--- Log opened Mon Jul 02 00:00:21 2018
00:07 <+catphish> brentaarnold: well if so, if the firewall is the router then that's where you need to configure the dhcp proxy, if the switch is the gateway, then thats where you need to do it
00:07 <+catphish> i suspect its only the fireall you need to configure thogh
00:09 < brentaarnold> catphish I see, thanks so much. I have to wonder, now, what situation would require DHCP relay to be on the switch instead of the firewall?
00:10 <+catphish> brentaarnold: only when the switch is a layer3 switch, ie it's actually the router
00:10 < brentaarnold> Would that be something for bigger environemnts where the firewall isn't always the last hop?
00:10 <+catphish> yeah in large networks the switch itself is often acting as the last hop router
00:10 < brentaarnold> I see, very helpful <3
00:10 <+catphish> (a layer 3 switch)
00:10 <+catphish> which is really just a fancy way to say switch and router in one
00:10 < brentaarnold> Right
00:10 < Holo> <3 layer 3 switches
00:11 < brentaarnold> I'm using a Juniper SRX 320 and an EX 2200
00:11 < brentaarnold> Trying to learn JunOS
00:11 < Holo> When used properly, they can remove a lot of the load of the network in key areas
00:11 < Holo> Off*
00:12 <+catphish> brentaarnold: awesome
00:12 < brentaarnold> Holo yeah I can surmise that be the case since it doesn't have to send every routing request to the firewall to be routed
00:12 < Holo> Ya
00:12 <+catphish> well the ex2200 is a great switch, not layer3, so generally you wouldn't do dhcp proxy at that level
00:13 < brentaarnold> catphish I really only asked because I seen dhcp-relay in the CLI under forwarding-options
00:13 < brentaarnold> Then I was somewhat confused
00:13 < Holo> brentaarnold: it saves you from having to send every packet to the router to be routed
00:13 < brentaarnold> in the EX2200 that is
00:13 <+catphish> it may be possible to configure it :)
00:13 < shalok> Why does `ethtool -k` output different feature names than those required by `ethtool -K`?
00:13 <+catphish> but it seems pointless to do so
00:13 < brentaarnold> Right
00:13 < shalok> How do I figure out what is the correct arguments to `ethtool -K`?
00:13 <+catphish> when you can do it on the router (since its on the same vlan as the clients)
00:14 < Holo> I need to relearn how to do routing on linux
00:14 < brentaarnold> ew, IP tables and such
00:14 < brentaarnold> sounds terrifying
00:14 < Holo> Fuck that
00:14 <+catphish> shalok: it's a bit weird, but read the manual, they're all listed
00:15 < Holo> I am using net filter tables
00:15 < Holo> Hell no to iptables
00:15 < brentaarnold> lol I don't know the difference
00:15 <+catphish> routing on linux is easy, iptables is a little more complicated
00:15 <+catphish> but imo fine once you take a minute to understand it instead of just copying examples
00:15 < Holo> catphish: probably not as easy as the Cisco IOS way :p
00:16 < Holo> Ip route and done :p
00:16 <+catphish> probably equally simple
00:16 <+catphish> that's the same as linux :)
00:16 < Holo> Ya but for saving the routes
00:16 < Holo> What to use and where to put it
00:16 <+catphish> yeah, distros kinda suck at that
00:16 < Holo> :p
00:17 < brentaarnold> Having literally 0 IOS experience how well do you think I'll be able to go from JunOS to IOS if ever I need to?
00:17 < brentaarnold> Is it apples and oranges?
00:18 < Holo> brentaarnold: if you just want static routes
00:18 < mgolisch> never used any of our switches for routing
00:18 < Holo> Ip route ?
00:18 < Holo> All you need to know
00:18 <+catphish> brentaarnold: ios sucks compared to the junos cli, but its not so hard really
00:18 < Holo> catphish: how so?
00:18 < brentaarnold> I'm loving the JunOS CLI. It's my first CLI.
00:18 < Holo> Never used junos
00:19 <+catphish> i think cisco have a more junsy UI in some of their newer devices
00:19 < mgolisch> also theres stuff like vyos if you want a cli and not fidle with the native linux userspace interfaces
00:20 <+catphish> it's hard to explain my hatred of IOS, i just really prefer the junos/vyos style
00:20 < dogbert_2> loading Debian 9.4 onto my $100 ph33r machine :P
00:20 < brentaarnold> Is junos a derivative of vyos?
00:20 <+catphish> no
00:20 <+catphish> vyos just copied them afaik
00:20 < brentaarnold> wow really?
00:20 < dogbert_2> brentaarnold...IOS/IOS-XE is great compared to using Commodity Switches :P
00:21 < Holo> catphish: do explain:p
00:21 < brentaarnold> dogbert_2 what you mean commodity switches?
00:21 < dogbert_2> brentaarnold...search edge core 5610
00:22 < Holo> Explain to someone who is coming from almost purely Cisco :p
00:22 < brentaarnold> That's a lot of fiber
00:22 < caveman> hi
00:22 < brentaarnold> So you think Edge-Core is trash?
00:22 < brentaarnold> compared to Cisco?
00:23 < dogbert_2> just a PITA is all :)
00:23 <+catphish> i think my main complaint about IOS was always the config always applying live, though i imagine they've made that optional by now
00:23 < brentaarnold> I see
00:23 < caveman> how to setup IP.in-addr.arpa. for ipv4?
00:23 <+catphish> also, i just prefer the config file style of juniper, nice hierarchical type thing
00:23 < brentaarnold> I absolutely love junos config check prior to the commit
00:23 < Holo> catphish: oh, ya I like that bit a lot
00:23 < brentaarnold> It's amazing especially with newbies
00:23 < caveman> how to setup IP.in-addr.arpa. for ipv4?
00:23 < Holo> I love how it’s live
00:24 < caveman> wht's the best linux vps?
00:24 < Peng_> caveman: Talk to whichever ISP controls the range. If that's you, read the RIR's documentation.
00:24 < caveman> i want linux vps with configurable in-addr.arpa.?
00:24 < Holo> If I don’t want it live then I do it in notepad and paste :p
00:24 < caveman> Peng_: i am none.  i want to buy a vps with custom in-addr.arpa.
00:24 <+catphish> caveman: you'll need to speak to the vps provider
00:25 < caveman> catphish: manually?
00:25 <+catphish> caveman: only they can set those dns entries
00:25 <+catphish> caveman: some allow you to do it through their GUI
00:25 < caveman> what's the best linux vps?
00:25 < Holo> There is no best
00:25 < Peng_> Do you say all things twice?
00:25 <+catphish> overall, country non-specific, try linode
00:25 < caveman> Peng_: no.  never.
00:25 < Holo> There is simply what can you afford and what are your requirements
00:26 <+catphish> but there re lots of providers, mostly in specific geographical regions
00:26 < caveman> catphish: does linode allow for things setting in-addr.arpa. records?
00:26 < Holo> I use google cloud compute for a personal VPS but fuck them for business use
00:26 <+catphish> i don't know
00:26 < Peng_> caveman: Yes.
00:26 <+catphish> caveman: do your own research
00:27 < caveman> Peng_: free?
00:27 <+catphish> there are a ton of option
00:27 < Peng_> caveman: Of course
00:27 < Peng_> Holo: IPv6 :'(
00:27 < caveman> do u work for them, Peng_
00:27 < Peng_> caveman: No.
00:27 < Holo> They are complete and utter assholes and dushbags when it ones to costumer service
00:27 < brentaarnold> I'm a pretty heavy Azure user but only because they integrate so well with MS environments which is what I generally support
00:27 < Holo> Peng: ya :(
00:27 < caveman> see, linode scares me.  coz too much of their staff r in freenode.  if i upload my dick pics caveman_dick.jpg they will see it.
00:27 <+catphish> brentaarnold: don't worry, you'll find a better job some day :)
00:28 < Holo> And the fact that I have seen them disable business accounts VPS for random bullshit and  made the people go verify your identity or your shit is gone in 3 days
00:28 < brentaarnold> catphish haha, ouch that one hurts since I'm the business owner
00:28 < brentaarnold> <3
00:28 <+catphish> lol
00:28 < Holo> Aka use amazon or someone else for cloud
00:28 < Holo> Use google for the free vps tier
00:28 < Holo> :p
00:28 <+catphish> brentaarnold: don't worry, i just happen to dislike windows, much as i do cisco :)
00:28 < caveman> haasn: what's google vps?
00:29 < brentaarnold> I like Windows :P
00:29 < caveman> Holo:
00:29 < Peng_> caveman: What do you think
00:29 < caveman> is google vps nice
00:29 < Holo> caveman: google cloud compute
00:29 < caveman> is it cheaper than linode?
00:29 < Holo> It can be
00:29 < Holo> Depends on traffic etc
00:29 < caveman> cloud.google.com?
00:29 < caveman> 1 middle-aged man's porn traffic?
00:30 < Holo> If you want it as a VPN
00:30 < Holo> Forget it
00:30 < Holo> They charge per GB
00:30 < caveman> i want vps.  like ssh there, and install apps, config stuff. etc.
00:30 < Holo> OVH would be dirt cheap
00:30 < caveman> i want something like linode.
00:30 < Holo> Again it depends on your requirements
00:31 < Holo> Disk space, networking usage
00:31 < Holo> Ram
00:31 < caveman> ovh.com?
00:31 < Holo> You need to figure out your requirements first
00:31 < Holo> Before shopping
00:31 < caveman> i need vps.
00:31 < Holo> For what
00:32 < caveman> nginx basically.  irc bouncer.  and ssh tunnel for porn.
00:32 < caveman> the trinity of awesome.
00:32 < Holo> Then google is out of the question due to bandwidth unless you need the guaranteed uptime
00:33 < caveman> due to bandwidth?
00:33 < Holo> They charge per GB
00:33 < caveman> oh, u mean the porn.
00:33 < caveman> 4k 360 porn VR
00:33 < Holo> And website
00:33 < caveman> ok.  i guess google is stingy.
00:34 < Holo> They are great for the uptime
00:34 < Holo> My shit has yet to go down once
00:34 < caveman> does ur shit need mission criticality?
00:34 < Holo> My free vps for znc?
00:34 < Holo> Hell ya
00:35 < caveman> dunno.  whatever googly stuff u do.
00:35 < caveman> wat.  free vps?  u said free.  where.
00:35 < Holo> I have a free tier google vps for znc
00:35 < Holo> Lol
00:35 < caveman> znc?  oh...  oh oh oh this is irc bouncer?
00:35 < Holo> Yes
00:35 < caveman> for how long is it gonna be free?
00:36 < Holo> Forever unless google changes their terms
00:36 < hirogen> hi anyone use ms visio 2016 and find some of your diagrams to be ultra slow loading esp over citrix, like its rendering slowly
00:36 < brentaarnold> hirogen of course, on hardware directly
00:36 < caveman> Holo: how does the znc account look like?
00:36 < Holo> caveman: what do you mean?
00:36 < caveman> Holo: irc.vmnode.pw is ur google vnc?
00:36 < Holo> Yes
00:36 < brentaarnold> without even remote access Visio is slow
00:36 < caveman> :)
00:37 < caveman> Holo: God bless u.
00:37 < caveman> Holo: how can i get google vnc?
00:37 < Holo> I have znc docker composed
00:37 < Holo> I can move to any provider with minimal configuration and always have the latest znc
00:38 < Holo> caveman: google compute free tier
00:38 < caveman> Holo: how did u set custom reverse arpa?  is it via the menus?
00:38 < Holo> Yes
00:38 < caveman> why is google doing this free stuff....
00:38 < Holo> To get you hooked to use their services
00:39 < caveman> ``TRY GCP FREE'' <-- not this?
00:39 < caveman> so i guess all these free things r temporary?
00:39 < Holo> Oh and they gave me 300$ of credits to use
00:39 < Holo> You need to read
00:39 < caveman> can u withdraw the 300$?
00:40 < caveman> k.  reading this shit..  damn google.  evil bastards giving good shit for free.
00:40 < hirogen> ok cool
00:40 < caveman> Holo: how easy is it to setup arpa entries with google?
00:40 < Holo> The free tier google computer is 600 MB of ram, 1VCPU, 30 GB drive and 1GB egress
00:40 < Holo> Easy?
00:40 < caveman> mother... 30GB storage.. 600MB ram.. does it look like vps?
00:41 < Holo> If you go over 1GB of egress then it’s like 11c per GB
00:41 < Holo> Pol
00:41 < caveman> Pol?
00:41 < Holo> Lol*
00:41 < Holo> It’s perfect for znc
00:41 < caveman> yeah but hold.  what if i exceed.  will google zap me?  can they just simply disconnect me instead of charging me monies?
00:42 < Holo> Its 11c......
00:42 < caveman> yeah .n.o.
00:42 < Holo> 11 freaking cents
00:42 < caveman> did u pay them?
00:42 < Holo> I have 300$ to burn
00:42 < caveman> 11c per 1GB?
00:42 < c|oneman> I use openvz
00:42 < c|oneman> er, buyvm
00:42 < Holo> I never go over 1GB
00:43 < caveman> Holo: what if.  can u say ``no thx, don't auto-burn monies''?
00:43 < Holo> Then what is the point of running znc if its not up 24/7?
00:44 < caveman> true true.  24/7 is g00d.
00:44 < caveman> but is it possible to tell them ``if i exceed 1GB, shutdown''?
00:45 < Holo> Probably
00:45 < Holo> I don’t care because Its dirt cheap
00:46 < Holo> That’s like $1.32 a year for using 2GB every month
00:47 < Holo> You see how dirt cheap this is?
00:47 < caveman> wtf google wants my phone number??
00:49 < caveman> Holo: they want a CC?
00:49 < Holo> Dua
00:49 < caveman> dua?
00:50 < Holo> What did you expect?
00:50 < caveman> ...
00:50 < caveman> google wants to grab me by the balls.
00:50  * caveman closes tab
00:51 < Holo> Damn kids thinking things are free for no reason
00:51 < caveman> ...
00:52 < caveman> so much hype for nothing.
00:52 < caveman> ``no upfront pay [but give us cc lol]''
00:52 < Holo> It’s still Free and your card is on file for when you go over
00:52 < Holo> That’s this they all work
00:52 < caveman> yeah but so creepy.  google scares me.  no thx.
00:52 < mgolisch> use something else then?
00:52 < caveman> yeah.  that.
00:52 < Holo> Pfft, and everyone else does not?
00:52 < caveman> so, i need to install nginx.
00:53 < caveman> is not that google crap suitable for nginx?
00:53 < Holo> I have a docker compose web stack
00:53 < Holo> :p
00:53 < caveman> free?
00:53 < Holo> Lazy website deploy
00:53 < Holo> It’s docker......
00:53 < caveman> Holo: how do u get dockers into google?
00:54 < mgolisch> you install docker on a vm/vps?
00:54 < Holo> ^
00:54 < caveman> so cloud google is just a linux vps?
00:54 < mgolisch> they have some sort of managed container thing too based on kubernetes i think
00:54 < Holo> Hmm.... well shit. OVH dropped down in price again
00:54 < Apachez> how rude
00:54 < caveman> is that bad?
00:54 < Holo> Only like $40 a year now
00:55 < Apachez> they are probably pedophiles or something
00:55 < Apachez> so lets ignore them for whatever reason ;)
00:55 < Holo> A dam good price and they doubled their SSD storage
00:55 < Holo> Dam it
00:56 < Holo> Stop dragging me back OVH :p
00:56 < mgolisch> iam gona get a new vps there, saw they now have a datacenter in frankfurt too for the same price
00:57 < caveman> Holo: why did u leave them
00:57 < Holo> mgolisch: they have gotten dirt cheap
00:57 < Holo> Last time for less the specs it was like $5
00:58 < caveman> is vps now a cloud technology?  :/
00:58 < Holo> Cloud is the same word for remote
00:58 < Holo> How is it *now*
00:59 < Holo> It’s always been remote usualy
00:59 < caveman> how does ovh compare to linode?
00:59 < Holo> Idk, google
00:59 < mgolisch> no idea never used linode, i used ovh before as they are quite cheap and they had datacenters in europe
01:00 < caveman> is ovh not reliable?
01:00 < mgolisch> except for that poweroutage they had some time ago i never had any problem with their services
01:01 < caveman> do they config arpa records for free?
01:01 < Holo> I moved to google because it was free but with OVH I can so some reverse Nginx proxies
01:01 < caveman> why would u need that Holo
01:01 < caveman> to speed up ur server?
01:02 < Holo> Because I can use a vpn from home pc to server and expose a software via webpage server and add in auth?
01:03 < Holo> Aka use reverse proxie
01:04 < mgolisch> yeah theres a button to change the reverse dns for my vps in their interface
01:04 < Holo> And get https auth thrown In
01:04 < Holo> <3 lets Encrypt
01:05 < Holo> I picking up a vps when I get home
01:05 < Holo> Can’t beat the proce
01:05 < Holo> Price
01:06 < caveman> Holo: i have no idea wtf r u doing.
01:06 < caveman> :)
01:08 < caveman> what is vps vs. public cloud?
01:08 < Holo> Google it
01:10 < caveman> k.
01:10 < caveman> ovh sucks.  no arpa i thik.
01:10 < mgolisch> you can change the reverse dns
01:10 < mgolisch> even for the vps
01:11 < caveman> no thx i'll go with google.  will let them get my cc.
01:11 < caveman> saving money is more important than saving honour.
01:11 < mgolisch> lol?
01:11  * caveman hugs the devil coz money
01:11 < mgolisch> but yeah do whatever you want
01:12 < caveman> dude cloud google is f.r.e.e.e.
01:12 < caveman> btw do u work for ovh/
01:13 < mgolisch> no
01:13 < caveman> anyone here who works for google cloud
01:13 < mgolisch> probably not
01:14 < tds> you'll probably have a much better time finding those people using their ticketing systems than asking on here ;)
01:25 < dogbert_2> some ph33r: [    0.080000] smpboot: Total of 2 processors activated (11970.79 BogoMIPS)
01:37 < buu> If lspci doesn't find a pcie network card, the thing is dead right
01:39 < m5w> Hello.  I have a couple questions about gigabit ethernet.  In full-duplex, since there is no carrier extension, minimum-length (64 bytes) frames can be sent, right?  So, with the preamble, SFD, and inter-frame gap, each carrier event would be 84 bytes, right?  Also, for half-duplex, when bursting, is the preamble and SFD sent with each frame in the burst or only the first one?
01:39 < rocketeer> Hey - I'm a complete noob in most ways and could be entirely misinterpreting everything, but I'm on a government network trying to build a fileserver of some sort. I also can't get any of my test laptops to interact with each other in any way. Does this mean that the network is configured to block me, and is there anything I can do?
01:41 < rocketeer> For reference, the IP addresses reported are 10.0.4.148 and 10.0.4.87, and will respond to pinging themselves, but not the other
01:41 < light> they could have their firewalls blocking icmp echo
01:43 < rocketeer> light: I launched a very basic apache server on one of them, and that gives err_address_unreachable when I try to reach it from the other
01:51 < Biessie> Anyone know why my ISP would block (im assuming its blocked) any connections to my WAN IP from inside the network? It doesn't allow me to see anything from inside the LAN but it allows people to outside.. Thats everything. SSHD/FTPD/APACHE2/VNC/etc - i can access any server using LAN ip:port but i can not using WAN ip:port (from inside the network only)
01:52 < light> Biessie: hairpin nat
01:53 < Biessie> light : excuse my lack of knowledge. What does that mean?
01:53 < light> your ISP is not responsible and you can configure such access on your router
01:53 < Biessie> okay so it's hardware config on my side?
01:54 < light> I've given you the phrase above you'll want to google to set it up
01:54 < Biessie> thanks ill start my research now.
02:33 < caveman> what's the best dns server (linux)
02:35 < Peng_> Depends. "Having someone else worry about it." is also good.
02:36 < caveman> Peng_: i think i bought a domain name from a sucker that only lets me set ns records unless i pay more to let me set A records.
02:37  * Peng_ shrugs
02:37 < Peng_> Domain registrar DNS hosting often isn't good anyway.
02:37 < caveman> why?
02:38 < caveman> most secure, most lightweight, dns server for A records.  i don't care about advanced features.
02:38 < Peng_> Capitalism?
02:39 < caveman> but what did u observe in their hosting that made u unhappy about them?
02:40 < Peng_> Cheap, unreliable and sometimes otherwise malfunctioning service?
02:41 < Peng_> There are lots of DNS providers, some of which are good, and some of which are cheap or free.
02:52 < h0dgep0dge> I like hurricane electric, free and nice features
03:05 < cmj> i use he.net too
03:25 <+pppingme> caveman thats all dns registration buys, anything extra, like dns hosting, is a perk, most do, some don't.
03:25 < spaces> is anyone sexy ?
03:26 <+pppingme> personally, I'm of belief that there should be at least three enteties, the registrar, dns hosting, and any other hosting..
03:26 <+pppingme> this way, one pissed party can't shut you down (its rare that registrars get pissed)
03:26 < spaces> pppingme you lost your beliefs many years ago son
03:26 <+pppingme> spaces keep it on topic or join ##networking-social
03:27 < Spice_Boy> like this channel is always on topic
03:28 < spaces> pppingme normally you are the first to respond that you are sexy, what happened ?
03:37 <+pppingme> because there's an on topic conversation at the moment
03:41 < scientes> ugggh, my VPS provider only gives me one ipv6 address and hurricane electric tunnels do not work for some reason
03:44 <+pppingme> do you have a REAL ipv4 addr?
03:44 < scientes> yes
03:44 <+pppingme> not some funny nat business?
03:44 < scientes> although i pay 0.99 euros a month for it
03:45 < scientes> https://www.scaleway.com/
03:45 < scientes> they support arm which is cool
03:47 < scientes> and the ipv6 address they gave me doesn't use 92 bits of the address, its blah:blah:blah:blah::blah
03:49 <+pppingme> what do you mean 92 bits?  thats still a 128 bit address
03:52 < scientes> yes, but 92 bits of it are zeros
03:52 < scientes> at the least they could allocate it differntly and give everyone a /80
03:59 < BenderRodriguez> scientes: so a /92 address right?
04:00 < BenderRodriguez> that still gives you 2^36 address combinations you could use
04:00 < BenderRodriguez> and carve up to your linking
04:00 < fryguy> what? that's not how this works
04:04 <+pppingme>  scientes I'm confused by your statement, are you saying you have 36 bits of space of your own to play with?
04:05 <+pppingme> if so, thats like 64 billion ip's
04:07 < scientes> pppingme, no, my address is a /127
04:07 < scientes> but it SHOULD be a /92 or /80
04:08 <+pppingme> scientes are they routing you a /92 or something over your /127??
04:08 <+pppingme> and before you answer, ARE YOU SURE????
04:08 < scientes> i'll gtive you a screenshot
04:11 < scientes> https://imgur.com/a/hyROIAD
04:12 <+pppingme> scientes ok, that doesn't mean they aren't still routing you a /64 or some other range, thats just a single IP to talk on their network with..
04:13 < scientes> yeah and it sucks
04:13 < scientes> they are subdividing a single /64
04:13 < scientes> and only handing out individual ips
04:13 <+pppingme> so figure out the subnet they are **routing** to you..
04:13 <+pppingme> I'll bet they are routing you something..
04:14 < scientes> its not like there is a shortage of ipv6 addresses
04:14 <+pppingme> providers generally aren't stingy with ipv6
04:14 < Zatarra|8164> how much o the bet?
04:14 < Zatarra|8164> are gonn bet?
04:14 <+pppingme> I'll bet you have a /64 or at least a /112 or something... thats **routed** to you (this means it won't necessarily be assigned to an interface yet)
04:14 < Zatarra|8164> how much you talking?
04:16 < Dagger> pppingme: note that there's a difference between sane network setup, and VPS network setup
04:16 < Dagger> they seem to be nearly entirely disjoint concepts :|
04:17 < scientes> and for some reason both hurrican electric and netassist tunnel brokers don't see to work
04:17 < scientes> they must drop v4tunnel packets like comcast does
04:17 < scientes> but comcast provides nice /64s so there is no need
04:18 < scientes> I just though it cool i could get a arm64 VPS
04:18 < scientes> but they have an insane networking setup
04:20 <+pppingme> you sure that arm64 isn't just a bunch of stacked pi's?
04:21 < scientes> its KVM
04:21 < scientes> and they have 64 core/128GB instances
04:22 < scientes> (although only up to 16 cores 16GB is available)
04:23 < scientes> they also have baremetal armv7x4 but the performance on those was not good enough, buess they arn't A15s
04:23 < alabaster> I have a question that's probably dumb that's why I am prefacing
04:25 < Dagger> that sounds like... yup, scaleway
04:25 < Dagger> as far as I'm aware they only do one single v6 address, no routed block, unless they've changed anything recently
04:26 <+pppingme> wow, thats crazy
04:26 <+pppingme> I know a lot do small subnets, like /112's and such, but wow..
04:27 <+pppingme> alabaster most of the time, the only dumb question is the unasked question..
04:27 < alabaster> I just see a term and have another probably stupid question. just learning more intermediate networking. why would one need to subnet in class a or b? Isn't that way overkill?
04:28 < scientes> the support person just said "I will check with the concerned team and I get back to you."
04:28 < Dagger> class A? class B?
04:28 <+pppingme> alabaster "class" is an outdated term..  if someone is teaching it to you, shoot them on the spot, take no hostages
04:28 < alabaster> pppingme I'm trying to learn security and CCNA/P at the same time both merge when it comes to minor security so I bought an adaptor to visualize my own network....
04:29 < Dagger> I take it this question is purely for historical interest, given that classes haven't been a thing since the 90s?
04:29 < alabaster> so just do class C, because I memorized how to do that without paper?
04:29 < alabaster> sorry on two questions at the same time
04:29 < dogbert_2> well, yeah, since CIDR came into use in the late 90's
04:29 < alabaster> oh G-d thank him for classless subnetting
04:30 < dogbert_2> you need 500 IP's, you better have a /23
04:31 <+pppingme> nah, 500 ip's?? Gota throw a class B at it..
04:31 < alabaster> its slipping out my brain since I am trying to learn security at the same time. But I got the charts and from /23 to and more networks/hosts down if I refresh
04:31 < BGL> can some one point me to a an active website that logs/displays a list of the most commonly found scanned tcp/udp ports in the wild? - not looking for a port list, but recent/aged data
04:32 <+pppingme> alabaster the math is easy..  2^(32-x)..  so a /24 is 2^(32-24), or 2^8 possible ip's..  256
04:32 < scientes> I also can't set reverse dns on ipv6 address
04:32 <+pppingme> scientes time to switch providers
04:33 < scientes> if only Hurricane electric worked
04:33 < scientes> they I could paste it over
04:33 < scientes> I want something dirt cheap
04:33 < alabaster> other important question. I am trying to visualize my own network and live linux wasnt working so I bought an adaptor and plugged it into my Ubuntu VM it worked last night but wasn't even connecting today. I pulled it out when VM was on. Not doing anything even and it caused a MS Kernel Security violation and it sent it to MS hell since its Win10. why'd it do that and should there be worry there?
04:33 <+pppingme> you sure HE doesn't work? or could you be implementing it wrong?
04:33 < scientes> it works on my other VPS
04:33 < scientes> and I made a new tunnel
04:35 < scientes> i'll try another he server, last time there was a problem on the HE side
04:36 < Zatarra|34091> jow muh we talking?
04:36 < Zatarra|34091> how much you gonna put down on it?
04:38 < Zatarra|34091> how much are you talking?
04:38 < Zatarra|34091> are you going to bet or what?
04:39 < alabaster> sorry i've just been told a kernel security violation is just something silly
04:40 < Zatarra|34091> it is ll silly huh?
04:41 < Zatarra|34091> al ovit
04:41 < Zatarra|34091> it is cracked as aoon as it hits the store
04:41 < Zatarra|34091> get on s bus
04:42 < Zatarra|34091> dbua
04:42 < Zatarra|34091> dbus
04:42 < Zatarra|34091> holo- ! thats it app layer security
04:42 < Holo-> what is?
04:43 < Zatarra|34091> lols like a schizoid
04:43 < Zatarra|34091> entropy wiyhin ghe app
04:43 < Zatarra|34091> the only way to attempt security
04:43 < Zatarra|34091> but who to talk to?
04:43 < Zatarra|34091> remember zsnes
04:43 < Zatarra|34091> asm
04:43 < Zatarra|34091> chew right through and then run app layer havged
04:44 < Zatarra|34091> app layer havged
04:44 < Zatarra|34091> if you can run something like dragonfly
04:44 < Zatarra|34091> peel off the layera
04:45 < Holo> ?
04:45 < Zatarra|34091> into securiy
04:45 < Zatarra|34091> metatron is tje last hope at security
04:45 < Zatarra|34091> and if there isnt any
04:45 < Zatarra|34091> they continue the use it anyjow
04:46 < Zatarra|34091> how much we talkng on tonighta bet
04:46 < Zatarra|34091> 60
04:46 < Zatarra|34091> 100
04:46 < Zatarra|34091> thousands , whay
04:47 < Zatarra|34091> show  some
04:48 < alabaster> Zatarra I am way lost in what you said
04:51 < alabaster> Zatarra sorry I stepped away
05:26 < linux_probe> oh look a cute_korean_girl
05:26  * linux_probe almost believes that >_>
05:26 < c|oneman> you're one to talk, with your tales of anal geeks
05:26 < linux_probe> that's like a korean boy
05:27 < linux_probe> anal :)) very rare for a thick fell to get anywhere near  back door
06:18 < android> ther it is
06:18 < skyroveRR> There's what?
06:18 < android> line cut wihout notice
06:19 < skyroveRR> What line cut? Internet disconnect?
06:19 < android> happens many times when I am into the talk
06:19 < light> The internet is down right now.
06:19 < android> yeah, disconnect
06:21 < android_> and again
06:21 < android_> this ime it was noticable the prior was a captive portal firewalling the line wihout notice
06:22 < android> and again
06:22 < android> this ime it was noticable the prior was a captive portal firewalling the line wihout notice
06:24 < android> hello?
06:25 < skyroveRR> hi
06:25 < skyroveRR> again
06:25 < android> yeah
06:25 < android> nother client is conncted
06:25 < android> not showing
06:25 < android> lools like somebody tode the internet to shreds
06:25 < light> To shreds, you say
06:26 < android> what server are you on
06:26 < android> kornbluth is an origionl isnt it?
06:27 < android> after android released screens detached fom computing
06:27 < skyroveRR> Oh yeah, kornbluth is having issues. Noticed that yesterday.
06:27 < skyroveRR> Switch to rajaniemi.freenode.net.
06:28 < android> hello
06:28 < skyroveRR> kornbluth was giving me constant timeout issues.
06:28 < light> android: if you upgrade to comcast premium you won't get those drop outs
06:28 < skyroveRR> lol
06:31 < android_> hello
06:31 < android_> helo
06:35 < Zatarra|3845> helo?
06:36 < android_> yeah
06:36 < android_> 🍊
06:36 < skyroveRR> ?
06:36 < skyroveRR> !
06:37 < Zatarra|3845> hi skyroverr
06:37 < skyroveRR> Hi Zatarra|3845
06:37 < android_> yeah
06:39 < android> did you learn to swim in a sharktank?
06:39 < skyroveRR> Did you?
06:39 < android> adultswim　™
06:40 < android> holding on to a chunk of wood?
06:40 < android> floating?
06:40 < skyroveRR> fh
06:41 < android> hello?
06:42 < android> skyroverr what happened to the drones?
06:42 < skyroveRR> I thought they crashed into you.
06:42 < android> I told you to land one on the roof
06:42 < android> cant you call up sparkfun
06:42 < android> the internet flying spy drones
06:43 < android> throw out a working line
06:44 < android> the cigarettes taste lile opium again what happened another allied forces afghanistan drop?
06:45 < android> duckhunt?
06:45 < android> whats going on?
06:45 < android> whispers about guosts?
06:46 < android> is that a vertical cle nod?
06:47 < android> is there any working equipment sold on the market anymore?
06:47 < android> this phone sems to have "good luck"
06:49 < android_> another disconect
06:49 < android_> so much for gettin into any reading
06:50 < android_> half hour or so of reconnecting
06:51 < android_> do you think I can get My Declaration over i a printer before july 4
06:58 < android_> deadmau5
06:58 < android_> how to remove buffer
06:58 < android_> real stream
06:59 < android_> it doesnt skip when disconnected
06:59 < android_> I use it as an alarm
06:59 < android_> if it skips the aignal is dropping
06:59 < android_> when not buffered
06:59 < android_> was it a dream
07:00 < android_> wasbit a dream
07:00 < android_> is this the only evidence
07:00 < android_> did it become a vendetta
07:00 < android_> ven ven ven
07:00 < android_> upping he itchy
07:00 < android_> itchy itchy zhu zhu
07:01 < android_> clarjon1 twisted?
07:01 < android_> is dr dre alive?
07:02 < android_> can you call dre and ask about the hp lab
07:02 < android_> thought about compton mission
07:02 < android_> and congo
07:03 < android_> but where to methylize the collective memories of rhe colonists
07:03 < android_> colonists of usa
07:03 < android_> call the king a night and the master a slave
07:04 < android_> if I say so is it no longer blasphemy
07:04 < android_> abdul yussif amI
07:04 < android_> all in all
07:05 < android_> 15 is a tough number
07:07 < android_> superdome!
07:07 < android_> is endar himcjif?
07:08 < android> mechon mamre
07:09 < android> airwind!
07:09 < android> benlovelant
07:10 < android> you talked to the Illuminati?
07:12 < android> yeah kepler!
07:12 < android> the hosts
07:13 < android> A_D seems to never wakeup
07:13 < android> is endar still around?
07:14 < android> skyroverr are june bugs ok to eat?
07:15 < android> skyroverr are june bugs ok to eat?
07:15 < android> something like flying soy nuts with crayfish eyes
07:17 < android> skyroverr
07:46 < android> absynth
07:46 < android> vvormwood
07:47 < android> yeah
07:47 < android> think it can be one step away
07:48 < android> one step and it is all over
07:48 < android> then what?
07:48 < android> hey skyroverr
07:48 < android> can uou send a drone?
07:50 < purpleunicorn> has anyone used qemu as a vm
07:51 < scientes> my scalway vps gets like 300mbps/300 locally in paris, but cross the atlantic is brutally slow, like 20mbps
07:51 < scientes> what is going on?
07:52 < light> high latency can impact tcp throughput
07:52 < scientes> yeah speedtest.net is TCP
07:52 < scientes> how do i test UDP speeds?
07:56 < brentaarnold> Anyone here used Ruckus WAPs?
08:21 < Ryvius> Hello, I have this Optiplex 9020 that suddenly gets timed out on everything on the internal NIC (Intel I217-LM). DNS works fine, and I've tried stuff like disabling ipv6, power savings for NIC, AMT, updating to newest Intel driver... it can't be our network since all other machines work fine, and the plug works fine on another machine too, any ideas?
08:25 < Ryvius> It's the same if I boot up some Ubuntu on it.... physically faulty NIC?
09:26 < zenix_2k2> uhm guys, so i have a question, between the Data link layer and the application layer, which one is the layer that packetlize my data before sending it across the network ?
09:26 < zenix_2k2> it is just my book explains things kinda confusing
09:34 < zenix_2k2> so hi ?
09:35 < Wulf> zenix_2k2: I dislike the OSI model.
09:36 < ^7heo> zenix_2k2: what book?
09:37 < Wulf> zenix_2k2: let's just say TCP does it. It's not really correct, but close enough.
09:39 < zenix_2k2> well yea the TCP/IP suite and "TCP/IP for dummies"
09:39 < zenix_2k2> that book
09:39 < Wulf> zenix_2k2: quite often it's the application itself that does the first packetization
09:40 < zenix_2k2> there is a page that says something like
09:40 < zenix_2k2> "This layer splits data into packets to be sent accross the connection medium and then wiring such as Ethernet or token ring get involved" but in the other page it says "if you FTP a file from computer A --> B, the data in the file is packetlized at the application layer and sent through all layers on computer A"
09:40 < zenix_2k2> and by "this layer" i mean the data link
09:41 < Wulf> zenix_2k2: FTP sends the complete file as a stream with no further encoding. TCP does the packetization here.
09:42 < purplex88> whats the benefit of having 2 switches vs 4 switches in topology?
09:43 < bezaban> purplex88: in what topology..
09:43 < purplex88> lets say 4 vs 6 switches in mesh topology
09:44 < purplex88> 2 at top and 2 at bottom connected via a mesh
09:44 < purplex88> 3 at top and 3 at bottom connected via a mesh
09:45 < bezaban> if all the links go to each switch you could handle the loss of a switch
09:46 < purplex88> will there be more bandwidth, more power, more speed with 3x3?
09:46 < bezaban> assuming the devices have redundant uplinks to multiple switches
09:47 < bezaban> more power yes, whatever that means, same speed
09:47 < purplex88> same speed?
09:47 < purplex88> well, lets take different topology
09:47 < zenix_2k2> Wulf: but isn't TCP a protocol in the transport layer ?
09:48 < purplex88> 4 switches in series vs 2 switches in series
09:48 < bezaban> purplex88, you can't have routing loops, so they will be disabled
09:48 < zenix_2k2> Wulf: so what does it mean by "the data in this file is packtlized at the application layer" ?
09:48 < bezaban> or breaks your network
09:49 < Zatarra|82946> what are we betting on?
09:50 < bezaban> don't know if multipath routing is in the scope
09:50 < Zatarra|82946> this was a truly interesting read
09:50 < Zatarra|82946> Beauregard
09:51 < Zatarra|82946> Brain Wars
09:52 < Zatarra|82946> he seems like a friend for writing it
09:53 < Zatarra|82946> kuyama
09:53 < Zatarra|82946> yeee wjo
09:53 < Zatarra|82946> yeee who
09:53 < Zatarra|82946> kuyama
09:59 < Zatarra|82946> yeeee qho
10:00 < Zatarra|82946> whoooo ho
10:00 < Zatarra|82946> yeeeeee who
10:01 < Zatarra|82946> read it again
10:01 < Zatarra|82946> read Brain Wars again and then uncover some of the referwncea
10:02 < Zatarra|82946> is william doing well?
10:02 < Zatarra|82946> william blackstone?
10:03 < Zatarra|82946> yeeeeeeeeeee who
10:03 < Zatarra|82946> things took a sudden change weareapple
10:03 < Zatarra|82946> there was suggerion I was being tried for in some unknown court
10:04 < Zatarra|82946> for something
10:04 < Zatarra|82946> and then the equipment changedbi.e. most of the spy cameras
10:08 < zenix_2k2> so people, i am still kinda confuses about this "if you FTP a file from computer A --> B, the data in the file is packetlized at the application layer and sent through all layers on computer A", if TCP is the protocol that takes care of packetlizing the data in this case then why the application ?
10:08 < zenix_2k2> isn't it supposed to be at the transport layer ?
10:08 < zenix_2k2> but still the book still said that Data link should take care of packetlizing it
10:13 < Zatarra|82946> zenix not likely
10:13 < Zatarra|82946> the isp most likely msngles it or filters it
10:13 < zenix_2k2> wait, what does the ISP have anything to do with TCP/IP ?
10:14 < Zatarra|82946> if it were a birect link
10:14 < zenix_2k2> i mean i am just kinda trying to understand "packet's journey"
10:14 < Zatarra|82946> the kodems use some sort of encoding
10:14 < zenix_2k2> but that quote i said above wasn't from me, it was from a book of mine actually
10:15 < Zatarra|82946> books dont use practice most of the timw
10:15 < Zatarra|82946> what are you falling; n love with the holographic leah brahms
10:16 < zenix_2k2> holographic what ?
10:18 < purplex88> if backplane of switch is always the sum of ports x bandwidth x 2 then why does it matter?
10:20 < Zatarra|82946> it doesnt matter if you dont have access
10:21 < purplex88> access of what?
10:21 < Zatarra|82946> wifi is not what it was designed for
10:21 < Zatarra|82946> it is designed for ethernet
10:22 < purplex88> yes I am mean ethernet
10:23 < Zatarra|82946> suppose you make your own finer cablea
10:23 < Zatarra|82946> yoi can use he same design as ethernt
10:23 < Zatarra|82946> 5tubea
10:23 < Zatarra|82946> this way the packets may be speead over the fiber
10:23 < purplex88> lol ok
10:24 < Zatarra|82946> at this point you likely say bye bye to your concept of reality
10:24 < purplex88> whatever
10:24 < Zatarra|82946> bodly go
10:24 < Zatarra|82946> where no man has gone before
10:25 < regdude> the backplane capacity is not always the sum of all ports (and sometimes times two)
10:25 < Zatarra|82946> if you have a strong enough mind you can enter warp
10:25 < regdude> friday is 3 days back
10:26 < Zatarra|82946> what meaning can you find
10:26 < TotallyNotKim> what do you means it's only monday?
10:26 < TotallyNotKim> how did that happen again ;_;
10:27 < Zatarra|82946> you build a fiber loopback
10:28 < Zatarra|82946> the router is the cpu
10:28 < Zatarra|82946> the spread prevents tampering over distance
10:28 < Zatarra|82946> byt say you are in a prison
10:28 < Zatarra|82946> how stopping the guards from attacking
10:29 < Zatarra|82946> if you be building a loopback machine and
10:29 < Zatarra|82946> how do you hold avtotem
10:29 < Zatarra|82946> totem so you can exit
10:30 < Zatarra|82946> at each exit you absorb the computer
10:30 < Zatarra|82946> by thought
10:30 < Zatarra|82946> until it is nothing
10:30 < Zatarra|82946> how can you tell it is not thrte
10:31 < Zatarra|82946> not thete
10:31 < Zatarra|82946> not there
10:31 < Zatarra|82946> why dont thy let you out
10:31 < Zatarra|82946> they dont know how
10:32 < Zatarra|82946> they rrfuse to comprehend these things
10:36 < Zatarra|82946> how you afford making the computer
10:36 < Zatarra|82946> fiber
11:06 < MikeSeth> wtf did I just read
11:16 < redrabbit> evil ai is there
11:26 < MikeSeth> do not attribute to malice...
11:29 < mohnish> What is better for beginners C++ or Java
11:29 < mohnish> ?
11:31 < light> Lisp.
11:36 < mjauschwitz> mohnish: 3+ years of CX
11:36 < mjauschwitz> C
11:36 < Capprentice> Which is lighter on the Router CPU, marking traffic based on DSCP or Marking traffic based on Source IP Address?
11:37 < detha> That would entirely depend on what one wants to begin. Application developer: java/python/C#/go/rust/flavor-of-the-month... Serious programming: C. Not C++.
11:38 < mjauschwitz> Capprentice: probably both are negligible in terms of load
11:46 < Capprentice> What general tweaks are needed to avhieve full 10G throughput on a VMWare passthrough 10G Intel Cards?
11:57 <+catphish_> Capprentice: i wouldn't really expect anything to need changing
12:02 < Atro> wow rude
12:03 <+catphish> lol
12:04 <+catphish> i feel like Sigyn isn't doing her job
12:08 < Atro> depends on the spam rate
12:08 < Atro> ive no idea how sygn actually recognizez
12:09 <+catphish> i think you have to flood a lot faster to trigger her
12:09 < Atro> ye
12:11 < drac_boy> hi
12:11 < drac_boy> can't recall if I had asked this before but any of you here ever dealt with draytek?
12:11 < drac_boy> just curious what their actual reputation seem like
12:12 < Phil-Work> drac_boy, we recommend Draytek to our SOHO customers that have crappy routers currently
12:13 < Phil-Work> fairly decent control over QoS, etc.
12:13 < drac_boy> hmm nice, ty phil
12:18 < drac_boy> might end up ordering a box of something from the europe area considering theres never ever been anything decent in canada here for almost a year now .. so yeah here we are phil :->
12:18 < Phil-Work> we use Buffalo for our US customers
12:19 < Phil-Work> not my team that deals with customers (thank fuck) but they apparently have the same level of control over QoS, ALG, etc. that the Drayteks do in the UK
12:27 < drac_boy> phil just asking but what kind of internet connection do you usually set up soho-wise?
12:27 < Phil-Work> drac_boy, we don't tend to go that far
12:27 < Phil-Work> we don't like to become the customers' IT company
12:28 < Phil-Work> but most of them have VDSL in the UK and Cable of some sorts in the US
12:28 < drac_boy> sorry bit of bad wording there..but anyway vdsl..mm nice
12:28 < drac_boy> too bad that in canada "vdsl" is half of the time a corruption :-|
12:29 < drac_boy> blame bell for that .. using some sort of internal variation that refuses to talk to vanilla vdsl modems -_-
12:29 < Phil-Work> :(
12:29 < Phil-Work> not too different to cable in the US
12:29 < Phil-Work> we tend to put the existing MODEM in bridge mode if we can't replace it
12:31 < drac_boy> but anyway phil I'm no isp neither, even then nearly all the setups I do are usually adsl/56k hybrid with the occasional adsl-only at an urban address once in a while
12:32 < Phil-Work> 56k? dear god.
12:33 < MikeSeth> MNP5 was a good protocol!
12:34 < drac_boy> phil it works well for the usual uses it gets .. email, light chat, most website around, etc
12:34 < drac_boy> tbh if you don't have 56k on hand then you're risking being offline at crucial times .. not good for business contacts anyway :-s
12:35 < drac_boy> (another footnote: so-called cell maps are rubbish .. bell/roger/etc keep saying that an area only 3km outside city is full hspa+ but if you really go there at any hour any time of the year its zero bar EVER
12:36 < drac_boy> but anyway phil I wouldn't bore you with too much more details :)
12:38 < Phil-Work> drac_boy, fair point
12:40 < drac_boy> phil I will mention one other thing tho.. many of the times I've put the setup to connect to a certain communal isp that I rather like myself too .. unlimited 56k number, uncapped 6/7/10/15mb adsl (it depends what the final signal is), small featureless webhost (no server scripting), and finally no contract so can sign up for 1 month or 10 year wha
12:40 < drac_boy> tever, and that all is just $20-35 monthly
12:41 < drac_boy> if you want to get 6mb adsl from anyone else you have to sign a contract and even then its usually at $25+ .. sounds like worser value doesn't it? :P
12:42 < drac_boy> not to mention the 'anyone else' usually have a 250gb cap almost all the times
12:42 < drac_boy> silly world isn't it
12:42  * drac_boy still doesn't know how bell can get away with their cell plan having a 500mb cap on it 0_o
12:44 < drac_boy> silly question phil, about how far from london are you?
12:45 < djph> drac_boy:
12:45 < djph> ..
12:45 < djph> drac_boy: "we don't care, we don't have to.  We're the phone company."
12:46 < drac_boy> djph hehe I wish .. its 500mb on their $70/mth "talk and internet" plan with a lte phone bundle .. doesn't exactly make sense does it? :)
12:46 < drac_boy> if it was just a basic phone on a for-voice plan then the cap would make more sense
12:46 < djph> nope. Which 'Bell' though?
12:46 < drac_boy> bell in canada
12:46 < djph> that's why
12:47 <+catphish> that sounds pretty pricey :(
12:47 < drac_boy> at least I'm glad that wind aka freedom is still surviving .. they're the only one who seem to have some common sense for cell data .. actually right now freedom is pushing some $30 plan that gives you quite a lot of data and theres no hidden cap to it or anything
12:47 < djph> well, you gotta remember, 70 canuckistani kopecs is like 30 freedom dollars. (Well, probably not, but it's funny)
12:48 < drac_boy> catphish yeah
12:48 <+catphish> IIRC i get 12GB for £20 here, that's like 30 icey north america dollars
12:49 < drac_boy> that sounds nice too catphish :)
12:49 <+catphish> it's 20GB for £30 now, plus unlimited calls and SMS
12:49 < light> hat's some heavy data
12:49 <+catphish> * it's 20GB for £20 now, plus unlimited calls and SMS
12:50 < djph> 26.30 according to the internet.
12:50 <+catphish> or £25 for 30GB, and spotify sub thrown in :)
12:50 <+catphish> it's pretty good value here IMO
12:50 < drac_boy> light 20gb isn't that heavy when you have over 5MB/s on tap tbh
12:51 <+catphish> depends what you use it for, i use like 200MB/month :)
12:51 < drac_boy> even with a 4g-only phone its not too hard to us eit a bit every day and somehow still run up more than 10gb at month end
12:51 < light> drac_boy: lb is a unit of measurement for currency and weight
12:52 <+catphish> i guess i'm boring and don't use my phone much when i'm out and about
12:52 < djph> meh, we keep it under 6 here ... but it's because wife and I don't really travel where we *don't* get wifi coverage (excepting the car, really)
12:52 < light> ._.
12:52 <+catphish> light: i enjoy expressing UK currency in lb
12:52 < light> I noticed
12:53 < djph> er, isn't UK currency (still) the pound sterling?
12:53 <+catphish> yes
12:53 <+catphish> though nobody would write it as 10lb
12:53 < djph> true, you have the squiggly 'L' .. 'E' ... whatever
12:53  * drac_boy usually writes it as gbp due to many keyboards not always having the shortcut to the symbol
12:54 < drac_boy> and euro? '120e' etc
12:54 < drac_boy> at least the one model supplier I deal with semi-frequently more than understands my price writing
12:54 < drac_boy> (he's from germany after all)
12:54 < djph> yeah, I have to write it "GBP" as well.  stupid laptop keyboard doesn't have a keypad, so no entering alt-codes.
12:56 < drac_boy> anyway I need to figure out some breakfast so I think I'll go for a bit now ... have fun anyhow :)
13:32 < grauzikas> Hello, i have strange problem. i`m running virtual machines on node and virtual machines is configured with bridged mode: it means that on node there is bridge wich has physical interface on it and all containers node side virtual interfaces. ebtables is used to configure what ips can be used by virtual machines.
13:33 < grauzikas> and now about the problem. when there is only few virtual machines everything works fine, but when i`m creating more of them (~50-100) inside virtual machines network speed drops down to ~300kB/s
13:35 < grauzikas> On node server download from same link has full speed
13:37 < grauzikas> also i have noted that if there is used 10gbe intel or bnx nic then almost everything is fine until i`m not starting to use TC traffic shaper - then also internet connection inside virtual machines drops down to 30-300kB/s, but with Desktop nic`s or with 1gbe server nics the problem apears even without TC filters
13:37 < djph> sounds like you're simply overloading the card.
13:38 < grauzikas> when there is only few virtual machines - everything worsk fine even with TC filer
13:38 < grauzikas> i thought so too that may be card is overloaded
13:38 < batch> you are basicly flooding the NIC
13:38 < batch> :p
13:39 < grauzikas> but on node everything is fine
13:40 < grauzikas> and yes i thougth that i`m flooding nic with arps (because on my network there is alot of arps) or something, but why then on node everything is fine?
13:41 < batch> you can set kernel parameters to open and close sessions faster, i have to look it up again myself
13:41 < batch> i once read it for making wordpress performance on system go better
13:42 < batch> but that's in linux for what i mean
13:42 < grauzikas> i`m using linux machine as node
13:43 < batch> hmm sorry no it was to improve apache
13:43 < batch> my bad
13:43 < batch> idk if iptables is able to set speeds?
13:43 < batch> transfer limits
13:44 < tdn> I am looking for a decent 16 or 24 port 1 GbE switch that will be used to run 24x7. What are your GO TO recommendations? I have previously used Netgear and HP. Is something like NETGEAR ProSAFE GS716T any good? Or should I go for Ubiquity?
13:44 < djph> Ubiquiti.
13:44 < djph> spell it right.
13:44 < tehjanosch> yeah, i would always pick any vendor over netgear
13:44 < batch> oh here grauzikas https://making.pusher.com/per-ip-rate-limiting-with-iptables/
13:45 < djph> tehjanosch: even tp-link?
13:45 < tehjanosch> hum
13:45 < grauzikas> one moment ill check
13:45 < tehjanosch> genuine question
13:45 <+catphish> i actually really like tp-link for home stuff
13:46 < tehjanosch> i agree with catphish. home stuff tp-link > netgear, otherwise it's the same :)
13:46 <+catphish> i'd avoid low end netgear, though i use their "business" products heavily
13:47 <+catphish> the only time i've had a failure, it was covered by their lifetime warranty and i got an upgraded model
13:48 < batch> i got gs305 which is very nice but unmannaged
13:48 < batch> unmanaged*
13:49 < grauzikas> batch: i dont think that this is solution, because with Desktop nic`s it hapens even without TC shaper
13:49 < grauzikas> need to figure out whats wrong and i dont know how, i have checked all logs - nothing.
13:49 < detha> grauzikas: with 'node' you mean VM-host/hypervisor ?
13:49 < grauzikas> i have checked pps,bps and everything is in normal condition
13:50 < grauzikas> Node is hypervisor
13:50 < batch> yeah, what are the specs of the node grauzikas
13:50 < batch> arh
13:50 < grauzikas> on hypervisor everything is fine
13:51 < grauzikas> on virtual machine what runs on hypervisor i have low internet connections
13:51 < grauzikas> i have few different nodes
13:52 < grauzikas> one of them is dell blade m620 with E5-2690 v2 and a lot of memory
13:52 < detha> have you tested with slowly increasing number of VMs to see if there is a threshold? like, 2 to 41 works fine, with 42 VMs it suddenly slows down, or 'the more VMs I add the slower it gets'
13:52 < grauzikas> Ethernet controller: Intel Corporation 82599 10 Gigabit Dual Port Backplane Connection
13:52 < dp> gimmeh
13:52 < grauzikas> it slows down like you say
13:53 < grauzikas> for example if there is 30 VMs everything is fine
13:53 < grauzikas> if there is 40 then thinks starts happening
13:53 < grauzikas> on different servers from different amount
13:53 < grauzikas> for exmaple i tested on desktop PC then with 30 servers i already have slow connection inside VM and even packet loss
13:54 < batch> would that be cause by routing protocol then maybe detha ?
13:54 < batch> or more like to be caused by metrics or something
13:54 < grauzikas> strange think is that that on VM when i`m testing with wget i have slow speed
13:54 < grauzikas> so it means TCP
13:54 < grauzikas> but when i`m testing one moment ill do test again to be sure
13:54 < detha> that sounds like a 'running out of X'. Now to find X. Some fixed in-memory table is a prime suspect
13:55 < grauzikas> with speedtest i`m getting full speed
13:55 < grauzikas> ill make test again to see what results with speedtest-cli
13:56 < detha> conntrack state, bridge ARP lookup table, something like that
13:59 < grauzikas> conntrack is disabled how i understand
14:00 < detha> not doing any NAT? nice.
14:01 < batch> my guess is that that was meant ironicly? :p
14:03 < grauzikas> there is some nats, but on node, ill try to delete them
14:03 < batch> the node is the gateway
14:03 < batch> doing internal network to bridged?
14:04 < detha> batch: no, I have to admit that was out of character, but it wasn't meant ironically. Most VM setups are full of NAT
14:04 < batch> awh allright yeah
14:05 < detha> grauzikas: also, how is performance between VMs? Like when you run iperf between two VMs, do you also see a slow-down?
14:05 < batch> yeah communication back and furth is necessary and gets fixed with conntrack
14:05 < batch> maybe much more gets fixed with that aswell
14:05 < batch> interesting case
14:05 < batch> :p
14:06 < grauzikas> ill check
14:06 < grauzikas> one moment
14:11 < grauzikas> [ ID] Interval       Transfer     Bandwidth
14:11 < grauzikas> [  3]  0.0-10.0 sec   532 MBytes   445 Mbits/sec
14:11 < grauzikas> these two vms are on same node, but from different vlans
14:11 < grauzikas> these two vms are on same node, but from different subnets****
14:12 < grauzikas> vlan is same
14:12 < detha> where is the routing between the subnets? on the hypervisor?
14:13 < grauzikas> how i can see the next hope is core router, so node doesnt knows about that another vm is on same node
14:13 < grauzikas> i mean there is no arp with same mac
14:14 <+catphish> it wouldn't be the same mac
14:14 < grauzikas> yes
14:14 < grauzikas> i mean node doesnt have each vm mac`s on mac table
14:14 < detha> if next hop is a router somewhere, VMs on different subnets will be talking to each other through there, so out NIC -> router -> back into NIC
14:15 <+catphish> if they're on different subnets, then the traffic will go to whatever the default gateway is and back, yes
14:15 <+catphish> unless they're using ICMP redirects
14:16 <+catphish> as detha says, VM -> NIC -> Router -> NIC -> VM
14:17 <+catphish> if they're definitely on the same vlan, you can always manually add a direct route
14:17 <+catphish> ip route add other_node/32 dev eth0
14:18 < grauzikas> yes i know, but the problem not with routing. the problem is that when there is some amount of VM`s then in VM when i`m wgeting speed drops down and in same node where VM`s are running everything is fine
14:18 <+catphish> err what?
14:19 <+catphish> are you saying traffic is fast between VMs on the same physical host, but slow between different hosts?
14:19 < detha> depends on how chatty those VMs are. If there is a lot of inter-VM traffic, that may well saturate that NIC
14:20 <+catphish> if so, you need to check the exact route those packets are taking, maybe it's slow because the NIC is saturated, maybe it's slow because it's going via a router
14:20 < detha> simple check: when things are slow, what traffic volume (in and out) are you seeing on the NIC?
14:20 <+catphish> is this OP's network? or a third party provider?
14:20 <+catphish> if it's the former, this shouldn't be hard to debug
14:23 <+catphish> grauzikas: just to restate my questions? are you saying communication betwee 2 VMs is fast when they're on the same physical host but slow when they're on different hosts? are the VMs on the same subnet? or different? same vlan or different? is this consistent between tests?
14:23 <+catphish> if i know all this i can maybe start to recommend how to debug
14:24 < grauzikas> https://pastebin.com/k45EWwNL
14:25 < detha> catphish: from what I've gathered so far: hypervisor, with n VMs on it. Some VMs in different subnets, ebtables enforcing which VM can use which subnet. Works fine for n<say 30, significant slowdown for n>30 from VMs to elsewhere
14:25 <+catphish> wow something's broken there
14:25 < grauzikas> this is remote mirror
14:25 < grauzikas> on on my network
14:25 < grauzikas> not on my network
14:25 < grauzikas> if there is only few vms on node then everything is fine
14:25 < kepler> oh, he is saying his VM network is slow, but his host network is fast?
14:26 < grauzikas> yes :) :)
14:26 <+catphish> grauzikas: have you looked at top to see if something is eating CPU when doing this?
14:26 < kepler> what are you running as your hypervisor?
14:26 < grauzikas> its openvz 7 virtuozzo
14:27 <+catphish> eww :)
14:27 < grauzikas> bridged mod
14:27 < kepler> mmm, good luck buddy!
14:27 <+catphish> grauzikas: i wonder if you've accidentally duplicated an IP or MAC
14:28 < grauzikas> this is desktop machine for testst
14:28 < grauzikas> https://pastebin.com/KMTfpzbX
14:28 < grauzikas> even when vms doing almost nothing it has problems
14:28 < detha> eew openvz indeed. contention, around something, I'd guess. Not much experience with openvz except 'try, no, do not want'
14:28 <+catphish> this feels like a duplicated MAC or IP, that would kill speed and cause random problems
14:28 < grauzikas> catphish: you think this can involve int problems like this?
14:28 <+catphish> i see no other reason why more idle hosts would cause a problem
14:29 < grauzikas> i will create a bash script to check that
14:29 <+catphish> grauzikas: use arping -b to check for duplicate IPs
14:29 <+catphish> in particular, the host that's having problems, and the gateway IP
14:29 <+catphish> *the VM that's having problems
14:30 <+catphish> duplicate MACs are harder to test for, you should be able to view the mac table in brctl showmacs
14:30 <+catphish> keep checking the MAC of the VM points to the right port
14:31 <+catphish> accidentally duplicating a MAC or IP would definitely cause these exact intermittent problems though
14:31 <+catphish> especially if it only impacts 1 or 2 of the VMs
14:32 <+catphish> so here's a weird question: if i have a unicast route 0.0.0.0, does this include class D and E? or does linux know not to treat those as unicast?
14:33 <+catphish> *0.0.0.0/0
14:34 <+catphish> my juniper router seems to match 240.0.0.1 and 224.0.0.1 to 0.0.0.0/0
14:34 < grauzikas> all VM`s has same problems
14:34 <+catphish> grauzikas: that's a little more strange then :(
14:34 < grauzikas> and all vms starts getting these problems at same time after some amount of vms
14:34 < grauzikas> vzlist -o ip | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq -c
14:34 < detha> linux knows that is multicast. compare output of 'ip route get 223.1.1.1' and 'ip route get 225.1.1.1'
14:34 < grauzikas> everywhere only 1
14:34 < grauzikas> so no in config ip duplicate
14:35 < kepler> are your VMs swapping? is it an I/O issue?
14:35 <+catphish> detha: you're right, linux knows it's multicast, but it treats class E as unicast
14:35 <+catphish> multicast 224.0.0.1 dev enp3s0  src 10.0.2.82
14:35 <+catphish> 240.0.0.1 via 10.0.2.1 dev enp3s0  src 10.0.2.82
14:35 < detha> class E is still officially 'reserved for future use' I think?
14:35 <+catphish> detha: correct
14:36 < kepler> that means you can have it
14:36 < kepler> email arin or ripe or w/e
14:36 < batch> it need SLP?
14:36 < kepler> tell them i said you can have it
14:36 <+catphish> kepler: sure you can, you don't even need permission :)
14:36 < kepler> im saying you can announce it in bgp, just ask nicely
14:36 <+catphish> juniper seems to treat *both* as unicast, unless there's some other logic i'm missing
14:37 <+catphish> kepler: again, sure you can, the challenge is getting anyone to route to it :)
14:37 < batch> would defined horizon matter in this situation
14:37 < kepler> everyoen will be cool about it and just let it happen
14:38 < batch> i see you guys talk about unicast but isn't it more likely to be some multicast situation
14:38 < detha> catphish: juniper has a point - until someone subscribes, it is 'multicast or unknown unicast', which is treated the same
14:38 <+catphish> it's not really that ridiculous to use 240.0.0.0/4 as unicast these days within an AS, it's never gonna get used for anything else
14:38 < batch> ah i read wrong
14:38 < grauzikas> https://pastebin.com/eFh5fu6E
14:39 <+catphish> detha: yeah it seems to default to unicast, which makes sense i think
14:40 <+catphish> i don't really understand multicast at all :(
14:40 < grauzikas> kepler with idling server i have same error
14:40 < grauzikas> i think that something with nic`s
14:40 < grauzikas> or kernel settings
14:40 <+catphish> i kinda understand it on a local level, but not when routing gets involved
14:40 < grauzikas> or may be arp flood, but there isnt much arp`s
14:40 <+catphish> grauzikas: did you check the showmacs output?
14:40 < kepler> catphish: every time i read about multicast i know less about it
14:41 < kepler> catphish: i think it makes sense though, you should unicast to a multicast addr, and then whatever is doing that multicast crap does whatever replication
14:41 < detha> grauzikas: it sounds like contention. have a look at the various things in /proc/net, see if something stops increasing above so many VMs
14:41 < grauzikas> hudge output
14:42 < grauzikas> https://pastebin.com/hWPQQ23K
14:42 <+catphish> kepler: yeah, this is the part i'm really unsure about, do you send multicast to your default route if you have no local subscriptions? and even if you do have local subs, should you send it there anyway? :|
14:43 <+catphish> or should your default gateway explicitly tell you what multicast you should send there?
14:43 <+catphish> i guess i should go learn
14:43 <+catphish> i have some multicast IPs, never tried using them
14:43 < kepler> i just enable it when something tells me to
14:43 < kepler> and it works
14:43 < kepler> ususally
14:44 < grauzikas> https://pastebin.com/UE5SkX7a
14:44 < grauzikas> and there is some duplicates in macs
14:44 <+catphish> it's nice and simple on a LAN, basically just filtered broadcast
14:44 < kepler> yeah, i dont think i've ever had to do it over multiple subnets
14:44 < detha> huh? why does that have duplicates in it?
14:44 <+catphish> you really shouldn't have duplicated MACs on a switch
14:44 <+catphish> that shouldn't be possible
14:45 < detha> they both point to the same ports, so that tables looks a bit damaged
14:45 < kepler> tell that to this dude who in vmware cp'd a vmdk instead of using vmkfstools to clone it, then for 3 weeks crawled up to CIO to bitch about file share issues to that (those) boxes
14:45 <+catphish> what is fe:18:51?
14:46 < detha> VMs I guess, local things.
14:47 <+catphish> oh, they're LA addresses
14:47 <+catphish> that's ok, but they really shouldn't appear twice in the MAC table on the same port
14:47 < kepler> it is just realllllly sure that it is there
14:48 < detha> may have to do with spinning VMs up/down quickly
14:48 <+catphish> wait, we don't know its on the same port
14:48 < batch> broadcast address maybe wrong
14:48 < batch> /subnetmask
14:48 < detha> first column is port
14:48 <+catphish> detha: no, he mangled the output, first col is count
14:49 <+catphish> grauzikas: can you send the unmangled output?
14:49 < detha> in this one https://pastebin.com/hWPQQ23K
14:49 <+catphish> detha: oh sorry didnt see that
14:49 < detha> port 1 is 'NIC to rest of network' I guess, the others are VM bridges
14:50 <+catphish> those duplicates are weird
14:50 <+catphish> but i don't see why they'd be a problem
14:51 <+catphish> grauzikas: can you do a normal ping from the host to the VM? see how that goes
14:54 < grauzikas> https://pastebin.com/5zwEHffr
14:54 <+catphish> keep going a while
14:55 <+catphish> better idea: doa ping from the VM to the host, and a ping from the VM to 8.8.8.8
14:55 < detha> 1.something ms? Is that going out the NIC and back in again?
14:55 <+catphish> run them a while, and compare
14:55 <+catphish> his VMs are on different subnets right? so i'd expect such a ping to go via the router
14:56 < detha> yeah. guess so
14:56 < grauzikas> https://pastebin.com/nQ1h11Np
14:56 <+catphish> ugh, not secret IPs
14:56 < grauzikas> ok
14:56 <+catphish> so yeah, via the router as expected
14:56 < Phil-Work> can you be trusted with real IPs, catphish?
14:57 <+catphish> grauzikas: run pings from the VM to the router, to the internet, and to the host, see if any of them lose packets
14:57 <+catphish> they really should if there's a problem
14:57 < detha> Phil-Work: no, but he'll do for VIPs
14:57 <+catphish> but maybe it only happens under load
14:58 < detha> also, rather asymmetric times. Is that router overloaded?
14:59 <+catphish> those are some pretty sucky ping times for 2 local hops
15:00 <+catphish> i get 0.3ms between subnets on my network
15:00 <+catphish> i don't think that's necessarily relevant, but could point to some load
15:01 < grauzikas> from VM to NODE: https://pastebin.com/q7jgXXH0
15:02 <+catphish> that's nearly 1% loss :(
15:02 <+catphish> grauzikas: can you compare that to pings to the internet, and pings to the router
15:03 <+catphish> something's definitely overloaded or broken though
15:03 <+catphish> you just need to pin down which hop is the problem
15:04 < grauzikas> from VM to GOOGLE: https://pastebin.com/63TXpFwg
15:04 < grauzikas> from NODE to GOOGLE: https://pastebin.com/n8gqGZ5b
15:05 < grauzikas> so NODE to GOOGLE no loss
15:05 < grauzikas> VM what is on same NODE has loss
15:07 < grauzikas> from NODE to VM_GATEWAY no loss
15:07 < grauzikas> so bridge has some shit or VM side virtual interface
15:08 < bezaban> what happened to the internet
15:08 < bezaban> http://downdetector.com/status/level3/map/
15:08 < Apachez> are we all gonna die?
15:09 < bezaban> packet trade embargo?
15:09 <+catphish> grauzikas: you haven't tested the most important link: VM to gateway
15:10 <+catphish> that's likely where the problem lies
15:10 <+catphish> grauzikas: once you've established that, you can run tcpdump on the internal and external interfaces in the bridge, and see at which point the packets go missing
15:12 < grauzikas> VM to GW: 312 packets transmitted, 308 received, 1% packet loss, time 31284ms
15:13 <+catphish> so you've almost found the problem
15:14 <+catphish> unfortunately that hop is a little complicated
15:15 <+catphish> i'd run a tcpdump next on the host, specifically on the 2 interfaces (vm and physical lan), and see at which point those packets are getting lost
15:15 <+catphish> for each ping, you should see 4 frames (vm -> host, host-> router, router -> host, host -> vm)
15:16 <+catphish> if you're lucky, you'll be able to identify exactly at which stage the packet goes missing
15:16 <+catphish> also, while you're at it, why not just double check you don't have any duplicate IPs on that subnet, arping -b at least the problematic guest, and its default gateway
15:17 <+catphish> make sure you get exactly one response from each
15:17 <+catphish> this will also identify any other nasty thins like loops
15:22 < grauzikas> started 3 tcpdumps: 1: on VM; 2: on node to bridge interface br0; 3: on node to virtual vm interface on node side. may be it will show where the evil lives :)
15:22 <+catphish> don't tcpdump the bridge interface, tcpdump the members
15:22 <+catphish> you'll get more useful information
15:23 <+catphish> again, make sure you get one response per arp request for the vm and vm gateway IPs too
15:25 <+catphish> but yeah hopefully you'll see the exact step where the packet is lost
15:44 < grauzikas> i have found where packet lost
15:48 < Donjuanal> anyone here ever encountered an issue where a cisco switch console port requires enable password even when logging in with a priv 15 user?
15:50 < Donjuanal> nvm, solved it
16:09 < detha> grauzikas: don't keep us in suspension. I had a $5 bet on 'between VM bridge and NIC'
16:11 < grauzikas> :)
16:11 < grauzikas> one moment
16:12 < grauzikas> https://pastebin.com/rWLyzXC4
16:12 < grauzikas> https://prnt.sc/k1ms11
16:18 < detha> Interesting. So it gets to the VM side of the bridge, but is never passed on to the VM. But the bridge knows to send it to that particular VM, so MAC table is correct.
16:20 < grauzikas> more interesting think why this starts after some amount of VM`s and if there is more vms then more loss
16:21 < grauzikas> something overloaded, but there is no any contrac tables
16:21 < detha> I have no idea how network isolation is handled in openvz; it is all the same kernel, so technically passing a packet from the bridge into the VM should be 'here is the skb pointer, be happy with it'
16:21 < grauzikas> or also it may be openvz bug, but they are using redhat kernel, but with them paches
16:22 < grauzikas> it will be the same method like in KVM
16:23 < detha> kvm virtio maybe, but that involves a bit of segment descriptor magic iirc. for KVM eth it pretends to be a network adapter, and copies the packet into where the network adapter's DMA would have put it
16:24 < detha> point is, with openvz it shouldn't be necessary to allocate a new buffer and copy the packet
16:25 < grauzikas> https://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-network/networking-modes-in-virtuozzo.html
16:25 < grauzikas> Bridged Mode for Containers
16:25 < grauzikas> looks same
16:31 < detha> yeah. you said there was ebtables involved somewhere ?
16:31 < grauzikas> yes, to limit ip usage for vm`s
16:32 < detha> I am wondering if that isn't what is eating it. Can't say without seeing the IP addresses, but possible. What if you temporarily disable that, and do the same test?
16:33 < detha> no ebtables, or an empty 'just accept all' rule
16:34 < Guest34886> hello, I am connected to a VPN, I'm trying to redirect all trafic to certain websites to go through my "not vpn interface", but failing... when I add the routes, they're OK for like 3 seconds, but then they get automatically rebinded to the interface of my VPN... (on windows)... why is that ?
16:35 < Aeso> Guest34886, chances are the VPN client has some sort of tool to prevent you from doing just that. Full tunnels are preferred for security reasons.
16:36 < mawk> on windows I guess it'd be tricky to do that Guest34886
16:36 < mawk> if you were on linux there are several pretty clean solutions to that problem
16:36 < mawk> cgroups, network namespaces
16:36 < Guest34886> Aeso: I was thinking along those lines as well... I'm using "Pulse Secure". There is no info saying it's doing that on the internet but I figured it must be
16:39 < Guest34886> mawk yeah I used to do that on Linux pretty easily
16:39 < Guest34886> maybe I can make a script that just resets the route every second
16:39 < mawk> that's very unclean
16:40 < mawk> what kind of route are you adding exactly ?
16:40 < Guest34886> yes but I have to somehow beat the vpn client, he is doing that for sure (rewriting every x seconds)
16:40 < Guest34886> mawk actually what I have done is use a custom PAC file
16:41 < Guest34886> for spotify, it redirects to the proxy of my company, not my vpn
16:41 < grauzikas> detha: :D :D :D
16:41 < grauzikas> ebtables problem
16:41 < mawk> proxy and vpn aren't at the same level Guest34886
16:42 < mawk> if you're adding a proxy it doesn't bypass the vpn, it's just added on top of it
16:42 < Guest34886> mawk I know but they're both involved in this
16:42 < detha> grauzikas: cool, so you know where the problem is. one step closer
16:42 < Guest34886> both networks need a proxy to get out
16:42 < mawk> ah
16:42 < grauzikas> probably because i was using ebtables to limit /112 ipv6 addressess per each VM :)
16:43 < detha> Guest34886: pulse secure is one of those 'managed' things; the VPN server can tell them to not allow split tunneling
16:43 < grauzikas> so 50 VM`s means 50x /32 ipv4 and 50x /112 ipv6
16:43 < Guest34886> so my PAC checks if the host contains "spotify", and if yes it redirects to "company proxy", but to be able to touch it I need to have a route to it through the right IFace, but I don't because my client keeps rewriting it
16:44 < grauzikas> so may be ebtables cant handle that much of ipv6 addresses
16:44 < detha> grauzikas: ebtables should be able to handle that, but possibly there are knobs in sysctl somewhere to tweak it
16:45 < Dagger> that should probably be handled by giving the VMs a WAN address and then routing the /112s
16:45 < detha> would be interesting to see if it is # entries, start 50 VMs, ping from one, then manually delete the rules for a bunch of others
16:45 < Dagger> except actually it should be handled by routing /64s, or more if needed by the VM
16:46 < detha> Dagger: openvz, so I sense 'hosting platform', where each VM is a different tenant, and we do not want one tenant to hijack another tenant's IP
16:47 < lupine> I've used ebtables to set up port security on VM hosts with 200 VMs before
16:47 < lupine> it works, but it's awful
16:47 < lupine> and handling IPv6 multicast is an absolute pain
16:47 < Dagger> I don't see how my suggestion is inconsistent with that
16:48 < lupine> I'd suggest *not* treating the VM hosts as L2 switches. it's just painful
16:48 < detha> Dagger: gotta make them pay for a full /64 ;)
16:52 < Aeso> just turn each host into a VTEP :)
16:52 < detha> anyway, regardless of size, it appears to be the number of ebtables rules, irrespective of /112 or /64 per rule
18:55 < bipul> Hi.
18:55 < skyroveRR> Hi.
19:19 < Zedax> hello, in gigabit ethernet, what is the expected bw?
19:19 < fryguy> uh. gigabit.
19:19 < adleff0> are you serious
19:20 < Zedax> yes i am, i mean real bw not link speed
19:20 < fryguy> again, gigabit
19:20 < djph> 950-1000mbps
19:20 < adleff0> Zedax, the link runs raw at 1.2 gbit, the symbol rate (effective throughput) is 1 gbit
19:20 < Zedax> like 1000Mbps would be 125MB/s and i haven't met a network that reaches that
19:21 < djph> generally because your stuff can't sustain it.
19:21 < Aeso> ^ This.
19:21 < Zedax> not the case
19:21 < adleff0> Zedax, the rate at which data bits are placed into the wire in the interface is 1 gbit
19:21 < adleff0> full stack throughput is not the same thing as asking what speed a gig interface runs at
19:21 < Aeso> Zedax, so let's talk specifics, then. What protocol are you talking across the link? What's the latency between hosts? What's your measured packet loss?
19:22 < Mr_Roboto> Hey this is kind of a hail marry but any of you deal with Exadata or know of a chan with ppl I can bother in it that do?
19:22 < adleff0> Mr_Roboto, check to see if they run a slack group
19:23 < Zedax> basically i never get more than 940Mbit, either tcp or udp, tried with several computers with different nics, atheros, intel, realtek, ubiquiti edgerouters, mikrotik hexs, my own router that is an i7 with hw offload, the latency is 0.180ms
19:24 < Zedax> gigabit ethernet, of singlemode fiber, i get same bw
19:25 < Zedax> thats why i asked in case i i'm missing something obvious
19:25 < Aeso> Zedax, 940Mbit/s payload, or 940Mbit/s of ethernet frames? How are you measuring this bandwidth?
19:25 < ||cw> Zedax: using what program?  are you adding in the protocol overheads?
19:28 < Aeso> Most Ethernet frames are 1518 bytes, but remember there's typically a 8 byte preamble and a 12 byte interframe gap, so there's 20 bytes overhead
19:29 < Aeso> Plus 20 bytes for IP and 20 bytes for TCP. Your MSS is typically 1460
19:30 < Aeso> and if you're measuring those segments, (1538/1460)*940 = 990MBit/s line rate, which is pretty close to your target 1Gbps
19:32 < Aeso> (I forgot to mention the Ethernet header and FCS, which totals another 18 bytes. That's how I got to 1460)
19:33 < Aeso> Jumbo frames would get you closer to 990MBit/s, but most people find the configuration overhead not worth the extra ~5% performance
19:34 < Aeso> cc Zedax
19:36 < Zedax> Aeso: i have been trying with iperf3, netcat and other simmilar, the lan mtu is 1500, yes the mss should be 1460 i think, i was checking in the router, so then i guess unless i enable jumbo in the lan, 940-950 is the expected speed?
19:36 < Zedax> Aeso:  i think all devices allow for 9k jumbo but i'm not sure if i can enable in the switch easily
19:38 < Aeso> Zedax, depending on how you value your time, there's a good chance you could have just bought some cheapo used 10G NICs and come out ahead already :P
19:39 < Aeso> 940MBit/s is the max for a 1460 MSS. Jumbo frames should see ~990MBit/s depending on the size supported.
19:41 < Zedax> Aeso:  i considered that, i have cat6a in all the house or fiber to there shouldn be any problem for even 10g, but 10G ethernet is pretty expensive, i could get second hand sfp cards, but the problem is in the 10g switches, the ones in 10G that arent rack sized and without fans.. are super expensive
19:41 < Zedax> Aeso: thanks
19:43 < E1ephant> lol
19:43  * E1ephant enjoys more ice cream
20:22 < chris_99> Hi, i'm just wondering if anyone has got any recommendation's for wireless mesh routing protocols for Linux, i'm going to play with Babel tomorrow, i'm just wondering if there are any others you'd recommend? (i'm going to be using an ad-hoc wifi network for it)
20:33 <+pppingme> chris_99 wireless mesh is usually very messy, do it right the first time..
20:33 < chris_99> heh, oh dear, why so, the routing protocol or..?
20:33 <+pppingme> how big of an area are you trying to cover, or what are you trying to accomplish with the "mesh"?
20:34 <+pppingme> wifi is a shared medium, and you're pumping everything over it multiple times..  thats why its bad, the protocol is almost a side issue
20:35 < chris_99> ok, so i'm creating a sensor network indoors in a large warehouse type area, so rather than using APs i figured a mesh may be useful, but i'd be open to reasons why it might not be. im trying to use 802.11ac too
20:36 < chris_99> but that's a good point re. shared medium
20:38 < ||cw> xbee pro with a gateway device is superior for sensor meshes, the reason they are pricey is because they work awesome
20:38 < chris_99> does that use zigbee?
20:38 < ||cw> yeah
20:39 < ||cw> but that's more for embedded than linux, arduino, pic, etc
20:40 < chris_99> yeah
20:45 < ||cw> I do happen to know the guy that runs gowasabi.net/, and he has this page http://gowasabi.net/content/software-employed, and if you're wanting to use open stuff and contribute back I'm sure he'd respond to questions
20:47 < chris_99> cheers thanks. so i'm actually gonna be using RPi 3 B+, i have the ad-hoc stuff working, need to play with different routing protocols now. i'll take a look at those pages for what they're using routing wise
20:47 < chris_99> oh OLSR interesting, i'm pretty sure a friend used that for a MANET a while ago
22:25 < Wixy> Hey guys, some days ago I asked here if it was possible to bypass CloudFront. Some of you said it wasn't, right?
22:25 < Wixy> Well, don't know how, but it is possible, I've seen a person doing just that
22:25 < Wulf> Wixy: depends how it was configured
22:25 < Wulf> Wixy: sometimes the upstream is directly accessible, sometimes it only accepts requests from cloudfront.
22:26 < Wixy> in this case it accepts requests from everywhere
22:26 < Wixy> but I don't know how to get the IPs
22:28 < Wixy> it looks like what this person does is it uses a "service" to reverse the IP
22:28 < Wixy> and he checks if the domain is *.cloudfront.net or if it actually resolves to ec2
22:29 < Wixy> ie *.compute.amazonaws.com
22:29 < Wixy> but how or from where is he getting the IPs in the first place?
22:31 < Wixy> he came up with a list of around 20 IPs that resolves to different servers behind CF, wtf?
22:33 < Peng_> There's no magic way to do that, unless Amazon has some API vulnerability. They're probably relying on archived data, scans and leaks (e.g. in error pages).
22:34 < Wixy> I know there's no magic way to do it, but there is probably a service providing that archived data, scans or leaks
22:57 < Wixy> Peng_, how would you get any useful info from error pages?
23:02 <+catphish> Wixy: it's impossible unless the person has published their IP somewhere, maybe in the past, or maybe on another domain they forgot about
23:02 < value_> hi
23:03 <+catphish> Wixy: i suppose there are other ways, the server might provide a hostname in an error message somewhere, and that name may resolve directly to the server
23:03 < value_> how does parallel connection works for example with http from same browser to same server? it uses the same socket?
23:03 <+catphish> but there's no one simple way to do it, CF won't provide this information
23:11 < tds> I guess it might be feasible to scan the whole ipv4 space for a server which replies to http requests with that hostname in the host header with the right content
23:12 < android> Can trycorder work on captive portal?
23:13 < ^7heo> hi constant
23:14 < brentaarnold> Entry level Cisco ASA vs Juniper SRX
23:14 < ^7heo> round one
23:14 < brentaarnold> What you guys think?
23:14 < ^7heo> FIGHT!
23:14 < brentaarnold> lol
23:14 < brentaarnold> I've been fighting for two nights in my mind
23:14 < brentaarnold> I need someone else in the ring
23:15 < ^7heo> IMHO Cisco vs Juniper == no brainer.
23:15 < ^7heo> always juniper
23:15 < brentaarnold> Haha, I just put in an SRX 320
23:15 < brentaarnold> I'm loving it
23:15 < brentaarnold> neverr used ASA
23:15 < brentaarnold> or any 2960/ios
--- Log closed Tue Jul 03 00:00:08 2018