#networking

or it just straight up has legendary problems

All of this is backed by CloudOps, Software Engineers, DevOps, and Infra Engineers

if you check credits for lots of the projects, its huge

top it all off, lots of this stuff is written in Rust

so like mass adoption although important

isn't necessarily a key factor

at one point windows was everywhere

This isnt about mass adoption

i vote that was stupid

https://opencontainers.org/

This is about Alliances, Initiatives, and standards

i know what's missing

simplicity

like if I typed 1+1

we would hopefully type 2

now the math behind that in base 10 to express why that happens to be true

would destroy us all

there's no 1+1 yet in ochestration

https://microk8s.io/

Yus there is

also after protobuffer

everytime i see Google created it

or participated

it loses brownie points

https://github.com/kubernetes/minikube

okay so 1+1 can be calculated on any medium

k8s lacks this property

Then you cannot forget things like OpenNebula which will deploy Kubernetes and control K8s and the pods from it easily

k8s does

why do you think I use k3s

its literally k8s but.... turnkey

except on LXC

1+1 can be calculated on any medium

k8s is close

LXC is... really a dead concept thanks to MicroVM's and SmartOS

so the problem is that . . .

most people who self-host

use proxmox

which means . . .

Have you seen the community recently?

Everyone is passing around ESXi keys for the new releases....

People are running k3s/k3os on raspis

for shits and giggles

we got clustered PiHole

everytime someone asks on this server it's like is proxmox good?

proxmox is trash

There I said it

well guess what

k8s has to run on trash

And its dying

as trash

making these decisions makes it difficult for k8s to actually be appreciated

like the rancher guy calls k8s a cult

he's not wrong

it is

But the cult is...

the entire industry

The real answer is this:

Its the next evolutional step

so its no surprise it basically replaces Microservices hosted on VM style bs

btw VMWare's appauling violations

and unwlllingness to make VMWare free to consumers

is causing a lot of this dumb

like sure makes business pay for it

but they're forcing people who care into a decision of back breaking work or piracy

https://www.vmug.com/membership/membership-benefits

https://www.vmug.com/membership/vmug-advantage-membership

that's still like $200 a year

.>

I could just dump the master keys

lol don't

We have all of them

$200 advantage

all of them

like legit VMWare has so many DoD contracts

Do you have esxi

🏴‍☠️

they could afford to let developers use it for small clusters

but noooooo

VMWare NSX Networking actually has BGP and the Failover support

this would bother me less if they didn't have so many GPL violations

and perform weirdo tactics with the linux foundation

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-vcenter-server-7-vsphere-with-kubernetes-release-notes.html

And vSphere now has Kubernetes Plugin

with OpenNebula its stupid easy

like i know i'm not crazy

esxi existed 10 years ago

and UnRaid still exists for some reason

big brain moments

Unraid needs to die

Atleast with shit like k3s or CRI-O as Runtime, you have ZFS Native Backend Support

• S3, HDFS, NFS, SMB...

Tbh, i think the complexity you are running into that frustrates you is not K8s

like nebula + esxi literally just targets huge enterprise

Its the runtime

Its also ran by homelabbers

massively

1+1 has a pretty complicated runtime

it's literally hundreds of pages

Container Engine gives an Orchestrator control for things like Lifecycle, Container Image Loading/Verification, Resource Monitoring, Allocation/Isolation/Deallocation of resources

Your orchestrator in this case is k8s

The container engine here is runc

i mean i understand how an application is isolated

and the ochestration

it just doesn't glue together

That it does

thats the whole point

k8s is the glue

it ties in the Networking

it ties in the registry

it ties in the storage

it ties in the deployment

i'll understand it

i'll just end up making my own ochestrator in the process

Good luck

make it OCI Spec

so you can mix and match that too

see how lovely this is

Then donate it to cloud native foundation

https://imgs.xkcd.com/comics/standards.png

1 Universal Standard, 15 options is the goal here

1 Linux, different distro

https://tenor.com/view/elmo-gif-8869638

well

considering i'm probably just going to spam docker/podman

it'll be OCI compatible

but being denoted may have some heavy strings attached to it

like everyone paying up for all of their GPL violations

why not like... just run Rancher v1 or...

Portainer

It can just do it all

kubernetes lacks transparency

K8s..

i've used portainer with k8s

what

Like what kind of transparency

there is a full spec system

when it comes to technologies it is non-opinionated and transparent

when it comes to usability it's shrowded by something

protobufer suffers from the same problem :/

Its shrouded by the fact there is no alternative options yet

Its simply the first face of new

that's fair

it changed the paradigm

The "right way" suddenly gave way

next thing you know..

it blew up

see that's one of the problemos

there is no right way

it's supposed to be based on workload and preference

i was that kid in math class

that said no math teacher

my way is usable too

One size fits all my dude.

The fact is, we nailed the microservice architecture with this

The performance gains were insane

density toppled over amazingly

microservices as a pattern, i agree with

i dont' disagree with the concepts behind kubernetes

And I can be a dbag and say this

i just diagree with kubernetes

my way the right way

that's fair

looks at AWS

my answer to that is

AWS is wrong

mind explosion

laughs to the bank covered in billions of USD

lol that's fair

but just keep in mind the principles behind AWS literally contradcit federated clouds

one of my software architecture teachers gave you a bad grade if you didnt use microservices

even though, the context we were in, didnt call for microservices

Well if were being 100% honest here

Its the money maker

and its the future

you wanna make money in that field

its this way now

watch me set the field on fire

🔥 🔥 🚒

Too late

Its already burnt to the ground

💨

keep in mind my ideology

would have public IP infastructure become a thing of the past

and have a truly federated internet

true security

https://cloudflare-ipfs.com/ipns/ipfs.io/

until the usa pretend to be the head of everything, i doubt we'll get to something like this

i'll just pretend China and Austrilia don't exist

they can have their own internet

APNIC, RIPE, etc with IETF/IEEE run the show

and NSA add their own magic touch

in a true federated internet

The problem here is: The amount of infra that needs to be supported is more costly than the US Military

the NSA can't actually do anything

russia?

NSA would be another user

its the DOD that plays around here

russia is fine

We let russia join once we fix BGP

Russia cant even keep their own shit running

I doubt they pose much of a threat

we them to pirate VMWare for poor people

Yeah and they also do crazy hardware shit

I like that

VMWare can save face

while poor devs can get their stuff

https://t.me/s/vmware_collection

whoops

ah yes, telegram. the source of all warez

if you don't consider torrent

i'll just mod proxmox to be esxi

it's fine

Or just never use a T1 Hypervisor

like a real G

type 0 hypervisor is the future

bios hypervisor

I mean

thats bare metal

you can also trim a kernel down to 10MB

use kvm,and go

thats bare metal
no no

you go to the hypervisor by pressing DELETE or F10 (or whatever tf)

@tame carbon http://unikernel.org/

only microkernels

containers the OS

an OS where everything is ring 0

@plain siren so.. unikernels.. takes all the essential components your software needs to run, and generates a binary package for that?

which is 'full stack'

drivers, libraries, kernel

basically

its the key to microvms

hm

only thing that I've done

that gets even close to something like that

was with https://buildroot.org/

C application

ontop a tiny tiny linux system

to be flashed directly onto a pi

Buildroot is nice, because you can completely configure your entire linux and OS

and generate a complete system :)

I use buildroot a ton

@plain siren friend of mine introduced me to it

https://github.com/linuxkit/linuxkit Heres another fun one of those

after showing me some of the development he did in Erlang

for networking appliances

LinuxKit is buildroot pretty much but

NXP

its built with containers

I believe was the company

@plain siren immutable linux systems?

Yup

does it do PDE ?

When I hear PDE...

what do you mean in specific

PIE*

No because containers

sorry

Sadly

kernel:
  image: linuxkit/kernel:5.4.39
  cmdline: "console=tty0 console=ttyS0 console=ttyAMA0 console=ttysclp0"
init:
  - linuxkit/init:v0.8
  - linuxkit/runc:v0.8
  - linuxkit/containerd:v0.8
  - linuxkit/ca-certificates:v0.8
onboot:
  - name: sysctl
    image: linuxkit/sysctl:v0.8
  - name: sysfs
    image: linuxkit/sysfs:v0.8
  - name: format
    image: linuxkit/format:v0.8
  - name: mount
    image: linuxkit/mount:v0.8
    command: ["/usr/bin/mountie", "/var/lib/docker"]
services:
  - name: getty
    image: linuxkit/getty:v0.8
    env:
     - INSECURE=true
  - name: rngd
    image: linuxkit/rngd:v0.8
  - name: dhcpcd
    image: linuxkit/dhcpcd:v0.8
  - name: ntpd
    image: linuxkit/openntpd:v0.8
  - name: docker
    image: docker:19.03.8-dind
    capabilities:
     - all
    net: host
    mounts:
     - type: cgroup
       options: ["rw","nosuid","noexec","nodev","relatime"]
    binds:
     - /etc/resolv.conf:/etc/resolv.conf
     - /var/lib/docker:/var/lib/docker
     - /lib/modules:/lib/modules
     - /etc/docker/daemon.json:/etc/docker/daemon.json
    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
files:
  - path: var/lib/docker
    directory: true
  - path: etc/docker/daemon.json
    contents: '{"debug": true}'
trust:
  org:
    - linuxkit
    - library

btw

heres a YML

this builds an OS

nice

yeah you got everything

I mean, all you need is kernel + initscript

your initscript may as well be your application

Thats why I love alpine linux

@plain siren last fall, was in class, some colleague was busy on his laptop, its whizzing and almost taking off

I asked him: huh, that's an interesting desktop, what distro are you using?

gentoo

his laptop was whizzing cus he was compiling LibreOffice xD

Fucking ew

craziest was the one guy with NixOS

meanwhile, I'm a casual with an ancient ubuntu distro, with half the stuff removed from kernel config

I just rebuild the distro kernel

NixOS

Can I use 2xSimplex SingleMode fiber as 1xDuplex SingleMode?

its either two wavelengths on single fiber, with simplex connectors on a BiDi interface

or, duplex fibers with one wavelength per fiber

There is no Simplex vs Duple SM fiber. SM fiber is SM fiber

@hollow marlin yeah, but you can set up a two way fiber link using just simplex

the one singlemode fiber, carries both RX and TX, just on different wavelengths

yes, I know that

but there's no way to go from simplex to duplex, since you'd need some kind of prism splitter

My assumption is they wanted to use two SM fibers for a duplex SFP

which would work?

if I use ethtool to read SFP data on my BiDi interfaces, it only lists the TX wavelength (unrelated, just interesting fact)

If the tool does show both Rx and Tx I would never use the tool again

l4z0rs

We are maybe 90% BiDi and now moving to DWDM tunables for our POP transports. I prefer BiDi where possible but thats only up to 10g. Less risk with OSP knocking out a fiber when working in the panels

Oh, I see. Malaysia fiber network use BiDi simplex. Kinda proud whole Malaysia are having FTTB network :), but the cost are low since our country are small.

Simplex is cheaper not just for the patches but the actual fiber count needing to be ran on the poles/buried

But still only limited to 10g which the the only downside

I guess inventory too as you have to keep spares of each wavelength

Actually I think 10G are good enough, even 1G.

Home use yes, enterprise and ISP no.

Even with multiple 10g links and ECMP, multiple flows could match a single link and exceed 10g easy

Home use yes, enterprise and ISP no.
@hollow marlin Yeah ofc

Even with multiple 10g links and ECMP, multiple flows could match a single link and exceed 10g easy
@hollow marlin Use DWDM, nearly no max out

DWDM is duplex but yes, they are designed to utilize multiple WL over the same fibers

@little schooner lets play eve-ng

I have a BiDi on my FttH

10G or 40G multimode is used a lot in datacenters no?

from switch to server rack?

All FTTH is BiDi. MM is used quite a bit but many are moving over to SM because prices are so similar

@topaz quarry many of us do BGP. what broke?

oh, i'm trying to figure out the best way to route stuff to my k8s cluster in failover mode

i'm not sure if L4 load balancing or just creating multiple routes is the answer

Any suggested DDOS protection (BGP) around Malaysia?

I've heard from people that clearly know moret han me that L4 load balancing can have a bad experience

in what circumstances i'm not entirely sure

@nova igloo prolexic

they have a center in singapore

they have a center in singapore
@waxen scroll ~10ms ping

I think it's acceptable

its just 0.01s

so honestly ive done 0 investigation into k8s so im not able to understand what solution is needed. im assuming at the end of the day you have HTTP or something. What's your thought process on how BGP would solve your load balancing needs?

I'd jump right to L4 myself

curious why its a bad experience for k8 but not anything else

so honestly ive done 0 investigation into k8s so im not able to understand what solution is needed. im assuming at the end of the day you have HTTP or something. What's your thought process on how BGP would solve your load balancing needs?
@waxen scroll He want it for redundancy

so redundancy and load balancing arent the same thing. he said he wants to balance

you get a sort of redundancy by balancing but actual redundancy might be multiple datacenters

@topaz quarry end of the day the internet isnt always right. its full of people with bad views and ideas. I'm not a saint myself. You should always test the solutions and see how the performance is for you.

L4 could work fine and people dont know what they're talking about

i wouldnt put it past someone to run a virtual F5 on 1gb ram and 1 core to turn around and blast L4 balancing on a forum because of course the F5 was working as intended

😷

And you need a redundancy for F5 😆

correct

And It cause an infinity loop, = high ping

and if you want to go all in you need two GTMs to make the redundant F5s redundant

alright, so for someone who recently understands L4 and L7 load balancing

i have no idea what a gtm is

and the only time i've heard F5 is in reference load balancing, and the word expensive was put next to it

lol do you have any resources

i swear i can learn, it's just a lot of info

so your load balancer has a VIP right

or did i just lose you

do you mean VRRP virtual IPs?

like when you expose a virtual IP to clients

yeah, sorta.... you make a server pool and those servers hide behind one VIP that your clients use to talk to the app

a GTM expands that... so you have a VIP in tokyo datacenter and a VIP in chicago

a GTM can change DNS resolutions based on a whole number of things

so all of your VIPs are in a GTM pool

when people DNS your site the request goes to the GTM to answer it

okay so in this context VIP does in fact mean virtual IP

it does

or does it stand for something else? networking has to many acronyms

okay, what is GTM?

so the ability to dynamically change DNS resolution is the bingo ticket

like if server A goes aaaaaaa

but server B can serve the same content

changing the DNS resolution to swap to B would be helpful

Global Traffic Manager (DNS load balancing / redundancy)
Local Traffic Manager (what people mostly mean when saying "F5". Provides VIPs in a local datacenter to load balancer local servers)

okay now do LTM and GTM make the same promises as VRRP?

like when one router goes down, all the clients still get the same gateway IP

so it acts like nothing happened even though chaos ensued

lol how do i start playing with this stuff on linux

LZdanger, you network engineer? Sounds professional.

@clear igloo I can't wait to move this MC server from my home R620 to a colo'ed R210ii

lol i'm watching this video on f5 and it just smeels like nginx

Yeah I do net eng professionally

Yes, when one dies its the same IP

pretty sure you can do failover on a mtik too

even if not directly

you can script events into it

so like i'm trying to deal with the situation when the proxy dies

like if nginx is like bro i'm done

and i need to fail over doing like VRRP

if its just http

http://www.haproxy.org/

right

but what about when haproxy dies

you can do this on network level, or software

but at some point

some endpoint will have to take over

unless

you have like, a completely seperate stack somewhere

and announce different route

yea like if I have an out of band network

and nodes can tap out

or in the case of VRRP just fail over

I've not really got much experience with carrier grade networks

like something such as literally just shoving stuff on a L2 backbone so stuff can failover

with a front facing L3 proxy network

dont need a fancy protocol for that though ;)

no, but i want it to be automated

lol i'm considering just using etcd

Most crude form of failover

and having each node poll the distributed database

is a local machine

that just has bunch of scripts

that it runs in case something happens

i mean that's basically what i'm going to do with etcd

but i was hoping this problem was already solved :/

etcd and redis support using TTL for keys

@waxen scroll can't play, my internship paper needs to be completed by 11:59 pm tonight

so like i was thinking of putting a TTL of acceptable failover time for each node

I am reviewing it and make some changes here and there

what's your paper on?

@hollow marlin what are you doing in eve-ng to make 600k BGP tables?

this used to be so easy in virl

@topaz quarry https://serverfault.com/questions/8507/proxy-failover-solution

It's basically a clustering solution

how do i use it?

is it just built into the kernel?

@topaz quarry technical paper about departmental procedures of one I am not working for.

So if I'm scripting with an appliance, I can't talk about what I'm doing in my department

Has to be others like shipping, business, hr etx

It's weird because the said we get 0 if we talk about our department

For this I'm not sure, but have a look on Ubuntu High Availability

Our department isn't talked about until the last paper

So it's kinda hard

It's business secret, that's not weird

@waxen scroll on the flip side, my leadership class professor is talking about his trip to Brazil for the last 10 minutes

He goes on tangents so often

I wonder if he's just bored

Lol and he stopped recording the class lecture while he went on tangent and restarts it

@waxen scroll I used ExaBGP for full tables but every time I tested it I could only get 20k routes before the images stopped accepting new ones. Thats for the IOS images, gave up before trying with CSR

Can someone help me with my internet situation

I have 2 routers. 1 is on one side of the house and the other is on the other end. Router 2 is wired into router 1 with ethernet. Router 2 gives off wifi and stuff and works but is SUPER slow. What is the key to getting Router 1 speeds to Router 2 so its the same speeds across both routers?

so wifi is a fun story

you have to look for available channels for the 2.5 Ghz and 5.0 Ghz bands

and then put your two Acess Points in the correct channels

you also don't want two routers

you want two access points and one router

@waxen scroll i figured out my problem

i combined the two answers with google fu

VRRP + Ha Proxy

https://www.youtube.com/watch?v=NizRDkTvxZo

The 5g always sucks though when you move around. So i should buy an access point instead of using the 2nd router? I have my ps4/pc wired into the 2nd router. Can i still do that with an access point?

most routers have an AP mode

so if you have two routers

make sure one of them is in AP mode

5g doesn't have to suck

if you're relying on 2.4 Ghz for everything

your two (router/AP) combo devices are probably yelling out packets and fighting each other

Its been setup for years but i remember changing a setting to where it can no longer be used as a “router” anymore and it just mirrors the ip off router 1.

I think router 2 might be in the AP mode

Like im wired into router 2 but on my pc it shows router 1s info.

And yeah the only wifi we use is 2.4

if router 1 is in router mode

and box 2 is in AP mode

Yeah its not ever been touched

then yes your computer would show router 1's IP as your default gateway

Cause its the router from my isp

well you see

people install new APs

and it messes with your signal

it's called the noisy neighbor problem

it has an entire set of maths behind it

the noisy neighbor could be an airport nearby

an extra police cruiser signal

your actual neighbor

one of the emergency broadcast signals

it all depends on how any of this is setup

So what do i need to do to get the same speeds wired/wireless to each end of the house

unless your cable is broken

Just an access point or an AP and a better router/modem

and you're using ethernet

Would using my own equipment make it better

then they probably have a 1000/1000 connection to each other

using your own wifi solution will always beet whatever spews out of the modem

The isp router/modem is good for 1gig we get 400mbps

so

over wifi

you will not

get over 430 Mbps

ever on 5.0 Ghz

doing 1000/1000 over air as a medium requires so much expertise and money

it's not worth it unless you're a mall or a business that genuinely needs Gigabit wifi

you will get gigabit over ethernet though

Im just trying to get 400 on all wired devices like my ps4/pc and brothers pc

then just wire the house

The wifi stuff its not a big deal

Ao what all do i need to get then to get 400 speeds to all my wired stuff

in each room, have an ethernet drop

and if you want to connect it to more than one device

put a switch in each room that needs more than one device on it

What could i do about getting wifi to the other end though

in each room use the ethernet drop

and connect it to an AP

in every room you need wifi just put a small AP

So each room have an AP?

you want consistent wifi

in a house that a pita

that's how you do it

my house has rebar and concrete

Couldnt i just use one AP and run ethernet off it to each room

an access point is literally a wifi thing

those consumer boxes you see are a router, a switch, and an ap in one box

one modem -> one router -> (n ethernet drops) -> (n APs)

sometimes it's one (modem/router) combo -> (n ethernet drops) -> (n APs)

Ok

I think i got it

you can try to play games by not buying n APs and target the zones you care about

but in my case VOIP phone calls are important in my house on wifi

so literally people have to be able to walk around the house and not have the call drop :/

Honestly i might just keep the setup i have now but run ethernet runs off the isp router to each room for the wired devices

Would be easier?

yes, wifi is complicated

Cause the only wifi stuff we have is phones and tablets

And like a chromecast thing

then your system looks like (modem/router) combo -> (n ethernet drops)

Correct

if a room needs more than one device per room

then you need a switch in that room

Ok that makes it way easier cause one room already has ethernet drops off isp router

if you find someone desperatly needs wifi

install wifi in that room

True

Thanks for help man

anytime

What ethernet cables should i buy though

Like what rated speeds?

are you running them in your house?

like in between the walls?

I have 2 cat5 ones currently

if you live the US we have a fire code for this

and you have to use very specific cables

if you have coax

and that's not how you receive internet

you can use this https://www.amazon.com/Motorola-Adapter-Ethernet-2-Pack-MM1002/dp/B078HMDDVS/ref=sr_1_1_sspa?crid=1F7I90V5D5CNO&dchild=1&keywords=moca+motorola&qid=1600902731&sprefix=moca+moto%2Caps%2C170&sr=8-1-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUExRVVUM1dNTldYQlcmZW5jcnlwdGVkSWQ9QTA4Mzg1MTYxMlYzQlo1NTJMM0lXJmVuY3J5cHRlZEFkSWQ9QTA3NTkwMjgyMFZWSFVJRjNPQlA4JndpZGdldE5hbWU9c3BfYXRmJmFjdGlvbj1jbGlja1JlZGlyZWN0JmRvTm90TG9nQ2xpY2s9dHJ1ZQ==

1 master node, n children nodes

Expensive

Cheaper to run ethernet

In a house that is

If you have a bunch of existing infastructure then it may cheaper than running ethernet

it depends on what numbers the contractor gives

or if he does it himself

ethernet is always better

moca is last ditch solution

eh

you'd pay someone $300 min to get one wire run

at home I do everything myself

low voltage wiring that is

don't trust myself for high-voltage, plus all the codes

i do until i dont

paid someone $600 to drop 4 cables in my attic once

and thats with me doing most of the work in getting the wire to the attic entrance

everyone else wanted $1600+ and was talking like it was an all day job

anyone here successfully use a switch with sfp ports for fios residential?

why would it not work @deft pasture

it's just a switch

@peak cloak big brains only

?

@peak cloak because as of right now it goes into a Verizon ONT that goes out to ethernet

you need a router

I don't know if that ONT plays a role in authorization

I have a router

I'm not worried about that

between the switch and ONT?

Right now it goes

Fiber->ONT -> router->switch

ok, that looks good. what's the problem?

I want to take my fiber and go directly into the switch and hook my router up to the switch

Switch is layer 3 so

you can't, FiOS uses a GPON network and the ONT is needed for authentication as well I think

I guessed that but I recently saw people doing bonded fiber where they get 2gbps

That's why I was asking if anyone here has done it

I plan on making my new house at least 2.5gpbs internally

Some ISP's let you do it, but not FiOS

Ugh

Ain't that a bitch.

Thanks for your help

Maybe it's a business only thing?

They don't allow for residential?

idk, I don't think so

https://www.youtube.com/watch?v=5WWO_4p4UP0

this guy was able to, but it's not fios, their ISP clearly supports it

@deft pasture which ISP?

ATT has 802.11 EAP AUTH over VLAN 0 between modem and ONT

Which was bypass able.

Oh verizon. You probably can ditch the router in same method if you look around.

Thank you for that video @peak cloak - we're not with Telus at the moment, but should we ever switch... this is perfect. ❤️ Cause ain't nobody got time to deal with ISP provided potatos equipment.

Fibre big F

@plain siren FIOS

Apparently 2 million FTTN households in Australia will be allowed to upgrade to FTTP for free soon

That would be nice

Because copper is shit

Yeah then ONT most likely has auth between the modem and it.

If you can find a way in, it would be easy to find out what's going on.

I'll have to look around

I had to extract the certs from my att modem and then use wpa_supplicant to auth

What are the best DSL modem/router/access point combos under $60 usd

On one hand, I understand why ISPs opt to authorize through their equipment, at least from a user experience standpoint - the ISP can then troubleshoot the connection up to their equipment, preventing them from every having to hold the difficult conversation about "unsupported" equipment with the customer.

But on the other hand... I just wish that ISPs also offered an "I'm an advanced user" waiver of sorts for those of us who wish to bypass their equipment with better hardware.

On the other hand, why do you need to bypass the ONT

FiOS provides a maximum of almost gigabit and you can do that over cat6 to your own router

But on the other hand... I just wish that ISPs also offered an "I'm an advanced user" waiver of sorts for those of us who wish to bypass their equipment with better hardware.
@ornate jungle What is this dream world you speak of? Next you'll be suggesting they not block any ports too!

Optimum by default blocks ports 80 and 25, but surprisingly lets you open them from their online portal

which is nice for me

Allow a toggle switch for a DMZ like functionality

Can open any port

If I could get 25 open, I'd be so happy.

It's literally the one thing preventing me from moving 100% off of cloud services

unlike FiOS's TOS, which say you cannot run any server, optimum's says that you can only run email and web servers

but Optimum has gone down in quality ever since Altice bought it

what sucks is that you are forced to pay for thier gateway it seems if you are buying their service now. You can probobly get they charge off if you call though

i mean they can't stop you from doing it

they can only stop you from opening up ports

use zero-tier

yeah

fight the powa

just do a reverse proxy into your system

using a randomly high port or a SD-WAN solution like zero-tier

i know wendell has a video on how to do it

Use zerotier to expose every port

when you sign up for linode account with wendell's thing you get a warning email

about opening up ports for email

I don't want to run an email server, too much hassle

if you use docker/podman

all things become trivial

If anything I want to setup a server notification system

with android push notifications about critical things

@peak cloak I have documentation for that somewhere

What're you monitoring?

nothing yet, eventually want to use influxdb and grafana to moniter cpu usage, ram usage, status of VM's, how much data is going though my router

Splunk's your answer

Get it to ingest your data, then generate alerts that push notifications to slack. It's what I do for my stuff.

thanks, I 'll look into it

splunk is cool answer

until you have to much data

then splunk is no longer cool answer

https://www.fluentd.org

oh, I may use that for log collection. I was looking for something to do that

Because copper is shit
@lethal marlin Yeah, made your house strike by storm easily

Ummmmmmm

Yeah

That’s what I meant

Sure

I have a 2gbps internet connection but the ISP router only supports 1gb per port. I also have an RB4011 and some devices on a 10g network, so I am looking at ways to get the full 2gb speed by using some sort of bonding. The ISP router doesn't support lag. Is there anything I can do on my Mikrotik router to get around this?

So far I have the Mikrotik router set up in router mode and bonding set up on two lan parts as WAN. But I can't get it to go above 1gb.

I was hoping there may be some sort of VLAN witchcraft

What if you plug ur 2Gbit isp line into a 10Gbit port 👀

I think that works

In fairness, I haven't tried that (I would need to buy another optical transceiver). But I doubt that would work in any case. ISPs tend to only recognise their own hardware.

And I won't know the settings to apply.

Spoof the Mac?

Interesting. If I could get it to look like a different mac on each port that could help

But how do I do that?

I honestly don't know. I was just giving an idea.

@strong violet Who is your ISP.

I can prob dig around and check to see what sort of trickery they do

and see if we can pretend to be their AIO Modem

Viewqwest

in Singapore

VLAN 923

Thats the public network access to the PON, hehe, Maybe this is doable. Ill be back with results

Interesting

I doubt you will be able to bypass it even if you know the mgmt VLAN. PON is usually setup with authentication and since its 2gig its NGPON which has an additional layer. Also never plug a fiber into an SFP port with a green tip. PON uses APC for less attenuation and due to the angle of the glass, it is longer than UPC and you will scratch or break the lens in the SFP

Its EAP Authentication over 923 using 3 certs on the router

802.1X

It encapsulates the uplink into the VLAN and seems to be running the 802.1X client on the router. This is actually almost like the AT&T ONT Auth

wpa_supplicant can be used to do the auth, just need to extract the certs from the modem

Which depending on modem models, there is firmware downgrades that expose exploits to get to root of Modem and you can use that to get the certs.

For IPv6, Match the DUID, make sure the MAC is cloned too [both v4/6] (apparently actually verified)

And thankfully the IP is set through DHCP over the link, that makes it easy

@unborn sluice Alot of ISP's have Open Internet/Routing Policies in which they expose documents of how their setup is actually setup.

uhm

You have to know where to look

Sometimes you might need a transparent bridge to poke around still hehe

configuring my r7800 openWrt VLANs, my ISP requires VLAN300 for internet access, is this set up correctly? I'm unsure about the tagging of the Eth0 and Eth1 ports.

Or how about this, Miles calls his ISP and ask to use his router instead or trying to brute force it

So your ISP serves uplink over vLAN 300? You would tag the WAN port as 300.

Apparently others have tried, they ask you to use their internal bridge mode

Which still does Double NAT

It can be a fun little project though. I did the digging just for my fun anyways.

@plain siren correct, internet is working I should have clarified. Should I be tagging Eth1 on vLAN1 though?

Does your clients have internet connectivity through LAN?

yeah

No touchy

Yeah LAN side you keep as vLAN 1

The 300 is stripped when NAT is done.

oh right, but there should be at least 1 tagged port on each vLAN?

And it would be annoying to have to set vLAN 300 on all those devices.

One tagged port for each vLAN?

You want untagged VLAN 1 on each LAN port

Unless you wanna setup vLans

nah I don't yet, maybe later for a server

But as of right now, working as intended

okay👍 thanks

tagged traffic has vlan headers in the ethernet frames

untagged, is the 'default'

no vlans, or vlanid 1

Which is why it should be set to untagged. Many consumer devices will just ignore the VLAN header and with PCs depends on the NIC

@hollow marlin so you're saying this is what it should be?

Yep that will work

having a hard time wrapping my head around VLANS

and I hate not knowing exactly how my stuff is setup lol

@lime rampart Network Directions is where I point people who would like a basic overview
https://www.youtube.com/watch?v=GrhHMai2d2Y

oh thanks for that yt channel, I'll learn a bit more

@hollow marlin but muh network chuck

I mean if you want a side conversation every 45s with little theory, sure

This is great, thanks

Why you need to learn about VLANS RIGHT NOW!

i learned networking without youtube

gimme a star

🤩

in my day you had to open a 1000 page book and READ

most of the stuff I just played around with

defiantly did not cause network outages for my parents

1000 page book, what is this, networking for kindergarten

defiantly did not cause network outages for my parents
@peak cloak reminds me of uni dorms where the network was set up so badly, every time someone new joined they would plug in their 30 buck mini-router and the network burned down in a cascading NAT conflict (~3000 people lol)

Why you need to learn about VLANS RIGHT NOW!
@peak cloak lol

I learned networking from reading the content from Cisco net academy. YouTube was a terrible resource when I didn't know what content was good or not

@little schooner More O'reilly books

@hollow marlin I used an OReilly book for the windows 10 mcsa exam. It covered what I needed to know

I wonder if they have one for server 2019

Im talking about the O'reilly subscription

Also plenty on there

Oh

That's a thing?

Subscription

Just make sure you sign up for an ACM account which is $100/year. If you sign up with O'reailly its like $499/year

Its what I use constantly

This acm? https://www.acm.org/membership

Or directly on oreily site

Yep through here https://www.acm.org/membership/membership-options

Choose the Professional option, after confirmation create the web account and then at the home page login and go to O'reilly which will log you in with an ACM email

Pretty much any networking book is on there as well as Cisco press video series which is O'reilly exclusive

@waxen scroll you wanna run L2 RFC2544 with me?

Does anyone happen to have some experience with fritz!box routers?

Hey, it's me again to ask about this fiber stuff, is this https://www.amazon.com/TP-Link-Ethernet-Converter-Supporting-MC220L/dp/B003CFATL0/ref=sr_1_3?crid=10DC87V0O0QWP&dchild=1&keywords=sfp%2Bmedia%2Bconverter&qid=1600285839&sprefix=sfp%2Bmedia%2B%2Caps%2C151&sr=8-3&th=1 compatible with https://www.amazon.com/TP-Link-Ethernet-Converter-Supporting-MC220L/dp/B003CFATYM/ref=sr_1_3?crid=10DC87V0O0QWP&dchild=1&keywords=sfp%2Bmedia%2Bconverter&qid=1600285839&sprefix=sfp%2Bmedia%2B%2Caps%2C151&sr=8-3&th=1 to be used with this fiber optic cable? https://www.amazon.com/Meter-Multimode-Duplex-Fiber-Optic/dp/B006MN8WO0/ref=sr_1_3?dchild=1&keywords=500ft%2Bfiber%2Boptic%2Bcable&qid=1600966557&sr=8-3&th=1

from my novice eyes, it seems all good, but someone more experienced could check

Hmmm, should that multimode fiber optic cable fit in 1/2" conduit? Trying to calculate this out how much it would be in total. 😛

they are pretty small, it should

😄 If you had to go 500 feet, and never touched fiber optic before, would you spend $400 to do it this way? 😄

Maybe idk

@hollow marlin sorry, L2 isnt my silo

@waxen scroll lmfao Ubiquiti really wants to sell their new access shit 😂

They should work on their quality assurance commitment first if you wanna know the truth

Imagine deploying access

then to have ubiquiti eol it later

i mean cisco does that today

immediately end up on the banned vendors list

@waxen scroll but with cisco they have support plans

ubnt is forums support

not after end of support dates

well thats true

but still ubnt forums support lol

At least cisco, probably warns you?, UI just tells you ur shit is eol lol

cisco does warn you

@waxen scroll im so happy that my next technical paper isn't due until the end of october

A nice break.

The last assignment is like my work journal, of everything I did at internship

a paper about a non-IT dept isnt a technical paper!

that isn't due until december 15th

@waxen scroll well that is what the assignment name has

I think they ought to change it

i would quit

quit the class?

I need it to graduate

@waxen scroll whatever helps keep the school accredited, they will follow that checklist

they request some of these assignments be part of a portfolio they show to accreditors

If they didnt make us write these, they would question the purpose of running an internship class

which is fine with me. Less requirements, the better.

Engineering technical writing was my first portfolio submission to accreditors

I think I did a lot better in that course because I did papers on things like operation of coaxial cable and the parts that make it up

@waxen scroll our advanced linux class taught us mostly these things:

cat, ls, grep, mv, cp, crontab, passwd, etc etc etc...
webserver, email server, dns server, ssh server

Not really that much. The first two exams were basically reinforcements of early chapters at beginning of semester

I thought I would get more out of it but the guy wasn't a full time linux admin. He worked as a cyber security person for this local company

He was into python, I remember that

cyber security is a mixed bag

lots of morons, some gems

the best cyber security dudes, are those who came into through development

because they have the skills to look under the hood

hey look i'm a python pro => I understand how the stack works, and how the heap can be misused

lol

you can misuse the stack too

to much greater effect too

one failed array constraint, and you can buffer overflow the stack

printf is a great target

like printf("%s","abc");

lol we need immutable strings in languages

immutable everything

OO-philosophy states that 'objects are immutable'

Since I'm a java dev, that means final all the things

once i got mad how slow my network information script was. so i look up python multithreading

MFW "what do you mean theres THREE ways?"

what do you MEAN netmiko cant be multithreaded the easiest way?

@waxen scroll KEK https://www.home-assistant.io/blog/2018/04/12/ubiquiti-and-home-assistant/

the hell?

This was 2 years apparently lmao

oh wow

i mean... its working?

i started using it about a year and a half ago and its come so far

im sad though because LG is a massive player in appliances and still 0 support for it in HA

someone has an integration in dev but it only supports HVAC and its been like that for a while

cool

so when you pwn someones unify

you can now open their garage

Lol

That was off of a old docking station. The removed picture

It was bad so I stuck a drill in the ethernet port. Lol

@tame carbon that's why I have a garage sensor

HA is still its own open source project

its just hopefully the HA owner has more resources now

Sure hack me and open it. The system thats not wireless will catch it lol

@rocky badge I want my aeotec zwave 7 pls

lol

How many times is the phrase “Home assistant” mentioned in that”

I hope his official title is “home assistant”

@rocky badge wat

*Sep 25 20:02:28.985 UTC: %BGP-4-NORTRID: BGP could not pick a router-id. Please configure manually.
INET01#sho ip bgp vpnv4 vrf inet
% BGP cannot run because the router-id is not configured

BGP table version is 22, local router ID is 192.168.10.2

oof

it knows it but claims it doesnt

@clear igloo why my fake router do dis

Cuz you no assign global BGP router id maybe?

i dont have a global but neither does prod and prod doesnt complain

also peers are up on fake router

@little schooner your time to shine buddy. whats our slogan?

wrong channel oof

that too

I too watch Mr. Robot

@rocky badge they should give you mod for this room

i'd be deleting like 1/3 topics

@clear igloo plus nobody has a support contract with us

plz buy support contract

Something is wrong with my vpn connection, for some reason it maxes at 94Kbps through softether vpn when regularly it would go through at 300Mbps

hahaha colocrossing. i used to do a lot of work for them. oof

on any oither vpn such as mullvad, im getting my normal speeds

Ok, so I have an weird issue with my local DNS

I can resolve local hostnames such as ubnt.presentmonkey.tech but nslookup shows a DNS timeout

dig on WSL however shows the correct response

and when when the DNS is set only to the router, all dns requests are super slow

This is on an ER-X

reboot

@waxen scroll did that, no success, still timing out

I also tried some things from the ubiquity forums, but that didn't help either

its using the same nameserver you used dig on?

yep

what are your dns servers set to?

No weird static-defined DNS settings on that network adapter?

are you sure you don't have like non local DNS + local DNS

@vapid dune I have both 192.168.1.1 and 8.8.8.8 defined in DHCP

there's your problem

if I change it to only 192.168.1.1 it doesn't work either

do you have DNS defined in your router/fw?

you -> 192.168.1.1 -> 8.8.8.8 / 8.8.4.4 would be "normal"

that too

@final mirage yeah, it works through dig

and I can resolve local ip's through chrome

dig directly against 192.168.1.1?

@vapid dune

did you flush your DNS cache after changing your DNS server?

not sure if windows does that if you change the settings

actually I suppose it shouldn't cache no record

yes just did that

no success

I feel like it's either a router or windows problem

check your DNS settings again

so does it just keep timing out until you ctl-c and then it tosses the answer out at the end?

actually yeah it times out then gets me the right answer

try ipconfig /all and see how many dns servers you have

well I guess it's a timeout

hmm

2

google and local

like I said get rid of google lol

I mean it shouldn't timeout if it gets sent there I suppose

exactly

but regardless you don't want local records to go directly to google

it should go to your own dns server first

also does dns just point to google on the edge?

or are you running a full dns server

that's true, maybe it's bugged there too lol

yeah it could be trying to do some local address and then looping

yeah I've seen sometimes where people have convoluted setups with pihole

and it like goes into an infinite cycle

yeah, the problem is that local is super slow, that's what I'm trying to solve, then I'll change it to local only

I mean you should've been able to cut out your local isp already with what I described above

you -> router dns -> google dns

yeah, that's my plan

it's an edgrouter X doing dns forwarding

it's just really slow and idk what the issue is on the router side

keeps timing out

once I get a raspberry pi I will setup a dedicated dns server, but for now it needs to be on the router

I have no internet connectivity currently at my house as some of you know. I have a jimmy rigged hot spot hooked up to a 20' antenna in my backyard and the mobile connection is so fucking unstable. and only 10mbps on a good day.

AT&T can run me a dedicated business circuit to my home. Personal account rep, 24/7 monitoring, blah blah blah. But... It's $500/m for a dedicated 10M circuit. The guy is trying to tell me it'll feel like a 50-75mbps connection but like?? that doesnt even make sense to me. Heres other prices he gave me.

10M- $471.28

20M- $523.86

50M- $590.89

100M- $883.90
What should I do? Is this worth it? I do run a business in-home, but this seems excessive. Will throughput be an issue?

To add - I live in rural Texas. Internet is impossible to get out here

that's for a dedicated circuit, so unlike something like dociss on coax, you have dedicated bandwidth just for you, so it's much more expensive than just internet

There's no other options unfortunately. Not even a shared line.

starlink could be an option soonish, have you checked fcc broadband map for all the ISP's at your address

https://broadbandmap.fcc.gov/#/

Yeeeep, Elon started in canada/northern US. I couldnt get more south.

https://i.imgur.com/pTBYUzQ.png

Viasat/hughes is not an option, their datacaps are ridiculous, charter does not service here, they want $140k to run a line to my home and AT&T's DSL switch is at capacity, so no new customers.

I mean, if it's the only option then I guess

Because to ISPs you're not a good investment

What about his claims though? He states a 10M dedicated circuit "feels like" 50-75mbps. Is there any truth to that? Can I run multiple video streams?

That's why they're charging you so much

right blob, im too far out to be profitable

I get it

I'm not so much questioning the price, but the ATT rep's claims to the 10m circuit

but yeah that "10Mbps feels like 50/75"

Unless they overprovision...10Mbps feels like....10Mbps

Marketing

That was kind of my thinking, but according to some article I was reading, they stated most ISP's over provision. so "speedtest.net" is not always telling the truth

https://i.imgur.com/AbOZvrZ.png
https://4atc.com/what-is-dedicated-internet-access-dia/

@waxen scroll E: Repository 'https://dl.ubnt.com/unifi/debian stable InRelease' changed its 'Codename' value from 'unifi-5.13' to 'unifi-6.0'

oh god

are they considering 6.x "stable" now

idk i dont use 6

I've been using 6.x but some people are saying they're having issues with it

I’m having 0 issues with it.

Gen 1 controller too.

My devices are all fully patched too.

6.x is still considered RC/beta though

but the apt repo changed to 6.x already

if you have a wireless backhaul

you will have a bad time

if you have a wire backhaul

you will be fine

alright so i had some issue with my att modem with range and that so i purchased and setup a deco wifi system and its been very bad in fact worse wifi then before any suggestions? Am i doing something wrong?

im using the deco as a fully new wifi system and disabled wireless on the att router

i have 1000/1000 btw

any suggestions or if im doing something wrong please @ me

wireless mesh

mans i tried mesh in the deco wifi system thing and it just doesn't work

half the time on the wifi it just wont work on wireless on the deco stuff

i got those^^

@unborn sluice

you won't get 1000/1000 over wifi

or wireless backhauls that aren't 60 Ghz with perfect LOS

@rocky badge I held back from using v6

I'm not trying to make my professor and mother angry

omnidirectional 1G?

good luck

you need a nuclear power plant for that unidirectional antenna

does speed and ping vary between different cable lengths

No

like ethernet

So long as it's less than 100m for copper cable

k

@little schooner lol

@clear igloo https://blob.rocks/LszkS8qbbK.png

homelab stuff

Nah this IPMI isn't from a homelab...

That's one of the IPMI my school gave a public IP to 😂

safety first 😉

@rocky badge LAWL, so much fail there

@clear igloo ikr

Hello can someone help?

Hello, someone here could please help with high ping spikes?

Someone here can help if you describe your issue

I thought someone would PM me cuz I didn't want to clutter the chat but ok. Since yesterday i keep having random ping spikes and even internet crashes. I have 1ms and out of nowhere 200ms and second later its fine again.

@manic oriole get WinMTR

do that again

https://sourceforge.net/projects/winmtr/

this is useful to identify what hop is causing latency or packet loss

@tame carbon i have it, so in the Host blank space i put my Ip adress and click on start?

just do 1.1.1.1

It basically does a traceroute to the cloudflare dns

usually the fastest hop

and it then pings each server

and it helps identify where along the route, it has problems

and how many hops should i let it go for?

~ 100

100 packets

or 1000

if problems are intermittened

Ok, i also did the same in cmd along with it

And now the numbers are insane

1700 ping spikes

What kind of internet do you have? and are you on wifi?

yes wifi

Okay..

have you got a chance to connect with a LAN cable?

i dont :/

wifi is often very bad

yeah i heard

but we'll see in a moment

but it is usually pretty stable

haven't had this problem in months

back in the day

I was on the worst adsl ever, but I had to use lan, because the wifi was even worse

4% packet loss

at all times

If you called up the $ISP, woman on the phone had no clue what packet loss was

looks in program Yes sir, our systems are reading 8mbit, its all normal