usb 3.0 devices (connected to the hp 6300 usb 3.0 desktop at usb 3.0 r/w speeds)? 10:53 < azonenberg> Hmmmm so I'm designing an 8-port 10/100/1000 base-T line card for an edge-layer switch 10:53 < tezogmix> provided I first set up both machines to enable file/network sharing? both of them will be connected to the same router via ethernet-hardwire, but my lap 10:54 < azonenberg> I have an 80-pin connector from each card to the backplane, divided into two groups of 40 pins 10:54 < tezogmix> laptop will be the main ISP driver 10:54 < tezogmix> driver=connection + software 10:54 < azonenberg> First group has power, MDIO, JTAG, I2C, reset, and some power control stuff totaling 21 of 40 pins 10:54 < azonenberg> Second group has eight lanes of SGMII which comes out to 32 of 40 10:54 < azonenberg> trying to think if there's any good use for the remaining signals or if i should just declare them "reserved for future use" and move on 10:55 < tezogmix> so theoretically, I should be able to appreciate any shared network drives that I target my laptop software download path to? 10:55 < tezogmix> networked drives being usb 3.0 external hdd's (laptop only has usb 2.0 support) 10:55 < tezogmix> same OS 10:56 < tezogmix> over same router-network/LAN 10:56 < refeaime> Hello, guys. 10:56 < refeaime> Can anybody help me with wpa_supplicant.conf syntax to make sure, that wi-fi roaming (IEEE 802.11r/k/v) will work? Which options must be setup? 10:56 < refeaime> Wi-Fi chipset supports these standarts. 10:57 < MrLawrence> Hello guys, I more or less know the difference between an FTP server and a file server. However, what can you guys say about the protocols used in a file server? Is it just TCP/IP and handled differently via each particular implementation of this kind of application? 10:58 < tezogmix> my question here to you folks was anything I should keep in mind when setting this up tomorrow 11:00 < refeaime> MrLawrence: Well, FTP is an old protocol. it was first in that kind of protocols. Due age it not always good. CIFS/SMB, NFS more flexible. 11:01 < MrLawrence> Thank you :) 11:01 < tezogmix> my main worry was that there would be some bottleneck in transferring data over the recognized shared network path to external usb 3.0 hdd (connected to the usb 3.0 desktop) from the usb 2.0 laptop; basically hoping I can finally experience some better r/w speeds than how I had those usb 3.0 hdd's connected to my usb 2.0 laptop (I would never get over 20-30MB/s and I have a 300Mbps broadband connection). 11:01 < MrLawrence> refeaime, know which one is most widely used and actively updated? 11:02 < refeaime> You can also see that in naming. File Transfer Protocol. 11:02 < refeaime> Common internet file system, network file system. 11:02 < refeaime> MrLawrence: well... It depends. Most popular, i think, is SMB. 11:03 < refeaime> FTP - web servers upload/download. Its easy to setup and configure. 11:03 < refeaime> If apple - there is AFP. Or same SMB. 11:05 < disposable2> hugge: so leaving both ports configured at 100Gbps and hitting the capacity of pcie slot is something the driver/chip knows how to deal with or will i get dropped packets? 11:09 < hugge> disposable2: it will simply not be able to ramp up 11:10 < hugge> for ingress the card will be able to buffer abit 11:10 < hugge> and then drop 11:12 < disposable2> hugge: thank you. 11:12 < hugge> but - 100g or even dual 100g to a server isnt exactly supereasy these days 11:12 < disposable2> hugge: how so? 11:13 < hugge> its not like you can run a random ftp server on that and get any performance :) 11:13 < disposable2> hugge: it's for ceph storage in my case 11:13 < hugge> but NVMe offloading and resources that can use DPDK for example you can get decent speeds up and going 11:14 < refeaime> So, is there anyone that can help with roaming options in wpa_supplicant? 11:14 < hugge> Likte connectx6 for example can do nvme fabric offloading 11:15 < hugge> which is the most popular 100g/200g card 11:16 < disposable2> hugge: i'll most likely go for connectx6 because it also has nvmf target offloading and EC offloading and is half the cost of x6 11:16 < disposable2> s/connectx6/connectx5 11:18 < disposable2> hugge: and i don't need 200Gbps 11:47 < Endraya> Switches for those connections are a bit expensive as well ;p 11:49 < hugge> not really 11:49 < hugge> 100g switches has fell through the roof long time ago 11:52 < Endraya> With 100Gbps ports? 11:53 < djph> refeaime: probably better to ask the actual question, rather asking to ask about it ... (unless the question is farther back than I read ... ) 11:55 < disposable2> Endraya: you can get huawei cloudengine switches for slightly over 10K euro (32x 100Gbe). probably cheaper in US. 11:55 < refeaime> djph: which questions? I have roaming network (rukus) and i want to test rPi3 stability in such network with roaming. I am confused, which options to use to be sure, that roaming is setuped. 11:55 < refeaime> Because 802.11r is where client chooses where to change AP. 11:56 < djph> refeaime: client devices roam even without 802.11r 11:56 < disposable2> Endraya: a 2nd hand 100g Cisco nexus costs about the same or less 11:56 < Endraya> disposable2: Would be quite the downgrade, but i don't really see the point other than for breakout cables. 11:56 < djph> 802.11r is just "faster" 11:56 < refeaime> djph: yes, they do. But its known as Handover. Which is not good. 11:57 < djph> it's the same thing 11:57 < refeaime> ANd in handover AP chooses. 11:57 < djph> just 802.11r is "fast" 11:57 < djph> NOPE 11:57 < Endraya> disposable2: Second hand being stolen? ;P 11:57 < djph> Client has always (and likely will always) decide when it should move to a better AP. 11:58 < refeaime> djph: i do not want to yelling about what same or not same. I need configure FT support via wpa_supplicant 11:58 < trae32566[w]> Endraya: it's not "stolen", it fell off a truck. Get it right. 11:58 < djph> did you input the settings as shown in the manual? if so, then it's likely ready to go (restart it to be sure) ... then walk around the building 11:58 < Endraya> Wished our accountants would see it that way ;P 11:59 < djph> I mean ... I haven't had any trouble in the test box I setup with it (but then I only started playing with it mid last week) 11:59 < trae32566[w]> we actually did have that happen kinda 11:59 < dogbert2> hey djph 11:59 < trae32566[w]> fedex dropped a server and bent it a bit 11:59 < refeaime> djph: in handover is AP who stops "talk" to client, and client "must" to scan network again and auth with new AP. FT protocol is fully under client control and no need to use full auth procedure. 11:59 < trae32566[w]> gave us that one plus the money for a new one, so... 12:00 < refeaime> djph: so it is enough to setup basic config to get FT working? 12:00 < dogbert2> LOL...fast is all relative 12:00 < djph> ^ 12:00 < djph> refeaime: as far as I've tested thusfar - yes, the basic config works. 12:01 < Endraya> Ah, fork lift accidents can happen as well (can't believe it actually works even though it got hit straight on). 12:01 < refeaime> djph: okay. Any advice how to see roam packages? TCPdump and perl regexp? 12:01 < djph> rtfm and/or stfw 12:02 < refeaime> djph: haha. Looks like i am again in russian MUC =D 12:04 < dogbert2> who actually reads manuals? :P 12:07 < ShapeShifter499> hi 12:08 < ShapeShifter499> I'm seeing these messages, does anyone here know what they mean? "systemd-resolved[200]: Using degraded feature set (UDP) for DNS server" 12:11 < jimm> hi, need some troubleshooting help, I had a working program that generate a masqing firewall given interface definitions, and I switched over to a very simple manual setup,,, I'll show you that in a moment 12:12 < tuskkk___> how do we ssh into a server using a DNS with an A record mapped? 12:13 < tuskkk___> ssh ..com 12:13 < jimm> I might have to reboot and come back to set up "initial conditions" before trying to put these rules on top 12:18 < detha> Shapeshifter: it's systemd being unhappy with your nameserver and lack of edns0 or dnssec or so 12:19 < ShapeShifter499> detha: do you have an idea how I might fix that? 12:20 < ShapeShifter499> detha: I omitted the address, it seemed to be referring to a ipv6 address 12:20 < detha> ShapeShifter499: depends on your setup. some more detail: https://github.com/systemd/systemd/issues/5352 12:20 < detha> (yet another example of why systemd should stay on laptops) 12:32 < ProfessorWang> i took a shit 12:32 < ProfessorWang> tollhouse cokies is nookie 12:33 < TV`sFrank> And another yank imbecile is heard from 12:34 < jimm> ProfessorWang, bring it back when you're done with it 13:45 < Ring0`> Trying to establish secure connection with curl and by looking on tcpdump output I can see that first 3 packets are SYN, SYN-ACK and ACK (as it's supposed to be) and then the client (me) immediatelly sends FIN packet. What could possibly be the reason ? 13:46 < trae32566[w]> can you check logs on the server? 14:09 < linuxconformer> guys what does this error mean? "External network X is not reachable from subnet Y. Therefore, cannot associate Port Z with a Floating IP." 14:12 < Phil-Work> linuxconformer, where does the error come from? 14:12 < Phil-Work> and what are X, Y and Z? 14:42 <+catphish> linuxconformer, where does the error come from? 14:42 <+catphish> and what are X, Y and Z? 14:46 < pabed> hi hello guys , I need network amdinistrtators sample resume , do you send me or tell me websites about it 14:49 < linuxconformer> catphish: hey there! it comes when i try to attach a floating IP to an openstack debian instance 14:50 <+catphish> i'm afraid i don't know anything about openstack 14:50 < linuxconformer> and i think X, Y, and Z are external network, subnet, and port respectively 14:50 < linuxconformer> no worries then, thanks for trying ;) 15:40 < flying_sausages> hey guys I'm trying to figure out what is the easiest and well implemented way to connect to the internet using an Irridium modem (ppp over RS232 which pushes AT/Hayes commands) 15:41 < flying_sausages> I've come across modemmanager which can text and call nicely but it can't seem to properly set up a ppp connection like it can for 3G modems 15:41 < flying_sausages> for a 3g modem you get an interface to use after --simple-connect but not for the Iridium modem I'm using 15:43 < flying_sausages> I trieds using pon and poff and that works well but I need to generate a lot of files that I'd like to be able to specify on runtime, seeing as I oonly need the ISP number, user and password 15:45 < flying_sausages> the simple connect makes a bearer but then I have no idea how to use it and what it actually does is this MM specific or are "bearers" a more networking-wise phenomenon 15:45 < flying_sausages> ? 15:48 < ||cw> flying_sausages: to the man page! https://www.freedesktop.org/software/ModemManager/man/latest/mmcli.8.html bearer is basically the settings for the connection. 15:50 < ||cw> you'll need some instructions for the modem though. does it work like 3G, or does do you actually dial a phone number and run ppp on the serial line? 15:51 < flying_sausages> ||cw, it uses a phone number, it dials a number to texas and then the iridium server does its own thing 15:52 < flying_sausages> ||cw, how can I get an interface such as ppp0 exposed using the bearers though? 15:52 < flying_sausages> a as far as I know --simple-connect will create, enable and connect a bearer 15:53 < ||cw> so sounds like normal old dialup. it's been far too long since i even thought about it. 16:19 < flying_sausages> ||cw, I'm assuming that after a bearer is created and enabled and connected, it should be usable the same way a 3G modem should be, correct? 16:19 < flying_sausages> *using mmcli that is 16:20 < flying_sausages> If that is the case, how would you go from having the modemmanager bearer being "mapped" to an interface like ppp0? 16:25 < linuxconformer> how can i check if my vm is configured to be accessed at port 80? 16:26 < vlt> linuxconformer: Usually you don't need to configure that it *can* be accessed. Only the other way round. But depends a bit on your virtualization. 16:27 < ||cw> linuxconformer: um, you try to connect to it? 16:27 < linuxconformer> vlt: i'm running this instance using openstack, maybe that's different 16:27 < linuxconformer> i can ssh into it fine 16:27 < ||cw> flying_sausages: is there no serial device to point ppp at? 16:27 < flying_sausages> there is, /dev/ttyUSB0 for example 16:27 < linuxconformer> and i've added the relevant rules in the security groups (HTTP 80/HTTP 443), but it's not returning anything when i try to go to the floating IP 16:28 < linuxconformer> and i'm not sure how to troubleshoot the problem 16:28 < linuxconformer> also, wget http://localhost returns the nginx page 16:28 < flying_sausages> so if I run pppd --ttyname=/dev/ttyUSB0 --speed=19200 or something like that, can I expect an interface to be created? 16:28 < linuxconformer> so within the OS i can access port 80 fine 16:28 < xdroop> Anyone here know anything about Cisco FirePower(tm) 16:28 < xdroop> specifically I have one with a full /var 16:29 < xdroop> I want to know if it is safe to emtpy /var/sf/SRU 16:29 < flying_sausages> becasue the simple connect can "perform" the dialup connection, it's just that I don't know how to tap into it. Tis sounds like it could be the answer 16:30 < flying_sausages> ||cw ^ 16:30 < linuxconformer> also this is the iptables -L input from inside the vm -> https://paste.ubuntu.com/p/bNGxBSdCsM/ 16:31 < linuxconformer> not sure if that's right 16:31 < ||cw> flying_sausages: have you tried a basic ppp howto? it's really been far to long 16:31 < flying_sausages> I managed to get the whole shebang setup with chatscripts and pon and poff before, not sure which hwotos I'm missing 16:32 < flying_sausages> I'm going to go sit outisde, chase some satellites and see if I can just get into this thing with starting pppd on the serial device 16:32 < ||cw> IIRC you set up a dial script at sends the AT commands needed, then ppp handles it all. modem manager is supposed to do all that for you, but I think maybe all the cell modem stuff in it has made it confusing to use for plain ol dialup 16:32 < ||cw> that's assuming Irridium works like plain old dialup 16:33 < flying_sausages> ||cw, this info is of great help, I'll do some testing in the cold outside and come back in a minute or 20 16:33 < linuxconformer> anyone know? 16:35 < flying_sausages> sorry linuxconformer can you reformulate your question? You've got something running on localhost:80 and you want to be able to check if external network can get to it? 16:35 < adrian_1908> linuxconformer: the iptables is totally open, so not the culprit. 16:35 < flying_sausages> are you forwarding the ports right? 16:35 < flying_sausages> i.e. can your host get to the :80? 16:35 < linuxconformer> flying_sausages: not entirely sure, new to openstack, so that might be the issue 16:35 < flying_sausages> is the host's firewall fine? 16:35 < flying_sausages> is the host accessible to begin with on that port from the outside? 16:36 < linuxconformer> flying_sausages: i can access port :80 from inside the vm, yeah 16:36 < flying_sausages> nono, outside the vm 16:36 < linuxconformer> not sure, but not from float-ip:80 16:36 < linuxconformer> where float-ip = X.X.X.X 16:36 < flying_sausages> if you have a window machine and a liux vm running inside it, can you open internet explorer and see that localhost:80 is giving you nginx? 16:37 < flying_sausages> or equivalent, that is 16:37 < linuxconformer> flying_sausages: er where should i do this from? 16:37 < ||cw> linuxconformer: is this float ip on your local LAN subnet? 16:38 < linuxconformer> i don't think so 16:38 < flying_sausages> can you describe your setup to me again pls? what is your vm running on 16:38 < linuxconformer> yeah, i'm using openstack (although it's hosted somewhere else), and trying to create a vm that i can access port 80 on 16:39 < flying_sausages> no idea how that is set up, but I would try to go from VM up and see where it breaks 16:40 < flying_sausages> so if it runs from the VM, see if ou can use the host or something on the same LAN to check 16:40 < flying_sausages> if that's fine, go one layer higher 16:40 < flying_sausages> if it doesn't, the VM's host is not allowing the port to go through most probably 16:40 < linuxconformer> flying_sausages: i think i'm stuck at the VM level 16:41 < ||cw> linuxconformer: then the host needs a forwarding rule for the port. I assume you have one for ssh? 16:41 < flying_sausages> how so? 16:41 < linuxconformer> not sure how to go higher, because openstack isn't running locally 16:41 < linuxconformer> ||cw: yeah, and i added one for port 80 and port 443 16:41 < linuxconformer> but no dice 16:41 < linuxconformer> i don't know, i must be doing something wrong with the rules 16:41 < flying_sausages> and you're sure your nginx is configured properly to listen to things not "localhost" ? 16:41 < linuxconformer> because port :22 (ssh) works fine from my laptop 16:42 < linuxconformer> flying_sausages: er not completely 16:42 < ||cw> is the host doing NAT? IDK openstack. maybe you need to add a config open to it and restart the instance? 16:42 < flying_sausages> i.e. there's a server block that will listen to all connections 16:42 < hitman1> Can I run a service on forwarded port? 16:42 < linuxconformer> but normally installing nginx and accessing port :80 is enough 16:42 < ||cw> hitman1: that's kind of the point, yeah 16:42 < flying_sausages> hitman1, uh yes 16:43 < hitman1> I am using ssh and have forwarded remote machine's port 8080 on my localmachine's port 8080 16:43 < flying_sausages> linuxconformer, can you paste your nginx config using the paste link you can find in #nginx and paste the link here? 16:43 < flying_sausages> did you try a different webserver? 16:43 < hitman1> If I run a service on remote port 8080 can I see it on my localport 8080 ? 16:43 < jacekowski> hitman1: no 16:43 < linuxconformer> flying_sausages: it's just the default config 16:43 < jacekowski> hitman1: two separate things 16:43 < flying_sausages> hitman1, ssh -L user@remote 12345:localhost:12345 16:44 < linuxconformer> but i haven't tried a different web server 16:44 < flying_sausages> if I get you right 16:44 < flying_sausages> linuxconformer, see if you can, then at least you can rule something out :) 16:44 < hitman1> yeah -L works 16:44 < hitman1> but why can't I do that ? 16:44 < linuxconformer> flying_sausages: ok ;) 16:45 < flying_sausages> hitman1, any errors? 16:45 < hitman1> no 16:45 < hitman1> but why can't I forward a service ? 16:45 < flying_sausages> hitman1, ssh -L user@remote 12345:localhost:12345 -vvvvv 16:45 < hitman1> because only requests can be forwarded? is that it? 16:47 < hitman1> Thanks flying_sausages 16:48 < {HD}> Why is disabling root good for security if your just enabling another user with sudo privileges? Is it just because root is a know username that people try to brute force? 16:48 < flying_sausages> hitman1, hope that helped 16:49 < ||cw> {HD}: can't brute force root if ti can't be logged into. you're really disabling root, just disabling password login. 16:50 < {HD}> I already have passwords turned off for all users and I use ssh keys. Can I keep root alive? 16:50 < ||cw> if you brute force a normal user, you still need to gain root. though if you have the password, you have sudo too 16:50 < ||cw> you can do whatever you feel like you've mitigated. 16:51 < ||cw> enabling key auth for root automated services is fairly common 16:52 < {HD}> So, doesn't sounds like a huge security concern. I just see it come up pretty frequently is 'PermitRootLogin no' 17:02 < flying_sausages> {HD}, it is standard practice 17:02 < flying_sausages> in no way a requirement :) 17:04 < flying_sausages> if you don't allow passwords and only use keys, I would say it's fine to keep root open 17:04 < roxlu> Hi! Not sure if I this is off-topic .. but I'm wondering if someone might know this. I'm working on a project where we want to handle 4 x 12Mbit streams over UDP and I'm wondering what would be the ideal setup to reduce packet loss (if posisble) 17:04 < flying_sausages> but why not disable root login and then make people have to both get the key and thenm the password to elevate 17:05 < flying_sausages> roxlu, can you give more context about your desired seup? is this all local? 17:05 < roxlu> flying_sausages: yes it will be a local network 17:06 < roxlu> flying_sausages: it's a project where we use axis cameras that send RTP/H264 directly from the cam to our PC 17:06 < flying_sausages> have you tried a setup already, and checked what the loss is like? 17:06 < flying_sausages> chances are anything will be good enough if the network is small 17:07 < flying_sausages> and assuming the gear is modern 17:08 < flying_sausages> roxlu, this sounds like something i had to deal with way too recently, which country do you work in? :L 17:08 < roxlu> flying_sausages: yes we're trying with 2 streams now and were getting some loss, but we're looking into the configurations of the cam now 17:09 <+catphish> {HD}: it's totally up to you, if you want to log in as root using keys, you can, most people recommend against as it's generally preferred to use individual user accounts 17:09 < adrian_1908> Can you guys recommend a source for complete iptables ruleset examples for different use cases? I'm currently reading different articles/wikis and the recommendation only partly overlap. I realize knowing your shit is better than copying guides, but maybe there are some resources that many users agree on being solid. 17:10 < tda> the manpages? 17:10 < flying_sausages> roxlu, what stats are you getting? 17:11 <+catphish> adrian_1908: honestly, it's better to understand what the rules mean and devise your own 17:11 < roxlu> flying_sausages: we're currently changing our setup a bit 17:11 <+catphish> adrian_1908: i didn't like iptables until the day i realised i could just write my own rules to achieve what i wanted, knowing that, i can trust my firewalls a lot more 17:12 < roxlu> flying_sausages: we were using a switch but removed that now and now setting setting with 2 axis cams directly to a NIC 17:12 < adrian_1908> catphish: I understand the basics, i.e. a simple ruleset, but there are interesting suggestions regarding things like port scanning, where a plain REJECT/DROP is more telling than a crafted icmp response. 17:12 < adrian_1908> I'm just not sure how far I should take it. 17:12 <+catphish> adrian_1908: i really wouldn't worry about that, just drop traffic you don't want 17:12 < adrian_1908> ok 17:13 < {HD}> catphish: Yea, I guess I am just not familiar with standard practices. For instance if I am hosing several websites on a server should each have their own username? Or, would you just have a webdev user? Or is all of the wrong? 17:14 <+catphish> {HD}: ideally separate users, but it's often not terribly practical, depends how much you trust the code of those sites 17:14 < flying_sausages> roxlu, from what I know where I work, we're using RTC cameras in one of our production machiens for monitoring, and we've got the cams directly connected into a device that is then accessible as a webserver which can offer the html5 usable streams 17:15 < flying_sausages> roxlu, the more hw in the middle you get rid of I would say the better 17:15 < flying_sausages> that would be a simple guess, but I'm sure there are articles about "minimising packet loss on local networks" 17:17 < roxlu> flying_sausages: yeah, thanks I'll google a bit 17:18 < roxlu> flying_sausages: but it's really great to head from someone how actually did something similar. I've learned there is a big difference between theory and practice when it comes to packet loss 17:19 < {HD}> holy moly I just greped my auto.log for fail and there are TONS of results! everyone tries 'admin', 'root', and 'pi' 17:20 < {HD}> so I guess never use those usernames 17:21 < tds> or just disable password auth, and stop caring about it :) 17:22 < {HD}> I have password auth turned off for all accounts...but still people are malicious! 17:23 < qman__> that's why fail2ban exists 17:23 < {HD}> I just updated my fail2ban from 5 attempt to 3 17:25 <+catphish> {HD}: if password auth is disabled, ssh is immediately pretty safe 17:25 <+catphish> apart from cluttering the logs, those people won't harm, but still a good idea to firewall them in case they attack something else 17:26 < qman__> except for stuff like the debian SSH key issue from back in 2005 17:26 < tds> you're more at risk if there's a major openssh vulnerability, but most of the internet is in trouble at that point anyway 17:26 < qman__> I still recommend fail2ban or a rate limiting firewall to avoid filling up your log files 17:27 < qman__> plus even though it should be nearly impossible to brute force, in the event that something happens and it is, it's just one more mitigation 17:28 < qman__> I originally set up a rate limiting firewall on my SSH server years ago because I was tired of listening to the disk grind writing all the failed logins to the log files 17:29 < {HD}> wow, I guess I should read about my fail2ban more. I set it up with default settings for ssh and ftp and emix ect...maybe I should go fine tune it. 17:29 < {HD}> I should just ban every non(my countries) IP from those services by default. 17:30 < Daedbffe> Any optical geniuses here? 17:31 < {HD}> I have perfect vision 17:31 < Daedbffe> I have a 10m run of OM4 MPO 12F cable, I have a 100G optic on each end and I can't get the link to come up 17:32 < Daedbffe> need someone to see if they can spot anything obviously wrong here: https://hastebin.com/yasivehike.apache 17:32 < jimm> but do you look smart? 17:40 < ||cw> roxlu: if you're getting loss with a direct nic to camera setup then you either have a camera firmware issue, a cable issue, a nic hardware or driver issue, or a software issue (maybe too slow to decode?) 17:41 < flying_sausages> for the sake of knwogin how to google, all dial-up is always done over ppp, correct? 17:41 < ||cw> 12Mbit is not a lot of bandwidth, pretty much any switch should be able to do 4 of them. 17:41 < ||cw> roxlu: it's nto a realtech nic is it? 17:45 < flying_sausages> why the fuck do these satellites need to use fkn dialup god dammit 17:45 < flying_sausages> :'(\ 17:46 < flying_sausages> either pppd+modemmanager is trash or I am trash 17:51 < Blueking> flying_sausages: last conclusion are the answer 17:52 < flying_sausages> how about both 17:54 < flying_sausages> if I get modem manager to connect a dialup line, how can I use pppd to attach it as an interface? 17:54 < flying_sausages> I think this is where my issue lies 17:59 < ||cw> flying_sausages: have you tried gnome-ppp or kppp? 17:59 < ||cw> or wvdial? 18:00 < ||cw> I have in the back of my head that modem manager is an evil turd, but that may be more do with it trying to treat an arduino as a modem and screwing things up 18:00 < flying_sausages> ||cw, running on a development board 18:00 < flying_sausages> so no gui 18:00 < ||cw> and, then pppconfig and pon should do it 18:01 < flying_sausages> pppconfig is the step I want to not do, and just use modem manager for it 18:01 < ||cw> did you make a chatscript 18:01 < flying_sausages> I did but I don't want to use the scripts, instead just use modemmanager as much as I can 18:02 < flying_sausages> I've had a pon Iridium setup working before just fine 18:02 < flying_sausages> I also get a connected modemmanager bearer 18:02 < flying_sausages> but I want to know what I have to do to use the connected bearer 18:02 < ||cw> it may be that modem manager only works with cell modems 18:02 < flying_sausages> and "pppd /dev/ttyUSB0" isn't doing it 18:03 < ||cw> you'd still need to make scripts for modem manger unless it comes with Iridium scripts 18:03 < flying_sausages> I'm getting a response from mm that basically says "you are connected to the net" 18:03 < flying_sausages> it does, surprisingly 18:03 < flying_sausages> it's literally only the linkup between modemmanager to the interface I'm missing 18:04 < ||cw> then I'd try modem manager's support list/forum/git 18:04 < flying_sausages> usually that is done by network manager from what I hear but I can't run that on this board :( 18:04 < ||cw> or your distro 18:04 < ||cw> there's a cli network manager too 18:04 < flying_sausages> I guess I will have to ||cw, thanks for the help :) 18:04 < flying_sausages> mmcli is what I'm using 18:05 < ||cw> you said it's nomrally done via network manager... 18:05 < ||cw> though I generally don't use it even for ethernet 18:05 < flying_sausages> oh sorry misread 18:05 < flying_sausages> nmcli =/= mmcli 18:11 < Spirit532> Hey, I have a question about networking. I have a Windows XP Embedded machine with an ISA-based 10meg ethernet adapter, which is sitting on 192.168.11.1/255.255.255.0. It is connected directly to a Win10 machine through a USB3->GbE adapter, which I've configured to be 192.168.11.2/255.255.255.0. There is absolutely no data flow between the two, so I'm assuming I did something very wrong. Any idea? 18:11 < tda> besides using xp? 18:11 < Poster> putting two systems within the same subnet does not mean they're going to automatically start a conversation 18:12 < Spirit532> It's a robot controller, and is not the question 18:12 < Spirit532> Poster, what else should I do? 18:12 < Poster> I'd try pinging one to the other to see what you get, past that you may need to use a crossover ethernet cable 18:12 < tda> yeah, what are you trying to do? i believe win10 is now defaulting to some secure protocols on smb and rdp, probably more, that xp does not support 18:12 < Spirit532> Yeah, no pinging. Once in a while I get net destination unreachable, but no ping. 18:13 < Spirit532> The XP machine says 0 packets sent and 0 received 18:13 < Poster> do you have a link light? 18:13 < Spirit532> Yes, and it blinks once in a while 18:13 < Spirit532> Hard to tell if it's related to pings 18:13 < Poster> does it go out when you unplug either side of the cable between systems? 18:14 < Spirit532> Yep. 18:14 < Poster> ok I'd look at maybe the firewall on the Windows 10 host, I am not sure if XP Embedded has one or not 18:14 < Spirit532> I can't find it on embedded, let me see on the win10 side 18:16 < Spirit532> made a firewall rule to allow anything to 192.168.11.0/24 18:16 < Spirit532> nothing still 18:18 < Poster> maybe try installing wireshark on the Windows 10 host and performing a packet capture on the USB3 interface 18:18 < Poster> or plug the XP embeded into another system and see how it behaves 18:38 < drac_boy> hi 18:38 < drac_boy> just checking but nothing crazy about having physically separate boxes for dhcp and nat roles? 18:39 * drac_boy kinda isn't that good with certain level layer reading sometimes 18:40 < tda> i always thought that was an environmental consideration. like in ad, the dc usually has the dns and dhcp server too 18:41 < Spirit532> tried switching addresses, tried a different device 18:41 < Spirit532> nothing... 18:41 < tda> i don't think either setup as much security advantage over the other 18:43 < drac_boy> tda thanks..wasn't thinking much of security..more of re where the hardware is located (like eg a box further downstream has more than one lan port so may as well as leave nat on that one) 18:43 < drac_boy> just in theory anyway .. not like I'll really be doing that that way tho 18:48 * drac_boy on the other hand does still need to figure out how to put a gateway upstream without having to kill nat on the router otherwise 18:52 < ||cw> drac_boy: not sure what you mean about upstream and downstream here 18:52 < ||cw> nat is the gateway 18:53 < ||cw> local dhcp has to be on the same broadcast domain, unless you get into forwarders and such which usually you reserve for special cases 19:08 < jimm> I'm trying to make a masqing firewall using a generator program that used to work before I upgraded my dist... this is the output of iptables-save; if you need more info just ask: //termbin.com/0z7z 19:09 < jimm> right away, when I look at it it doesn't look like it got the interfaces 19:12 < ||cw> jimm: does correspond with the kernel change that uses a new naming convention for network interfaces? 19:13 < jimm> hmm, that's a good point 19:13 < drac_boy> llcw sorry was a little distracted..btw its actually a voip gateway .. not some generic "big cloud" thing diagram-wise :) 19:14 < hiya> Do you know any router that is going to get over 100 Mbit/s with OpenVPN? 19:15 < Phil-Work> hiya, I run OpenVPN on a virtual machine and it can exceed 100mbit 19:15 < Phil-Work> if it must be a router, pfSense on some semi-OK hardware would do it 19:15 < jimm> it looks like the interfaces have the old legacy names according to ifconfig 19:16 < jimm> eth[0-4] 19:17 < jimm> but in any case the generator is supposed to discover the names 19:18 < drac_boy> so yeah I mean theres dsl > gateway > router .. still trying to decide how to really get that set up properly .. but mm 19:19 < hiya> Phil-Work, non-pfsense device please? 19:19 < Phil-Work> hiya, OPNsense? 19:20 < hiya> Phil-Work, What is that? 19:20 < ||cw> drac_boy: a router *is* a gateway. you're effectively saying modem -> gateway -> gateway. 19:21 < MakersMarc> If I have an access port on a switch as PVID/untagged to VLAN 100, and a device's NIC is plugged in that is configured to be tagging its traffic on VLAN 100, will traffic pass through both ways? My guess is that there would not be problems sending from the device, because the VLAN is not forbidden, but I am not sure what will happen when the switch has frames destined for the device, whether the device will pick it up 19:21 < MakersMarc> without the frames explicitly tagged 19:21 < black_13_> is the appropriate place to ask about setting up openssh on my ubuntu vm 19:21 < MakersMarc> This seems like a basic question I should know and feel a little silly that I don't 19:22 < ||cw> drac_boy: if you're trying to use a 2 nic PC as a gateway and use your wifi router for an AP/switch, just disable the router's WAN and use it as an AP/switch. some routers even let you use the WAN port as a normal switch port 19:24 < ||cw> MakersMarc: yes, the vlan acts as another NIC, so normal routing rules apply 19:24 * drac_boy whacks llcw since the middle box is not a router anyway :P 19:24 < ||cw> MakersMarc: the PC does need an IP assigned to that vlan interface in the vlan's subnet 19:25 < ||cw> drac_boy: you're not making sense. a router and a gateway are just different words the same thing 19:26 < ||cw> router is a device, gateway is a role. routers provide gateways. gateways are handled by routers. 19:27 < heller_> hey 19:27 < heller_> can you guys assist me with storm control? 19:27 < heller_> how to set it up properly 19:28 < ||cw> drac_boy: ok I missed something about a voip gateway. I still don't follow. 19:28 < ||cw> a voip gateway doesn't necessarily need to be outside the router. 19:29 < ||cw> and if it is, you'd probably want it multihomed, you wouldn't have it between the router and modem. but then you need a block of IPs from your provider, or an additional pppoe or something 19:30 < ||cw> drac_boy: what are the best practice recommendations for the voip software? 19:33 < MakersMarc> ||cw, wouldn't there be an issue when the device is sending frames tagged with VLAN100 when to the access port to which the native VLAN is already 100 (and therefore the switch would think to communicate with the device as if the VLAN is "1"?) 19:33 < MakersMarc> Or did I word my question poorly 19:34 < Maarten> ||cw, when I still had a "land" line with a voip box, it was just connected to one of my open ports on my switch (my firewall just has a WAN and LAN (and a 2nd WAN port in case of load balancing internet), but I had voip traffic set as highest priority. It doesn't use more than 512 kbit/s, but when making a phone call QoS would always assure that was available. 19:34 < ||cw> MakersMarc: no. the switch handles tagging and untagging 19:35 < MakersMarc> ||cw: So if I explicitly tell the device plugged into port to "tag" frames on VLAN100, that *would* break things? 19:36 < ||cw> MakersMarc: as long as it's still got the native vlan untagged, no. 19:36 < ||cw> you can have tagged and untagged on the same port. 19:36 < ||cw> but you can only have a single vlan as untagged, and as many as you want tagged 19:37 < ||cw> the PC then need to make a new network interface, a virtual nic if you will, for each tagged vlan. 19:38 < ||cw> and each vlan needs its own IP subnet. then normal routing rules lets the tcp stack send data out the right virtual nic which then gets tagged as it goes out the real nic 19:42 < ||cw> MakersMarc: the key here is that the OS or nic driver needs to separate the tagged traffic out onto its own interface. if your OS can't do that, I think you simply won't see the tagged traffic. in most cases 19:43 < MakersMarc> ||cw this isn't a PC, it's an embedded device 19:43 < ||cw> same applies 19:44 < ||cw> for an example, unifi APs support mapping a tagged vlan to an addition SSID 19:44 < ||cw> in this case it doesn't need an IP in each vlan because it's just making a bridge 19:47 < MakersMarc> ||cw: you're talking about this, right? https://i.imgur.com/W5IEtpO.png 19:47 < ||cw> yeah 19:52 < ||cw> MakersMarc: so, are you having an issue, or just trying to wrap your head around it all so you don't mess it up? 19:52 < MakersMarc> The latter 19:53 < fr0tzed> getting a fiber subscription soon :') 19:54 < MakersMarc> I have a vendor who we set a bunch of ports untagged for them (usually they're tagged) and they're like "hey instead of untagging for us, can you just let us know the VLAN we should tag to" and I'm trying to figure out if they plug their "tagged" stuff into an untagged port whether it'll break 19:55 < MakersMarc> Ports are usually Untagged on 1 / Tagged 100, we set a few ports to be untagged 100 for them, now they want to plug in a device or three that are tagged for 100 instead- will that break if they plug into a port that we previously set to "untagged 100" 19:55 < ||cw> MakersMarc: ah, it will. if they want everything tagged, set the switch port to trunk. then there's no untagged (except for some switches that enforce a native vlan, but just make one up and don't connect it to anything) 19:56 < ||cw> a device looking for tags and not finding them won't work. a device not looking for tags and being given them also won't work 19:57 < MakersMarc> Gotcha. Thanks for sticking through the super-confusing way I asked 19:57 < MakersMarc> I should have just stated the situation instead of doing the whole "X vs Y" thing 20:03 < OMART> https://youtu.be/mU4Xt7-Drr4 20:05 < purplex88> what does it mean by "revoking the idle resources"? 20:05 < purplex88> free memory? 20:05 < purplex88> or resources 20:10 < ||cw> purplex88: in what context? 20:11 < purplex88> programming? 20:11 < ||cw> more context? 20:12 < ||cw> like, closing spare worker threads? 20:12 < ||cw> garbage collection? 20:12 < ||cw> malloc? 20:12 < purplex88> theres a table which is used 20:12 < ||cw> closing file handles that haven't been used in a while? 20:12 < ||cw> it could mean anything without some context 20:13 < purplex88> but in general "revoking a resource" = freeing it? 20:13 < purplex88> its pseduocode 20:14 < purplex88> its not playing with threads, handles, or malloc or garabage 20:14 < ||cw> database table locks? 20:14 < ||cw> yeah I guess, revoking and freeing probably mean the same thing 20:15 < purplex88> just a table with some entries to keep track of variables 20:15 < purplex88> it doesn't use locks 20:15 < purplex88> so i guess it means "now we're done with table, time to free it" 20:17 < purplex88> ||cw: what does revoke mean in all those contexts that you mentioned: threads, garbage, malloc, lock, handles? 20:17 < purplex88> to me its same: "freeing". 20:17 < purplex88> e.g. stopping thread, free, unlock, close handle 20:18 < ||cw> I wouldn't have used the word revoke. I was just trying to think of things that might be idle resources. 20:18 < purplex88> so we are releasing resources 20:18 < ||cw> but I could see "revoke" being what some framework calls it's free'ing progress. 20:18 < ||cw> hence, context. 20:19 < purplex88> yes it guess it means freeing progress 20:19 < purplex88> cleaning or resetting the table 20:19 < purplex88> I guess* 20:20 < purplex88> not freeing its memory 20:21 < ||cw> if the process of adding things to that table is called granting resources, then revoke make sense. 20:23 < Blueking> I am still looking into wifi router/AP mode.. someone mentioned that one can enable AP roaming.. but seems clients doesn't change router/ap based on best signal ? what I've found on net: "Short answer: You can't optimize this because many client (handhelds) do no change access devices (router, AP) until the link reliability is poor, no matter the speed degradation due to weak signal. 20:23 < Blueking> Consumer WiFi does not provide "directed handoff", e.g., a command from the current access device to "go use AP number 1234". Professional systems do this by proprietary means (managed WiFi)." <- this holds true ? 20:25 < Blueking> by this One need to get wifi routers/nodes that support mesh ? 20:30 < ||cw> Blueking: there's 802.11r, but I've had issues enabling that on unifi APs. things that don't support 802.11r didn't like it, even when not roaming. I don't expect many consumer grade APs support that anyway 20:30 < ||cw> Blueking: roaming issues is one of the reasons I starting using unifi. it's still not seamless, but it's a lot better than consumer APs 20:31 < Blueking> ||cw asus have added aimesh to current routers .. ? 20:32 < Blueking> ||cw asus got something called 'asus lyra' wifi mesh system with wifi nodes 20:33 < ||cw> I've never used it 20:34 < E1ephant> unifi is pretty trash next to real ap gear 20:35 < E1ephant> but it might be better than consumer 20:35 < Blueking> ||cw and since jan 2018 with firmware upgrade asus RT-AC68U,AC88u and so on AC1900,AC3100, AC5300 they added aimesh (guess it's mesh system) 20:35 < E1ephant> the easiest way to steer clients is with lowering AP power 20:35 < E1ephant> learn how roaming actually works 20:35 < E1ephant> what does aimesh add to the equation? 20:36 < E1ephant> the problem is client decision process 20:36 < ||cw> E1ephant: it's a nice middle ground. good for the price 20:36 < Epic|> Yes, real enterprise WiFi ftw 20:36 < E1ephant> managing this with AP protocols is not really the correct way 20:36 < allizom> For learning, I'm trying to use an older pc (where I'll install a distro like Debian) as a home router. It has an ethernet port. But I will need more interfaces, so I thought about getting a VLANs-capable switch. After reading a little about dsa and switchdev in Linux, though, my preferred option would be to get a setup where I manage the switch from the pc as if it consisted of multiple interfaces, and letting i 20:37 < E1ephant> unless they are communicate with each other, or a controller, on how much power to use, in order to steer client 20:37 < Blueking> Epic| what are real enterprise wifi ? what price range ? 20:37 < allizom> Is there anything available to buy that does not cost a fortune? Have I understood correctly how the whole thing would work? 20:37 < E1ephant> allizom: I would use seperate control-planes, as that is what will be cheap, and help with learning 20:37 < E1ephant> but add automation via a "single mgmt plane" 20:38 < ||cw> allizom: you don't need special hardware to use vlans in linux. 20:38 < E1ephant> like a django app or some ansible playbooks 20:38 < Blueking> not all NIC's support vlan's tho 20:39 < ||cw> allizom: switchdev is about using linux linux to write switch firmware. you don't need that either 20:39 < ||cw> Blueking: the nic just sends the frames and linux handles the vlans. 20:40 < E1ephant> I think he means some NICs don't support jumboframes 20:40 < allizom> ||cw: If I understand it correctly, it's used to control the switch hardware 20:40 < Blueking> using pc as switch are bad idea ?.. backbone are too weak ? 20:40 < E1ephant> or anything >1500 20:40 < ||cw> a good nic will improve performance via offloading some of that 20:40 < E1ephant> so you would need reduced mtu to send tagged frames 20:40 < Maarten> allizom, you'll need at least 2 ethernet ports on your debian computer. You can buy a $20 intel network card at most computer stores though, so that's pretty cheap. Go with Intel if you can. 20:40 < ||cw> allizom: only of the kernel is running ON the hardware 20:40 < E1ephant> which yeah, I think is probably uncommon today, but I have no idea 20:41 < E1ephant> use a intel NIC, or anything 10G, and call it a day 20:41 < E1ephant> Maarten: how do you need two ports in a vlan setup? 20:41 < allizom> ok, I can get an additional ethernet card, but that would mean that the switching/routing is performed by a bridge in my pc, right? 20:41 < Blueking> How are this asus 10G nic ? 20:41 < E1ephant> does asus actually OEM a 10G NIC? I would be surprised 20:41 < allizom> I'd like to get a switch to which I can offload these tasks 20:42 < E1ephant> yeah you only need one port 20:42 < tds> if you get a layer 3 switch, you can handle both routing and switching on the switch, with a layer 2 switch you'll only handle switching 20:42 < tds> but yeah, you can run a router fine with one port and vlans 20:42 < ||cw> allizom: yes, any pcie system should be able to route at 1Gbps easily 20:42 < E1ephant> it's called "Router-on-a-sitck" it is extremely common 20:42 < Maarten> E1ephant, there may be better enterprise hardware out there, especially for larger enterprises..... but for the price, 2 x $130 for 2 AP's and a "free" controller (still need a linux box but I have one) I am not going to complain, and for $260 in total I really couldn't get much better with good coverage in my house. 20:43 < ||cw> an older PCI system might still do 1Gbps, if it's not doing much else 20:43 < E1ephant> Maarten: lol how cute :) 20:43 < Maarten> Oh, and $110 for a USG that is. It does route 1 Gbps easily. 20:43 < E1ephant> you can't even set datarates to broadcast/support? 20:43 < Blueking> E1ephant: https://www.asus.com/us/Networking/XG-C100C/ 20:44 < E1ephant> seems like such a basic feature to me 20:44 < E1ephant> Blueking: ewwww 10GbaseT! 20:44 < ||cw> allizom: what kind of speeds are you hoping to support? 20:45 < allizom> ||cw: so I can use my pc to actually perform the bridge/routing across its multiple NICs. Ok, that could do. But is there anything that I could buy to let the hardware handle that? I've seen only costly enterprise stuff 20:45 < E1ephant> supports nBaseT though I guess that is cool 20:45 < allizom> at around 1 Gbps, yes 20:45 < allizom> something less actually 20:45 < Blueking> E1ephant been waiting a few years for 10G nic's to drop down price 20:46 < ||cw> allizom: yeah, then you're going to want PCIe nics 20:46 < tds> a layer 3 switch will be able to do both switching and routing in hardware, but if you only need gigabit then a dumb l2 switch and router on a stick would work fine as well 20:46 < Blueking> E1ephant hmm no vlan support on this asus nic :/ 20:47 < ||cw> allizom: I'd recommend something made for servers. consumer or even workstation class stuff won't always push gigE 20:47 < allizom> ||cw: are you talking about the NIC or the rest of the system? 20:48 < ||cw> both. PCI is barely 1Gbps to begin with. 20:48 < E1ephant> Blueking: you can get 10G all day for like $30/ea 20:49 < ||cw> allizom: I guess a desktop PC might do OK tho 20:49 < E1ephant> how do you have a 10G NIC with no vlantag support? 20:49 < E1ephant> that sounds broken 20:49 < Blueking> E1ephant '/ea' ? 20:49 < E1ephant> given jumboframes are a 10G requirment 20:50 < allizom> ||cw: but why do you think there isn't (still) anything one could buy at reasonable prices which satisfies my original requests? 20:50 < Blueking> E1ephant looked at asus' nic specification.. vlan feature not listed there.. ? 20:50 < Arpanet69> whats the price? 20:51 < ||cw> allizom: i never said that 20:51 < E1ephant> Blueking: why buy an asus NIC to begin with? 20:51 < ||cw> gigE server nics are cheap, it's old tech now 20:51 < E1ephant> looks like it's based on the aquatina acq107 20:51 < Blueking> intel 10G nic's too expensive ? 20:52 < ||cw> if you're fine with not maxing the speed, use whatever you have on hand, it'll still work the same. 20:52 < E1ephant> mellenox or chelsio don't make sense? 20:52 < allizom> ||cw: so what is there if you happen to know? I am under the impression that I would need a switch with multiple ports, not multiple NICs, but I may be wrong 20:52 < ||cw> and you can upgrade as needed 20:52 < allizom> let me be clear, for my use case I'm probably fine with the bridge 20:52 < E1ephant> also the intel adapters are pretty reasonably priced 20:53 < allizom> But what else is there? 20:53 < tda> broadcom? 20:53 < ||cw> allizom: if you want to use switchdev and actually make your own switch using a PC, then yes, that's what you need. if you just want a router that'll push gigE, you just need 2 nics 20:53 < Blueking> people complain about 10G networking on RJ45/copper draw too much power ? 20:53 < E1ephant> yes 20:53 < E1ephant> power/heat/termination complication 20:54 < E1ephant> price 20:54 < Arpanet69> why do people need 10g for a desktop in the first place? 20:54 < E1ephant> fiber/DAC is usually substantially cheaper 20:54 < E1ephant> ^ 20:54 < ||cw> allizom: what server class nics give you is a better ASIC on the card that the NIC driver can offload tasks too. 20:54 < Blueking> I want 10G on mine fileserver.. 20:54 < E1ephant> ice cream tastes better than epeen imho 20:54 < Arpanet69> or whats the purpose? 20:54 < E1ephant> I put my money in ice cream 20:55 < Arpanet69> Blueking, you push that much data? 20:55 < ||cw> Arpanet69: cad, video editing, etc 20:55 < E1ephant> yeah how much time would you save? 20:55 < detha> Arpanet69: the only case I have heard of where 10G to desktop made sense was HD video editing 20:55 < Blueking> when I want to get 50-100GB movie it takes too long time.. 20:56 < E1ephant> why would you not stream that locally then? 20:56 < allizom> ||cw: yes, but these mellanox switches etc. are enterprise stuff, $$$. I was trying to understand whether that soultion is possible with cheaper gear 20:56 < E1ephant> not quite as cheap as they once were 20:56 < Blueking> homecinema room, htpc download whole movie to prevent hicups while watching movie.. 20:57 < E1ephant> but if you can find quanta switches, they are the easiest to find 20:57 < allizom> I can (and probably will) just use the VLANs way. Still nice to understand 20:57 < E1ephant> errrr cheapest* 20:57 < ||cw> allizom: mellanox is what you'd get for using switchdev. you can certainly use bridging and make a switch in a PC, but meh. 20:57 < E1ephant> Blueking: why do you have hiccups with 100mbit even? 20:57 < E1ephant> fix that first? 20:57 < ||cw> vlans work, but you'll only route at half speed, maybe a little better 20:58 * meingtsla punches TWCWifi access points in the face 20:58 < E1ephant> THE NEW SPECTRU 20:58 < E1ephant> M 20:58 < detha> allizom: you can use cheap gear, and loooooots of time. That is hobby territory, 'Can I make linux run on some switch, given that I have no documentation on the ASIC and have to reverse-engineer what the manufacturer put on it?' 20:58 < ||cw> Blueking: I don't even have hiccups with HD over wifi 20:58 < meingtsla> 1 cpe-x-x-x-x.socal.res.rr.com (x.x.x.x) 2.038 ms !F-1414 0.934 ms !F-1414 0.899 ms !F-1414 20:59 < Blueking> my current fileserver uses 3 nic's to switch ... if all family want to watch diff movies.. 20:59 < ||cw> detha: that's where mellanox comes in. they have a driver and switchdev support. it's still a TON of work 20:59 < meingtsla> This might have something to do with why shit breaks when I try accessing my server over VPN on this wireless network :P 20:59 < Blueking> using vlan and LAG 20:59 < E1ephant> Blueking: so 33mbit of traffic? still in 100mbit territory 21:00 < ||cw> Blueking: you're cracking me up. 22Mbps per movie tops. 21:00 < E1ephant> yeah netflix top quality is 11mbit 21:00 < E1ephant> be realistic 21:00 < ||cw> 1080 bluray is 22 21:00 < E1ephant> at least 21:00 < Blueking> 4K movies UHD hdr ? 21:01 < Arpanet69> he just wants to play with 10G ;) let him be :) 21:01 < E1ephant> ...and? 21:01 < Blueking> I have cat7 cables in walls 21:01 < Arpanet69> didnt we all had overkill stuf just to see it happen :D 21:01 * Blueking points at Arpanet69 21:01 < ||cw> so 128Mbps tops. still, one gigE and do like 8 streams easy. 21:02 < Blueking> better stay 'safe' 21:02 < E1ephant> Arpanet69: no see above, I prefer ice cream 21:02 * Blueking wants the best.. 21:02 < E1ephant> so get the best 21:02 < E1ephant> don't get the wrong tool for the job 21:02 < Blueking> didn't say I want to buy asus NIC ;) 21:03 < E1ephant> you haven't said anything that reqs 10G 21:04 < Blueking> asus brag about their upcoming asus router RT-AX68U does 6000Mbit/s .. 21:04 < E1ephant> cool? 21:04 < Blueking> naw 21:04 < E1ephant> my switch and desktop do 32GBps? 21:05 < Epic|> Having a big pipe is nice 21:05 < E1ephant> it's stupid though 21:05 < allizom> ||cw: sorry, I'm quite confused. In my understanding, let's say with switchdev, you're using a Linux system to connect to a switch with ASICs and manage it, while the latter actually is in charge of the forwarding. This means it's faster as it does not depend on the CPU on the Linux box. Correct? 21:05 < E1ephant> only did 10G because the NICs were $20/ea, and the fiberstore DAC/transcievers were free 21:05 < E1ephant> 1G was just fine before 21:06 * Blueking have been thinking the way to get 10G networking are fiber not copper 21:06 < E1ephant> it's certainly a lot cheaper 21:07 < E1ephant> don't rule out copper, rule out 10GbaseT 21:07 < E1ephant> DAC is great 21:07 < ||cw> allizom: switchdev is a driver layer to interface with a switch backplane that's on the same mainboard as the cpu. 21:07 < Blueking> DAC ? 21:07 < E1ephant> Direct Attach Copper 21:07 < ^7heo> digital analog converter 21:08 < E1ephant> https://www.fs.com/products/21254.html 21:08 < ||cw> allizom: but yes, it allows offloading to the ASIC. this is how many switches work. 21:08 < Blueking> doesn't DAC draw lot power too ? 21:08 < E1ephant> no 21:08 < allizom> ||cw: does it have to be on the same mainboard? There are actually multiple router devices which have one such switch embedded 21:08 < ||cw> it is not used with a PC, except maybe in the R&D phase 21:08 < E1ephant> it "has" to work within sfp+ spec 21:08 < ||cw> allizom: at least attached via PCIe, yes 21:09 < E1ephant> (which specs max power, the source of issues with 10GbaseT SFP+ transceivers) 21:09 < E1ephant> so distance is a limit 21:09 < allizom> I'd like to know whether one such switch can be used with a x86_64 pc 21:09 < E1ephant> after about 9M, you need active ends, and that usually means light/fiber. 21:09 < allizom> and how should they be connected 21:10 < E1ephant> (some claim 15M+, but I would not spec to build for this) 21:10 < allizom> PCIe only? 21:10 < E1ephant> still though, 10G optics are $15/ea, fiber patches are equally cheap 21:10 < ||cw> allizom: not that i know of. 21:11 < allizom> ||cw: do you know why they can't be used together? 21:11 < Blueking> how about sfp+ card for pc's ? 21:12 < tds> sfp+ NICs are dirt cheap, especially compared to 10gbaset 21:12 < ||cw> allizom: because no one sells a switch add in card that supports it. 21:12 < ||cw> you just run linux on the switch itself. 21:12 < Blueking> in mine house I have 3 switches one on each floor 21:12 < allizom> That's what I originally thought 21:12 < Blueking> have atleast 10G between switches 21:12 < ||cw> usually on a limited ARM processor 21:14 < Maarten> I haven't gone beyond 1 Gbps in my house. I have 3 switches, but the house is the same floor. 2 switches near my office where the internet comes in and I have a plethora of computers and devices, and one switch in the bedroom I converted into a media room (i don't have a TV in the livingroom). It's all just CAT6 cabling between them. 21:15 < Blueking> CAT6 are limited to 1Gbps.. 21:15 < Blueking> cat6a can go 10 gbps 21:15 < Maarten> nope, CAT5e can do 2.5 Gbps, CAT6 can do 5 Gbps 21:15 < Blueking> ok 21:16 < E1ephant> just one ex2300-c for my entire house 21:16 < Arpanet69> personally its nicer to have all youre switches in one closet then on every floor a switch unless yourse house is pretty big 21:16 < E1ephant> yeah don't make L2 what should be L1 imhpo 21:16 < E1ephant> a house should have one meet-me room 21:17 < E1ephant> hard to think of a house big enough for IDFs 21:17 < Maarten> 100m distance limitation on 2.5 Gbit/s and 5 Gbit/s - 802.3bz standard. There are some affordable switches starting to come out that support these standards..... could be an interim solution for people that really aren't looking forward to run new cabling everywhere. 21:17 < E1ephant> read >no one 21:18 < Blueking> would bee too much cables if have cat7 cables to all rooms 21:18 < Arpanet69> i have a have a ubnt router that splits my network in half and seperates the always available network for my girlfriend and my lab :) 21:18 < Blueking> going to ONE closet 21:18 < E1ephant> u wot m8 21:18 < Maarten> I'm still OK on 1 Gbit/s.... my internet is 1 Gbit/s, so I will rethink higher LAN speeds when/if that ever increases, but I have a feeling 1 Gbit/s internet is going to be more than sufficient for a good many years to come. 21:19 < Arpanet69> if i messed up things and she cannot snapchat i have a bad day 21:19 < E1ephant> Arpanet69: so vlans? 21:19 < E1ephant> you don't need multiple switches to do that 21:19 < Blueking> Arpanet69 I have ubnt router too 21:20 < E1ephant> Blueking: if a DC can terminate 800+ cat5e links in a cabinet, how are home port counts an issue? 21:20 < Arpanet69> yeah well got a llot of stuff ubnt to ap and my lab consist of 2 dellr710 4 cisco 3750 v2 switches ruckus wireless with t300 and r510 indoor AP etc 21:20 < Arpanet69> t300 is outdoor 21:21 < Arpanet69> use the t300 outdoo for man in the middle attack an pass harvesting here from my balcony :) 21:21 < Arpanet69> some fake facebook page as my public landing page 21:21 < E1ephant> mmmmmm ruckus 21:21 < Arpanet69> yeah its ok ... had it left from some event project 21:22 < Blueking> Arpanet69 what ubnt router u got ? 21:22 < Arpanet69> simple one 21:22 < Arpanet69> erx sfp 21:23 < Arpanet69> it works alright 21:23 < Blueking> Arpanet69 I got edgerouter pro 21:23 < Arpanet69> to bad its doesnt have usb 3g - 4g backup 21:23 < Arpanet69> prob replace it with a mikrotik 21:23 < E1ephant> opengear makes some nice oob gear 21:24 < E1ephant> or cradlepoint for just interfacea 21:24 < Arpanet69> will check it 21:24 < Arpanet69> maybe gonna do a virtual pfsense ... but didnt have much time lately 21:25 < E1ephant> I use vSRX in a virtual setup on ESXi 21:25 < E1ephant> I see a lot of hesitation / opposition to virtualized edge in homelab 21:25 < Arpanet69> doesnt that come with a bandwith limit? 21:25 < E1ephant> but it works great in my experience, and plenty of enterprise/service provider is using compute for network 21:26 < E1ephant> I mean I have 10G NICs in my ESXi host 21:26 < E1ephant> but no I barely use 300mbit if I do 21:26 < Arpanet69> ohh i hardly use any lol 21:26 < E1ephant> (downloading from steam, maybe twice a month?) 21:26 < Arpanet69> i have a 30mbits internet connection 21:26 < Arpanet69> i can go to 400 but i dunno why i should do that 21:27 < E1ephant> ouch! dang yeah tbh when being realistic, 30mbit is plenty 21:27 < Arpanet69> wif every where 30mbit downloading streaming netflix all good 21:27 < ottomatik> Hello. Is the name of the protocol "user datagram protocol" or just "udp"? 21:28 < E1ephant> acronym? 21:28 < Blueking> how are ubnt EdgeSwitch 16 XG 21:28 < Blueking> ? 21:28 < E1ephant> overpriced? 21:28 < Arpanet69> no clue but the er4 sound sinteresting 21:28 < Arpanet69> you can have rackmount with it 21:30 < Blueking> I got lost about layer level on switches.. failed see diff on layer 1 2 3 and so on... 21:30 < roxlu> ||cw: I was just reading your messages 21:30 < Blueking> ubnt edgeswitch says layer 3 but from what I've understood it's limited layer 3 switching not full support at layer 3 21:31 < roxlu> ||cw: We are using an intel NIC 21:32 < roxlu> ||cw: it's a NIC with 4 ports. And one thing I don't fully understand is that if we connect 2 cameras, one port becomes a 100Mbit and the other stays 1Gbit 21:32 < ||cw> pcie x4? 21:32 < Blueking> could be damaged cable.. 21:33 * roxlu brb sorry,... baby 21:36 < Blueking> 100 mbit cable only needs 4 wire If I am not mistaken 21:36 < roxlu> ||cw: it's this one Intel Ethernet Server Adapter I340-T4 21:36 < Arpanet69> roxlu, prob its or isnt negotiotated 21:37 < Arpanet69> try staticalliy define the speed 21:37 < ||cw> roxlu: does the issue follow the cable? 21:37 < roxlu> We'll try to look into that thanks 21:38 < ||cw> still, I dont' get why you're doing it this way, 12Mbit (if I recall) is quite slow. you shouldn't have any problems with 4 video streams even over consumer grade 100Mbit. 21:38 < roxlu> Arpanet69: we thought it would be okay as we only need 12mbit, so 100mbit would be fine. But is that a correct assumption or should be go for 1gbit? 21:38 < ||cw> gigE would just give you some overhead. 21:38 < roxlu> ||cw: we wanted a direct connection from nic->cam which is why we got intel 4x port 21:38 < roxlu> ||cw: ah ok I thought something like that 21:38 < roxlu> so 100mbit isn't bad at all 21:39 < ||cw> so, if you switch ports, does the issue follow the cable/camera, or is it always the same port? 21:39 < Arpanet69> roxlu, just put in auto flap the link 21:39 < Blueking> if stay at 100mbit/s it's half duplex... 1G are full duplex 21:39 < Arpanet69> auto in both sides should be 99% of the time be fine 21:39 < ||cw> originally you said you had packet loss. that's more worrying than the link speed, but it could be the same cause for both problems 21:40 < E1ephant> Blueking: you what? there is 100bit full duplex 21:40 < E1ephant> why would you run half-duplex? 21:40 < E1ephant> are you speaking to 10mbit hubs? 21:40 < roxlu> Arpanet69: what do you mean with "just put in auto flap the link" ... do you mean just putting a cable in? 21:40 < Blueking> believed 100 mbit/s = half duplex when run 4 wire cable ? 21:40 < E1ephant> oh oh, over 2 pair/4wire 21:40 < roxlu> ||cw: I'm going to check if the problem follows the cable 21:40 < Blueking> yes 21:41 < E1ephant> still, I am pretty sure that is FD 21:41 < Arpanet69> you set the link speed in auto in youre switch config..dunno witch switch you have. then flap the link but you can also plugin and out the cable 21:42 < Arpanet69> youre cameras should be in auto config by default or it should be mentionened otherwise in the datasheet of youre cameras 21:42 < roxlu> Arpanet69: yeah I'm pretty sure they are auto config 21:42 < E1ephant> had to double-check, but yeah, 2pair 100mbitTX is FD 21:42 < roxlu> but that's why I found it strange that one cam gets 1Gbit and the other 100mbit 21:42 < E1ephant> if it's truely 100mbit/FastE, you could hard code to FD, but yeah otherwise for gigE use autoneg 21:42 < roxlu> Ok 21:43 < roxlu> thanks so much. We're now trying to see if it's the cable. We're also testing the switch so we have to change some addresses in the configs of the cams 21:43 < Arpanet69> roxlu, always check L1 first 21:44 < roxlu> L1? 21:44 < Arpanet69> make slife easier 21:44 < Arpanet69> physical layer 21:44 < roxlu> Ah! check 21:44 < roxlu> yep 21:44 < roxlu> thanks 21:44 < Arpanet69> np 21:45 < roxlu> is there a way to detect packet loss with Wireshark? 21:45 < E1ephant> if you diff the pcap of TX vs RX 21:45 < E1ephant> comes to mind for UDP 21:46 < E1ephant> TCP is easy, you see retransmissions 21:46 < roxlu> We are decoding RTP which has a sequence number 21:46 < E1ephant> (could also be significant delay/latency for tcp retrans) 21:47 < E1ephant> it does look like wireshark has some nice RTP decoding tools, 21:48 < E1ephant> https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/real-time-protocol-rtp/117881-probsol-qos-00.html 21:48 < E1ephant> looks pretty awesome for guidence 21:48 < roxlu> Yeah was just reading that 21:49 < Arpanet69> roxlu, https://openmaniak.com/iperf.php 21:50 < roxlu> ok that's great! thanks. 21:53 < Arpanet69> roxlu, think you can also setup a IP-SLA from youre router towards youre cameraƛ. Those measurement you can collect them with a nms threw snmp 21:55 < Arpanet69> when client calls with camera or video problem at a certain time you can see if thats connection related from youre desk at the same time the call comes in :) 21:55 < roxlu> Arpanet69: hehe sorry I've to google those things :P 21:56 < Arpanet69> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_rtp_voip.html 21:56 < Arpanet69> this is for voip... quick search 21:57 < roxlu> Arpanet69: we are now testing directly from Camera -> NIC 21:59 < roxlu> We are testing with wireshark and a we haven't detected any packet loss there. We are now going to check with my app again to see there is a difference 22:00 < roxlu> Not sure if I can ask programming related questions here ... But if this is indeed a software issue is there something that is likely to be a problem? (...) 22:00 < roxlu> I create 4 threads, each which creates a UDP socket that receives data on a specific port. I use select() with an timeout of 3 seconds 22:00 < roxlu> when I receive data, I process it 22:01 < roxlu> It could be of course, but I don't think it's a pure processing issue because decoding is just a couple of bit shifts only 22:01 < Arpanet69> so the cable is good? 22:01 < roxlu> yes it seems to be that wireshark is showing no packet loss at all 22:02 < Arpanet69> i mean with cable tester 22:02 < roxlu> No we don't have one 22:02 < ||cw> so it's in your decoding/saving software 22:03 < roxlu> ||cw: yeah must be 22:03 < roxlu> ||cw: So what I do is receiving the UDP packets and decode RTP to extract the payload data which I then write to disk 22:04 < ||cw> what kind of disk? 22:04 < roxlu> ssd 22:05 < ||cw> hm, i wouldn't expect saving rtp streams to ssd to be a problem. is it displaying at the same time, or is that a separate process? 22:05 < ||cw> can you increase the process priority of the saving? 22:06 < roxlu> No it's not displaying at the same time 22:06 < roxlu> I guess I can change the priority, I've to look into that 22:06 < roxlu> I'm now going to see if it helps when I just don't write to disk 22:10 < roxlu> ||cw: do you know something about socket programming? 22:12 < ||cw> not a lot 22:13 < roxlu> ok, I was just curious if using select() could be a reason for more packet loss .. and what might be the optimal solution when receiving UDP. 22:26 < Guest34375> Hi 22:27 < Guest34375> Mai be basic question 22:27 < Guest34375> When a sip packet are breaked between tcp packets 22:27 < Guest34375> how we can determine it is trozed 22:28 < Guest34375> with the tcp.seq is the rigth way? 22:33 < roxlu> Okay, tiny update. I disabled writing to file and I'm only inspecting the first 12 bytes from every packet we receive 22:33 < roxlu> But I don't believe that could be an issue... it's like just doing a couple of bit shifts, that's all 22:35 < roxlu> so it must be a lower level thing, or an socket option .. 22:35 < ||cw> what's CPU use like? 22:35 < ||cw> have you defined a bugger size? 22:35 < ||cw> buffer^ 22:36 < ||cw> someone the other day had like 100 frames worth of buffer on a 100G link, this makes me think of that kinda 22:39 < roxlu> I'm checking the CPU usage atm 22:39 < roxlu> .. well someone on the other end is (I'm working remotely) 22:39 < roxlu> ||cw: I was thinking about a buffer size, but which one do you mean? 22:39 < ||cw> yes. 22:39 < ||cw> :D 22:40 < ||cw> i don't recall if this was a driver setting or the application 22:40 < roxlu> Ok we could check the driver settings. Maybe the MTU? 22:40 < ||cw> roxlu: how big are the frames you're decoding? 22:41 < ||cw> mtu won't help unless you're changing it on the camera too 22:41 < ||cw> you said 12Mbps, how many bytes in a frame, how many saved at once? 22:41 < ||cw> then you can see fast you need to process one before you run out of buffer 22:43 < roxlu> Ok, I have to change some code to see that. I think ~10-20Kb 22:46 < ||cw> Kb or KB? 22:47 < ||cw> at 20KB you need to process 75K frames per video per second. 22:48 < roxlu> oh sorry KB 22:49 < roxlu> ||cw: as I test I disabled all code that did most processing and we're still dropping 22:49 < roxlu> I don't think it's a processing thing (it could be ofc. but I think wireshark does a lot more processing) 22:53 < ||cw> so it must be in how you're polling then 22:55 < roxlu> yeah I was thinking that 22:55 < roxlu> I'm going to create a little test case 22:56 < roxlu> thanks so much for your help ||cw 23:37 < frontrowalex> Not sure if this is the best place to ask this, so please let me know if it's not. We recently changed company domains and a bunch of sent email started to get bounced by firewalls at the receiving end of things. Am I correctly understanding that, even when sent from Gmail, brand new domains will not be trusted by firewalls / mail servers out there? 23:38 < frontrowalex> Specifically getting a "554 rejected due to spam URL in content", which we've never gotten before. 23:38 < djph> could be 23:39 < djph> or, you picked up a domain name that was previously associated with spam 23:39 < djph> ... you didn't grab expert sexchange or something, did you? 23:40 < Apachez> https://www.us-cert.gov/ncas/alerts/TA18-106A 23:42 < frontrowalex> djph: I don't think it's been in use for years, we got it off of a squatter. 23:42 < frontrowalex> Unless they were secretly using it to spam people? 23:43 < djph> frontrowalex: quite possible. You'll have to petition the spamlists (and/or gmail, etc. directly) and prove that you've taken over the domain and you're really nice guys out of nigeria, really ... 23:43 < Apachez> why cant we just nullroute nigeria at tier1? 23:44 < ||cw> is nigeria even really the problem? 23:44 < frontrowalex> Wouldn't Gmail already know that it's owned by good guys since that domain is our primary G Suite domain now? 23:45 < djph> ||cw: no, but given that "nigerian prince" emails were kind of big at one point ... 23:45 < ||cw> seems to me it's mostly china and russia, and there's planet of valid traffic from there too 23:45 < ||cw> djph: yeah, but I'm not sure a lot of them actually came from nigeria 23:45 < Apachez> remove nigeria from internet and instantly a 99% drop of spam 23:45 < ||cw> frontrowalex: you'd think, but not really 23:46 < djph> ||cw: that's not the point 23:46 < frontrowalex> Do you know of any spam lists I could start with? I can't wait for them to ask me to pay them to be approved :D 23:47 < Apachez> make sure your emailservers supports greylisting 23:47 < djph> try mxtoolbox - they might be able to check 23:47 < Apachez> as in it will queue the mail and retry shortly after 23:47 < ||cw> Apachez: my top 3 origin countries for blocked messages are the US, Germany, and Romania. 23:48 < ||cw> nigeria doens't even make the top 20 23:48 < Apachez> mine are nigeria, nigeria and uk 23:48 < Apachez> somehow the brits hate me 23:48 < Apachez> a matter of time before they send BZ nerve agents to my postbox :P 23:48 < ||cw> if you're software is reporting a country twice, it's broken 23:49 < ||cw> UK is my 4th 23:50 < Apachez> na nigeria took both 1st and 2nd place 23:50 < Apachez> they are that evil --- Log closed Tue Apr 17 00:00:48 2018