--- Log opened Mon Jul 09 00:00:31 2018 00:01 < Kingrat> what kind of router do you have? what kind of ads? 00:01 < Kingrat> what isp? 00:18 < TandyUK2> could be DNS poisoning too 00:18 < WinNoob> DLink, scam-ads, would prefer not to say ISP name if that's okay. I'll say that the ISP is from asia 00:18 < Peng_> "freenode sites"? 00:18 < Peng_> Are they HTTPS...? 00:20 < WinNoob> Not https. Freenode site I used was: freenode-windows.org 00:22 < WinNoob> I haven't seen any popup ads on https sites. Though it could be that I never noticed, since it doesn't occur frequently enough for me to generate reliable results from testing 00:24 < WinNoob> I can only be sure that it can happen, when it happens. I can't be sure that it won't happen 00:29 < WinNoob> TandyUK2: I'd assume DNS poisoning of the ISP routers? Or are you suggesting something else? 00:34 < TandyUK2> WinNoob: what dns servers are you actually using? 00:34 < MaxSan> hey folks 00:35 < MaxSan> Trying to setup a server and after configuring the enp3s0, I get Destination Host Unreachable 00:36 < MaxSan> from my router, correct IP for the site and its a message from the router configured name 00:36 < MaxSan> I can ping my box from here though fine 00:36 < WinNoob> TandyUK2: umm... the default one? -,-' nslookup says 'uknown' 00:40 < qwedfg> do you know if I can use existing single mode 10gbps fibre for 100gbps? 00:42 < TandyUK2> if its OS2 it should be fine 00:57 < MaxSan> laptop can ping the server but not vice versa oO 00:57 < MaxSan> any clue on what part of this config is broken with that info be appreciated ^_^ 01:18 < lem0n> any opinions on the ubiquti edgerouter product line? 01:18 < lem0n> for SOHO use 01:19 < lem0n> that is of course what the product line is geared for - am just trying to pick out some hardware for my home office to replace the old hardware i have - am looking for some fairly advanced hardware, intend on using CLI, and am trying to pick between used cisco or ubiquiti 01:19 < c|oneman> I would probably not use cisco after my bad experience with the ASA at work 01:19 < c|oneman> then again 01:19 < lem0n> Haha - we use tons of ASA's at work 01:19 < c|oneman> I hate CLI, so 01:20 < lem0n> was just writing firewall rules for a 5585 01:20 < MaxSan> nvm folks got it working 01:20 < MaxSan> :) 01:21 < lem0n> Im studying for a Cisco cert too. Cisco equipment is really expensive so have to buy old/used hardware and licensing is weird 01:21 < lem0n> for study purposes, can use a simulator 01:21 < lem0n> but part of me also wants to buy the hardware 01:35 < Mad7Scientist> I have out a personal URL to one person, who I believe used an Android device to access it 01:36 < Mad7Scientist> Now it's been visited by a search engine and the Internet Archive 01:36 < Mad7Scientist> BingBot and Semrushbot 03:25 < FightingFalcon> How do i add a subdomain to Hetzner Dns console? 03:32 < FightingFalcon> Should you include a "." (full-stop) after a dns record? Like "example.com. IN A 133.41.23.12" 03:33 < light> if you don't want a suffix added,s ure 03:33 < light> in general though it cuts down on typing if you only have to put in the host portion and the rest is added automatically 03:37 < FightingFalcon> what happens when you add the . ? 03:38 < Mchammerdad> Hey guys, anyone deploy unifi products out in the field extensively (I'm particularly intersted in the USG line) 03:48 < light> FightingFalcon: the suffix is appended 03:52 < FightingFalcon> what suffix? 04:04 < my_mind> hey 04:05 < my_mind> i have an issue with a small network I just built, 3 computers, 1 server, 1 router, 2 switches 3 ip phones, 1 network printer 04:05 < my_mind> computers can ping the router but they can't ping each other. 04:07 < Holo> you need to set up routing? 04:08 < Holo> how does subnet A know where subnet B is? 04:08 < my_mind> there is only one subnet 04:10 < my_mind> weird part is that the PCs can rdp each other' 04:11 < Holo> ok so 04:11 < kepler> my_mind: local firewalls 04:12 < my_mind> why would firewall block ping? 04:12 < Holo> internet > router > switch > switch plugged into switch or consumer router switch port > computers? 04:12 < kepler> my_mind: they are your machines, i dont know why you block ping 04:13 < my_mind> i didn't block ping, they have fresh installs 04:13 < blocky> hi, i've been doing a bit of googling around wifi surveys (for a 2-3 AP single family home) and i'm wondering if anyone has an opinion what the right way to plan it out is. I was looking at netspotapp but I also read some comments on reddit saying things like "heatmaps are useless" 04:13 < kepler> turn off firewall and see if you can ping 04:14 < kepler> if you can RDP to eachother, they can talk to eachother -- just not icmp 04:14 < my_mind> Holo: internet > router > switch_1 > PCs 04:14 < my_mind> Holo: internet > router > switch_2 > IP phones 04:15 < Holo> its the computers config then 04:15 < Holo> what kepler said 04:15 < my_mind> i'll try that 04:17 < Holo> blocky no idea, I am not a wifi guy, I usually wave my phone around from the router and where it starts getting too low, Ill add a mesh point 04:17 < my_mind> yup firewall issue 04:17 < Holo> or when the speeds drop too much 04:17 < my_mind> good call kepler 04:18 < Holo> works for me for home use :P 04:18 < Holo> I will keep speed testing 04:18 < Holo> go no, this is too low and put a mesh point 04:20 < my_mind> maybe icmp is blocked 04:23 < my_mind> why would a new computer be blocking pings from firewall? 04:24 < my_mind> how do i figure out if there is something wrong with the network I built? 04:25 < trobotham> it depends on the OS, do you know where it is being blocked exactly? 04:25 < trobotham> at the router? the client itself? 04:26 < trobotham> if not, traceroute should show you 04:26 < my_mind> computers are windows 10 pro, 04:26 < my_mind> pings are blocked from windows firewall 04:26 < my_mind> on each client 04:26 < trobotham> idk, I'm not familiar enough with windows, it is possible or even likely they block icmp by default 04:27 < my_mind> no way, this isn't the first network i built with windows 04:27 < my_mind> never ran into this issue 04:29 < trobotham> a quick google search shows that if firewall is set to public and enabled it blocks icmp by default 04:30 < my_mind> thats public firewall 04:30 < my_mind> i'm talking about private 04:30 < kepler> my_mind: i always thought windows blocked ping by default 04:31 < kepler> but you know there was something wrong when you can RDP to another, but not ping. clues were: one subnet -- meaning one layer 2 domain. all on same switch means it'll never go up to the router/firewall (well, the arp will go up there, but not be responded to) 04:32 < kepler> so RDP works, meaning there is a TCP connection, so only ICMP isn't working 04:32 < kepler> if it never has to leave the switch then the router/firewall isn't it 04:32 < kepler> and unless you put ACLs on the switch itself, it is local 04:32 < kepler> err, local firewall 04:33 < kepler> stuff will only go up to your router if it needs to leave your subnet (or the router is doing some switching too) 04:35 < my_mind> hmm 04:37 < kepler> what's the first thing your computer does when you try to talk to another machine on your network? it'll ARP for it -- so if you're 192.168.1.20 and you want to talk to .30, your machine will ARP "Who has 192.168.1.30?" and that will broadcast to your subnet. it knows you want to talk inside your network, not to the router because your IP/subnet mask assignmnet 04:37 < my_mind> its fixed. icmp was off in firewall inbound rules 04:37 < kepler> so when you want to talk to 192.168.2.40, it knows that is not in 192.168.1.0/24, so it'll ARP for its gateway (usually .1), which it thinks knows where the 192.168.2.0/24 is 04:38 < kepler> yeah, but helps to understand how to get to that conclusion 04:39 < my_mind> if you didn't help, it woulve taking me longer to figure it out 04:39 < kepler> that frame never had to traverse anything but a switch, so the router/external firewall didn't come into play 04:39 < kepler> yeah, you'd have gotten it! but understanding why it basically had to be a local firewall issue helps in the long run 04:40 < my_mind> yes, true 04:49 < blocky> another wifi question, i have a unifi AC Pro AP with a 2.4 ghz and 5ghz using the same SSID. is it the client device that decides which to connect to? (mac os, if that matters) 04:49 < kepler> yes, client does 04:52 < kepler> you can tell your client to prefer one over the other 04:53 < blocky> i'm reading an old stackexchange answer that says mac os does not allow that. hoping that's out of date info 04:55 <+pppingme> blocky are you running them with same or diff ssid's? 04:55 < blocky> same ssid 04:56 <+pppingme> most people set ssid's diff, then they can give preference to one or the other, as they 'appear' to be diff networks upfront 04:57 <+pppingme> and most os's set preference by ssid 04:57 < blocky> i guess that's a solution. i wonder why the default on unifi is to use the same ssid 04:57 < kepler> i do it at home, works fine 04:57 < blocky> kepler: do which? 04:57 < kepler> leave one SSID for both bands 04:58 < blocky> i guess a related question would be, why does my mac connect to the 2.4 ghz ssid when the 5 works much better 04:58 <+pppingme> probably a stronger signal, it doesn't necessarily recognize 5ghz as "better" 04:59 <+pppingme> if you are close to AP (no walls in between, clear LOS between device and AP), does it ever pick 5ghz? 04:59 < blocky> i mean, 30 mbps and stuttering audio playback vs 300 mbps and smooth audio playback 04:59 <+pppingme> it doesn't know that until *after* it connects 04:59 < blocky> the ap is about 10-15 feet away behind a few picture frames 05:00 <+pppingme> literally anything that can absorb moisture, or anything metal, can attenuate the 5ghz signal 05:01 < blocky> also a potted plant :-x 05:01 < kepler> you can tell the unfi to do band stearing too 05:01 < blocky> kepler: i might try that. does it only work after the device has dropped from the 2.4 and asks to reconnect though? 05:01 < kepler> steering even 05:01 < kepler> you can drop the device too 05:02 < kepler> my stuff all connects to 5 unless in far corners of house, then jumps on 2 05:02 <+pppingme> are all of your devices 5ghz capable? 05:03 < blocky> i just disconnected my wifi on my mac and turned it back on and it reconnected to the 5, and the RSSI is -54 dBm (for 5ghz) vs -40ish dBm for 2.4 :-( 05:03 < blocky> pppingme: good question. I think so 05:03 < stonelore> -40 isn't bad 05:03 <+pppingme> if so, just disable 2.4 05:03 < kepler> https://i.imgur.com/JDlECIT.png 05:04 < blocky> i dont know why my mac gets such bad speeds on 2.4 anyway 05:04 < kepler> cause apple hates you 05:04 < blocky> lol 05:05 < blocky> maybe 05:05 < blocky> my other mac gets much better speeds on 2.4 though, even though it's an older modle 05:05 < stonelore> change the channel 05:06 < kepler> the unifi ap should be able to pick a clear channel 05:07 < kepler> it has tools to find clear ones (or if you're saturated) 05:07 < kepler> click ap, properties, tools, RF Environment > scan 05:07 < stonelore> good 05:08 < blocky> i will try that, thank you 05:13 < trobotham> keep in mind that 2.4 penetrates walls better than 5 05:16 < blocky> i live in an apartment building with cement walls 05:17 < blocky> but I see quite a few networks with full bars in my list 05:17 < inire> netspot is great for testing things, the free version will probably help you plan better than just looking at the dBm manually 05:17 < inire> https://www.netspotapp.com/ 05:18 < blocky> is the heatmap feature worth the $50 it costs? 05:18 < inire> i like it but i get it free 05:18 < inire> so... yeah 05:18 < blocky> lol 05:31 < GrandApe> how good/bad is it to have a web server with 100mbps interface bandwidth? 05:32 < GrandApe> any example of how large of a website can be hosted there? 05:33 < trobotham> thats not really an easy question to answer, it can vary based on the site 05:34 < GrandApe> trobotham: say, twitter workload. how many users can i host? 05:36 < myxenovia> what will happen if i drop a connection in telnet without sending quit command? 05:36 < myxenovia> like if i turn off my telnet client 05:45 < kepler> your connection times out 05:48 < myxenovia> kepler so its okay to just do force close the telnet client instead of doing quit command? 05:48 < kepler> i mean, it won't break anything 05:49 < kepler> what are you using telnet for? should prob use ssh 05:49 < myxenovia> i see. i just thought that i would get unfinished connection and will result in slow telnet in the future 05:49 < myxenovia> lol 05:50 < myxenovia> im using it to connect to a cisco device 05:50 < kepler> should def use ssh 05:50 < myxenovia> i read that ssh is so secured im going to try it thanks 06:50 < scientes> why arn't packets forwarding? http://paste.debian.net/1032930/ 06:50 < scientes> I have the routes set up 06:52 < scientes> what do the numbers mean after ACCEPT 06:52 < scientes> ipv4.forward is 1 06:53 < scientes> I am trying to forward through wireguard, I can only ping between wireguard hosts on wireguard ips 06:53 < scientes> but forwarding isn't working 06:56 < scientes> A-wireguard-B-wireless-C 06:56 < scientes> i can ping betwwen A and B, and B and C, and visa-versa, but not between A and C 06:59 < scientes> now i can ping from C to A, but not A to C 07:11 < scientes> Can I have masquerade on one host and the subnet on another host 07:18 < chapo> hi 07:24 < scientes> uggh, I spent way to long trying to get wireguard to work 07:24 < scientes> and wireguard IS working, I just can work out the routing 07:27 < bon-jong21> in theory could i run a router after a switch, then use another switch to split that? 07:28 < chapo> it sound like the same issues that the openvpn had with all the users, do you have the routing pasted to see it 07:28 < scientes> http://paste.debian.net/1032931/ chapo 07:29 < scientes> I didn't have NAT on router B, but I added it to try to get it to work 07:29 < scientes> OpenVPN is working correctly, using the gl.inet gui 07:29 < scientes> but OpenVPN is so slow 07:29 < bon-jong21> ha yup 07:31 < scientes> I can't use systemd's NAT feature cause that only works when the subnet matches the assigned IP address 07:33 < scientes> Host A ix.io/1gyL 07:34 < scientes> Host B (router) http://paste.debian.net/1032932/ 07:34 < scientes> chapo, note, Host A is scaleway, which uses Symmetric NAT to connect to my public IP address, and wireguard IS working 07:37 < chapo> give me one second looking the config 07:38 < chapo> did you check the FW,u using iptables 07:38 < chapo> what aobut the forward rule? 07:38 < scientes> the laster pastes cover that, use grep 07:38 < scientes> I though if its all ACCEPT I don't need a foward rule 07:39 < chapo> did yo udo the ipv4 forwarding? 07:39 < scientes> just net.ipv4.ip_forward=1 07:39 < chapo> ah oki 07:39 < scientes> the last two pastes cover alot of stuff 07:40 < chapo> take a look hee https://nbsoftsolutions.com/blog/wireguard-vpn-walkthrough 07:40 < chapo> on the iptables 07:40 < scientes> yes that is the one that worked 07:43 < chapo> same here 07:43 < chapo> https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/ 07:43 < scientes> I just have 3 hosts 07:43 < chapo> even though you allow the net forwaring on sysctl u need the rules 07:44 < chapo> the last link that I sent look the number 6 07:46 < scientes> I put all those into host A (VPN server) 07:46 < scientes> and it still doesn't work 07:46 < scientes> and i adapter to my subnet 07:48 < scientes> I can reach the internet from host B, but not Host C 07:48 < scientes> oh 1 sec 07:48 < chapo> ok 07:49 < scientes> I have never tried to share a wireguard connection of client with downstream consumers before 07:49 < scientes> it just hasn't worked, but it should 07:49 < scientes> it works for openvpn (but just using gl.inet's gui for it) 07:51 < scientes> and C can ping A, but A can't ping C 07:51 < scientes> hmm now A can ping C 07:52 < chapo> really? 07:52 < scientes> yep 07:53 < chapo> weird 07:53 < chapo> try this... net.ipv4.conf.all.proxy_arp = 1 07:53 < scientes> host C just can't ping the internet, while host B can 07:53 < scientes> on A or C? 07:53 < scientes> ***A or B 07:53 < scientes> B 07:54 < chapo> do it on both 07:54 < chapo> also 07:54 < chapo> do you have the allow ips subnet on the clients? 07:54 < scientes> yes, 0.0.0.0/0 on Host B 07:55 < scientes> thats why Host B can reach the internet 07:55 < scientes> and Host C is connected with a default route to host B 07:56 < chapo> can you run tcpdump 07:56 < chapo> to see whats going 07:57 < xtrWrithe> i have multiple vpns working on my local and i wanna run GUI software like browsers and pick speciffically 1 vpn, i dont want to use proxies/proxychains/socks, give some ideas to force programms use the route i choose 07:57 < chapo> we might see why you are not reaching the server and why u are not getting through the tunnel 07:57 < chapo> looks like routing its good 07:58 < chapo> but its something on the allowance 07:58 < chapo> you can run sniffer on the remote server and try to ping from local machine 08:00 < scientes> how do i ignore the current ssh session 08:00 < scientes> so i don't get feedback 08:01 < scientes> got it 08:08 < k-man> any idea if the hp HP Procurve 2910AL switches have a web interface for configuring them? 08:16 < tomreyn> k-man: a bit dated, but chances are they didnt remove the feature ftp://ftp.hp.com/pub/networking/software/2900-MgmtCfg-Aug2006-59916196-Chap05.pdf 08:17 < k-man> tomreyn, thanks 08:17 < k-man> i'm thiking of getting one off ebay for learning/testing 08:18 < tomreyn> actually that's not a model specific document. but this is http://desbrq3.n-con.net/HP/NETWORKING/J2910al-48G/Installation%20and%20Getting%20Started%20Guide.pdf 08:18 < tomreyn> -> "Starting a Web Browser Session" 08:19 < k-man> oh god, it needs Java 08:20 < XATRIX> Hi, how can i ban a certain MAC address on SG300 switches ? 08:20 < XATRIX> On a 3560 series i used #mac address-table static 30:CD:A7:26:36:9F vlan 1 drop 08:20 < XATRIX> But on that devices, there's no drop param in 08:21 < tomreyn> k-man: apparently so. it still needed java in 2016 http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03278928-5.pdf 08:22 < k-man> joy! 08:22 < xtrWrithe> XATRIX: hate to say this, but in gui is pretty easy 08:22 < k-man> when I install or update java and it puts that splashscreen "java, powering 3 billion devices" or similar - ugh. makes me feel sick 08:23 < XATRIX> xtrWrithe: not sure i have GUI on such a switch. 08:30 < tomreyn> k-man: just in case you're not aware how old those switches are https://en.wikipedia.org/wiki/ProCurve_Products 08:31 < k-man> tomreyn, only 9 years old ;) 08:32 < tomreyn> and last sold 4 years ago 08:32 < k-man> i'm just looking for something i can do testing and learning. maybe not the best choice but cheap and available to me via ebay 08:34 < light> procurve have lifetime warranty though, so they're timeless 08:35 < k-man> i've been trying to send back an HP switch with lifetime warranty that I have actually. they don't make the process easy. It failed, no power. it has an external power supply. i dodn't have a spare to test it with. 08:35 < light> really? they replaced mine no questions asked 08:36 < k-man> after over a week and bizare spam like emails form them, the replacement showed up, with no power supply. a quick test of it reveals the power supply of my old one seems faulty 08:36 < light> the only hard part was the half a day wasted on hp.com before I figured out I needed to go to the hpe site for enterprise ._. 08:36 < k-man> i emailed them again today, no response yet 08:36 < k-man> they didn';t say they won't change it. they are just a bit clueless 08:52 < scientes> chapo, maybe the problem is the number of MAC addresses (around 50) on my home land 08:52 < scientes> all bridged together 08:52 < scientes> but then wireguard wouldn't work, n 08:52 < scientes> nah i have no idea still 08:57 < z8z> Hello, in professional networking is it better to keep router and wireless access point separate as hardware device? 08:59 < Phil-Work> z8z, it's usually a requirement in larger buildings 08:59 < Phil-Work> as you need 1 router and multiple access points 08:59 < Phil-Work> or, at least, the router location isn't usually the desirable location for the access point 09:03 < z8z> So there is no reliability reason to do that 09:04 < z8z> ? 09:06 < vimal2012> If I try to access http://localhost:80 through squid, I get “The system returned: (111) Connection refused”. But if I bypass the proxy I can access http://localhost:80 09:06 < vimal2012> How to access http://localhost:80 THROUGH squid? 09:06 < Phil-Work> z8z, not really 09:09 < vimal2012> What is refusing the connections? Is it squid? or is it nginx (http://localhost:80)? 09:09 < skyroveRR> vimal2012: that you'll have to find out yourself. netstat can help you. 09:09 < Peng_> vimal2012: Is this one one computer...? Is it IPv4 or IPv6? 09:10 < vimal2012> one computer (browser, nginx, squid are all on the same computer). Don't know whether ipv4 or ipv6 (it is just default installation of these programs in arch linux). 09:19 < vimal2012> Peng_, Thanks, I figured out the cause of the problem. Previoulsy, nginx was listening on ipv4 only. Now I configured it to listen on both ipv4 and ipv6. Problem solved. 10:24 < natten> Is there a smart way to test my dns before making it live? 10:24 < natten> Its a route53 with mulitple hosted zones. 10:24 < natten> If i do "dig zone-b.zone-a.example.com @r53-zonea-ns" 10:24 < natten> I only get NS record answers (The same thing happens in a completely different environment i know is working). 10:25 < natten> Is it up to the client to get the records from the zone-b nameservers or is that the job of a higher dns? 10:25 < nomenon> valid question, I hope someone is awake to answer you 10:27 < Peng_> nomenon: Define "client". :D 10:27 < Peng_> natten* :( 10:27 < nomenon> <:D 10:28 < natten> Peng_: Haha, like browser i guess? 10:28 < Peng_> natten: Define "client". :D A stub resolver like your computer probably has doesn't do anything complicated. It creates or forwards queries to a recursive DNS server like 8.8.8.8 or whatever. 10:29 < Peng_> natten: Getting NS record answers (referrals) and asking the nameservers in question is one of the main things a recursive DNS server does. 10:29 < natten> Peng_: okay, thanks! 10:29 < Peng_> natten: You can dig @ the other DNS servers. 10:33 < Peng_> Like... https://gist.github.com/mnordhoff/f38089530a72e4b76d2ba5df22c4cfc2 10:34 < natten> I see, thanks a lot :) 11:24 < zxd> hi 11:24 < zxd> how r u 11:24 < light> asl? 11:24 < zxd> Male 37 Israel 11:25 < zxd> light: u? 11:25 < light> 14/f/california 11:26 < zxd> liar 11:27 < light> you're right, 23/f/palestine 11:27 < zxd> sure sure 11:28 < ZaliM> @light liar again. Palestine has no internet. israel stopped it all 11:28 < zxd> ZaliM: they did no? 11:28 < light> we use ip over avian carrier 11:28 < zxd> really stopped? 11:28 < ZaliM> yes 11:28 < ZaliM> they have been treated bad 11:28 < zxd> tough luck 11:29 < ZaliM> they want no1 to listen poor prople 11:29 < ZaliM> yup 11:29 < ZaliM> one of my israieli friend told me all when he was there 11:29 < zxd> there where? 11:29 < ZaliM> my friend protested but no1 listens 11:30 < ZaliM> in israiel 11:30 < ZaliM> he went there to get marry.. his family lives there 11:31 < zxd> didn't facebook or google don't remember which company had a plan to have baloons with internet access hovering over poor countries to give internet access 11:33 < ZaliM> i guess that project is prolonged... as telecommunciation companies protested that.. 11:33 < ZaliM> it will certainly effect their customers and sales 11:45 < FightingFalcon> Does serving static files from make a big difference? 11:45 < FightingFalcon> Does serving static files from cookieless domain make a big difference? 11:45 < grawity> depends on how big your cookies are 11:57 * Apachez drops his pants and looks at his cookie 11:57 < Apachez> FightingFalcon: why would you need cookies for? 11:57 < Apachez> they are sent by the clietn as long as the domainfilter matches 11:57 < Apachez> but you on the server side wont have to take care of them 11:58 < Apachez> just drop them if you just serve static files who doesnt need some kind of auth 12:02 < grawity> the server won't care either way, I believe it's mostly about making the requests fit in fewer packets 12:02 < grawity> OTOH, *.microsoft.com tends to accumulate so many that their own servers eventually begin refusing your visits 12:02 < Apachez> sure the server will care if you want to only serve these files to authed users 13:03 < Langley> Hello, we have a computer where the internet connection suddenly stops working, everything times out but DNS still works. Happens both in Win10 and Ubuntu, but only that computer (plugged another one in the same plug, works fine), even after new motherboard... any ideas? 13:03 < ali1234> how is it connected? 13:05 < ali1234> on the face of it, that should not be possible - a new motherboard is the same as a totally different motherboard 13:05 < ali1234> but if it was the exact same type of motherboard then maybe that is the problem 13:06 < ali1234> it could be the power supply 13:06 < ali1234> it could be an add-on card but that is unlikely unless it has an ethernet add-on card which is unlikely these days 13:08 < Langley> Ethernet connection... no secondary ethernet card, only dedicated graphics 13:08 < Langley> Same motherboard yeah, it's a Dell 13:09 < ali1234> have you googled for known issues with that type of motherboard? 13:09 < Langley> Also, works fine with an USB-ethernet adaptor 13:09 < ali1234> hmmmmmmm 13:09 < ali1234> i'd say that's the problem then 13:09 < Langley> I see many people had problems where that Intel NIC flooded the network with traffic, but not this timing out issue 13:09 < Langley> What is? 13:09 < ali1234> what's the motherboard type? 13:10 < Langley> Uhh Optiplex 9020... with an Intel I217-LM ni 13:10 < Langley> c 13:10 < ali1234> and approximately how often does it happen after turning on the computer? 13:11 < Langley> Seems to be anywhere from 5 minutes to hours after turning it on 13:12 < ali1234> if the NIC is flooding it could be that whatever it is connected to is dropping the traffic to protect the rest of the network 13:13 < ali1234> i do see a lot of reports of problems with this motherboard NIC 13:14 < Langley> People with that issue say updated BIOS+driver helps, but tried that too.. 13:14 < ali1234> did you try turning off power saving stuff as also suggested? 13:14 < Langley> In Device Manager, yeah... is there any other places? 13:14 < ali1234> i doubt it 13:15 < ali1234> i don't use windows so no idea 13:15 < djph> might be in the driver / driver manager 13:15 < ali1234> i would do some traffic dumps with wireshark to see if the NIC is flooding the same way others describe 13:16 < ali1234> i suspect you have the same problem, it just manidests differently on your network setup 13:17 < Langley> I'll try to have a look with wireshark 13:18 < ali1234> "You may have switches that get very confused by the TCP/IP v6 anycast traffic that results from these problems." 13:19 < ali1234> that sounds like something that would cause the link to behave oddly... like not sending any traffic except for DNS 13:35 < ZaliM> guys... 13:35 < ZaliM> i want to monitor of my branches network bandwith usage 13:36 < ZaliM> they are not clients of my server but i have full access to the router 13:36 < ZaliM> whats the best software? 13:36 < ZaliM> one of my branches* 13:36 < skyroveRR> Which router is it? 13:37 < ZaliM> its cisco 870 13:37 < ZaliM> have static ip 13:37 < ZaliM> i have a usage problem here.. as upload is usually slow. complains to ISP they says usage is over loaded.. check users 13:38 < ZaliM> i need to know whose using p2p or torrents for movies ova here 13:49 < schreibsl> netflow 13:54 <+catphish> ^ netflow 14:04 < ali1234> what turns on at exactly 6pm, turns off at exactly 6am, and outputs RFI at 6MHz and 7.35MHz? 14:05 < djph> ali1234: some random crapbox in your house 14:05 < djph> ? 14:05 < ali1234> nothing in my house is on a timer 14:05 < MikeSeth> i had a crapbox in a parking lot in Tel Aviv 14:05 < ali1234> and what would you set on a timer for 6am to 6pm anyway? 14:05 < MikeSeth> it would make VERY LOUD v42bis noises randomly at night 14:05 < ali1234> 6pm to 6am sorry 14:05 < MikeSeth> never could figure out what it was 14:06 < ali1234> i doubt it is residential lighting or heating - it's the middle of summer here 14:06 < schreibsl> smoke detector? 14:06 < ali1234> smoke detector on a timer? 14:07 < MikeSeth> makes sense 14:07 < MikeSeth> during day time, if you're on fire, then, well, burn. 14:14 < SwedeMike> ali1234: a dimmer connected to a light? They can be awful, caused lots of problems in the ADSL days. 14:14 < ali1234> no dimmers here, we are all LED 14:14 < ali1234> but again, why would it be on a timer? 14:14 < SwedeMike> ali1234: dimmers and electric motors are typical culprits. Well, crappy LEDs might also cause problems. 14:14 < ali1234> it has to be on a timer, it turns on and off at exactly the same time every day 14:15 < SwedeMike> ali1234: well, someone wants a night light? 14:15 < ali1234> maybe the neighbours, maybe 14:21 < jackbrown> hello 14:22 < jackbrown> anyone here? 14:22 < rand0macc3ss> Yes 14:26 < stevenm_> . 14:34 < skyroveRR> . 14:34 < avu> , 14:42 < tya99> any recommendations on cable testing equipment for making patch leads and crimpers 14:43 < tya99> i do value quality items over buying cheap crap 14:43 < tya99> so i am interested in anyone's real world advice 14:43 < bezaban> don't crimp your own patch leads :) 14:43 < tya99> i am looking at making up a bunch of PoE patch cables 14:43 < bezaban> would be mine 14:43 < tya99> well that's not always possible 14:44 < tya99> i am installing some PoE security cameras so yeah 14:44 < tya99> im going to need to run cable to wall sockets 14:44 < tya99> i have a qualified electrician (family member) and i have networking expertise just not when it comes to what to use for that sort of job 14:45 < tya99> i had done a cisco course in the past and made patch leads so it can't be too difficult 14:50 < djph> fluke. 14:50 < eirirs> fluke cableIQ 14:50 < djph> or, don't make your own patch cables 14:51 < eirirs> fluke microscanner if you need to go cheaper, its still not bad 14:51 < djph> yeah, but the CIQ is only like $1k for the full kit (7 remotes, the scanner, other goodies) 14:51 < djph> think it has the intellitone probe as well 14:53 < tya99> djph: i am doing long cabling for security cameras 14:53 < tya99> so it wont really be patch cables only 14:54 < djph> fair enough. CIQ would be the bare minimum for that. Not that the Microscanner isn't bad, but I think it's been discontinued, so ... 14:55 < tya99> yeah they will be over PoE Ubiquiti TS Carrier cable 14:55 < tya99> i am getting a special deal on that and the cameras so i decided not to use third party cable 14:56 < djph> er 14:56 < tya99> i saw fluke mentioned on reddit in /r/networking 14:56 < djph> there's no such thing as "PoE cable" 14:56 < djph> it's just cable ... 14:56 < tya99> it's CAT5E rated for outdoors 14:56 < tya99> and RF protection 14:57 < shtrb> reliable cable .. 14:57 < djph> UBNT cable is alright, a bit less flexible than I like though 14:57 < tya99> TC rather 14:57 < nostrora> Hi! can you guys can advise a good wifi router for my home ? 14:57 < tya99> https://www.ubnt.com/accessories/toughcable/ 14:57 < djph> doesn't exist. NEXT! 14:57 < tya99> nostrora: make your own 14:58 < tya99> or buy something from ubiquiti/cisco 14:58 < shtrb> unifi 14:58 < tya99> there is no such thing as a 'good wifi router' 14:58 < Dalton> good wifi access points + good router 14:58 < tya99> consumer hardware = garbage made to be cheap + marketing 14:58 < djph> Unifi access points are nice. Actually, their AmpliFi system is surprisingly good. 14:58 < shtrb> https://arstechnica.com/information-technology/2018/07/enterprise-wi-fi-at-home-part-two-reflecting-on-almost-three-years-with-pro-gear/ 14:59 < tya99> business grade equipment usually consists of individual components 14:59 < tya99> routers, networking switches, access points 14:59 < tya99> i just used an edgerouter, edge switch and access points in my house from ubiquiti because the pricing was acceptable 14:59 < tya99> feels good not to have to deal with shitty software 15:00 < tya99> the likes used by 'home orientated devices' 15:00 < shtrb> we should all go back build your gig 15:01 < tya99> djph: and in terms of PoE cable, there is SSTP 15:02 < tya99> err FTP 15:02 < tya99> foil screened 15:02 < tya99> which you don't technically need but it is good for PoE devices. 15:02 < djph> tya99: so? that has NOTHING to do with PoE. 15:03 < tya99> oh wait yeah your right 15:03 < djph> The only reason for shielding is ESD or EMI 15:03 < tya99> that's to do with blocking RF 15:03 < tya99> yeah that 15:03 < tya99> not sure what i was thinking :P 15:04 < djph> so, outdoors, or in particularly "noisy" (electrically speaking) environments where fiber isn't warranted. 15:04 < tya99> yeah 15:04 < tya99> which is where i am using that stuff 15:04 < tya99> with those aluminium connector things 15:04 < tya99> i read somewhere that ubiquiti requires grounded patchleads 15:04 < tya99> too 15:05 < djph> "requires" 15:05 < tya99> for warranty purposes 15:05 < djph> The outdoor stuff does. 15:05 < tya99> while the devices work fine without it, i think it might be a risk 15:05 < djph> Indoor stuff does not. 15:05 < tya99> yeah 15:05 < tya99> true, and the cameras are being installed outdoors 15:06 < detha> tya99: ubnt says 'not using shielded cable voids warranty', that's all 15:06 < djph> I mean, it's the same basic "properly installed" clause everything tends to have in their warranty 15:06 < tya99> lol true 15:06 < nostrora> i have a very good router (opnsense on good/open hardware) now i just need an wifi modern access point 15:06 < tya99> buy some ubiquiti UAPs then 15:06 < djph> nostrora: UAP-AC-LITE / LR / PRO / whatever the other models are. 15:07 < tya99> yeah 15:07 < tya99> i have a LR and a UAP AC 15:07 < ||cw> lol I just got an ad for a EA9500 in an email, is that a router or a spider? 15:07 < tya99> they are really good 15:07 < Aeso> ||cw, crab, presumably 15:07 < nostrora> So this is just an simple access point ? all firewall/routing will be done by my router ? 15:07 < djph> of course. 15:08 < ||cw> nostrora: yes, unifi APs are just access. 15:08 < nostrora> nice :) 15:09 < tya99> wifi should never be in a router anyway 15:09 < nostrora> Sure, that why i want an simple access point 15:10 < tya99> well then that is exactly what you want 15:10 < nostrora> and not a "gamer lolilol wifi XXHD ultra sampling X25454" 15:10 < tya99> but you can have more than one and mesh them together too 15:10 < tya99> with 'zero hand off' 15:10 < djph> 1. that's not mesh. 2. ZHO is dead. 15:10 < tya99> nostrora: oh :P we thought you were when you said "good wifi router for my home" 15:10 < abdulhakeem> when editing a php.ini file, how do I set no memory limit and no upload limit? Just set it to 0? 15:11 < tya99> djph: what do you recommend instead of zero handoff then? 15:11 < djph> abdulhakeem: read the php manual. 15:11 < djph> tya99: 802.11r/k/v (or whichever bits are implemented). Or, just let "normal wifi handoff" do its thing. 15:11 < tya99> right 15:11 < tya99> i have some older UAPs that had that feature 15:12 < djph> yeah, ZHO never made it out of gen1 (thankfully) 15:12 < tya99> i found it didn't really work 15:12 < tya99> so i ended up going back to individual APs with separate SSIDs 15:12 < tya99> because i was getting handed between two APs 15:12 < djph> WHY!? 15:13 < djph> that's because your Tx settings were terrible / you had too much overlap. 15:13 < tya99> but yeah partly because i don't have a management server at the moment 15:13 < tya99> i should get to the bottom of that 15:13 < tya99> info_i_25x25.png The UAP-AC and UAP-AC v2 are the only models that do not support Fast Roaming. The rest of the AC range of products do support Fast Roaming. Find the UAP-AC (both versions) model in the 1st Gen column of this article. 15:13 < tya99> oh that might mean my UAP-LR and UAP might support it they are only 802.11N 15:13 < tya99> (the ones with the green light on them) 15:14 < djph> the UAP and UAP-LR (gen1 models) support zho, which is (as discussed) thankfully dead ... not to mention stupid as hell in the first place. 15:14 < tya99> right 15:14 < djph> gotta put everything on the same channel 15:14 < tya99> ah 15:14 < shtrb> Did I timeout or is my router is crazy ? 15:14 < djph> shtrb: both? 15:15 < tya99> is it possible to do fast roaming with a UAP and a UAP-LR? 15:15 < shtrb> bloody Monday 15:15 < djph> tya99: yes, but it's stupid. 15:15 < djph> Just put them on the same SSID, pick 1,6, or 11; and set the Tx powers so that overlap is minimal 15:15 < tya99> right. 15:16 < tya99> ah okay 15:17 < djph> as for 802.11r/k/v - Not 100% sure which options are available for the gen1 UAPs ... but realistically unless you're using wifi for phone / VoIP service, fast roaming isn't really all that necessary 15:17 < djph> (and even there, with a decent voip implementation, it may not be necessary) 15:17 * dogbert2 submits a patch file for BIND 9.12.x for a NULL pointer dereference :) 15:17 < shtrb> For most service providers you can have multpile accounts connected 15:18 < shtrb> dogbert2, you are adding it ? 15:18 * dogbert2 submits a patch file for BIND 9.12.x for a NULL pointer dereference :) ... I submit, they eval and process 15:28 <+catphish> tya99: most UAPs support "zero handoff" if that's what you mean 15:29 < tya99> yeah 15:29 <+catphish> tya99: i don't use it because it wasn't compatible with something else i wanted when i looked, but it's definitely possible 15:29 <+catphish> i don't think it's widely used, but i do think it's a cool idea if it works 15:30 < djph> catphish: it's not, and it doesn't. 15:30 < Aeso> I'd only use UBNT's zero-handoff features in an environment with very few clients 15:31 < Aeso> the biggest drawback is that it forces all radios onto the same channel, which depending on how dense your deployment is could be a nightmare 15:31 <+catphish> djph: huh? 15:31 <+catphish> djph: it definitely exists 15:32 < djph> catphish: it's nto a "cool idea" and it doesn't work. 15:32 < djph> you toss all your APs on a single channel, and pray that it doesn't fall over and die. 15:32 <+catphish> djph: why not? i mean, i know how it's supposed to work, so i see no reason why it shouldn't 15:32 <+catphish> it's not great for huge numbers of clients, because you only get one channel of airtime, but it seems perfect for small numbers of clients where you want perfect connectivity 15:32 < djph> In short, it's a workaround for old wifi clients that couldn't roam with Gen1 UAPs 15:33 <+catphish> is there a more modern roaming technique that actually works and is supported by UAPs? 15:33 <+catphish> if so i'd love to turn it on 15:33 < djph> These days, use 802.11r/k/v (although, clients have also gotten a lot better what with roaming) 15:33 < Aeso> ^ 15:33 < djph> remember - roaming is not the AP 15:34 <+catphish> except that clients don't roam on a whim, i've never seen one change APs unless forced to 15:34 < dogbert2> hey djph 15:34 < dogbert2> m000000000000000000000000000000000! 15:34 < djph> which is how it's supposed to work 15:34 < djph> the client decides when it needs to roam. 15:35 < djph> So you set Tx power, etc. so that overlap is sufficient to create the WLAN, yet not so much that clients stick to bad APs. 15:35 < tya99> http://au.element14.com/c/test-measurement?searchWithinTerm=CableIQ&st=CableIQ 15:35 < tya99> i think ive seen those before and know where i can get a lend of one 15:36 < screwsss> whats the best way to evade a ban 15:36 < djph> not getting banned in the first place. 15:36 < screwsss> fair. 15:36 <+catphish> djph: i'd still worry that they'd hang onto weak rx signals before roaming :( 15:36 <+catphish> screwsss: being polite is a great way 15:37 < screwsss> so being 'impolite' warrants a permanent ban first round? 15:37 <+catphish> screwsss: depends who you annoy doesn't it :) 15:37 < djph> catphish: minrssi can be used then -- it'll kick the client when it gets too quiet. But, that's not really a "standard" thing (i mean, UAPs have it, others probably call it something different ... if they offer it at all) 15:38 <+catphish> djph: can kicking the client cause a seamless migration? 15:38 < screwsss> auxy in hardware has a lot to answer for then 15:38 <+catphish> or is there some way the infrastructure can request such a migration, i don't know anything about 802.11r/k/v 15:38 < Aeso> the better question is if you really _need_ seamless migration 15:38 <+catphish> well normally no, but any migration would be a good start 15:40 < djph> catphish: r/k/v are three components that help facilitate fast roaming. Forget what each bit does. 15:40 <+catphish> i'd enjoy making a range of access points, but i doubt i could do any better than everyone else who tries 15:40 < djph> catphish: and no, minrssi-based kicking is not "seamless roaming" (not that "fast roaming" is seamless anyway -- it's just faster than the normal 400ms or so handshaking) 15:40 < Aeso> Cisco's whitepaper on how r/k/v/w work offer some good insight: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/Chapter-11.pdf 15:41 < shtrb> Are new rkv give anything special that the older services could not provide ? 15:42 < Aeso> shtrb, sure. They're amendments to the standard, meaning by definition they offer new features for stations and APs to use. 16:39 < Daedbffe> Hi, I have a new server that has 4 x 10GigE SFP+ ports that needs to be connected to a legacy 1000BASE-T network for a bit.. We'll need to buy 1000BASE-T SFP+ modules for the server, however I'm a bit stumped over which ones I should get 16:39 < Daedbffe> Can someone explain to me why I'd choose SERDES or SGMII? 16:40 < Daedbffe> or if I need the RX_LOS data available? 16:40 < Daedbffe> The server needs the speed, duplex and link state information for each link so that LACP will work. 16:40 < Daedbffe> the current FibreStore 1000BASE-T SFP modules show "Unknown!" for everything other than MII link state. 16:41 < Daedbffe> and my theory is, this is why 802.3ad bonding isn't working 16:41 <+catphish> why would that need anything other than link state? 16:41 < Daedbffe> Doesn' 16:41 < Daedbffe> Doesn't the speed need to be the same for LACP member links? 16:41 <+catphish> that's a good question, i'm not sure 16:42 <+catphish> for 802.3ad, maybe 16:42 < Daedbffe> I assume there's some kind of verification step involved in bringing up an 802.3ad link 16:42 < Poster> From what I understand of LACP, yes each link must be the same speed 16:42 < Daedbffe> I mean _technically_ they are both the same speed, the speed being "Unknown!" 16:43 <+catphish> unfortunately since your SFPs are the wrong speed and off-vendor, and not fiber, i guess i'm not totally surprised 16:43 < Daedbffe> me neither to be honest, but they work as individual links 16:44 < Apachez> Daedbffe: what modules do you got? 16:44 <+catphish> yeah, that makes sense, they're basically doing all the negotiation internally but just not reporting it :( 16:44 < Apachez> perhaps you put some juniper branded into a cisco device so thats why it claims "unknown"? 16:44 <+catphish> they're generic FS ones 16:44 < Daedbffe> yea 16:44 < Apachez> I have never seen such failure for fiberstore modules when you use them for the device they were coded for 16:44 < Apachez> and what hardware do you put them into? 16:45 < Daedbffe> https://www.fs.com/uk/products/13277.html 16:45 <+catphish> that's a good point, maybe try FS's ones coded for the right vendor 16:45 < Daedbffe> Dell branded Intel X710 16:45 <+catphish> oh, you got the dell coded ones? 16:45 < Daedbffe> yep , for the Dell servers, however I don't think it cares 16:45 < Apachez> I have used "custom" coded for the intel chip I use them for with great success 16:45 < Daedbffe> given it's just linux 16:45 < Apachez> could also be driver failure overall 16:45 < Apachez> do you got another sfp to test with? 16:45 < Daedbffe> yea, tried a few 16:46 < Daedbffe> if I use DAC with a 10Gig switch, works fine.. speed is reported at 10000Mbps 16:46 < Apachez> https://www.fs.com/uk/products/13277.html is not intel but dell coded 16:46 < Daedbffe> and LACP works 16:46 < Apachez> and which os? 16:46 < Daedbffe> but this server has to go into a legacy environment for a bit, hence the requirement for LACP on 1000BASE-T 16:46 <+catphish> my understanding is that 1000BaseT SFPs are kind of a hack, and even more so in a SFP+ port, so really you should just be happy it works at all 16:46 < Daedbffe> Debian 16:46 < Apachez> same error if you liveboot lets say ubuntu 18.04 ? 16:46 < Daedbffe> 8 or 9, doesn't seem to matter 16:47 < Daedbffe> catphish: heh, well that's where I'm at now, I can use active-backup bonding mode instead 16:47 < Apachez> so a dell server with a intel x710 nic? 16:47 < Daedbffe> it's not ideal 16:47 < Apachez> then use an intel sfp from fs.com 16:47 <+catphish> Daedbffe: you could always get some cheap 1G optics and media converters 16:47 < Daedbffe> Apachez: yes, R640 with the quad port Intel X710 NDC 16:47 < Apachez> dunno how shady intel are on "generic" vs "vendor" branded 16:47 <+catphish> Daedbffe: active-passive bonding is an even better idea 16:47 < Daedbffe> catphish: .. huh .. never thought of that, 16:47 < Daedbffe> I actually have some 16:47 < Daedbffe> but i'd need to power them 16:47 < Daedbffe> moar sockets used :/ 16:48 < Apachez> also are you sure its on the dell server end your fault is? 16:48 < Apachez> since you said dac's with 10G ? 16:48 < Apachez> but you link to 1G Rj45 16:48 < Daedbffe> Could be the switch I guess.. 16:48 <+catphish> Apachez: they're not DAC, they're 1G copper SFP modules 16:48 < Daedbffe> hard to tell, both ends don't seem to know about the LACP partners.. 16:48 < Apachez> I mean if its a 10G slot on the switch then of course 1G wont work 16:48 <+catphish> they're just not reporting the link data 16:48 < Daedbffe> no, it's 1Gig RJ45 on the switch 16:49 < Apachez> so again 16:49 <+catphish> 1000baseT on the switch, SFP+ on the server 16:49 < Daedbffe> the FS.com modules are SFP not SFP+ but is that an issue? 16:49 < Apachez> serverside: some random dell server with intel x710 nic with SFP/SFP+ slots? 16:49 < Daedbffe> yea 16:49 < Apachez> and switchside? 16:49 < Daedbffe> Ye Olde Dell / Force10 S60 16:49 < Apachez> well not all SFP+ slots can take SFP modules 16:49 < Apachez> so theres one problem 16:49 <+catphish> Daedbffe: as i said before, the fact you're putting SFP into an SFP+ slot may be some part of the problem, they're obviously backward compatible but maybe not 100% 16:49 < Daedbffe> Apachez: could be that, however they appear to work fine unbonded 16:50 < Apachez> the other problem is if your gear accepts the modules you plugin 16:50 < Apachez> like putting in a dell branded sfp into a intel nic, dunno if intel accepts that (I would assume they would but still) 16:50 < Daedbffe> I mean they should given they ship their git with Intel cards and Dell branded DACs / optics if you specify that you want them 16:50 < Apachez> if you run ethtool do you get any info from the nic when runned in single mode? 16:50 < Daedbffe> (For $LOL) 16:51 < Daedbffe> no stats 16:51 < Apachez> there is mii-diag and ethtool to test with 16:51 < Daedbffe> not tried mii-daig 16:51 < Daedbffe> diag * 16:51 < Daedbffe> Cannot get module EEPROM information: Operation not supported 16:51 < Daedbffe> that's from ethtool when using ethtool -m eth0 16:51 < Apachez> so switch side is dell/force10 S60 16:51 < Apachez> whats that? 16:51 < Apachez> 1G switch or 10G interfaces? 16:51 < Daedbffe> 1G 16:51 <+catphish> my copper SFPs do report this data, but they're in 1G SFP ports 16:51 < Apachez> only rj45? 16:51 < Apachez> on switchside that is 16:51 < Daedbffe> yep 16:51 < Apachez> no sfp slots ? 16:51 < Daedbffe> there are 4 x 1G SFP but they're in use for stacking etc.. 16:52 < Daedbffe> It's a _very_ legacy network 16:52 < Apachez> ok so your "only" option is the rj45's then 16:52 < Daedbffe> yea 16:52 < Apachez> on the switch end, how are these rj45's configured? 16:52 < Apachez> 1000/F or auto/auto? 16:52 < Apachez> because doing 1G IEEE says you should do auto/auto 16:52 < Daedbffe> I've tried both 16:52 <+catphish> imo the copper link has nothing to do with this, the issue is between the SFP and the NIC 16:52 < Daedbffe> 1G assumes full duplex, it's impossible to specify otherwise on this version of the NOS 16:53 <+catphish> clearly they're only partially compatible 16:53 < Daedbffe> yea, between PHY <-> MAC i guess 16:53 <+catphish> the SFP is negotiating correctly, but isn't reporting anything 16:53 < Apachez> yeah just wanted to rule things out methodologically (+spelling) 16:53 <+catphish> this is sadly expected for such a backward compatible / off vendor mess 16:53 < Apachez> so you know that there is nothing wrong on switch side 16:53 < Apachez> could it be some loopdetection blocking stuff? 16:53 < Apachez> because if you configure them as two singel interfaces on the server side 16:54 < Apachez> and assign ip 16:54 < Daedbffe> as in STP? 16:54 < Apachez> like 192.168.0.1/24 and 192.168.0.2/24 (or whatever) 16:54 < Apachez> if they work then 16:54 < Daedbffe> well they're in an LACP group at the switch end so that shouldn't matter 16:54 < Apachez> and you get successful link etc 16:54 < Apachez> then its most likely not the nic nor the sfp 16:54 < Daedbffe> but yea, if I configure them seperately they work 16:54 <+catphish> Apachez: he already said they work fine individually 16:54 < Apachez> but some other protoctol blocking shit 16:54 < Daedbffe> heh, could just do that actually - 2 x /31s and use ECMP routing :P 16:54 < Apachez> such as spanningtree (STP) or propertiary loopdetection or such 16:54 < Daedbffe> bind the server IP to loopback on the host 16:54 <+catphish> Daedbffe: if routing is an option, sure :) 16:54 < Daedbffe> 16:55 < Apachez> dunno about dell switches but hpe comware have by default some loopdetection they run on their own 16:55 <+catphish> that's not a hack, it's a great solution ;) 16:55 < Daedbffe> heh, I'm doing that.. brb 16:55 <+catphish> anyway, seems likely the linux lacp just doesn't have the data it needs :( 16:55 < Apachez> sending some "magic hash" packet (which alters over time) and if that packet is seen arriving on another interface the switch will shutdown this interface this "magic frame" arrived at 16:55 < Daedbffe> Urgh, no .. that'll be a change control disaster 16:55 < Daedbffe> not doing that. 16:55 <+catphish> i'd go active-passive unless you really need the bandwidth 16:56 < Daedbffe> Apachez: isn't that just STP w/ bpduguard? 16:56 < Apachez> nope 16:56 < Apachez> stp involves stp 16:56 < Apachez> this is without stp being involved 16:57 < Daedbffe> catphish: yea, I think I'll stick with that for now.. I was just confused about all the options for these 1000BASE-T SFP modules you can buy 16:57 < Daedbffe> https://www.flexoptix.net/en/transceiver/sfp_-1g_eth-copper 16:57 < Daedbffe> sooo many options 16:57 < Daedbffe> SERDES ? RX_LOS ? 16:57 < Daedbffe> SGMII ? 16:57 < Apachez> which is handy because sometimes people block stp traffic (with bpduguard and whatelse) while the propertiary loopdetection will still bypass that and detect a loop 16:57 < Apachez> Daedbffe: I would go for fs.com, never had any issues with them 16:57 < Daedbffe> well, already using fs.com sooo 16:57 < Apachez> your fault is either by using wrong sfp coding for the nic or bad config of lacp or stp/loopdetection 16:58 < Daedbffe> and that's why I'm exploring other less-cheap-but-still-cheap vendors :) 16:58 < Apachez> yes but fs.com have gaizllions of codings 16:58 < Apachez> either you get the proper one like if you got a cisco device then get a cisco coded one 16:58 < Daedbffe> I thought that was just MSA flashing so that the vendor string matches what your device expects? 16:58 < Daedbffe> not so much turning features on or off? 16:58 < Apachez> or use custom where you put in a comment which gear you will use it for and they will verify it with that 16:58 < Apachez> there are unfortunately more snakeoil to that 16:58 < Daedbffe> ick 16:59 < Apachez> some vendors use some hashing and shit to detect sfp's not from themselfs 16:59 < Apachez> fs.com seems to bypass all of them :) 16:59 < Apachez> fs.com got a massive testlab with basically any model from all vendors :P 16:59 <+catphish> Apachez: they all program them with the right code to look like a genuine device in theory 16:59 < Daedbffe> If you order from flexoptics you get sweets though ;) 16:59 < Daedbffe> I may have an issue with priorities 17:00 < Apachez> catphish: yeah but there are bad 3rd party optics who like doesnt assign unique serialnumbers to the modules so the device will bail on that etc 17:00 <+catphish> i see 17:00 < Apachez> https://www.fs.com/uk/products/37764.html 17:00 <+catphish> anyway, i'm afraid i don't know the difference between those different options 17:01 < Apachez> compatible brands: choose intel and then type in what your nic is named (x710 or whatever) 17:01 < Daedbffe> Yea, it's definitely not super documented 17:01 <+catphish> maybe you need the 10/100/1000 module instead of the 1000 one? 17:01 < Apachez> oem/odm service: choose none (unless you wnat to pay extra for your own logo or something :P) 17:01 < Apachez> yeah there are two custom rj45's available 17:02 < Apachez> one thats ONLY 1000base-T 17:02 < Daedbffe> that's probbaly it.. 17:02 < Apachez> and one (the one I linked above) that is 10/100/1000 17:02 < Daedbffe> I've probably ordered the "only do 1000" one 17:02 <+catphish> that seems plausible, the one you linked to before was only 1000 17:03 < Daedbffe> meh. FS P/N is the same: SFP-GB-GE-T 17:03 < Daedbffe> there's two SFP-GB-GE-T's though .. annoyingly 17:03 <+catphish> this one = https://www.fs.com/uk/products/37764.html = you can select Dell compatibility just in case 17:03 < Daedbffe> one says 1000 only and the other days 10/100/1000 17:03 <+catphish> they have a different order code 17:03 < Apachez> but thats wrong catphish 17:04 < Apachez> its a dell server 17:04 < Apachez> but an intel nic 17:04 < Daedbffe> Dell branded intel nic 17:04 < Apachez> then you should select intel compatability 17:04 < Apachez> oh lord 17:04 <+catphish> oh, sorry, yeah, you want intel 17:04 < Daedbffe> heh yep 17:04 < Apachez> well order both :P 17:04 <+catphish> dell is for dell switched 17:04 <+catphish> *switches, not dell servers with intel NICs 17:04 < Apachez> can be some dell junk too 17:04 < Apachez> like dell did with fans 17:04 < Daedbffe> The firmware on the NICs has the word "Dell" all over it 17:04 <+catphish> so yeah, go 10/100/1000 *Intel* coding 17:04 < Apachez> EVERYBODY have rpm on the third pin 17:05 < Apachez> EXCEPT dell 17:05 < Daedbffe> lol 17:05 < Apachez> they got tempsensor on third pin 17:05 < Daedbffe> They _did_ until they bought Force10 17:05 <+catphish> maybe order dell and intel, only a few dollarydoos each 17:05 < Apachez> so replacing a dell fan with a regular fan the server/workstation wont start "ERROR: Cannot read temperature!" and then it sits there 17:05 < Daedbffe> so all the old PowerConnect stuff is rpm on 3rd, Force10 uses some propriatory connector 17:05 < Apachez> or get into a chat with fs.com 17:05 <+catphish> they're pretty helpful 17:06 < Apachez> they are helpful and if the chat cannot resolve your issue they will level it to some salesrep that will for sure help you 17:06 < Apachez> worked everytime for me 17:06 < Daedbffe> I'll give our super-happy account manager who likes to send me pictures of her food, an email about it 17:06 < Daedbffe> see what she says 17:06 < streuner> i've problem with allowing traffic on udp dns through iptables 17:06 < Apachez> again I have ordered myself custom sfp's (fiber and not rj45 but still) and put in intel and the chip my nics were using and they worked out of the box 17:07 < streuner> http://dpaste.com/2WE17G8 17:07 < Apachez> also just to rule things out since you had a couple of models 17:07 < Daedbffe> I ordered some 1000BASE-LR optics from them a while ago, 2 Dell and 2 Generic (Cumulus Switches don't care) 17:07 < Apachez> use one at a time and reboot the server (unplug power for 10 seconds) 17:07 < streuner> i'm getting error iptables: Invalid argument. Run `dmesg' for more information. 17:07 < Daedbffe> if you run ethtool -m on all 4 of them, they appear identical 17:07 < Apachez> so its not some firmware malfunction 17:07 < Daedbffe> the Vendor is just "FibreStore" 17:07 < Daedbffe> Apachez: I'll give that a try 17:08 < Apachez> streuner: you must run it as root 17:08 < Daedbffe> streuner: you have your protocol set to tcp 17:08 < Apachez> Daedbffe: also whenusing one at a time use ethtool and mii-diag and check dmesg how the sfp's are detected 17:08 < Daedbffe> -p tcp -m udp doesn't seem right 17:08 < RJ45> Apachez: >noy me 17:08 < RJ45> Apachez: >not me 17:08 < Daedbffe> either -p tcp or -p udp 17:08 < Daedbffe> tbh, you should allow both 17:08 < Apachez> the idea of power cycling is that over time there have been bugs (main experience from HP but still) where a reboot didnt work but a powercycle worked (unplug the powercoard and wait for 10 seconds) 17:09 < Singlemodefiber> RJ45: wanna hang out? 17:09 < Daedbffe> lel 17:09 < streuner> Daedbffe, yes 17:09 < streuner> i need allow both 17:09 < streuner> -p udp -m udp works well 17:10 < Apachez> streuner: check how your current rules looks like 17:10 < Apachez> iptables -L -v -n 17:10 < Daedbffe> Then do one rule for each, one for udp and one for tcp 17:10 < Apachez> and iptables -L -v -n -t nat 17:10 < streuner> Apachez, http://dpaste.com/2WWA8TT 17:11 < streuner> http://dpaste.com/0WMR1BE 17:11 < Apachez> iptables -A OUTPUT_UDP -p udp -s ${OUTSIDE_IP} --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT 17:11 < Apachez> iptables -A OUTPUT_TCP -p TCP -s ${OUTSIDE_IP} --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT 17:11 < RJ45> Apachez: right now I wanna jerk-off 17:11 < RJ45> over UDP 17:11 < Daedbffe> lowercase tcp 17:12 < Daedbffe> also there's no OUTPUT_TCP or OUTPUT_UDP chains in his output 17:13 < Daedbffe> http://dpaste.com/34DPJW3 17:13 < Kryczek> streuner: are you sure you want to filter egress traffic? 17:13 < Daedbffe> You can add state if you want, depends how much tracking you want to do 17:21 <+catphish> Daedbffe: FS account managers are super nice, sadly i only order about once every 5 years :) 17:21 < Daedbffe> yea same, they never sent me sweets though 17:21 < Daedbffe> Flexoptics is where it's at ;) 17:21 <+catphish> lol 17:23 < Daedbffe> Heh, right.. so apparently these DB servers use an average max bandwidth of 10-20Mbps 17:24 < Daedbffe> I think I'll be fine with active-backup 17:29 < streuner> is filtering output traffic a good idea? 17:31 <+xand> streuner: it can be 17:31 <+xand> depending what you mean by that 17:32 < anircuser> hi 17:33 < anircuser> I'm trying to set up a network for a business that's in a 60,000 square foot building 17:33 < anircuser> right now our Wi-Fi is powered by a router 17:33 < anircuser> should I switch it out for a Linksys access point (Business-class LAPN600) 17:35 < Daedbffe> A single access point of nuclear standards probably won't cover 60,000 square feet 17:36 < Daedbffe> unless it's an empty warehouse and there's only one client, and that client better have a pretty decent tx power 17:36 < anircuser> Will it cover 30,000? 17:37 < Daedbffe> probably not 17:37 < Daedbffe> I would be looking at a distributed wireless infrastructure with a building that size 17:37 < anircuser> well we have multiple access points right now 17:37 < anircuser> it's just we're considering switching out one of the Wi-Fi routers with just a Wi-Fi access point 17:37 < Daedbffe> you said the wifi is powered by a router? 17:38 < Daedbffe> wait so, there's existing access points everywhere and one of them is a router? 17:38 < djph> ^^^^^^^^^ 17:39 < Daedbffe> Because that sounds like all the traffic is converging on that router and replacing it with an access point isn't going to suit your needs unless you're also planning on adding a dedicated router 17:39 < anircuser> uh 17:39 < Daedbffe> access points do not route traffic (debatable) 17:39 < anircuser> this is what we have 17:39 < anircuser> we have a T1 line going into a switch 17:40 < anircuser> and that switch splits into an access point and a Wi-Fi router 17:40 < anircuser> and I'm wondering if I should just swap out that router for another access point 17:40 < djph> T1 wouldn't terminate on a switch ... 17:40 < djph> a ROUTER, sure ... 17:40 < Daedbffe> T1 terminates on a serial device of a router 17:40 < djph> ^ 17:40 < Daedbffe> what's said "switch" look like? 17:40 < Daedbffe> Model numbers / vendor? 17:41 < anircuser> It's a business grade switch I'm pretty sure 17:41 < anircuser> I'm not too sure about the model number or vendor 17:43 < djph> then maybe go ... look it up? 17:44 < ||cw> a wifi router can be used as just an access point, are you sure this isn't the case already? 17:45 < ||cw> anircuser: if you want good coverage through the whole place, a few unifi AP device are hard to beat on the price/performance/easy scale 17:46 < Daedbffe> I've seen many a bastardised enterprise setup where someone's used old WiFi routers as access points, simply turned off the DHCP server on them and joined them up to the rest of the network via the switchports. 17:47 < Daedbffe> Poor things. 17:47 < Daedbffe> also +1 for unifi.. they cost $notlots and are fairly user friendly, the controller software could do with a full redesign though 17:48 < djph> IDK, the 5.x UI isn't terrible 17:48 < ||cw> yeah, that's how i started, when the wifi for just for the convenience of me and a couple managers 17:49 < djph> Daedbffe: I hate dealing with those ones. "Look, I get that your 12 year old nephew did this on the cheap ... now let's do it in what I like to call "the right way" 17:50 < drac_boy> hi 17:50 < Daedbffe> Having said that, I've only used unifi for smaller installations, bars, pubs.. public access.. that sort of thing.. 17:50 < Daedbffe> when I'vee spoken to people about running it enterprise I've been told "You're a fucking mentalist" 17:51 < drac_boy> I know it might be a bit questionable under warranty but could one in theory modify a modemrouter's config to factory-reset to a slight different default? 17:51 < djph> I've seen it in (small) hotels 17:51 < Daedbffe> drac_boy: if you brick it, ring them up and say it broke.. 17:51 < djph> I doubt it'd be something that you'd see in a fortune-500 or anything ... but they work fine in mediumish business 17:52 < Daedbffe> chances are the low-paid customer support agent won' 17:52 < Daedbffe> won't give two shits wether or not you bricked it :) 17:52 < ||cw> I've been using it since 2011, still have the first APs in service. only one issue and they RMA'd it without fuss 17:53 < ||cw> I only i have 35 clients, and half of those are just employee devices on a separate vlan, so not sure that's really "enterprise" level 17:53 < Daedbffe> but yes, going back to anircuser's issue.. If the 'switch' is what we think it is (infact, a router), then you can probably replace the wifi-router with an actual AP to match the other ones 17:53 < drac_boy> daedbffe heh hm thanks..just wanted to be sure that if I put a modemrouter into the usual setup I wouldn't get a phone call saying "why is my ip not working??" due to the stupid nature of double-nat 17:53 < Daedbffe> Assuming it's on the same bridge-domain as the other ones.. either via some switch card or multiport WIC or something on the router 17:53 < drac_boy> just going think some more about this for now :) 17:53 < anircuser> so an access point is better than a wi fi router 17:54 < djph> for some values of "better" 17:54 < ||cw> drac_boy: you turn off the nat and dhcp and the routing 17:54 < ||cw> anircuser: by itself? not really, depends on what you call better 17:55 < scientes> fuck double nat, triple nat! 17:55 < ||cw> a wifi router is just an AP, switch, and router all in one device. you can disable any of those functions 17:55 < drac_boy> llcw problem is the default doesn't keep these off 17:55 < drac_boy> so that's why hence my original question 17:55 < ||cw> drac_boy: so don't factory reset it 17:56 < drac_boy> llcw not in my control (especially when the usual troubleshooting step almost always is "reboot it") 17:56 < ||cw> I have never see a router that factory resets on reboot. 17:57 < ||cw> you have to go find the recessed button and hold it, and if you have people doing that, you have bigger issues 17:58 < djph> yeah, like they gave their name as Robert');DROP TABLE Customers;-- 17:58 < Daedbffe> aw, little Bobby tables 18:02 < goldstar> anyone used ac APs to stream 4k content ? 18:02 < djph> it *should* work(tm). 18:02 < djph> although a cable would be better. 18:03 < Daedbffe> goldstar: works at home, occaisional blip 18:03 < Daedbffe> better on a cable 18:04 < Daedbffe> the AP was in the same room as the TV 18:04 < Daedbffe> and the TV was actually only capable of 2.4GHz radio 18:06 < djph> IIRC 4k is recommended at what 25Mbps for streaming? 18:06 < djph> although that's probably a pretty heavy compression codec 18:07 < anircuser> like with range 18:07 < anircuser> and configuration 18:07 < anircuser> is an access point better 18:08 < djph> anircuser: again, it depends on the definition of "better". 18:08 < djph> anircuser: in general, "discrete" devices are better than "all-in-one" 18:09 < anircuser> ok 18:09 < anircuser> the only reason why I'm asking 18:09 < anircuser> is bc the AP is 100 dollars 18:09 < anircuser> and the router is 180 18:09 < djph> since you can place them where you need, and if it fails, you're only replacing the one AP (rather than "everything") 18:09 < anircuser> ok 18:09 < anircuser> brb 18:15 < spaces> I need to pee 18:16 < Daedbffe> cool story bro 18:16 < spaces> it's real life 18:21 < spaces> Daedbffe you have managed to program it out of yourself ? 18:21 < Daedbffe> Peeing? 18:22 < Daedbffe> Yea, I just pipe it all to /dev/null 18:22 < wind_swept> a traffic selector of 0.0.0.0 allows all traffic, right? 18:23 < Kryczek> wind_swept: a "traffic selector of 0.0.0.0" selects all IPv4 traffic 18:24 < wind_swept> that's more accurate, thanks. 18:24 < Kryczek> but who knows if it gets allowed or disallowed 18:25 < scientes> 20: wg0: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1 18:25 < scientes> link/none 18:25 < scientes> inet 10.66.4.5/24 brd 10.66.4.255 scope global wg0 18:25 < scientes> valid_lft forever preferred_lft forever 18:25 < scientes> why can I do ping 8.8.8.8 -I 10.66.4.5, but not ping 8.8.8.8 -I wg0 ? 18:26 < spaces> poormans watercooling... 18:28 < ||cw> scientes: sounds like a buggy version of ping 18:28 < Big_Zampano> how do you reach your server from the outside with a dynamic ip? 18:28 < scientes> its openwrt 18:28 < scientes> busybox 18:28 < Big_Zampano> you use one of those dyndns? 18:29 < Aeso> Big_Zampano, that gets you name resolution, sure. But you still need to open the appropriate ports to initiate inbound connections. 18:29 < ||cw> scientes: ah, BB's ping has many limitations. 18:32 < Big_Zampano> Aeso, once those ports have been opened for all the world to see, then no matter what my ip changes to (every other momement) it will still be reachable under that name resolute? 18:32 < Aeso> Big_Zampano, so long as your dyndns updater service is running and detects your IP changes, sure. 18:33 < Big_Zampano> how does it do that? 18:33 < Big_Zampano> i mean if i was in there with one ip and then it changes how does it know where to find my new ip? 18:34 < Big_Zampano> how does it even know i am not reachable under my god old ip? 18:34 < wind_swept> with dynamic dns there's a client/agent on the host that updates the service 18:35 < Aeso> if your IP changes while you're connected, you're going to drop your connection no matter what. But the updater service checks with an external service occasionally to see what your external IP is, and when it detects changes it updates DNS. 18:36 < Aeso> When your remote computer tries to connect to the dyndns name, it does a DNS lookup and should get the current IP address. 18:39 < Tegu> a router may also habe support for dynamic dns services. and I'd guess that it would not need to poll any external service for IP address changes, since one interface has the public IP anyway. 18:43 < Apachez> I guess noone of you have been troubleshooting tomcat installations and might have any tips handy? 18:50 < overflow_sdm_102> test ;) 18:50 < overflow_sdm_102> i didn't know Ubuntu Server is the same as Freenode 18:51 < brentaarnold> wait wut 18:51 < E1ephant> u wot m8 18:52 < detha> Apachez: long ago. Pro-tip: get the thermite ready 18:52 < overflow_sdm_102> ok, but i am here becouse I can't find a solution for my "problem". I do not know how can I add more IP addresses to the NIC device. I am trying and trying and nothing. Of cuz I do not want ifconfig command. Any idea? 18:54 < Kryczek> overflow_sdm_102: eh? 18:54 < detha> overflow_sdm_102: man ip-address, look for 'add' 18:54 < Apachez> detha: yeah I have no idea how I got dragged into this, my first response is to kill it with fire but then some users will get upset during vacation :P 18:54 < Apachez> specially when they return and find out that the datacenter is burned down :P 18:54 < overflow_sdm_102> yes and a added a lot 18:55 < overflow_sdm_102> a have a few link devices 18:55 < detha> Apachez: some existing thing that doesn't run nicely, or a new thing? 18:56 < overflow_sdm_102> i can't do "ip addr add IP-ADDRESS" for example 18:57 < overflow_sdm_102> I need dhcp 18:57 < overflow_sdm_102> so i tried linking but "ip addr show" says it is DOWN 18:57 < overflow_sdm_102> and I can't up it :D 18:58 < overflow_sdm_102> i am nooob 18:58 < ||cw> overflow_sdm_102: the only way you can add more via dhcp is to somehow make new virtual interfaces with their own mac addresses 18:59 < ||cw> you can't use the typical address alias like eth0:1 18:59 < ||cw> maybe use the bridge devices? 18:59 < overflow_sdm_102> ||cw ok it is more clear 19:00 < detha> multiple addresses. issued by dhcp. on one physical interface. in the same range? /me backs away slowly 19:01 < overflow_sdm_102> I want my router to give mi more IP addresses, thats all ;) so it is the same range 19:02 < overflow_sdm_102> so - as i understand... I have to create new virtual device. virtual device must be linked to NIC adapter. 19:03 < detha> before you go there - what are you trying to solve with this? 19:06 < overflow_sdm_102> hmmm. well. The problem is different. Real problem is that, I will know all IP adresses. But I do not have a list so I need several working IP addresses and DHCP is good idea. I learn something. 19:07 < overflow_sdm_102> I can't use ANY ip now. That's why i am trying to learn dhcp way 19:09 < detha> I would call that a highly unusual configuration. Multiple addresses in the same range is already odd (but you would just use ip address add for that), multiple addresses from DHCP is very rare 19:11 < ||cw> overflow_sdm_102: that's really strange. the typical use for multiple IPs is to co-locate multiple services of a type that don't support named based separation, like ftp, or samba, or something. in those cases, your address list is static 19:11 < overflow_sdm_102> detha - just development solution 19:12 < ||cw> overflow_sdm_102: it's a lot of extra work for something trivial. go ask whoever's in charge of IP allocation for a block. 19:12 < ||cw> the you're done and you can do ti the right way 19:12 < overflow_sdm_102> actually I will have an one NIC adapter and multiple IP addresses from ISP. Some traffic must go via one ip another via another ip, etc 19:14 < overflow_sdm_102> that is why I need multiple IP. And becouse I can't use static now, I am trying to learn how to use DHCP :D 19:14 < wind_swept> should i use a stub-zone or a slave-zone for ad integrated zones between untrusting forests ? 19:15 < wind_swept> i understand the difference in how they function, but can't figure out why i'd use one over the other 19:15 < ||cw> overflow_sdm_102: you'd still know the IPs 19:15 < detha> overflow_sdm_102: that is using a screwdriver to hammer in a nail 19:16 < CoolerZ> hi 19:16 < wind_swept> or maybe conditional forwarding 19:16 < CoolerZ> i am trying to use websockets between a nodejs server and nodejs client 19:16 < overflow_sdm_102> i do not understand why? 19:17 < CoolerZ> it works fine if i use ws://hostname/path etc 19:17 < ||cw> wind_swept: isn't a slave zone just one that replicates its master in full? 19:17 < CoolerZ> but if i use wss i get a 404 19:17 < wind_swept> ||cw: yeah, aka a secondary zone in windows dns 19:17 < CoolerZ> the server is on repl.it 19:18 < ||cw> and a stub is just enough to know where to go look up the records 19:18 < CoolerZ> they use a reverse proxy and use the host header in http requests to route requests 19:18 < CoolerZ> it seems when i use wss the request never reaches the server 19:19 < CoolerZ> i am getting the 404 from repl.it's servers 19:19 < CoolerZ> why would this be the case? 19:19 < ||cw> CoolerZ: did you setup the certs? 19:20 < ||cw> wss starts off as https, so you need that configured 19:20 < CoolerZ> no, the way repl.it has it setup, they have a common domain name and wildcard cert 19:20 < ||cw> then you'd need to ask repl.it's support 19:21 < CoolerZ> so you just have to setup a normal http server that communicates with the reverse proxy 19:43 < xdroop> Anyone know what Google's inbound ICMP load is? 19:43 < xdroop> Just curious. 19:52 < Apachez> detha: new version of existing thing 19:52 < Apachez> detha: sad thing is that these crashes doesnt occur in our staging area 19:52 < Apachez> and the "only" difference is the amount of users 19:52 < Apachez> staging area have just a handful while "production" have several more 19:53 < Apachez> so my prime suspect is something related to session and/or network traffic that after several horus bails out and crashes the tomcat 19:54 <+pppingme> how is it "crashing"? 19:54 <+pppingme> xdroop enough that they truncate responses 19:54 < Apachez> as in poff gone 19:54 < Apachez> while other tomcat processes on the same box works without crashing 19:54 < detha> Apachez: memory? see free mem dropping, or swap being used? 19:55 < ||cw> did you try giving it more ram? tomcat loves ram 19:55 < Apachez> so I dunno why this is going mayhem 19:55 < Apachez> I was hoping to start tomcat with some debug option so it can tell me "Your developer sucks, just look at this piece of shit at row X in module Y" 19:55 < Apachez> but it doesnt seem to have such features 19:55 < Apachez> ||cw: I would expect throwing 256 gig at it would be more than enough :P 19:56 < Apachez> my bet is that the devs did something bad 19:56 < detha> there's logs. And you can configure all kinds of logging. But if the jvm coredumps, nothing much it can log 19:56 < Apachez> but it ends up in my lap to resolve 19:56 < Apachez> yeah I would like it to dump stuff just before it crashes sort of speak 19:56 < Apachez> starting tomcat with debug enabled from start will overflow the drives before the crash occurs hours later 19:57 < detha> send the logs to rsyslog elsewhere, with rotation on 10 minutes? 19:59 < Apachez> yeah but then someone must be in front of it 24/7 to stop rotation :P 19:59 < Apachez> or you mean sizerotation? 20:01 < detha> sizerotation would work - once is crashes. it hopefully stops generating logs 20:01 < Apachez> but then I need to set that shit up 20:01 < Apachez> gah 20:01 < Apachez> why cant things just work? 20:02 < Apachez> how hard can it be? ;) 20:37 < xyxxy> i want to run a Nessus on a network using credentials, but my only problem is figuring out what type of 20:37 < xyxxy> credentials I need. Do I need local admin or domain admin? 20:47 < AFITM> What method do you guys use for externally backing up configs? Do you back them up locally and then use internal backup software to get it out to the cloud/backup media or do you have external backup locations that your networking sends to directly? 20:48 < hfp> Hi, I hope this is the right place to ask: how does docker manage to redirect ports on localhost to containers? I can't find how to achieve it with lxc so I'm suspecting some dark magic, I'd like to know which dark magic. Any ideas? 20:50 < detha> hfp: lots of iptables rules 20:52 < detha> AFITM: rancid (or oxidized if you are in hipster mood) to local repo, back up repo as and when required 20:54 < ||cw> same, local git pushed to offsite remote 21:00 < hfp> detha: that's it? nothing else than iptables? I thought you couldn't "catch" localhost packets in iptables because it never hits iptables; it's looped back before 21:00 < detha> it hits iptables on the lo: interface 21:05 < hfp> oh ok, I didn't know 21:11 < Donjuanal> Anyone in here familiar with Cisco's l2vpn xconnect's? 21:16 < JazzyDude> if I get these errors when trying to access a site, can it be inferred that the DNS servers are down? the actual server with the website itself? https://pastebin.com/raw/1tM4NJC8 21:18 < ||cw> JazzyDude: looks that way 21:18 < JazzyDude> ||cw, which one though? the DNS servers or the actual website? 21:18 < ||cw> dns 21:18 < JazzyDude> ok, phew 21:19 < JazzyDude> so I guess that's easier to fix 21:19 < ||cw> dig says ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30864 21:20 < JazzyDude> hmm 21:24 < ||cw> JazzyDude: wait, do it really have the same IP for NS8 and NS9 ? that's bad. like way bad. 21:24 < JazzyDude> o.o how come? 21:24 < JazzyDude> I'm not really a networking expert 21:24 < detha> looks like it. and that server seems to be AWOL 21:25 < JazzyDude> should I be worried? o.o 21:25 < detha> if it's your domain? yes. If not? no. 21:26 < JazzyDude> well, no, it isn't my domain, but it's a site I frequently visit 21:28 < JazzyDude> ||cw, it isn't the same IP though? 21:28 < JazzyDude> the last octet changes 21:28 < JazzyDude> I just checked 21:29 < ||cw> host NS8.FFSHRINE.ORG 21:29 < ||cw> NS8.FFSHRINE.ORG has address 192.99.232.131 21:29 < ||cw> host NS9.FFSHRINE.ORG 21:29 < ||cw> NS9.FFSHRINE.ORG has address 192.99.232.131 21:29 < JazzyDude> hm 21:30 < ||cw> that's likely resolved from the whois registration 21:30 < JazzyDude> I see 21:30 < tds> yeah, I see two identical glue records 21:30 < tds> (for ns8/ns9) 21:30 < JazzyDude> well, that's no good 21:30 < ||cw> also, have you heard about our lord and savior dns.he.net? 21:34 < JazzyDude> when this site comes back, I may talk to the people who run its infrastructure 21:34 < tds> dns is one of the things it's comparatively quite easy to make redundant anyway :/ 21:34 < JazzyDude> and see if they can get different IPs for different nameservers 21:35 < JazzyDude> because if the one machine goes down, like it did now, no website 21:47 < tds> ideally you probably want them on entirely separate networks, I've seen sites go down before when using one company's nameservers which were distributed between DCs but still had all of them down at once 21:47 < JazzyDude> yeah, I see 21:48 < JazzyDude> well, I'm glad it's the nameserver that bit the dust, and not the actual server hosting the website, hopefully 21:53 < coldice> Hello, I don't understand why my host has to go through my router to reach another host, connected to the same switch, no vlan. Any help please? 21:56 < tds> coldice: what does your routing table look like? if you don't have an on-link route for the host, and don't have any other routes which will match, you'll just hit the route via your default gateway 21:57 < tds> an incorrect subnet mask would likely cause the behaviour you're describing 21:57 < ||cw> coldice: same subnet? 21:57 < coldice> Ofc, subnet! 21:57 < coldice> I'll double check, thansk 21:58 < coldice> That was it, thanks tds & ||cw ! 21:59 <+catphish> morning 22:02 < veegee> Hello all 22:03 < veegee> The Unifi Switch 16 XG is out of stock everywhere. Is there anything similar for which I can get cheap fiber SFP+ tranceivers? 22:04 < veegee> Someone recommended the Quanta LB6M, but https://www.fs.com/c/sfp-plus-transceivers-56 doesn't list any of them being compatible with Quanta 22:10 < E1ephant> veegee: https://forums.servethehome.com/index.php?threads/quanta-lb6m-10gbe-discussion.8002/page-11 has a lot of discussion on transciever support 22:10 < veegee> thank you! 22:10 < E1ephant> np 22:15 < veegee> I talked to the FS tech support. They said this module is compatible with the LB6M: https://www.fs.com/products/11589.html 22:16 < veegee> I'll give it a shot. Never done fiber before. This should be fun 22:20 < orbitex> hi there. i am trying to use 3 tp-link routers as wifi extenders (by connecting the internet from my main router to each one via LAN connection) 22:21 < orbitex> My 3 wifi extenders are 2x tp-link w8960n and 1x tp-link w9970 22:22 < orbitex> i am experiencing a problem though, as I successfully manage to setup each one, by disabling DHCP and setting a different IP to each one. 22:23 < orbitex> If I connect only one tplink device to my main router, it works. if i disconnect it and connect another one it also works. but connenting all 3 of them to my main router doesn't work. everything goes wrong if i do that 22:24 < Maarten> Define "everything goes wrong". 22:25 < orbitex> all tries are by trying to connect from my mobile phone to any wifi extender 22:25 < orbitex> it takes soooo long to connect and then i get speeds like 0.05kb/s 22:25 < orbitex> but its a no connection 22:25 < E1ephant> are they on the same channel? 22:26 < Maarten> they may be interfering with each other. Put one on channel 1, one on channel 6, one on channel 11. 22:27 < orbitex> i've set each channel to auto 22:27 < orbitex> ok 22:27 < E1ephant> well don't overlap with your main AP 22:27 < devilspgd> Auto is surprisingly variable from device to device. Some do a great job of dynamically finding an appropriate channel, some just pick a stupid hardcoded choice. 22:28 < Maarten> Also, not all AP's are good at handing over clients to another AP.... since you don't have a central controller, its more or less up to the client to see which signal is the strongest, and with two on the same channel, the client might bounce between the two like a ping pong ball. 22:29 < Maarten> And yeah.... if you have a "main" router with wife, you probably want to do 1, 4, 8, 11 instead to spread them out as best as possible, 22:29 < orbitex> each ssid is different 22:29 < Maarten> wifi* 22:30 < orbitex> the problem is that they are in the same network i suppose 22:30 < E1ephant> is that a problem? 22:31 < orbitex> for me no. but i dont know why this happens 22:31 < E1ephant> it shouldn't be (although why not use the same SSID?) 22:31 <+pppingme> you really shouldn't put neighboring ap's on such close channels 22:31 < ali1234> if you are bridging the wifi and the lan it could be a reflection issue 22:32 < E1ephant> ali1234: please elaborate? 22:32 < orbitex> I dont know how it works, I think that if someone is leaving a place with wifi A and goes to Wifi B place, there will be errors if he gets both signals 22:33 < E1ephant> orbitex: errrr, citation for this bevahiour? 22:33 < orbitex> they called me in a 3 apartment place 22:33 < ali1234> E1ephant: mobile phone sends a packet to the AP. AP bridges it onto the LAN. the other routers see this packet, and because they are bridging too, they spam it back onto wifi 22:34 < ali1234> so wifi traffic gets multiplied by the number of APs you have 22:34 < orbitex> they have a small room with the main router and they needed wifi in every apartment, the previous technician boiught these things, and now i am stuck on trying to make them work 22:34 < orbitex> in any other case I would choose an ubiquity series 22:34 < orbitex> that does what it says it does 22:35 < orbitex> i really need some help though...as i need to get them, fixed by tomorrow. I thought it would be easy, but i am the whole day in front of them, and i think that they cant support this kind of function 22:36 < E1ephant> ali1234: hmmmm, is this an issue though? this is how broadcast should work? 22:36 < ali1234> yeah it probably isn't the problem here 22:36 < E1ephant> interesting pathing, hadn't really considered this before 22:37 < E1ephant> some APs can limit broadcast to mitigate though 22:37 < orbitex> The thing is that i cant manage to connect the three of them and use the internet from any ssid (1 , 2 or 3) 22:37 < orbitex> I also changed all channels as mentioned with no luck. still the same issue 22:37 < ali1234> it gets worse when you have LAN <-> WIFI <-> WIFI <-> LAN "ethernet extender" type bridge 22:38 < E1ephant> yeah I could see some wifi repeates making a huge mess of that 22:38 < ali1234> with that you can end up with packets bouncing essentially forever (or until they timeout) 22:38 < E1ephant> on top of having shitty performance to begin with 22:38 < E1ephant> repeaters even 22:38 < E1ephant> orbitex: I would start just adding one more at a time 22:38 < E1ephant> also observe how mac learning is working from the router 22:38 < orbitex> i got: main router, from the main to erach of the three other routers via lan connection. and then i only want to broadcast via wifi 22:39 < E1ephant> is your client MAC flapping between two APs? 22:39 < orbitex> i tried for hours with only 2 22:39 < ali1234> i would turn off wifi on one of the routers and see if the ethernet ports on it work 22:39 < E1ephant> and it works fine? 22:39 < ali1234> or even better, two of them 22:39 < orbitex> Whenever you connect a second "client" router to the main then the wifi hangs 22:40 < orbitex> i can connect to wifi but i cant use it, it says no connection. is there a solution with the three routers i have? 22:40 < E1ephant> you're using the LAN ports of these "routers" though, eh, not the WAN or UPLINK? 22:40 < E1ephant> eh you need to pinpoint the issue first :) 22:41 < orbitex> ok i will try what you said with wifi and ethernet 22:41 < E1ephant> find out what is causing the slow, but existing trasnfer 22:41 < orbitex> ok 22:41 < ali1234> they probably dont have uplink ports and are just bridging the LAN and wifi 22:46 < Orbi-TeX> even by having only 2 routers connected one with wifi and ethernet and the other with ethernet only, i can see that the ethernet works great but wifi no 22:46 < nchambers> does anyone know where I can find the specification for DIX ethernet frames? 22:47 < E1ephant> nchambers: same thing as an EthernetII frame 22:47 < E1ephant> aka THE ethernet frame everyone uses 22:48 < nchambers> E1ephant: yep. got that already 22:48 < E1ephant> and you're having trouble located the spec for this? 22:48 <+pppingme> nchambers you have access to a linux box? 22:48 < nchambers> pppingme: yep 22:48 < nchambers> E1ephant: yep 22:48 < nchambers> thats why i asked here 22:48 < E1ephant> nchambers: like this? https://en.wikipedia.org/wiki/Ethernet_frame#/media/File:Ethernet_Type_II_Frame_format.svg 22:48 <+pppingme> cat /etc/ethertypes 22:48 < E1ephant> I mean, where all did you look? 22:48 < nchambers> E1ephant: thats hardly a specification 22:48 < orbitex> If someone can solve my problem I can pay for his services 22:49 < orbitex> i need some help 22:49 <+pppingme> nchambers >> cat /etc/ethertypes 22:49 < nchambers> thanks pppingme 22:49 <+pppingme> orbitex we all need help... first step is admitting 22:49 < orbitex> admitting? 22:50 < E1ephant> nchambers: okay then.... 22:50 < nchambers> E1ephant: not sure whats confusing about that 22:50 < nchambers> thanks anyways i guess 22:50 < orbitex> i can admit i neeed mental health 22:51 < ntd> is there a .11 standard for letting STAs know that the AP has a metered uplink? 22:51 < E1ephant> nchambers: seems pretty straight forward 22:51 < nchambers> E1ephant: what values can go into ethertype. how is crc checksum calculated 22:51 < nchambers> the wikipedia article (which yes i did actually read) and that picture don't seem to cover it 22:51 < nchambers> so im not sure why you would think thats a spec 22:52 <+pppingme> describe yoru setup and ask your questions 22:52 < E1ephant> they cite IEEE 802.3 pretty clearly 22:52 < nchambers> if thats the spec i need to read, then point me to that :) 22:52 <+pppingme> orbitex describe yoru setup and ask your questions 22:52 < E1ephant> nchambers: that isn't how IEEE works 22:53 < E1ephant> you need $$$ first 22:53 < nchambers> whatever you say 22:53 < E1ephant> nchambers: http://standards.ieee.org/findstds/standard/802.3-2012.html 22:54 < veegee> Looks like I'll go with the LB6M 22:54 <+pppingme> nchambers I think he's saying ieee stuff is pretty heavily copyright'd, even though its spec, you still have to pay to see 22:54 < veegee> Can't believe there's no reasonable small 10g switch 22:54 < veegee> I'd pay $300 for like an 8 port SFP+ switch 22:54 < nchambers> i get that. im just not sure what they expect me to do with a picture 22:54 < E1ephant> I think pppingme has the right idea, a real source implementation is probably the best free citation 22:54 <+pppingme> veegee by the time people are looking at 10g, its usually backbone stuff, nothing "small" 22:54 < ali1234> what information exactly are you looking for that isn't contained in the picture? 22:54 < veegee> yeah :( 22:55 < E1ephant> nchambers: start specing/reverse engineering? 22:55 < veegee> it's really useful for the home and office though 22:55 < nchambers> ali1234: already asked and answered 22:55 < nchambers> thanks though 22:55 < E1ephant> an octet graph of framing is extremely valuable in my experience 22:55 < ali1234> ah yeah so you did 22:55 < orbitex> can someone point me if I can use multiple tp-link w8960n routers in the same lan network so that i can transmait different wifi? 22:55 <+pppingme> nchambers you might look on safari if you have a sub, I think they have some stuff 22:56 < nchambers> thanks, will do as well 22:56 < ali1234> here's a probably incomplete list of what values go in the ethertype https://en.wikipedia.org/wiki/EtherType 22:56 < veegee> orbitex what are you trying to do? 22:56 < veegee> orbitex sounds like you're trying to set up multiple access points for better coverage? 22:57 < ali1234> apparently it comes from here: http://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml#ieee-802-numbers-1 22:57 < E1ephant> if you want the fixed values, I would refer to IANA directly 22:57 < orbitex> veegee yes 22:57 < E1ephant> yeah 22:57 < E1ephant> use the IANA lists 22:58 < orbitex> i have gone to a 3 apartment building with already new UTP cables in each apartment and they all connect to a 4th small room which is the main router there 22:58 < orbitex> but they had the equipment from a previous technitian, so thats why i am trying with the specific devices 22:59 <+catphish> nchambers: the wikipedia page is pretty thorough https://en.wikipedia.org/wiki/Ethernet_frame 22:59 <+catphish> more than enough info there to build and decode a frame if that's all you need to do 22:59 < ali1234> here's the algorithm for the CRC https://www.xilinx.com/support/documentation/application_notes/xapp209.pdf 22:59 < ali1234> anything else? 22:59 < nchambers> no, thats great. thanks 23:00 < nchambers> catphish: i'm not decoding it. I'm building them 23:00 <+catphish> nchambers: read my message again ;) 23:00 < nchambers> oh yep, sorry just saw the decode part 23:01 <+catphish> nchambers: imo wikipedia is the easiest source on this subject, shout if you have any specific questions, or if you google "ethernet frame format" you will definitely find 10 more explanations of it 23:01 <+catphish> the crc is the only complicated part 23:01 < nchambers> yeah i glanced over the link ali1234 gave me,and looks somewhat complicated 23:01 < nchambers> but i'll tackle that in a bit anyways 23:02 < nchambers> thanks catphish 23:02 <+pppingme> orbitex trying what? 23:02 <+catphish> you can probably find a few crc algorithms around, maybe read https://en.wikipedia.org/wiki/Cyclic_redundancy_check 23:02 <+pppingme> orbitex whats your goal and whats giving you issues? 23:02 < ali1234> you can probably just use some library, after determining it is the same type of CRC... i think there's a few incompatible algorithms out there under the name CRC 23:02 <+catphish> and read https://en.wikipedia.org/wiki/Ethernet_frame#Frame_check_sequence - hopeefully that helps, i've never calculated one manually, usually it's done in hardware 23:03 < ali1234> wireshark probably has the right algorithm for this 23:03 < veegee> orbitex just put your "router" in access point only mode 23:03 < veegee> it'll do exactly what you want 23:03 < orbitex> i have set up the extenders correctly, but when i connect only each one i have a proper connection. if i connect both access poinbts to the main then the wifi connection is very slow at about 0.08kb/s 23:03 < veegee> consumer "routers" are really router + switch + access point 23:04 <+catphish> disable dhcp, use LAN ports, then you just have a switch+AP :) 23:04 < veegee> probably channel interference 23:04 < orbitex> veegee, i dont thing there is that kind of setting. can you check it out? 23:04 < veegee> There is 23:04 < orbitex> i can send you money if you help me 23:04 < veegee> If it doesn't, throw it out 23:05 < ali1234> orbitex: silly question but did you set each AP to a different IP? if you left them all on the default 192.168.0.1 or whatever, that would cause the issue you are seeing 23:05 <+pppingme> orbitex so called "extenders" or "wifi repeaters" are crap and will always slow down the connection 23:05 < veegee> whatever money you would send, just buy a better access point or router instead 23:05 < veegee> they're not expensive 23:07 < veegee> But really I've never seen a consumer "router" not have the option to set it to AP only mode. Also, it doesn't even need to be set in that mode. You can just use it as your own personal router/NAT and set the wifi settings to 5G only (initially, just to test) 23:07 < veegee> and have channel select to auto 23:11 < ali1234> regular channel interference alone would not make the channel run at 80bps 23:12 <+catphish> ali1234: an AP IP conflict shouldn't really matter, but maybe it might 23:12 <+catphish> unless they conflict with a router too, then yeah 23:13 < ali1234> it would severely mess up ARP 23:13 <+catphish> what arp? 23:13 < ali1234> these are consumer routers yeah? 23:13 <+catphish> why would you arp the access point? :) 23:13 < ali1234> because it's a consumer router, you can't NOT ARP it 23:13 < ali1234> it has a built in switch 23:14 <+catphish> oh, i thought we were talking about using them as APs 23:14 < ali1234> using them as APs by turning off DHCP and connecting them all into a "master" switch 23:14 < ali1234> meaning they all still have IPs 23:14 <+catphish> right, in that case their IP doesn't matter 23:14 <+catphish> if it conflicts, meh 23:15 <+catphish> the only problem is it would make it impossible to manage them, but it shouldn't affect their layer2 operation 23:15 <+catphish> unless they also conflict with the default router 23:16 < ali1234> i wouldn't put money on it working like that 23:17 <+catphish> so if your router is on 192.168.1.1, you could have 10 APs on 182.168.0.1 and it would be fine 23:17 < ali1234> not with consumer junk anyway 23:17 <+catphish> it would only be a problem if anything had the same IP as the router 23:17 <+catphish> of course this is messy, and not ideal, but i can't think of any reason it wouldn't work 23:18 < ali1234> ideally you set the main router to have out 192.168.0.* on DHCP and then configure each AP with a 192.168.1.* address 23:18 < ali1234> that way you can still manage them, but they aren't visible to normal clients 23:18 <+catphish> not really 23:19 <+catphish> the correct config would be for them to have IPs on the same subnet as the main subnet, outside the DHCP range 23:19 < ali1234> that is also possible. depends whether you want users to mess with them or not 23:19 <+catphish> having 2 different subnets on the same VLAN is sloppy 23:20 < ||cw> it's also a pain to get to them 23:20 <+catphish> i have my DHCP range set to 10.0.8.11-99 then static stuff is 100+ 23:20 < tds> it ends up getting especially messy if you want to do dhcp or v6 RAs with slaac 23:20 <+catphish> but consumer routers can make things harder, like insisting on doing DHCP on the whole range 23:21 <+catphish> ali1234: changing their IPs really has little impact on the users' ability to mess with them, that's what authentication is for :) 23:23 < Maarten> In my home I have DHCP set to 192.168.2.100-200, everything below 100 is static IP's. 23:25 <+catphish> Maarten: funny how we both have a gap at both ends for no good reason :) 23:27 < ||cw> I like starting mine at 128 23:32 < qman__> Mine is very poorly laid out because more than half the stuff i have now wasn't even thought of when i set it up 23:32 < qman__> I need to re-address but it's such a pain that I've been putting it off for years 23:32 < Maarten> catphish, I had initially reserved a small space for guest wifi only at the end but opted for the same DHCP range instead and just isolating guest IP's to the restrictions of the guest SSID, which is internet only. 23:35 < qman__> I have so many things at this point that I'd have to set up a new subnet side by side and migrate stuff one by one 23:46 < hfp> Ha so that was fun... I changed some settings on my router and somehow there were two dhcp servers on the same network giving out different IPs: the router was handing out 192.168.1.0/24 and the rogue dhcp was handing out 192.168.0.0/24. I know what caused it, but what I don't get is this: the machines plugged into a particular dumb switch were all confused and couldn't reach any host. Other machines on 23:46 < hfp> different switches were fine, and it all fixed itself when I unplugged and replugged the dumb switch. What happened there? The switch is a trendnet 30$ switch, it's not managed. Any idea what confused it and why a power cycle fixed everything? 23:48 < Maarten> hfp, because trendnet :P 23:49 < hfp> Maarten: no but seriously, why? is it a bug in the router's firmware? 23:50 < hfp> I just wasted three hours of my life, I'd like to understand at least :D 23:53 < Maarten> hfp, I gave up long ago understanding why crappy hardware behaves like it does..... ;) 23:54 < hfp> Maarten: so frustrating, I was pulling my hair out, cursing the router etc. I didn't suspect the switch at all because it's dumb and unmanaged so what could possibly go wrong with a dumb device... well 23:55 < hfp> as a side note, which brands are not too shitty for consumer level unmanaged switches? Trendnet sucks, I know now, but is there hope in this segment of the market? 23:55 < purplex88> does SDN provide security for traditional networks or security for sdn networks itself? 23:56 < E1ephant> hfp: traditionally all of them suck, you want at least "prosumer level" ubiquity networks, meraki, fortinet 23:56 < E1ephant> HP gear is well priced 23:56 < Maarten> hfp, netgear switches are quite affordable and pretty good for simple switches. They are managed, but only through their own crappy software. But other than that, if you need a solid performing switch, they are pretty decent. 23:57 < E1ephant> I would not suggest netgear to anyone, but just my two cents 23:58 < hfp> yeah I have a bad taste from that pos 802.11b netgear switch that collapsed when it had more than 300 concurrent connections open (not clients, tcp connections) 23:58 < hfp> sigh, my issue is that I need 3 switches and I dont need them managed, I just need dumb switches without breaking the bank 23:59 < tds> Maarten: what do you mean by "only through their own crappy software"? 23:59 < E1ephant> HP gear is cheap and has a lifetime warranty, dell gear is just cheap 23:59 < hfp> ubiquiti is very nice, I love my wireless AP 23:59 < hfp> E1ephant: thanks I'll look into hp --- Log closed Tue Jul 10 00:00:12 2018