#networking

But wanted full redundancy on fibers and links

as we have two dark fibers (diversity) from this office to our DC

I would have gone EX4650 over QFX5120. Not a fan of some of the sytanx/limitaions on QFX

But EX4650 is just SFP(+/28)?

Still rather negotiate optics cost than deal with QFX

Would you then pull fibers in the whole office and have fiber patches in the whole office?

Slightly smaller scale than 600k employees, I am trying to get better wifi speeds into my bedroom for zoom calls, I can get around 300mbps near the router, but when I am in my bed I can only hope to get around 120, and the signal drops very regularly. Should I upgrade to a mesh router, or just get a range extender for the upstairs?

and what would you do if you get a machine with just 1G?

Why would you need fiber, just get coper SFP+

EX4650 would not have scaled in our case where we want 10GBase-T to workstations and 100G links between access and in this case spine

That's just nasty :D

@molten swan we're not 600k employees. :) we're around 200. but this network (equipment wise) cost around 600k USD

Ooft

Thats a lot of cash per employee

How long do you think itll be in use for?

I hope that I dont have to do anything to it until we move office

Then it has been worth it 100%

I suppose its scalable as well

indeed

That's why I went this path!

There are some limitations, for instance if I would have to add 1x 100G link per switch, then I would need to extend the current spine switches, but then again if that happens it's for the better! :)

Damn

Thats a lot lmao

Yeah, I don't see it happening, but then again I tend to end up in these positions more often than I want to with things outgrowing what I have built :D

@jaunty talon lifecycle is 3 years

sooo

😉

Yep :D

But every 3 years is fine for me

whats juniper do for managing spine/leaf?

muh APIC

It's good also, 400G optics will be cheap in 3 years ;)

xD

@waxen scroll manage as in central management?

yes

Tbh I havent cared about it, my setup is 99% ansible

But what it seems like is that a lot of the future development for that from Juniper side will end up in the Mist platform

And since the office network is static dont really have to care about 802.1x and stuff

And our PS/XBOX devkits does not like 802.1x :D

Juniper's management is Sky Enterprise but now they pushed Contrail for central mgmt/SD-WAN

Mist is integrated within both but still separate in terms of mgmt. We are moving from Sky to Contrail in the next few months . Its nice but I avoid it

The only thing I dislike with Mist is the lack of IPv6 implementation everything else is super neat!

We are having good luck with Mist. AI was garbage at first but its better than a year ago.

wow ipv6 in an office?

Native implementation in our case =)

I am so happy with it! :D

ive tried in 3 offices and it never fully gets up off the ground. i usually get laid off right before it touches prod

lol

haha

http://p.ip.fi/fsn9

There you go, traceroute from my linux machine at office :D

I realize tho that only thing saying it's IPv6 in this case is PTR's of AS1299 routers :D

im not even gonna bother putting it in at new job

its like asking to be laid off

haha, karma :D

bad ipv6 karma for you, that is!

i cant just decide to do it cause it can break the company if something works unexpected

needs tons of POC from all teams

I've deployed v6 through most our network but its still only single digit business customers that are using v6. Pretty sure most those too are just in use because the customer FW had it enabled and they don't know they are using it

The upside for me is that all my colleagues agrees with me when it comes to ipv6, we need to have ipv6 in order to make the best products!

the biggest v6 i did was in a test lab that was build like production... so it was decent size

just never escaped the lab

😤

theres always people above me who say we dont need it (but its obvious they're scared of it)

speaking of v6, anyone have any good resources for learning it?

i think CCNA teaches it now?

RIPE as good stuff for it

i used a cisco book on ipv6 but i dont remember it

But also https://ipv6.he.net/

@jaunty talon are you natting v6?

nope

routed

thats how i built mine, but the rules for what you can advertise to providers really suck

i'd have to assign huge blocks to smaller sites to not nat

I have /48 to each site/location

But I announce a /32 to transit/peers

my needs were multiple datacenter w/ internet egress but then some local sites would do local internet instead of MPLS... but its been 5 years+ now so i dont remember what size prefixes i was doing to make it compliant with the rules of the providers

Ahh, I have the luxury that all my infra is interconnected with DWDM

The "standard" is supposed to be /48 but many accept /32

so to not NAT at all via datacenter or local internet I would need to follow the rules

I am not aware of anyone that wouldnt accept /32 if it has ROA/RPKI/IRR records correct

honestly though lets say local internet fails... more than likely the users would notice and drop connections while routing gets figured out... also theres the firewall session issue... TCP out of state

Thats why I mentioned what the standard should be. RPKI has finally kicked off over the past year

so its prob best just to NAT for local internet

some providers wont even do BGP over those circuits

its rarely DIA

@little schooner i dropped a new term. are you listening?

@hollow marlin he likes sniffing packets

lol

@jaunty talon last job was literally like "yep, lets proceed to prod. lets do user networks first" and 2 weeks later "ooooohhh sorry. we shipped all of IT to india"

lemme know how that works out for you

hahaha

how dumb do you have to be to ship jobs when all the people you know at other companies who did it moved back. oh wait. wall street thinks per quarter

I am the one that decides if we do ipv6 or not, so I am 100% sure it will happen here :D

that's true tho, so many companies outsources for the wrong reasons :D

generally they do operations for the most part... this company went allllll in

shipped engineers

anyone able to help me boot into an OS on my Supermicro Server? I have been through the installer for XCP-ng, rebooted and am always shown the EFI shell. What are some common reasons for this that i can check?

Sounds like it's not installing. I'll be watching your issue carefully because I have the exact same issue on my Mac Mini with XCP-NG. The fun part is I basically install blindly because the video output show's maybe 1/4th of the actual screen. (everything is a colored pixel - absolutely nothing is readable or discernable)

just made an ESXI usb and am seeing if that works

These are the only boot devices... SanDisk is my installer. Do I need to somehow format the other boot devices?

esxi install didnt work. currently creating a live Ubuntu usb so try to format the drives. If im going off in the wrong direction, please let me know

"didnt work"

@cedar igloo care to elaborate?

are you using UEFI

?

If you install esxi, you have to enroll the key for secure boot

I previously was using ESXI, decided to change to XCP-ng (during the install i accidentally enabled software raid and cannot disable this) and then tried to install ESXI again, which just put me to the EFI shell

mh

are you just trying to install a vm host?

yes, i am using UEFI

yes

mh. typically. If you install an OS under UEFI. you setup one 500MB partition to be used as EFI

the installer then, asks for a one-time password

after the installation, you reboot, and the bios should ask for the one time password to sign the key

this makes sure, only that operating system can boot

security reasons

if you have some linux experience, you're better off just ditching vmware and either going for a linux/kvm host or install proxmox

thats my plan, which is why i wanted XCP-ng

i just tried ESXi as it was a spare usb on my desk

I just have debian + KVM

works just as easy as vmware

with GUI and all

does it have clustering/resource pools?

nope

you'd have to set that up yourself

https://i.imgur.com/X4ZLF3W.png

the host os overhead is my main concern for something like that

mh, I never noticed any overhead

debian needs maybe 100-200MB total

everything else can be used by VMs

kvm is same thing that powers proxmox

kernel virtual machine

https://i.imgur.com/pa0VHu7.png

ftp://public.dhe.ibm.com/linux/pdfs/KVM_Virtualized_IO_Performance_Paper_v2.pdf

boo.

discord doesnt even do ftp://

http://www.spec.org/virt_sc2013/results/specvirt_sc2013_perf.html

Here's some more tests

@waxen scroll DIA meaning what?

and does this sound good for a checklist item?
2. Guest VM hardware resources are configured to meet minimum requirements of its installed guest OS.

@little schooner have you got defaults?

because I'd say: minimum requirements for the operating system, and its target software

allocating just the overhead, seems a bit.. dubious

@little schooner you only need to validate whats directly affected by your change

if the change is not messing with VM settings, no point in checking

Oh, no, this is a checklist for the professor to follow because he asks me what needs to be certain before it is uploaded to esxi

And to repeat it all the time isn't the best method

@tame carbon hmm good revision

@little schooner add the usual steps

user account configuration

firewall, and running services

verify network functionality

check memory usage, and note system overhead

more vms = more overhead

this is all hypervervisor ^

@tame carbon oh, for the hypervisor, he doesn't really care about it

vmware has things like

ssh

running after setup

its common to disable this, if you use only the vSphere client

I see

esp if you have a public facing server

you need to double check firewall configuration

its in settings in vmware

xD

idk, I just learned vmware by using it

its quite intuitive

He said this was okay

24GHz

lol

love that vmware thinks everything can be paralellized

right? lol

@little schooner never let vmware do cpu core handling

but thats only because

the one system that i've used vmware on

was for a multiserver minecraft network

because IPC is quite fast

and with minecraft, you just dedicate cores to a server

@little schooner the new term was TCP out of state

@waxen scroll gotcha

@tame carbon you can pin cores to specific vms in esxi?

I'd like to do that for just 2 VMs that are running there.

2.    Guest VM is exported in .ovf format

those make sense yeah?

dont mind the numbers, they shouldnt even say 1 and 2

@little schooner if you go to cpu allocation

you can click advanced core configuration

long time ago

dont remember

but you can do things like

i can check now

0,1,2,3

or

0-3

or do

0-3,4

or combinations

if you have many cores

thats flexible

it not a bad idea to reserve half or one entire core to the host OS

not even my firewall lets me do 44-50,8080

mine does

xD

its either 44-50 or 80,90,10

I hate that weird limitation

i have edgerouter

mikrotik

Ill have to check them out again

@tame carbon

oh shoot so its that empty textbox down there

I can type in those numbers

affinity

CPU/MMU

idk what that is

I assume

IOMMU

https://en.wikipedia.org/wiki/Input–output_memory_management_unit

basically

this is if you have two graphics cards

and you want to enable passthrough

the MMU = Memory management unit

each virtual machine has its own virtual address space

the MMU maps this using lookup tables, that point to the address on the physical memory

without this, the OS has to do this, which is very very slow

it sounds so complex

its how VMs work

xD

like, I learn this stuff from the ground up

the fundamental idea

and then you have a number of implementations of this

like VMware

or KVM

cool stuff for sure

but IOMMU

is for things like DMA

over network

if you have an NVMe drive as a NAS

its so fast that the operating system has difficult time keeping up with the IO load

that reminds me of intel optane

with DMA, the OS just tells the nvme drive to make the data available on the databus

and then the network card can immediately stream this directly from the databus

it maps some virtual memory for this

pretty cool

it skips having to load it into cache, then out to memory

so essentially

you can have

20gbit/s

of transfer

and cpu load is <10%

I love to see that

hardware acceleration

xD

but this is what vmware doesnt tell you

is how it actually works xD

yeah. the inner workings of it.

also....

how can i reword this:

1. The sign-in account used to access vCenter Administration console is permitted to perform actions on the destination ESXi host(s) and destination datastore(s)

What I'm trying to say is, "Don't continue to upload your .ovf to esxi if you don't have permission and get errors in the process"

To avoid any potential errors, do X before Y

Sign in to privileged account so errors dont occur

im lost with this server stuff... cant install any operating systems. they all go through the installation from a USB and boot into EFI shell 😦

you just want esxi?

pretty much anything other than the EFI shell

tried XCP-ng, Ubuntu and ESXI

all just go to the shell

did you use a tool like YUMI to format the USB and put an iso on?

i used Rufus

makes a bootable usb so i guess its the same

for esxi i usually use YUMI with "other" iso setting and ask for ramdisk

seems to work best on my dell

@waxen scroll how can I say this better? 14. The Guest VM powers on and shows a display

im trying to say that it shows a working picture

like they expect it to show Ubuntu loading screen if its an ubuntu os

or that they see a windows logo

conveying that its working

shows that the operating system booted ?

that works.

just reset the BIOS settings and it now keeps saying there's no OS on the drive & i need to change the boot drive

@waxen scroll @clear igloo So my school changed how they're doing off site filtering

it's just a proxy lmao

Telling FF not to use a proxy

shows my guest WAN IP

Telling FF to use a system proxy shows a school IP

y tho

...because they can't handle the VPN traffic.

...or can't handle VPN.

Nah

They had a VPN before

But ofc that thing died

So now it's just a squid proxy

but you need a vpn to reach it tho

Nah

so they opened a proxy to the internet?

sounds like a baaaad idea

yes

😂

how is FF not managed by the school

usually the settings get locked out

Idk

They don't manage FF

only chrome is managed @waxen scroll

@rocky badge are they still looking for a scalable VPN solution that doesn't suffer such problems?

idk

How are they changing the FF Proxy settings if it's not managed?

they aren't

FF by default uses what Windows is set to

but you can change it

@waxen saddle

OH. hah. Makes sense.

they are using the easiest solution by the sound of that

no extra policies needed

but they should be really doing it how my sister's school is doing. mitm and forced ca installation if you want to use your personal device, if they desire the control

As a former System Administrator for a school, I agree. Any solution that can be bypassed, will be bypassed. Security-wise, every single student is a hacker that can't be touched by the law.

why is that strict of device management needed though, I understand if it's on the actual school network, but from home?

@little schooner CKAuthenticator is setting the proxy

They pushed that out today

The problem is two-fold. Legal liability (At least in the USA) and security.

Hmm, my school (in the US) does none of that

You probably don't recognize it.

...and they may be fairly lax on things until an event happens.

I go to a school with many techy kids, things have happened in past years

They assume we're dumb as shit

I'll admit that the "student=hacker" is a view I came up with myself. Many institutions treat kids as stupid when it comes to computers. But I took the complete opposite approach.

Something may have happened in my school that made them require this policy or

maybe they realized the legal liability

I used to go to my sisters school

School used to do a full tunnel VPN

and before they allowed everything like vpn too

but that died on the first day everyone tried to use the VPN at home at once

So they're just using a proxy now

Split-tunnel VPN is a thing, but it's a bit more complicated to set up and not all VPN solutions support it.

someone hosted a halo server in the network lab once

Nice.

I was able to play an mmo game while in school during lunch period on school computer

I ran a halo 1 PC server for a few years. I even went so far as to streamline a pretty solid way of hosting it on Ubuntu with WINE.

To be honest, I think schools should allow for that sort of thing.

Let the kids have fun using school resources to learn.

The thing is, that one was open to the internet

How...

I ran a MC server at school, but that was only within the lab network, and could only connect to it via the lab AP

idk

he was 3 grades above me and pretty quiet

and I wasn't in the school when he did it

Making it public would have required access to the firewall, which is a complete failure of the IT department if he wasn't working with them.

ah

or maybe some sort of tunnel, idk

I was the admin who, after school hours during a school play, bumped up our 10mbit fiber to 20mbit so the kids could download steam games faster and take advantage of our agreement to not go over 10mbit for too long. (But we still could for a bit)

our school district operates an ISP as well

We need faster than 4Gbps WAN

8000 students, 2000 staff, sharing 4Gbps

Ouch.

400 students here and like 20 teachers

but in the direct it's much higher, they probably have a VPN tunnel between all the campuses

Us?

yeah

it's just layer 2 between campuses

or maybe they have their own dedicated fiber, idk

We do

wifi is capped at 20 mbps and is sometimes really slow even though speedtest is fast

They basically removed the rate limits now 😂

school is going back in 2 weeks, but at half the capacity

What Wifi AP's are you using? I've been eyeballing the Ruckus, but I don't have anywhere to install it. lol.

Extreme

@waxen saddle @peak cloak oh boy.... https://blob.rocks/WUEvJIR0bN.png

what's that? I'm still a noob

ntopng

dpi

ah

I may get it setup on my lab network

seems cool, DPI on the ERX slows it down a lot

are you virtualizing it or is it on a dedicated appliance

It does? I have DPI on my USG and there's no performance impact that I can tell.

Er-X is less powerful I think

ntopng? running on the pfSense

WOW. How did I miss this? Unifi has time-based graphs now instead of just "dropped packets" that only tells you packets dropped some time in the infinite past?

ah. figured it out. I never scrolled down on the dashboard.

omg wireshark is so slow lmao

@rocky badge Do you work with Multicast on Windows?

@rocky badge so equally shared, 10000 school clients is like 400 kbps from the 4gbps pipe?

@waxen saddle not really

@little schooner Yeah

ouch

how does that even work

it doesnt for video

well

not all of them are gonna be using the internet

that 8000 students includes k-12

so not every k-5 will be on at the same time

yeah

Are you wanting to move seamlessly between the Wifi Router and the AP?

set them up with the same SSID?

if you really want it to be perfectly seamless you need a different solution such as TP-Link Omada

which has a controller - which manages the users and makes sures they transfer seamlessly

Do devices still use 802.11r? If so, the hand off is managed by the device itself.

...which back in the wireless b/g days, meant the device stayed with a particular wireless router until it couldn't communicate at all with it, then it went search for a new network, found the same network, but with a different MAC address, and connected to that.

isn't roaming handled by the device, and it depends?

Because it really depends lol

https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-115013403768.htm

https://support.apple.com/en-us/HT203068

Does anyone know of an app thatlls do that for you on "known" networks? I have no clue if that's possible but would be awesome if it exists

@rocky badge that feel when twitch added video ads and for some reason your adblocker isnt stopping it

hasn't twitch been doing that..for like ever

dunno. i havent seen ads until today

The archer T6e is a good WiFi adapter right?

I have the T9e but i find the software that comes with it terrible however the overall performance of the card is good if you dont use that configuration utility. I guess it will be similar to the T6e

network

network

wetwork

no NSFW please

The school i work at has its own fiber cable(not just a wave length) to a local datacenter which we are currently running 10gb(with planning to go to 40gb next year) with 10gb wan, and a direct connect in to aws vpc

we have about 1000 students and 200 staff

" a direct connect in to amazon vpc"

are you talking about the AWS service

yea...

unlimited possibilities with AWS computing power

up until august we were using VPN to access our private cloud but we decided to upgrade

;-;

we also have a second 1gb link over wavelength to a local hospital which then goes to a different datacenter, where we have a wavelength between the 2 data centers.

How come you will do 40G and not 100G?

money

Already have routers/switches with 40G capabilites?

the new firewalls and core switch are only rated to 40gb

ah okok

and honestly ~30Mbit per person is plenty

I asked more because of the future, since the difference between optics for 100G and 40G is not that big if you already have the hardware to do 100G

cri trying to get acces to my work VPN

but the software they use so incredibly propietary

the client is .msi only

We have ours built on wireguard

very convenient

Ever heard of Checkpoint?

yea i understand that but 40gb is already future proofing

I use L2TP/IPSec at home

I will never use anything but wireguard now

works on all devices out of the box

so nice when it's included in the linux kernel etc

does wireguard work per default on other OSes?

you need to install client on windows and phones ofc

lame

This one was however what got us to move over to wg: https://www.wireguard.com/performance/#:~:text=In the intervening time%2C WireGuard,below benchmarks with newer data.

are there even any benefits of wireguard over l2tp?

And I can tell you that it was worth it

Mh

those benchmarks are moot

I Have hardware for IPsec

does 2gbit/s

Ours does way more than 2gbit/s

without any hardware

This is low end mikrotik

has it built in

But this is a discussion that wont go anywhere :D

true

OVPN being the slowest does not surpise me at all

agreed

need a suggestion! guys !

which VPN is best for gaming ? on PC .

I sort of don't understand the obsession with VPN's, like why do you need one.
Wireguard is fast

my ping on some games are really high !

VPN won't help

if anything it would increase ping

there could be some edge cases, but generally it doesn't

have you seen ads about Haste or WTFast?

no

(i mean ryan)

Yah, those still won't do anything if you're far away from their servers

since he wants a VPN

You're at the mercy of the ISP up until you get on their (WTFast, etc)'s network

You can take down latency with VPN for sure

But that will be very case specific

Yup ^

i have Nord and windscribe. But i have to pay !

Seems too specific that we can just say [practically] it doesn't work

vpn for gaming?

@tame carbon yes!

are you trying to ban evade some minecraft server?

just reducing my ping !

WAT!!!!!!!!!!!\

... ? how would adding more complexity to your route, make your ping better?

the easiest way to reduce latency is to just physically move near the server (datacenter)

^^

They translates my address to somewhere near preferable server !

I think!

nope.

NAT! \

Nono!

I can explain, hold a moment!

makes 🍿

Does the VPN teleport your packet to the nearby server

if yes, I would also use one

xD

lol no !\

@spark ice VPN allows you to reroute your public route to the internet

but generally, your ISPs internet, is already the fastest route you have

by using a VPN, you just add another layer ontop, and this usually makes the ping worse, not better.

Unless you connect to the nearby AWS edge, that in turn have it's own backbone to connect to the AWS service

IK, its just create a data tunnel

Scenario:

Your PC -> ISP -> VPN -> Gameserver

Your PC -> ISP -> Gameserver

In the two scenarios you have there, not using VPN is what is assumed best.
However, if you ISP doesnt exchange traffic with the gameserver provider it will go through another ISP and then hit Gameservers, and thats where the problem for most happens as that might be in completely different city. Instead of your ISP having peering with the VPN provider and the VPN provider also has peering with Gameserver provider

Only in this scenario you will actually in many cases get better performance from using VPN even tho there are overhead due to tunneling your traffic.

However you might also in many cases get worse performance if the VPN-endpoint is getting DDoS:ed or just overutilized with bandwidth or CPU

Really depends on the peering agreements of that ISP. and most of the time its already as good as you are going to get it

Wrong!

Especially wrong in US :(

In Europe I agree with you on your statement @tame carbon

anyways TLDR: Just let the goverment collect your data

@jaunty talon what, because we have actual competition?

you're making FBI's work harder smh

I know the US broadband service areas are just another cartel

Well for instance if you have AT&T and the gameserver provider has their US transit from lets say Comcast, the peering between Comcast and AT&T is notoriously bad where they only exchange peering in a few cities through whole US

Who puts their gameserver on either networks lmao

If the VPN provider buys or peers traffic with both AT&T and Comcast they very likely improve your latency

afaik, Comcast and AT&T do not serve datacenters

AT&T is a big transit provider in US

oh

comcast is a big endcustomer

well, nvm

Hurricane electric to end them all

how can check what your ISP peers with?

It's almost impossible

oof. BGP.

unless you have machines in both networks

and preferably at many different locations

Some ISPs have lists of who they peer with

I know mine does

Yeah, but thats smaller ISP:s

Hopefully they actually release it

those who make big money and traffic does not

:3

@spark ice
The VPN can be like a highway but your ISP is that windy slow back road where you have to drive 5mph to get to the highway with 20 stop signs along the way. It doesn't matter if the highway lets you got 500mph or 5000mph, you're still going 5mph to get to the highway with a lot of stops along the way.
It doesn't matter how fast the VPN to Game server connection is if your path to get there is crappy. The highway analogy isn't perfect but it gets a really high level picture (I hope) 🙂

https://i.imgur.com/kICkU04.png

@tame carbon yes, but those connections can all be in one datacenter in one city!

ah yes, HE

@clear igloo I thought they were tubes and pipes?

Depending on the size of the ISP that would be problematic :)

@jaunty talon well, in my case, they have a ring topology, with three datacenters in a circle

Oh right, and they get clogged up now and again 😛

Gotta shake out the data to clear the pipe

is this a free miner?

I'm in

Nice. if this was IRC. you'd have seen 10 pages of base64.

@jaunty talon https://www.weserve.nl/img/fiberpaden.png

This is the kind of backbone you'd expect from a non-mediocre ISP

Yeah, but that's a european ISP, much better! :)

Not that big of a monopoly

@tame carbon you made me convert that base64 string for this?

Yes

US is the problematic part in this case, and that's where VPN can solve problems sometimes when it comes to latency

IPv6 ready plunger

@jaunty talon sounds like a market strategy

You could argue that yes :D

Have you ever seen how South Africa does their peering?

Afrinic has open peering, and anyone who peers, does this for free

They have a couple high bandwidth links from HE

and everything else, is open peering within their communities

its interesting, because everyone can decide to become their own ISP

and roll out networks in their area

My ISP doesn't have any info at all on these things

I know quite a lot of people from ZA, that made their living with this

only HE has some info on it

its interesting, because everyone can decide to become their own ISP

sounds like a plan

@peak cloak you can also, just send out a couple traceroutes to various networks

and see what route it takes

found some good info on HE: https://bgp.he.net/AS6128#_asinfo

HE is probably the most reliable of public BGP

they have great tools

peeringDB also has some info

HE be the be all end all

@peak cloak Cogent, L3, Telia and HE are the big ones

that your ISP peers with

yeah, that's good

I'm 1 hop from the amsterdam exchange :)

thats my "highway" to the US and UK

7ms

how can I check that?

like how do I know an IP on the traceroute is an exchange

traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  router.REDACTED.nl (192.168.88.1)  689.551 ms  689.549 ms  689.546 ms
 2  r2.serv.dro.weserve.nl (46.243.152.3)  694.217 ms  695.380 ms  695.378 ms
 3  46.249.55.194 (46.249.55.194)  695.989 ms  695.368 ms  695.976 ms
 4  185.8.179.34 (185.8.179.34)  695.972 ms  696.192 ms  695.332 ms
 5  * cloudflare.telecity2.nl-ix.net (193.239.117.114)  698.876 ms  698.861 ms
 6  one.one.one.one (1.1.1.1)  696.155 ms  24.398 ms  24.390 ms

@peak cloak anything with ix in the host is usually an exchange

but you can also just, toss the IP of a hop, into an IP WHOIS

and figure out where or what it is

also my ping is the worst ^ because wifi

no hostnames resolved at all

only 1

hop 5 is your ISPs main router

hop 6 is same network as 4. assuming that is the same ISP

I'm checking hop7

hop 3 is already ISP

I think

I did some traceroutes with zenmap

hop 3 is carrier NAT

10.0.0.0/8 isnt public

yeah, that's what I think, but I can still host severs

hop 7 is CSC Holdings LLC.

cable provider in North america

yeah, I just did a whois on that

ahh so

CSC is owner of Optimum

yeah

onto hop 8.

CSC -> Alice -> Optimum

hop 8 is google

so they peer directly with google

thats very common

a lot of ISPs have their own google cloud instance on site

yeah, probably have CDN's as well

I mean, thats what a CDN really is

you just, put the server closer to the customer

yep

and make deals with the ISP

what other servers are across the pond

Another good indicator, of checking if something is on-site, or a X-connect

look at the latency between hops

<1ms is usually same building

fiber signals at 2/3rd lightspeed

so you can somewhat estimate distance based on latency

make sure you divide the distance by two, because its round trip ;)

@peak cloak or, you be that guy and run nmap on 0.0.0.0/0

do it while in the office

ngl, I once did an nmap on the subnet provided by DHCP

I use nmap quite often

@peak cloak zenmap is even easier

https://i.imgur.com/NOEWX6u.png

so you dont have to memorize nmap commands

xD

yeah, by nmap I meant zenmap. Yes, I know they are not the same

do it in public wifi

one is a GUI the other is the tool

zenmap = nmap

zenmap is the gui component on top of nmap?

yeah, it uses nmap commands

look in screenshot

yeah ik

I used it, topology view is nice

It's against the rules of this channel.

wdym

No speedtest screenshots.

oh serriously

sorry

anyone know if when Windows Server 2019 eval expires, is the server still usable or does it shut down after a period of time? I'm not wanting to buy licenses for a home lab as they are £800 each but am wanting everything to remain working

it will still run but will probably lockdown changing stuff and give you annoying watermarks.

tbh, as long as the DNS server and AD works, it will be fine

what sort of changing stuff will stop do you think?

no idea don't use it.

follow on from my previous question, ive found an iso on microsoft's website for Windows server 2008 standard where there's no mention of price. Even though its EOL, do you still need a license?

ehmmm gonna say yes to needing a license / key.

@cedar igloo yes

does anywhere still sell them?

Maybe on ebay

But why do you want 08 version

looking for a cheap windows server so i dont need to make a new server every 6 months

i think 08 may be cheaper than 2019 as its not supported

It is cheaper

I see several licenses on ebay

ok, thanks

If I want to cap the speed of Internet on people on my home network, how would I go about doing that? I feel like Ubiquiti can do something like that, idk.

over ethernet or wifi?

Wifi

https://help.ui.com/hc/en-us/articles/204911354-UniFi-How-to-Set-Traffic-Bandwidth-Limits

I know how to do it on ethernet, just change the port speed, but it would be 10/100/1000 Mbps.

Hmm ill read that

Would a Ubiquiti switch do that, or does the access point do that.

I would also have to make the ATT gateway handle all the DHCP stuff.

AT&T Fiber is stupid.

I honestly don't know. I have TP-Link Omada at home, and it's done by the AP

I would think the AP would be responsible to the limits

user groups apply to a client & SSID

we ❤️ you @rocky badge

oof

I have stared into the abyss, and it stared back. My mail server and web client are finally up, and I'm never doing it again.

what mail server do you used

So in production I'm using Cypht

But one of the ones I looked at, that you'd be interested in is Isotope-Mail

It worked solidly, but it requires remaking a container every time you need to login as a different user

that basically meant the containers are throwaway

Yeah, they were designed as an ephemeral microservice

oh thank god for this

I thought you actually deployed a mail server

......

I did

postfix/dovecot

there we go

Yeah, I was just bringing up isotope for the federated cloud you guys are working on

The mailserver is working right now

and you have 2 mail clients to connect

I'm just using Cypht, just configed it in my reverse proxy so I can touch it from the outside

And everything is 100% up

how long did it took you for this

It's been a half-ass project for a while. When I finally got down to it, and just did it, took me about 4-5 days

NGL, I expected it to be longer

I just let Google handle email 😂

fuck trying to run my own email servers

The amount of error messages I got that only said "Something didn't work" were unreal

And documentation was chronically out of date.

guys which is a good router cause my current router (standard from my provider)

Kinda networking lmao. Radio go brr

@zealous briar depends on your level of expertise

I'm biased on mikrotik, and those require a bit of know-how to use

but they beat any and all consumer routers

at a good price, I might add.

Others here, might argue that if you just want a network and be done with it. Get unify

but be ready to pay up, that stuff is more expensive

But it does come with easy to use web interfaces to configure it

@tame carbon i know my way around webhosting and setupped my current router with a pihole so i think i have enough expertise

thanks for your awnser :)

or build your own pfsense .

@primal ice not worth it considering performance/$

plus, pfsense machines are basically a full computer

lots of overhead and power use

@zealous briar if you need any recommendations on what mikrotik to get..

@primal ice i could but than i need to buy acces points

they all use the same operating system

ye sure

and mikrotik also supports adding additional access points

which you can configure from the main router

nice

Unifi does too

ye i saw soem guide son unifi but to expensive

@zealous briar Mikrotik just recently, released a new variant of their home wifi routers

https://mikrotik.com/product/hap_ac3

so i was looking into netgear but they have a paid app and im to lazy to write my own software for it

Its rated for 2gbit/s routing

with 25 firewall rules

i have 500 down 50 up

Then that router is more than enough.

I have the hAP ac2, older brother of that router

its in the living room as wifi hotspot & ethernet for TV settop

that logo on top of the i looks familiair from something

MIkrotik is low end networking gear

but they have featuresets that is common on enterprise gear

I have this one as core router: https://mikrotik.com/product/rb4011igs_rm

@peak cloak hiya

hi

I messed up badly, didn't create a backup of my config and bricked access to my router when trying to configure vlans

Needed to factory reset

F

@peak cloak OOF.

thank fuck I never run into that issue

mikrotiks can be configured without IP working :)

you just need to enter its MAC and boom, connected

@tame carbon currents etup is an Compal CH7465LG-ZG (Ziggo Connect Box) from my provider and an Asus RT-N66u upstairs

ZIGGO

xD

Asus also makes craprouters

I should have configured a port separate from the internal switch for management

Ihave Asus rn

bought it for 10 euros on marktplaats kinda like ebay

Marktplaats xD

ha.

I sold bunch of old videogames on that

NES games and such

i flip computers on there

@zealous briar I managed to buy an entire container worth of old computer games

from a 2nd hand store that went backrupt

for like 1000 euros

I managed to sell about 3500 worth of stuff as seperate parts

and the majority of stuff left over

epic

I just pawned off to a guy who wanted it on the cheap

I've also sold old ProLiant servers on marktplaats

they had ddr2 memory lol

but went for 450 euros/unit

some overpay for stuff like that

Well, dual socket boards

with 16G ram

was like, the toppest-notch gear back then

yup

so ur dutch?

Yessir

speaking of used stuff, I got myself a network rack, so I can finally use some gear I got for free

nice

@peak cloak cool. how many U ?

forgot exactly, but more than I need, I think it's 18u

not bad not bad

bigger than it looked on the pictures

I got a 12U enclosure

it's a 2 post rack, don't have the space for a full 4 post server rack

Wait. How does one enter the MAC address to connect to a network device?

probably using the utility not the web interface

@clear igloo wat ^^

my tp link "smart" switch does the same thing but you need tp-links utility program to initially access it that way.

@waxen saddle Mikrotik can use winbox over L2 to connect for configuration/recovery

Ah. I'm not familiar with that at all. I'll look in to it.

L2 configuration

Why not go the "serial" route

Brings me back to Cisco days

Do it crystal

what

@waxen saddle winbox can scan for neighbors by MAC address

so it just shows up in the utility after 1 minute or less

https://i.imgur.com/dG9lCHs.png

It doesn't scan, listens for LLDP/CDP

AFAIK anyway

oh does it ?

usually takes a while

for it to list all devices

@hollow marlin mikrotik has its own discovery protocol too

MNDP an LLDP, yes you are right

and its CDP compatible too according to docs

Yeah MNDP is nice because its not multicast but broadcast so can be discovered throughout a domain

@hollow marlin I got mine configured in such a way that it only accepts logins from the port that goes to my bedroom :)

you can see it, throughout the network, just not connect to it

guys can i use ethernet to connect my pc to access point or is access point is wireless only?

Depends on the model. Some access points have an "out" port usually used to daisy chain access points.

the way my home network is setup is terrible, we have 2 routers. One upstairs and other downstairs. Downstairs one is working as access point which connects to my desktop and every other wireless device

upstairs one is connected to modem

should i just buy 2 asus rt59u?

i seriously want its mimo feature

mimo works with one AP?

rt59u is a router

get an AP

So you have no wire going from router 1 to router 2 ? and router 2 is used to wirelessly connect to router 1 and relays connectivity to wired devices ? not sure i get your setup. Getting an AP is solid advice though

hmmm so i need ap with ethernet out port

no there's wire going from router 1 to 2

I'm confused too, maybe a diagram would help

get a switch?

uhhhhh

so what i need is ap, router and switch?

depends

2020 Oct 1 18:47:06 switch %$ VDC-1 %$ %COPP-2-COPP_POLICY: Control-Plane is protected with policy copp-system-p-policy-strict.

@little schooner today we copp

I would put a switch on the ethernet that is now connecting the AP and then connect the PC and AP to that switch

so there's only one wire going downstairs which connects to my current isp provided router which then works as wifi and also gives connection to my pc via ethernet

If you have no way to run an ethernet wire between the routers. I would look into power line adapters because any wired will always be better than wifi.

^ I mean not always

Powerline can be iffy

Ethernet > Wifi, but idk about powerline > wifi

Ok so this is how it's going to work?

Upstair Router->ethernet->Switch=which connects both AP and my PC ethernet

and bam network?

yeah, I mean that's sort of what I did at first

got it so thats what im gonna do as well

r there any decent switch? my ethernet is cat5

Coax -> Modem -> Ethernet to Upstairs Router -> Switch -> AP

that was mine

gigabit switch

idk about any specific models

whoah how's latency with coax?

ping to google is 14ms

not bad

what switch should i buy?

do you want managed or a dumb switch

like will you be using vlans or any advanced features?

tbh there r only 2 devices that r going to connect to switch. My PC and AP

idk which one to go with

a dumb 5 port gigabit switch would do the job

Coax -> Modem -> Switch1(vlanx) -> Ethernet to upstairs -> switch2(vlanx) -> router(wan) -> switch2(vlan1) -> ethernet to switch1 (vlan1) -> computers

would also work

@hollow marlin any idea what copp policy VPC keepalive falls under?

will switch add extra latency tho?

I don't think he wants to mess with vlans @neon escarp

negligible

technically yes, but my ping to my router through a switch is <ms

i dont know what vlans r

nor do I think your router supports them

just needs 2 managed switches

will you be using poe?

no need for router to know them

true

poe?

power over ethernet, used for many AP

so you only have one wire going to an AP

the AP needs to support it of course

hmmmm man ngl setting up home network is confusing

my brain already hurts

this is the simple stuff

......

networking is fun XD

so you don't need poe, so this should probably work just fine: https://www.amazon.com/NETGEAR-5-Port-Gigabit-Ethernet-Unmanaged/dp/B07S98YLHM/ref=sr_1_3?dchild=1&keywords=5+port+gigabit+switch&qid=1601578805&sr=8-3

I had to do the setup i exposed in production in a hotel XD

actually don't use that

ayee Asus RT59U router, NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch, now all I need is decent AP

@neon escarp just wait till you manage 1000 cisco devices. fun stops

sounds like a dream job 😉

@rocky badge right?

will mimo works though? my family watch a lot netflix, amazon prime

@waxen scroll ive never heard of copp

?

brand new to me

i dont want my ping to go high randomly

@little schooner copp is evil

@wide estuary I have this https://www.amazon.com/TP-Link-EAP225-V3-Wireless-Supports/dp/B0781YXFBT/ref=sr_1_2?dchild=1&keywords=omada&qid=1601579160&sr=8-2

I like it

@peak cloak what router u use?

https://www.amazon.com/Ubiquiti-Networks-ER-X-Router/dp/B0144R449W/ref=sr_1_1?dchild=1&keywords=edgerouter&qid=1601579266&sr=8-1

i'll probably just copy ur network setup

mines's a bit advanced

now

the edgerouter isn't that simple

but what u recommend for the budget asus rt59u covers in?

and newb friendly router

Just thinking about it now ... couldnt you just ... move your router downstairs ? and put a switch with an AP upstairs and call it a day ?

welppp I need to get longer wire then

networking guys did terrible job

where is your modem curently ?

its probably upstairs with main router

with 2 different wifi sources wouldn't that be a problem if they have the same SSID without a controller?

do you have fiber?

hmmmmm i have no experience with this soo idkkk

yup

so you don't have a modem

wait so thats how fiber works

internet plugs into your router via ethernet right?

yeah thats what i see

what's your ISP?

well i live in asia u guys probably nvr heard of em

its local isp

oh ok

verizon for example has an ONT that translates their GPON fiber network to an ethernet signal

each isp may be different

sht so what u r saying is i need to contact with the guys who setup network before doing stuff on my own

no

just don't touch the ONT

GOT IT

IDK WHAT THAT IS BUT I WONT

Where is the box that changes the fibre to cat5 ?

tbh i havent seen it, all ik is there's ethernet connecting to main router

i should've done more research

and that wire comes out of the wall ?

yup

i think 1st step would be to figure out where that wire goes . from then you might be able to design something smart on the 1st try

got it

do you live in apartment?

yup

wait no

its 2 floor

its prebuild house

idk how to say it

sorry my English isnt rly that good

like, are you the only family in the house?

or are there more

nope there r more

me, my sis, my parents

because then maybe there is only one ONT per building and then it goes via ethernet to each apartment

tbh I didn't explained well, its more like a house than an apartment

2 floor house

with garden

im thinking dupllex is what you're trying to describe ?

YES

i just googled and yeah that what it is

In all likelyhood the cat5 cable comes from somewhere near your breaker box. IF it does then you can use a short wire and plug your router near there. and use the existing long wire to go upstairs from your router to a switch and then an AP for convenient wifi.

got itt

Hope that helps some 😉

yup i think i like ur idea

hey everyone

anyone about with some Cat# knowledge

sure whats up ?

we had the house rewired and it has cat 6 cables routed through the house, however, to connect the router to the switch and the patch bay plus wall to PC, could i us Cat 7 or 8 (just asking as after doing it for all the switches it seems to be cheaper and a lot faster, or is it not compatible, sorry, can honestly say i'm not sure about any of it, if not i'll just suck up the extra and buy a load of Cat 6 @neon escarp

All Cat standards are retro compatible. the speeds or crosstalk/impendense issue will follow the weakest link. From experience cat6 can easily go for 10Gbps up to 50ft.

i would be surprised if you had 10G appliances in your home so any cable cat5 or above should not cause any issue in your network.

okay cool that's what i was hoping, was just thrown off because an article online said cat 7 and 8 isn'#t compatible with 5e and 6 so i was totally lost

They say that because cat7 and 8 has metalic shielding around the cables inside to prevent interference. For home use i would say that can be ignored

Cat7 and Cat8 can use tera connectors which are not compatible with 8p8c connectors that 6a and lower use by default. I think 6 can use tera as well but never seen it myself

So long and short is, for cables you guys recon no issue, it's actual switches it might be affected by?

So long as you got an RJ45 plug on the switch with an RJ45 connector on the cable you should be just fine. My 2 cents.

I'll give it ago with one set it if works i'll do the rest that way Thanks dude, really appreciated 😄

@waxen scroll @clear igloo aaaa my braincells https://blob.rocks/2DThGGXdQk.png

100 gigabit or 100 megabit. Huge differences

No, outside very experimental testing, copper will not net you over 10g because there are no copper SFPs above 10gig. Whats this for?

Fiber only. Are there switches in place with 100gig capability?

What model?

lol @harsh heron deleting and running away

@hollow marlin

boo

is it just me or did the color of our names change?

@waxen scroll I think it did

before

@stable ice thank you for the new logo