#networking

@rocky badge Ubiquiti routing....hah

@tame carbon I know....

But their switching feature set...

especially layer 3

or how many ports are on one chip for bigger switches

and the models/lineup is lacking

they usually have certain bandwidths between blocks

Most Ubiquiti switches have 8 ports/switch chip

https://i.mt.lv/cdn/product_files/RB4011iGSplusRM_180903.png

@rocky badge so does cisco

yup

there's this one

CCR

@clear igloo F3 line card for nexus has 8 ports to a chip

and they all do line rate

soooooo

Yah

https://i.mt.lv/cdn/product_files/CCR1072-150831130622_150822.png

me want

72 cores lol

@clear igloo I have to do a presentation to....5-15 people 😩

rip

80gbit/s routing lol

Director of IT, Sysadmin, administrators of some schools, attendance, some teachers @clear igloo

tell them to get creston

😂

its not AV/automation thank god

nobody ever got fired for buying creston

we're throwing out our Crestron

Well, not entirely but at least replacing audio and video distribution part of it

I'd love to go Just Add Power for that

@waxen scroll https://blob.rocks/VAEILaXa8t.png https://blob.rocks/fyMOxnPUNg.png

pfSense now redirects any external DNS on the "school VPN" to my internal Pi Hole

So I can block their tracking shit internally

but how are you still accessing stuff then?

nothing internal hosted?

I don't need to access anything internally at school

lmao

the VPN was only used for filtering

and you said its VPN or network doesnt work?

The VPN died one day lol

hopefully vpn isnt used to take attendance

nope

how many people have you shared it with

i would be pissed if i paid for a computer and i can only do school on it

one so far lol

I can't get my school mailbox on my phone, without giving them full control over my device

MDM?

Exchange

Microsoft

cloud bs

it used to be, that you could set up automatic forwarding

but since GDPR, they barred all external communication tools

very common in enterprise, but usually on company devices

they use Dot1X for the wifi and ethernet authorization

a benefit is that you get a publicly routed IP, accessible from anywhere

just have to make sure you set your firewall to public xD

Oh yeah, I don't use outlook for the school email because it wants full control, no thank you. I just use the web app

@peak cloak yea, and that is brilliant. Because my work mail is outlook too

and you cannot be signed into two mailboxes from two different organizations at the same time

and I'm currently doing an internship

a benefit is that you get a publicly routed IP, accessible from anywhere
@tame carbon Wait they are giving a public to each device?

Yea?

https://www.eduroam.org/

this is world wide

most universities have this

Must have been one of the few still holding onto a /8 bought years back but are not under regulation. No, most universities do not have that

Really?

Okay, I guess must be netherlands only then

but I had it in germany too

I can use my credentials anywhere

Yeah, especially for ARIN. You need to provide use cases for blocks. You cannot just buy a /8 and hold onto it. They cracked down on it year back. ARIN would not accept "to provide a public for every device"

Anyone can sign up for a free /64

and maybe a /48 if you ask nicely

Not talking about v6

That's because there's a fuck ton of IPv6

v4 is dated anyways xD

not IPv4

v6 they hand out like candy

Spectrum gives each residential customer a /56

I have two /48s

I dont know why

I dont even need v6 per say

even if you only get a /64, which the smallest you can get

you still have, more address space than you will ever need.

v4 is relatively expensive

I pay 16 euros monthly for a /29

It was designed to never need NAT again. Thats why you will get a public. But I guarantee that when you hit a v4 site they are doing NAT64. Its why I questioned if they give everyone a v4 public

Yeah because of NDP

Thats just the discovery piece

Neighbor discovery

you dont need dhcp, you dont need nat

slaac

yep

Well you still need NAT64 technically. v4 will never phase out

@clear igloo in the two days we've had fiber

We've already used 800GB+

ahahaha

nice

What uplink have you got?

gig/500

http://www.speedtest.net/result/10062142646.png

10ms?

I get 7ms to the cloudflare dns I think

6ms to a non isp owned speedtest server

let me do iperf on serverius directly

https://blob.rocks/KfPheCkrbE.png

👌

iperf not working -.-

https://i.imgur.com/r2B57PZ.png

@rocky badge you have a lot of jitter on your line

lol

crystal@watserv:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=7.61 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=7.56 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=7.85 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=7.86 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=59 time=7.83 ms
64 bytes from 1.1.1.1: icmp_seq=6 ttl=59 time=8.12 ms
64 bytes from 1.1.1.1: icmp_seq=7 ttl=59 time=7.86 ms
64 bytes from 1.1.1.1: icmp_seq=8 ttl=59 time=7.78 ms
64 bytes from 1.1.1.1: icmp_seq=9 ttl=59 time=7.53 ms
64 bytes from 1.1.1.1: icmp_seq=10 ttl=59 time=7.70 ms
64 bytes from 1.1.1.1: icmp_seq=11 ttl=59 time=7.71 ms
64 bytes from 1.1.1.1: icmp_seq=12 ttl=59 time=7.44 ms
64 bytes from 1.1.1.1: icmp_seq=13 ttl=59 time=7.68 ms
64 bytes from 1.1.1.1: icmp_seq=14 ttl=59 time=7.45 ms
64 bytes from 1.1.1.1: icmp_seq=15 ttl=59 time=7.47 ms
64 bytes from 1.1.1.1: icmp_seq=16 ttl=59 time=7.84 ms
--- 1.1.1.1 ping statistics ---
16 packets transmitted, 16 received, 0% packet loss, time 15025ms
rtt min/avg/max/mdev = 7.436/7.705/8.120/0.183 ms

@rocky badge the ISP that runs the network at my dad's camping place is horrid lol

https://blob.rocks/SKUcWZobGc.png

wifi lmao

they have around 20% packet loss on their point2point

and isp says "its all fine, we cant do any better"

lol

meanwhile

they charge per GB

it was either that, or isdn

Municipality is reworking the sewage systems, and are planning on digging a 2.5km trench

so we managed to contract an ISP to lay a fiber at the same time

and the idea is to set up our own public wifi service

Spectrum enterprise owns the fiber for school

ENA is the IP transit

have you ever seen how they do peering in South africa?

We only have one long distance fiber line that we own, IT office -> high school main campus

yeah

their way of open peering for all

is inspiring

lol this speedtest server is shit

first time I did speedtest on a linode

I couldn't get conclusive results

cus all the testservers were trash

https://blob.rocks/k8HXWjpWWA.png

and its to a speedtest server hosted by a company which my ISP peers with

insane

considering

270/500

fiber optic wavelengths come in pairs of up to 96

So it got my full upload but not my gig down on this server lol

probably some stupid peering agreement they ahve

or

overloaded network

we have several 48 strand fibers coming into the MDF at school

:o

Maybe, I can get the full gig to another speedtest server

There's one thing I've yet to get around to setting up

I want to expose my network services that I host privately, not through my public IP

Each IDF has at least 6 strands going back the MDF

I was thinking about maybe using a forward gateway/proxy on a cloud somewhere

and just tunnel it back home

maybe something that is close to the amsterdam exchange or peers with my isp

they are a corporate ISP with a datacenter too, perhaps they offer x-connects to a box

better run smoke ping to find out how many problems you have

I sometimes smoke my IP for months for the heck of it

So.. Ubiquiti EdgeRouter 10X and a EdgeSwitch 10X or may i want to look for something else? My choice for Ubiquiti is for easy to use and ok prices.
Home use, home network. 1gig LAN, 200Mbit WAN, No SFP for now. Vlan and VPN support are required, 10-16 port switch in one or two separate smaller.
some kind of wireless AP to work with those, maybe Ubiquiti UniFI AC AP?
No 19" rack are needed. Bench models.

I hope i made myself somewhat understandable.

Any reason for the ER10X?

For 200Mbps ER-X, ER-Lite should be fine

Using the default ISP included router for now but i want to change that out. Technicolor TG799vac Xtream

Pretty locked..

Want EdgeMAX?

EdgeMAX is fine and USG is fine for that purpose

@tepid trail ER-X can do gigabit

just make sure you enable hardware offloading

if you want something cheaper for wifi I like the TP-Link Omada series

So my suggested choice can work well for my need then? I have looked into Netgear also but.. cant find any similiar products there for about the same price. Less customizable also.

EdgeRouter X SFP and a EdgeSwitch 10X SFP could also be a winner.

I hope they will do 1gig on WAN for future ISP upgrade?

look at mikrotik, edgerouter's are not really supported anymore that much. Ubiquity is doing upgrades to it's UNMS lineup

@tepid trail It's one gigabit routing, there is no dedicated WAN port

ah, okey..

you can have two ISP's if you want

Edge is still supported, but not much new hardware

UniFi security lineup basically dead now for UbiOS devices (UDM(P)/UXG)

yeah it's supported, the web interface sucks and there are no foreseeable updates in the works afaik

UNMS lineup (UNMS Router and UNMS Switch) are the new "Edge"/ISP/Operator routers/switches

yeah UNMS not UniFi, I mixed my words

Maybe i want to look into that then?

I'm personally not a fan on UNMS

It's more of a prosumer thing

Hmm...

I like more enterprise devices that way I can learn, also you can find many second-hand enterprise devices

I was recommended the EdgeRouter by a friend that works with CISCO systems.

That was hes suggestion

I mean, edgerouter is more enterprise-like than UNMS

It's really up to you

yeah, i know.. 🙂

cisco's view towards serious security is laughable

Dont want to buy something that i need to replace if i want to upgrade ISP connection speed in the future. For LAN i can always invest in 2.5 or 10gig used switch or such but. No need for that now. Im good as long as the Edgerouter can handle up to 1gig. Might be a good start at least. With the Edgerouter 10X.

Ubiquity UNMS is like the apple of the networking world, if you want it to just work, but you'll pay the price

@tepid trail https://mikrotik.com/product/rb4011igs_rm

I have this at home, it does routing up to around 10gbit/s

if you have a small 10G switch, and your isp uses vlans

Thank you for the tip

for 200 bucks, that's not that bad really

you can set up a really small but powerful network

There's another RB4011 with wifi

but cmon, its a core router

not a toy

https://mikrotik.com/product/crs305_1g_4s_in

This is a datacenter grade 10G switch lol

it has reduntant powersupplies

I think the RB4011 does too

https://i.imgur.com/Yb4QZqq.png

and it supports up to 57V

which is common in underground tunnels

and service boxes along the road

thats all low voltage DC

i really like the specs on RB4011iGS+RM

I wouldn't say 4011 is a core router. Powerful but not really a core

Its their flagship desktop router

looks like a good home router

https://mikrotik.com/product/CCR1009-7G-1C-1Splus

Once you go up in specs, price goes up a lot

https://i.imgur.com/sQkQXfP.png

but this is an older model I believe

the newer ones have RJ45 console ports

i like that the RB4011iGS+RM has 10gig SFP port for future expansion for LAN

vlans are an amazing tool

you can do port mappings, so the device you connect to it, doesnt see the vlan

yeah, isolate..

I was thinking of getting a mikrotik router / switch eventually. RouterOS looks pretty dated but powerful. The web demo is nice: http://demo.mt.lv

but look

if you want to run a small enterprise

https://mikrotik.com/product/CCR1072-1G-8Splus

get this one

72 core cpu...

you can become an ISP with those

8x 10gbit

and the horsepowers to do 80gbit/s routing

120 million packets/s

i guess the price isnt fun though..

3k

USD

equivalent in cisco

is around 4500 starting

mikrotik is really well positioned in the low to mid tier

asus and tplink, netgear can all go suck it

they dont maintain their software

and their web UIs are a piece of garbage

lacks a tonn of features

too bad about I didn't know about microtik before

yeah this was a discovery for me too

TP Link's Omada AP's are real nice for the price though

the learning curve is steep

but once you get how it all works

since the UI is just a layer around the console

exporting config = a big list of console commands

but its all linux based

yeah, I use the config tree now anyways

https://i.imgur.com/oyOxOpq.png

that tiny RB750 is only 100mbit

but it handles ipcam traffic

@peak cloak if you are looking for an affordable router

https://mikrotik.com/product/hap_ac2

This is quite a decent one

i tried the WebFig demo.. looks good. A lot of features

the wifi antenna isnt the strongest one on the market, but the signal is very stable

@tepid trail there's a native client

works on linux and windows

@tame carbon I was looking at something a bit better, I already have a ER-X and have an AP and switch already

and if all fails, the machine is unresponsive

you can always connect to port 1

and use the MAC address to connect to it, no IP needed

@peak cloak aha..

@peak cloak as good as the RB4011, better or inbetween?

right now I'm looking to buy a server/network rack and a server for the homelab

Mikrotik it is then

@tame carbon inbetween

it has a smaller brother, an RB2011

Mikrotik is prosumer and heavily used in the WISP world. You can serve a small ISP with that router but its missing to many features to make it viable more than ~1000 customers. Referring to the CCR that is

@hollow marlin yeah its in the low to mid tier range

once you go above

looks more pro than consumer compared to UNMS though

You can set up a public wifi hotspot with a CCR1072

Thats where prosumer comes from.

and a bunch of small APs

I might order one..

use CAPsMAN to manage them as one giant roaming network

what have you done!?

so the thing that makes unify "good" that it makes a seamless wifi experience

mikrotik can do that too

lol mikrotik wireless

was thinking mikrotik, typed meraki

I plan on staying on the Omada line, already have them, already have the controller set up

I have two hAP AC2s at home and with Capsman roaming isn't as seamless but that is the only downside I see

I have an old Cisco ADSL modem lying around somewhere

for something like that, I'd go unifi tbh lol

never know

it has 4 lines

and can act as DSLAM

if we ever get nuked into stone age

Local ISP is using lots of unifi for public hotspots

They have over 200 APs deployed around the county last time I heard

all those taxes

xD

We have moved that to our ONTs. Built in wireless is on par with Ubi

good labor is hard to find

Mainly installed at businesses with the local ISP

Each guest is rate limited to 20/20

@hollow marlin what ONTs?

Calix 800/gigcenters

is there any other high end networking appliance manufacturer besides cisco?

Yes, Juniper

and I did confirm the ont is a calix 700 series

idk the model

We are 80% Juniper now

omg

options.

If its in the housing it'll most likely be a 717 or 727. In house are typically 716s or the rare 700 that has more a home router housing

https://i.imgur.com/cO0BkmZ.png

See this is something mtik doesnt do

modularization

Thats the baby

its outside

yeah in the housing

We have 7 MX10003s for our core/edge

That's an MX5

there's an inverted torx iirc

we probably have something to open it but I'm lazy

pfft. wat

Yeah you need the camber tool with the key to open it

2.4tb

wat

https://i.imgur.com/OPpswUf.png

monster

@hollow marlin oof

is that qsfp+?

Yeppers. Not bad in price either. $100k each

wait, so what would open it then? lol

24 100GbE interfaces in a single chassis.

@peak cloak you think i should skip the edgerouter then and order a mikrotik router instead?

I wish I could ask them to install inside lol

but 24x 100GbE

you can run an entire warehouse full of server racks with that

190 euro inc vat etc.. here in sweden.. and 100 euro for the SFP module

@rocky badge https://www.amazon.com/Bondhus-48386-Tamper-Resistant-L-Wrenches/dp/B002K361PI/ref=sr_1_7?dchild=1&keywords=hex+key+with+hole&qid=1599779391&sr=8-7

waitt

WAIT

ooh ok

I think we have some of those then

what kind of sfp+ modules are you using?

@tepid trail

@tepid trail yeah if you have the budget

FS.com for all SFP...15-30 each

or even if you don't the smaller models are nice too

yeah I go there too

not sure how you can pay 100 for sfp modules

that sounds overpriced

Mikrotik S+31DLC10D

dont get the mtik ones

@tepid trail you should get fiber xD

its cheaper

i have fiber connection.. but its converted to RJ-45

yeah with a 20 dollar media converter

i just buy these

https://www.ebay.com/itm/SFP-10G-SR-V03-Original-CISCO-10-2415-03-850nm-10GBASE-SR-SFP-Multi-mode-Module/174074786600

those are irrelevant

depends on what kind of fiber you're handed

more than 1G?

if its gpon, you can't go directly into a router unless it can convert gpon to ethernet

gpon is.. rare

gpon is common

the only fiber service we have is FiOS, but's it's GPON

very common

GPON is very common

NGPON is slowly moving in though

99% of fiber residential services are gpon

not seen that here... but ok

bet

it sound nice that i can VLAN the SFP port to use as a "WAN-port"

We are about 50/50 AE/GPON

and depending on your isp

they may require their hardware for network authentication

or at least monitoring

@tepid trail how fast is your uplink though?

that is really future proofed then.. but not for the LAN-side..

more than 1G?

@hollow marlin Local ISP just pulled my Cat6 from the ONT to my pfSense lol

dont know what makes and models the routers and switches are but my router sees 1gig.

so at least 1gig

they asked how much do you want extra

the box please

and just crimped the ends for me

handed me the ethernet, got an ip instantly lol

nice

@rocky badge Uh why. We mandate it go to a patch panel unless the customer wants to make the run.

I was on phone and had a service rep that actually knew what the fuck he was talking about

I can always cut off the end and go through my patch panel

im not experienced, im learning from you.

I don't even have a patch panel...

They gave me plenty of slack

@tepid trail if you only need gigabit ethernet

then you shouldn't sacrifice your single 10G port for that

first step is to get a rack

use a regular 1G port for your wan

My old modem went through my patch panel but I didn't really bother with them

you won't need more than 1G anytime soon

And once you need more than 1 >1G devices

I mean WAN wise

You can introduce a switch

and just offhand vlans through that

ok, but.. if i want to upgrade LAN to 2.5 or 10gig in the future? add a 10gig switch and connect it with the mikrotik router or what?

yeah

and use vlans

i appologise for my definitons... WAN....etc etc..

don't bother with 2.5G

just get 10G

@tepid trail https://www.fs.com/products/11552.html

The DAC goes to my 10gig switch, RJ45 from the ONT

@tepid trail your ISP should give you a way to just get ethernet (copper)

those modules I just linked, those are for if you wish to use that SFP+ port on the RB4011 for 10Gbit LAN

@peak cloak True. I was surprised when I redesigned a a county and looking at average/peaks most typically sat around 25mbps and peaks of 120. Gig really is overkill at the moment for the average user

my NAS is on 10G

for LAN, why not?

just the 'backbone' part

@rocky badge sick

Fiber to my PC, Cat6 to my switch

Because that's a 22m run

fiber to the desktop

multimode?

its blue

Yes

Speaking of fiber, what's the difference between single vs multimode

SM only Blob. MM is dead

it was cheaper

Lol

Never used it, but I got a fiber media adapter for free

meh, FS says otherwise lol

¯_(ツ)_/¯

@tepid trail 18 bucks for a multimode transceiver, you need two. And then you need some duplex multimode fibers with lc connectors spliced onto it

30 meters costs, 5-10 bucks

https://blob.rocks/9On5QGOnID.png

they do custom orders

@rocky badge I like how they market the fiber as 10G

even though its layer 1

well, 0 even

OM3 spec is for 10/40 iirc

so within spec :P

Yeah, really like the 4011. Good price. I really cant find a comparable with the netgear, dlink and all those.. pretty locked up also featurewise.

that's because its mikrotik

have run with routeros

lmao

@tepid trail just a tip if you go on this journey. Do not follow advice on the mikrotik forums

Use the wiki

rather follow you guys

@peak cloak Single mode vs Multimode is based on the fiber quality and dimensions. SM has a smaller core for greater distances and cleaner glass. MM has two forms of dia which have greater loss but can be used with LED optics instead, which was cheaper but now its not even worth bothering about

no, but google searches for mtik lead there

does it have a loud fan?

its passively cooled

good

its a quadcore arm chip

like your phone

@hollow marlin so go SM if I ever buy fiber?

MM is fine for home use

¯_(ツ)_/¯

so pFsense... no go?

@tepid trail port 10 has PoE

pfSense is fine

less buck for your bang

more power draw

@peak cloak I would. But I am biased

*depends on your hardware

i had that in thought

HIGHLY depends on your hardware

lets be real, its a budget option

with old hardware usually

you can get netgate appliances

netgear?

nope

netgate

the people who make pfsense

Basic Traffic (Primarily Data Download): iPerf3 traffic is TCP - 1460 byte payload and TCP framing.
Complex Traffic (Voice, Data, Video): Simple IMIX traffic is sets of 7 (40) byte packets, (4) 576 byte packets, 1 (1500) byte packets, plus Ethernet framing overhead.

ok, but i was thinking of building my own

@rocky badge https://i.imgur.com/iSU14mc.png

cool

Those pfsense boxes dont even scratch the surface

probably because the price? :P

600??

are you kidding me

because it's not mikrotik

that mtik is 200

PfSense is nice but dedicated router hardware is so much better: dedicated chips, etc.

it doesnt even have a propper ipsec chip

the mtik can do 2gbit/s ipsec encryption

and yet does he need that?

no

we're comparing two routers here

equal playing field

Does he want to deal with RotuerOS? Probably not

i love this stuff, i want to learn

if he was looking at UniFi & EdgeOS, he probably doesn't want RouterOS

the intial setup, can be done with quickset

after that, you can make a backup

and play to your hearts content

"he" in your discussion is that person me?

Yes

@tepid trail how comfortable are you with networking?

Edgerouter and all that was just a suggestion based on my friend

thats one thing.. yeah

like prior experience

you do need to know how IP works

because if you're coming from whatever you had before, netgear? or some other locked down router, RouterOS isn't friendly

RouterOS is very... hands on

UniFi, EdgeOS, and pfSense are a lot friendlier

you need to configure everything

but the tutorials they have on their wiki

usually work out

While that's fine for some, not everyone wants that

So like Arch Linux vs Mac

https://blob.rocks/aebg3iAR7Q.png

https://i.imgur.com/UBWs1UI.png

xD

I'd put pfSense between UniFi and EdgeOS

UniFi is 100% GUI and basic (on older models) JSON config, pfSense is mostly GUI but configurable via CLI and files, EdgeOS you probably want to stick with mostly CLI with GUI to do basic stuff

edgeOS

yup

not experienced but im willing to learn.. did networking in school, also dipped in CISCO CCNA but didnt finish it. So i know what its about but not detailed.

usually you don't need to go to CLI, just do stuff in config tree

😩 I hate the config free lmao

i like that i can configure mostly everything manually how i like it to work.

so you want a firewall rule?

good luck

https://i.imgur.com/4qcPMC9.png

You can do any of that on pfSense/EdgeOS

pfSense has a setup wizard for getting basic WAN/LAN, EdgeOS has some setup configs for WAN/LAN, dual WAN/LAN, dual LAN/WAN, fail over, switch etc

from there, its customizable

port forwarding is relatively easy for mikrotik

https://i.imgur.com/bkmnmM7.png

you do it once, then you just copy the profile

and change ports

You don't have to do either from either products

They will prompt you with it on first login, but you can dismiss it

pfSense comes configured out of the box to route and NAT with your WAN and LAN ports defined in the first setup on the console

so does a mtik ;)

port 1 is WAN

and its all bridged together

But additional interfaces, VLANs, VPNs, additional firewall rules, etc you do by yourself

on 192.168.88.0/24

pfSense it asks which iface is your WAN and which is your primary LAN in the console

sounds good

and a srcnat configured on the outgoing interface

thats all you need

each is then configured as an OPT interface

https://blob.rocks/cG9TZj2Dqa.png

@rocky badge you mean like this?>

@tame carbon looks like your GUI is old, the new one in the web demo looks nicer

@peak cloak thats the desktop client

ah

there's a webclient too

lol

but desktop client is nicer

https://blob.rocks/JC4hM9qA1W.png

cus you can drop files into it

yeah

I like pfSense because I can just install whatever freeBSD package I want

https://i.imgur.com/d9DbiLL.png

because the ntopng package it ships with is 3.x, so I can just install 4

sorry had to repost

because I doxxed

myself

yeah don't do that

theres pros and cons with everything 🙂

mtik taught me a lot more about networking

I never used pfsense

i understand

pfSense is for my "production" side lol

better to learn with the manual setup

I run a mix for lab

So I don't play around with that pfSense box much

my isp gave me a guide for how to set up the IPTV on a Draytek router, they had nothing else

but the screenshots they provided, were so bad, cus DrayTek was super vague about what was configured when you [x] this box

ew IPTV from ISP

I dont use it

someone wanted it

oof RouterOS isn't open source

I have a 2nd vlan, for that signal, and two subnets, one for streaming over IGMP multicast, and the other is the catalog server/network

But then getting IGMP and multicast to work, took me an entire weekend to figure out

@tame carbon that client gui looks good

a whole weekend

I threw myself off the deepend

did bunch of research ahead of time

bought all the hardware

and then just.. started

4 cups or coffee to be ready 🙂

of

I have to admit

I do this stuff while stoned

https://wiki.archlinux.org/index.php/Avahi

👌

for mdns ezpz, igmp is handled by the igmp pd

upnp is from miniupnpd

dhcpd for dhcp, unbound for dns

there's a multicast package you can add to mtik

for igmp

dhcp is in there

upnp is a backdoor for trojans

I like it because its mainly using open source packages for these services

So the config is the same as it is on any linux system

this just happens to be running freebsd

honestly, for these ready to use solutions

there's little to complain if its bsd or linux

https://wiki.archlinux.org/index.php/Dhcpd

they do equally well

@rocky badge I just go to my dhcp leases, click on the user's current session. click on "Make Static"

and then change the IP if you want and hit save

I use 10 min leases

https://blob.rocks/642hAXbnQO.png

same

https://blob.rocks/3fsyGah8lM.png https://blob.rocks/GPugyu6KeI.png

All of these are DHCP static

Just for Infra and VMs though, there's other static IPs on other VLANs

I dont have that much on here yet

https://i.imgur.com/MIutkHx.png

I started in november last year

with minor prior experience xD

I knew how to do udp flooding with code

and how tcp/ip basics worked

I nuked everything a couple of years ago iirc, then I nuked the network a year ago

So AD and infrastructure like that is < 2 years old

network is < 1

So this revision I started when I was 14

boy do you have a lot of stuff

Yeah I'm 25 now, only got into networking 2 years ago xD

I've been coding since 15

https://blob.rocks/UcY19hmGkr.png

IoT I could care less what IP it has

I just keep track of their MAC

the need to run a server, learn networking; grew out of my need to deploy my own developed software on-premise

linux was part of that too

I honestly forgot how I started

Just started messing around with the default router settings

I started with a pi b+, installed nginx on that sucker

I developed half a dozen plugins for minecraft xD

and still manage a big gaming network these days

but thats all cloud

then started with php, played around with python then now node

Then I got a optiplex 3010 which I use to this day

@rocky badge things like proxying, shared state and middleware really came into play

I'm loving node though https://blob.rocks/E8gtGHAYDO.png

not just running an sql server, but using redis alongside

I'm planning on selling it though in order to fund a HP DL380 G8 server

nice

for minecraft

my next project is for 2000+ users

across multiple AZs on AWS

node is nice

@rocky badge you know what would be epic? the ability to define factoids as small fragements of code

gotta get funding though :^) so I'm creating a presentation right now

that you can query with the bot as a command

I ran a bot for myself that would take attendance for me for online school using node and puppet

and then build small amounts of sandboxed js into those storeable statements

and then introduce the unix pipe to that

https://blob.rocks/paugt4h7Si.png

xD

https://blob.rocks/gpiWTQJ8PV.png

@rocky badge dont do UPNP

its bad

¯_(ツ)_/¯

Having worked on java for many years, going back to php was a nightmare

@rocky badge what are you using to share the pictures?

I cant even begin to list all the things wrong with the language & ecosystem

I see it's on your domain

Xbox shit complains without UPnP and other shit, and I haven't had any issues

@peak cloak ShareX to upload, GCS Storage to store them

I bet sharex to ftp

oh

Might to move on prem MinIO S3

ew ftp

Can't you open a static port to the XBox so upnp is disabled?

https://min.io/

Never had anything that required UPNPN

I can, but that's a lot of work just for gaming lmao

@peak cloak xbox live just uses a port range

if you forward those to your console you are good

yep

yeah, that's what I thought

yup, you don't have to have every port, or every ip lol

Right now it's limited to my home VLAN only

I turn it on sometimes to see if it fixes a game not working

Mikrotik where have you been all my life?

and then just use torch (packet sniffing tool in mikrotik) to figure out what ports are being used

thank you for the suggesstion!

@peak cloak https://blob.rocks/Ry1w1Bdi2C.png

I AM not dealing with passwords

yeah, SSO was my thinking too for that.

https://blob.rocks/IS3AsMLhSC.png

User passwords are a nightmare

they are!

@rocky badge one thing I still have to figure out on mtik that will cost me probably another weekend. Is building a customized landing page for a captive portal and account generator script using the API

lol

its possible

you can upload styles and html

https://github.com/RyoisMC/unifi-vaporwave-captive-portal

@tame carbon well invested time i guess

And that's why I like UniFi

xD

you can do that with Omada easily

I can point it to an external captive portal and the captive portal calls back UniFi API

@tepid trail my dad wanted to sell his own wifi passes as his camping grounds in germany

to allow the guest

since we are setting up a big wifi network

might as well, see if i can automate that

https://community.ui.com/stories/Unifi-Raspberry-Label-printer-with-touchscreen-Campsite/9aa77bd9-3e79-48d0-88e5-3416a5307e92

so that the office in the front, where people come in to checkin and pay

so this

https://youtu.be/23y2rxoWPfo

they can just use this tool of mine to print a piece of A4 paper with their login & instructions on how to connect

@tame carbon ah, cool!

user taps on screen, prints ticket, user logs in with the voucher

basicly

yep

because UniFi has this natively built in :^)

Payment, RADIUS, Facebook, Google, WeChat as well

this is maybe 100 lines of code

wow

or your own external captive portal with their API

but that is quite crazy yeah

i really like that!

that's real nice ngl

didnt know they support that

@rocky badge is there a simplified backoffice view? for say, just the vouchers?

Yes

UniFi hotspot manager

but not the rest of the network settings right?

yup

kk

Might just consider

using mtik as a backbone for the p2p (cus we cant put cables everywhere)

using some antennas

and then just using unify xD

airFiber/airMAX is nice

and Ubiquiti Link is super easy to plan it

We use nanostations for p2p between press box and sidelines at the stadium

https://mikrotik.com/product/RBSXTG-2HnDr2-168

I've used these things before

https://www.ui.com/airfiber/airfiber5/

We have a pair of these between IT office and main campus for failover

cheap as well

how much for a pair?

$2000

@tame carbon so... for WinBox, no MacOS client? need to use like a VM for that then?

kek

1.2Gbps, low latency

license free 5ghz band

the ones I linked are $80

and do 300Mbit

can they do 1.2Gbps over 253m

but. there's a 5GHz model

@tepid trail do you have brew?

@tame carbon yes!

and $2000 is cheap lol

brew cask install nrlquaker-winbox

Especially when our private fiber line that only does 10 gig was $30k to install

@tame carbon ah, cool.. didnt know that there was a package for that.

winbox on linux runs in wine

xD

many many years since i tried Wine..

10Gbps between schools (14 of them) is $630k/year as well, but that's because p2p would be stupid for that

never notice it though

the p2p link is only for failover

@rocky badge get the misbehaving students to dig a trench

So shit can migrate off a server if they needed to, and fast

it'll use 10gbps line and 1gbps line

and distribute between the schools

or do open air laser

xD

who needs a fiber

hehe

Since all of the hypervisors are managed and orchestrated with vCenter

so if a host goes down, its moved over to another host

Even across sites

cough

vmware

So the 10Gbps between sites comes in handy, as well as to not bottleneck the 4Gbps WAN

I moved away from that

VMware is fine

and I am glad I did

Enterprise support, educational pricing

@rocky badge I was scarred trying to run esxi customerizer on the only windows 7 vm I had

had to install newer version of powershell

to get the package manager to work

3 extra packages from ms website

vCenter Image Builder

then needed another powershell extension

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-48AC6D6A-B936-4585-8720-A1F344E366F9.html

inject VIBs and packages into ESXi

hm

this was with esxi 6.5

needed some drivers

for the raid controller

took me 2 hours

and everytime it failed

it had to redownload the entire package

lol

line wasnt the best xD

PowerCLI

thats what it was called

I needed that

but there was like 7 steps before, to get that working

7 Pre-steps before the 7 steps hehe

yeah thats the typical windows bs

@rocky badge proxmox is also nice if you run more than 1 host

I run KVM/QEMU here at home

I run proxmox at home

It's nice

I used to lol

or

you go full maniac

I customized my vcetner login lol https://blob.rocks/OOEergceM9.png

and you manage all your bare metal machines over IPMI using Ansible

https://www.ansible.com/

My friend is using MaaS to deploy CentOS for oVirt

ansible is kinda insane

@rocky badge I was looking at that logo in the login and it looked awfully familiar, it's the r/homelab logo, lol

yup

you can completely configure multi-virtual machine constructs with configured software and settings

and then you can just hit

{Create new}

@peak cloak its just a css file lol

and it does it for you

I used this at my previous workplace briefly

looks good

they set up a CI/CD pipeline for 52 customer environments

https://blob.rocks/bmBAfL3q12.png

playing around with XOA right now

vsphere is still my main though https://blob.rocks/O2xD3Nrfqr.png

"Before you work on any MikroTik equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. "
Burning the house down?

I mean

worst case?

I hope you have an argon based fire solution

https://www.britanniafiretech.co.uk/wp-content/uploads/2013/11/IG55-Argonite-Fire-Suppression-710.jpg

What are people's opinion on wake on lan?

some critical infrastructure

uses inert gas to douse flames

hehe, have none of that system 🙂

@rapid sorrel its bloody hillarious if people have it enabled

esp in big office buildings

Ive seen them in datacenters

datacenters often use IPMI to do that stuff

I'm mostly looking to use it for home remote useage when I am out of home.

https://upload.wikimedia.org/wikipedia/commons/f/f2/IPMI-Block-Diagram.png

@rapid sorrel wake on lan only works on same subnet

Port forwarding doesn't fix that?

@rapid sorrel My friend has a raspberry that runs in his computer sort of iDRAC or iLO and he has a web app that can manage his computer

My solution for that was to actually make python send WOL

So then I'd have a protected web endpoint

yeah you need some device on your local network

which I could trigger and it would send a WOL packet

or if you do not have Wake on Lan

get an arduino

@peak cloak I was looking at doing that with a esp8266.

and wire up the pwr-sw on your motherboard

and write a tiny C webserver

Alright, that is what I will do then, thanks.

I had a project where an arduino would run a webserver to activate a relay to turn on power outlets

nice!

I did something similair but on a pi

and arduinos too slow in some situations

I've developed on the stm32 before

i have a spra RPI laying around

https://www.st.com/content/ccc/fragment/product_related/class_information/class_level_diagram/group0/c7/8f/0b/3c/5f/f0/43/04/stm32_cl1734/files/stm32_cl1734.png/_jcr_content/translations/en.stm32_cl1734.png

oof

RIP blob when his moms PC gets an encryptor, uses WOL to wake other PCs in the house and goes to town

https://i.imgur.com/4m9bRC1.png

@waxen scroll lol

my mom's PC is in my domain 😂

I need to buy a raspberry pi for myself

the pi 4 is amazing compared to the 3b+

they finally have a dedicated bus for the network controller

on the pi 3, the network controller was attached to the usb hub

that sucks

so if you wanted to use it as a NAS, you had a major bottle neck

yep

doesn't it also support PoE with a hat?

https://miro.medium.com/max/660/1*7TqVFWqvE12sDsRtAIUhjA.png

It does yeah

look at this ^ xD

basically gigabit

real world applications will be slower, since your cpu would have disk IO wait too

300mbit/s is what you'll see in file transfer at the most

the pi 3

50mbit/s

does it have one or two RJ45?

single one

the pi 4

ah, otherwise load balance

https://miro.medium.com/max/770/1*UMJq5Nejc4XZ_hd9Dt_owA.png

it has two USB 2.0

and two USB 3.0

gigabit ethernet

dual hdmi out

with 4k support xD

https://miro.medium.com/max/660/1*y6QIxbH291s5HR0tFlysDA.png

can the usb 3 be used for a usb nic? i guess the cpu still will be the bottleneck

the cpu is generally fine

you're looking more at bus speeds here

ah, ok

there's limited bandwidth to the different hardware

https://miro.medium.com/max/660/1*77m8L2cbaL9Hdt2EYjeP2Q.png

but look at this

compare the memory bandwidth

with older models

this is why the pi 4 comes in 1, 2 and 4 GB models

I think there's even an 8GB one now

yeah, it goes for 55 bucks on amazon nevermind that's the 4gb

btw

they went from LPDDR2 to LPDDR4 xD

https://miro.medium.com/max/660/1*KePaNTl4cucqk5fxiPIdoQ.png

and the GPIO has been beefed up insanely

dear santa

50KHz?!

my favorite pi is still

https://www.raspberrypi.org/homepage-9df4b/static/f1b491c6832ffdde67ef3f34a702bc00/ae23f/72a529ca180136e5ab43dcf1547253238e273b8b_pi-zero-w-tilt-1-1620x1080.jpg

This one

ah, the nano

Zero

yeah

it has 1 usb port, hdmi out, 1 core, 512M ram

a couple of them in a cluster then maybe

Love my Pi4. Running Zabbix, Grafana and Pihole. CPU is barely touched

Zabbix :)

Grafana is cool too

I have that in combination with influx

I used that to collect metrics on the solar panels

before i moved

im gonna head to bed

its 2:30

I was just looking for a basic dashboard for home network. Wanted some other features but didn't want to learn influx. I don't tinker much after work anymore because I like a separation from it

I have to get up at 8am

looks cool!

never heard of them

data ingest for that solar stuff

was just a bash oneliner with curl

and I also collected data from the electric meter, through a serial port

again, with bash and curl xD

will it be good for collecting wheater data?

influx is for timeseries data

database where your primary index is time

sql?

sql is relational data

but queries in influx look similair to sql somewhat

https://play.grafana.org/

ah..

This is what you can use influx for

as a database

https://play.grafana.org/d/000000110/business-metrics?orgId=1

thigns like this

i like the interface

you can customize everything

looks good

but if you have a lot of sensor data

or metrics

you can just push them to the influxdb

and then query for datasets

influx can also do things

like calculate a rolling average

over a dataset

but I am going offn ow

bai

bye! i should go to bed too

same timezone

@rocky badge do you have a color screen TI-84?

How can I reach a VM's IP address if it's configured like this?

Home > OpenVPN net > Esxi VM > Nested VM with bridged IP in same network as Esxi VM

I tried pinging and it's not doing arp or the esxi VM isn't passing down my request to the nested VM

any ideas on how to turn off DHCP Server on my Router which runs DDWRT ?

The solution I used (I don't think its a final one though) is to enable promiscuous mode in vswitch0 on management network adapter

any ideas on how to turn off DHCP Server on my Router which runs DDWRT ?
@feral roost why would you want to do this?

I’m sure you have your reasons, I’m just interested

ah as its gona act like a switch

its a bad idea to have alot of routers in the network to act as DHCP Servers

well yeah, if you want it to "switch" then turn off NAT and DHCP. One DHCP per subnet @feral roost

Setup -> Basic Setup -> DHCP Server -> Disable

NAT?

i didnt see any options to turn it off im not sure

humm gotta do that as well

Network address translation, basically turns one ip into multiple devices. Normally you only get one IP from the ISP, but you have many devices that share that IP. NAT makes it work. But you don't want it to NAT, if you it to act like a switch

ah, in DD-WRT you just set it in bridge mode

that will disable NAT

@feral roost

ok

i know what a NAT is 🙂

dat @little schooner . i did that with my colo server once to protect the esxi admin page and not waste a public IP on it

you need a basic linux VM, enable routing, install openvpn

iptables needs to have natting rules if you expect to use internet through it

or if you're a noob you can probably use pfsense