#networking

but @marble nacelle but individual wireless access points, and a small controller

you don't even need a controller do you?

he can get a few Audience units

they should work nicely for this

whats a controller and whats a acces point

and will go over wireless

https://mikrotik.com/product/audience

audience could work for someone who just wants something "simple"

it has a dedicated 5ghz radio for backhaul to the other audiences

I mean hAP AC2 would work too

you'll want one hardwired in to your router, the other audience units can connect to the 5ghz backhaul radio

@gritty valley or multiple hAP ac2's :D

for even more coverage

or multiple wAPs

they are so cheap.

$60

and they can double as controller.

if you want the high speeds though and can't run cable

When I'll get better internet I'm gonna upgrade my mesh system to one that Support 1/2gbps

@marble nacelle https://mikrotik.com/product/hap_ac2

the audience has two 5ghz radios for that reason

@marble nacelle these can do 2.4GHz and 5GHz. But would require you to run a cable.

i live in the middle east

The audience has two 5GHz radios, and can use one of them two talk to ther Audiences.

we dont have this here

one runs on a different frequency and is used for connection to the other audiences

yeah

@marble nacelle which country exactly?

bahrain

My mesh have 5ghz but his rj45 connectors limited to 100mbps

@marble nacelle you're one of the lucky few with internet access then?

hahah no

last I heard, you guys have quite some bad things going on

im lucky to have 500mbps connection

thats it

Yeah. let me look if there's a vendor in Bahrain

nah thats western media

were good

there is

Realtime Technologies in Salmabad, Bahrain

I wish I could have 100mbps

http://www.realtime-tec.com/products/networks/mikrotik/

@marble nacelle its worth it, this is ISP tier quality

you dont have that in isreal >

?

aight ill look into it

@tender hazel their webserver is having me wait./..

fuuuuuck is that thing slow

The ISPs here sucks ignoring the ppls that lives in private houses only connecting buildings

fine for me..

welcome to the middle east

yeah it loads fast for me too

now its snappy.

most isp companies in the middle east are govermenaised

Load good for me to

we dont have private isp companies

so theres no competition

so prices are high

Nah we just have one that rule all the internet infrastructures and making the other ISPs suffer

their website is hosted in New Jersey

that's long distance hosting

oh no wonder

mh

I'm in NJ

@marble nacelle that store only sells ethernet routers, no wireless

that store is closed

they don't even have a web store, they just have links to the products on the mikrotik products page

@marble nacelle are there only online retailers you can buy thing sfrom?

shipping is exspensive

so theres no way i can find the right ip addreas for the extender ?

it may not have a management IP once it is set up

you could check your dhcp for a mac that matches the first 6 hex digits of the extender wlan mac

maybe the ip is dynamic?

thats not possible

The managment IP should be handed out by DHCP Server

In general theory

or when it cannot find a dhcp server, it sets itself to a static ip

yes, if the extender is getting an IP from the huawei it will be in the dhcp info page on the huawei

but he said there was no lease.

I decided to leave the gre tunnel alone and try different protocols, any ideas ?

@marble nacelle show us that screenshot again

with the leases

there's no lease with the name tplink

I'm saying check the leases list for the tplink mac

i just searched all the IPS on google

nothing worked

ok

but in your dhcp info page with the leases do you see any lease that matches the beginning of the wlan mac on the extender?

the huawei dhcp info page

XX:XX:XX:YY:YY:YY, the X's would match the wlan mac of the extender, the Y's may not

Mine starts with a A4

nothing is simmilar to thjat

ok

i have another question

so my router has two SSID

based on a 2.4GHZ and 5GHZ configuration

they have different names

the problem is

i cant connect my tp link to the 5GHZ SSD

because i cant open the tp link web

doesn't it not support 5ghz

no you can't connect your tplink to the 5ghz ssid because it doesn't have a 5ghz radio

oh

is there a tp link or perhaps a dlink device that does

TP-Link RE305 AC1200 Dual Band Wifi Range Extender

is this good?

that ought to work, that'll have 5ghz

its worth 31.85

dollars

be warned that you aren't going to get 450Mbps from 5ghz with an extender though

how much will i be getting

i need atleast 300

the extender takes up half the capacity because it uses the same radio to connect back, so you will get 200 or less

o

because the ac does like 450 so half of it is used to connect to you and the other half is used to connect back to the main wifi router

whenever you use an extender that uses the same 5ghz radio to extend as well as connect back to the main router it will slice the bandwidth in half

so only solution is if i put the router in my room

which i cant do

or you run a cable

yeh

but i need a very LONG wire

and it wont look nice

but ill consider that

there is a similar solution to the mikrotik audience made by dlink

the COVR-2200

I don't know if tplink has something similar

wait , if i run a wire

how do i choose the 5ghz ssd

with a wire

if you run a wire you still need a 5ghz capable AP

yeh but how will i pick that configuration

and no tplink doesn't have something similar to the COVR-2200 with the tri band solution

so a good solution might be the D-Link COVR-2200

(if you can get that)

then you don't have to run a cable

yeh its not in my country

fucking hell

you might be able to use powerline adapters

if you can get those, and if they are fast enough

Any ideas for exposing an SSH server (or whatever else) to the world while hiding your home ip? (looking for something cheap or free, idk if something like cloudflare exists for non-http)

Why wouldn’t a VPN work for you? Exposing SSH is generally considered a bad idea no matter how much security you have.

Why is exposing ssh bad?

If you have key auth and a non standard port it's fine

Although I would still prefer vpn

VPNs would probably be too expensive for a simple homelab type thing (also, I used SSH as an example... I would probably be hosting Minecraft and/or Plex/Nextcloud)

Host your own vpn

That's what I meant

^ If you have a good enough security configuration (MAC and proper auth) you should be fine

My goal is to hide my homelab ip address for public kinds of things like file hosting, not try to administrate it remotely

Sorry If I was being unclear

No worries. I know LMG uses a masking service to hide the real IP of their Minecraft server, though I don’t recall what it is called.

Okie, thanks... Ping me if you do find an answer

probobly cloudflare?

but it's paid

actually I can check

SSH isn't always expected to be exposed, so for that reason I would say it would have a greater chance of vulnerabilities than VPNs

tcpshield.com

huh

they have a free option

I never knew that

I would use it myself then

Isn't it only for game servers though?

I don't think so, I haven't tried though

they advertize it just for games

Huh, ok... Might check it out

won't hurt to try

wut?

ltt?

they use tcpshield

maybe

let me check

yep

I wouldn't say so - at least I wouldn't want to expose SSH on most of my devices to the world

we have many servers and don't expose ssh to the internet on them, no reason to

that may be so, but with a VPN there is little point in having a VPN if you don't expose it to the entire internet to be able to connect.. that isn't the case with SSH due to the different use case

no, but daemons that are not expected to be exposed to the entire internet would not be as inspected for vulnerabilities as thoroughly as those that are, as a generality

well how often would you set up a VPN that is not exposed to the internet, vs SSH that is not exposed to the internet? I would expect that there are a lot more SSH servers not exposed to the internet than there are VPN servers

I'm also not saying there is something wrong with something really standard like openssh in that way

but ssh on some random device

help gig speed making my cpu0 at 100%

bonding gig with 5g (not even getting gig speed)

you can't combine speeds

that's not how it works

plus are you on ethernet

yes i can

yes

not on a single tcp stream, you can't

you can have more overall bandwidth, yes but will it be worth it enough for you to see, no

yes but if you are using multi stream you can (different ip going 1:1)

no multistream is to different desination servers

plus

speedtest.net probobly doesn't go over multiple interfaces

just your main one

idk about that when i start the test i can see it using the different networks

whatever, it's not really applicable to real world scenarios

i will not argue about that its so true but why do i not see even one gig my main speed?

cpu could be pinned, but I doubt that. Probobly just router

what's your router?

@obtuse cove

HG8245Q

from my ISP

but i turned off WIFI and switching and got Cisco networking on house with cat 7 between the router and the switch

and the rest cat 6A

ok but you will still be limited by the router

I can't find anything online for routing speed

i can get the one gig speed but in the start of the test but then it will hover down to500mb and then start working up to that 700-800 mb/s

sounds like ISP issue then

ISP rate limiting

that too

i don't think so i think its CPU bound

me neither

i got 3700x

it's a ryzen 7 3700X

it should be able to

-_-

For consumer use, and even most commercial/enterprise use, amd has no more issues than intel.

ummm, epyc?

epyc?

It's super taking over the datacenter

epyc is destroying intel in the datacenter. Most of the refreshes I've seen in the past 5 years (government/ISP space) that don't rely on any intel specific features, migrate over.

Especially those that are virtualization heavy, which is everyone nowadays

Can't...say I've ever had issues with AMD and networking

and I've got a virtual switch on my machine

They've increased market share I think by 5% in the enterprise world in the past year

That's crazy growth.

Intel have a higher market share indisputably, but I'd argue straight market share in the enterprise space is misleading, considering how many servers are just stood up and forgotten about.

5% over a year is huge. Enterprise life cycles are 5-10+ years

It's hard to measure in general

Doesn't, in my opinion, represent current buying trends

@severe pollen for sure

so what i hear is that this issue cant be fixed?

@obtuse cove What are you using to speed test with?

How are you bonding the connections?

what do you mean? i got the website and then the app switching between both

Ahhhhh, I would bet its the website doing the throttling then

Your CPU isn't going to determine your wifi speed

Just in general

yes

torrent is killed by my ISP

i turned off everything even the firewall

Remove the bonded connection, retest on you main connection. I guarantee you're pushing the stack to software

5g cellular

why is it bad?

Why

Why so you need to do that?

my home has a lot of people on it and a lot more of devices that if they work or play games i cant get 20-30mb/s from my 1000mb/s

but i got a NAS and home media server on my 5g so that even if I'm outside the house i can remote into my house and take some stuff

On my cellular they give public v6

But yeah cgnat v4

no with the 5g move i have seen every device with 5G networking has its Own ipv6

the stupide thing is i can open ports on my 5G but not my 1gig router

Its not 5g specifically. Carriers in the us are the ones with the most v6 rolled out

No v6? And cgnat v4 I assume?

yeah

Bruh

If an isp has cgnat but gives you /56 v6, whatever it's fine. But cgnat and not v6 that's just ...

if you got download large games from steam or epic games if that even a thing anymore you can get instead of 1000mb/s i can theoretically get 3gig/s (if 5G got that sweat 2gig speed)

no the max i got before my system crash with blue screen 2.5g/s

That's the standard, is it not? Fios here doesn't yet

Same

But no v6

Use tunnel for that

Why..

btw will Linux handle high speed better or will it be the same?

lol even with iperf its still 100% with

Windows bonding is pretty resource intensive, since its all software

turned off bounding and tested with http https://prnt.sc/1165y9t

still 4-5 sec of downloading and the system freeze

yes

i was thinking to boot into safe mode to remove the idea if its software that is getting my CPU cycles

idk i was thinking of malware or viruses but if its really malware or viruses it will take all 16 not only 1

and i was thinking it was cryptomining malware but the same why stop with one why not all

Do you have tcp offload enabled?

i don't have it

So the CPU is handling all the packets

ok if its handling all the packets why not using more than one core

Not sure how it would. In my head, it has to glue the data from the packets together. I’m not sure how you would multi-thread that.

How bad of a freeze is it? Does the mouse move? Can you toggle the caps lock light on your keyboard? Does the entire screen freeze?

it freeze even the mouse

I wouldn't expect a simple 1Gbps of traffic to cause a single CPU core to max out like that

I would look at task manager and try to figure out what is happening

So I'm conneecting to a network hard drive and streaming a film on vlc

On my phone oneplus 7t pro it works fine

But on my ipad it keeps buffering

gigabit ethernet go brrrr

Both very close to the router and computer is wired

Nah I like paused anyrhibf using bandwidth

It's not a bandwidth issue afaik

It's just on my ipad it's buffering was working fine yesterday

My phone is super fast

I click on it it plays

Yea I'm watching on my ipad now plays for a few seconds then pauses

5G mobile technology has nothing to do with ipv6.

It is just common practice that new networks are v6

Because v4 is legacy.

In a VPDN tunnel there are multiple sessions. How do I control the session timeout from LAC side?

VPDN?

isnt that just cisco jargon for layer 2 tunnels?

yep. Uses L2TP.

@frigid pine not entirely sure. https://i.imgur.com/OXjEvRW.png

But on my router, I can just set timeout for a client

oh, LAC, that's the concentrator

Yeah.

Only thing I can spot here

https://i.imgur.com/dJVbjhg.png

Session limits

Ah Mikrotik. xD

This is client interface. LAC is middleman.

This is server side xD

It is

You can set timeouts on either end

The problem here is I am in the middle. Don't have accesss to the server or client. The server admin says timeout is configured properly at their end. But doesnt seems like working and they wont accept that it isn't working. So I am just shooting in the dark to find something to clear the session from my end.

@frigid pine you sure it is a keepalive issue?

and not just some other problem that breaks l2tp?

I've had my myriad of issues across a network that didnt have 1500 byte ethernet

I have single tunnel thru which multiple pppoe sessions are going. The sessions are stuck at the concentrator only if the client end dies abruptly eg. with a power outage. So I don't think it have anything to do with L2TP breaking coz other sessions work fine.

mh

ok, this is way above my skill

might want to wait around for someone else

Yeah. Thanks for trying anyways. 🙂

@frigid pine what would interest me is a log-dump of the concentrator

like, that admin of yours says all is well

but is it?

I am the concentrator admin. You must mean the server log?

yea

unfortunately server logs arent available as I don't have access to it. And the admin is a jack-ass.

@frigid pine sounds like my old ISP

"The line is fine, we see the full speed you can receive"

Yes but the latency is 400ms and I have 5% packet loss

"The line is fine"

yeah. lol. These people think that since they have configured it, it MUST work.

If it doesn't work 200% other party's fault.

tech support diddnt even know what latency or packet loss was

or for that matter: what even is a packet? xD

"have you tried restarting your router?"

packet I can understand them not knowing. But yeah ping is something even a non-tech guy knows these days.

@frigid pine the problem ultimately was, three poor splices on the DSL line, and a big 2 meter loop under the driveway, right across a city power line

since everybody is nowadays playing pubg or minecraft and whatnot

and the neighbor had an old NAS with a broken power brick

whose interference was bleeding into my DSL line through that loop and splice

8 technicians couldn't figure it out

until the 9th came, in press suit and tie, with a little DIY FM radio

he walked around the house with his headphones on

and found the problem within 5 minutes

I bet thats why he could afford a suit & tie

cus all the other guys are hopeless.

xD, this is kinda hilarious

@thick minnow I asked him why he wore different attire. And he said he primarily services business customers

Once there was an instance where all customers running from one BNG gets DC for few seconds and then reconnects. This kept happening atleast 5 times a day. I found there is some random packet loss (around 5 ping drops in a row) at the core and raised the issue with MPLS. They said "everything is fine at our end, And even if there is such kind of loss it is acceptable". LMAO.

wait

5 ping drops in a row on an edge router?

I dont think that sounds acceptable

YEAH!

perhaps public ICMP can be dropped if excess

but internal? sounds like a problem to me

I even got in a fight with them since my customers were troubling me and in the end they said "YOU DON'T KNOW ANYTHING SINCE YOU ARE NOT SITTING AT THE CORE". I was like OK! I reported the issue and kept quite.

core operator from hell

Knew nothing would happen for the report but atleast I am sorted at my end when someone comes asking why this issue wan't taken care of.

@frigid pine my current ISP, when I have a problem I dial a number that connects me to their NOC directly :)

they are very skilled and speak jargon :)

I am so unlucky with work that I always end up at ridiculous places. Sometimes I convince myself it's like this everywhere.

Sessions will stay alive until timeout or if you allow multiple instances per account when dealing with client loss. Do you have keepalives enable on the concentrator?

Anyone familar with next Cloud?

i'm familiar with how ubnt > mikrotik

@waxen scroll where did you hear that?

@waxen scroll I think you mean D-Link > all

all > asus

Assus + RGB = king speed

@clear igloo https://i.imgur.com/qGHXz43.png

Motherboard marketing ^ rofl

T-BaseNOSCOPE

so i want to bring up... most connections 1GB<, Kay? When does QoS need to kick in? What happens when QoS kicks in? Queueing? Whats queuing do? Oh fuk it adds latency

killer lied packets died

@hollow marlin boom

fifo so fast at processing

does killer even know your ISP speed

Does this stuff actually work tho? Seems like complete BS

Maybe if you had DSL?

muh 5mbit

@waxen scroll maybe it works if you added more ™️'s

is that marketing implying you connect two interfaces to one switch and use wifi too?

like ....

no no

There's

KILLER™️ Ethernet

and

KILLER™️ WIRELESS AC 1535 WITH EXTREMERANGE™

the caps make it better

wait no the ethernet

KILLER™ DOUBLE SHOT-X3 PRO™️™️™️™️

SUNDAY SUNDAY SUNDAY.....

@waxen scroll I think KILLER™️ 360-NOSCOPE PRO sounds better

like is there a SINGLE SHOT-X2 HOME too ?

I'm just imagining rn that this is how the marketing dpt talks on daily basis

https://asset.msi.com/global/picture/article/article_147485967257e89298acfea0.png

EXTREME

@waxen scroll 🤣 https://i.imgur.com/ib3XoXM.png

oof

this whole msi website is shit

https://i.imgur.com/QJM6gXP.png

Nice.

wait what is this

https://www.msi.com/blog/kill-your-lag-dominate-your-game-with-msi-and-killer

msi usually have decent web pages

We're having fun at MSI's marketing dpt

top tier Gaming gear

lmao

tbf it is from 2015

MSI is trash their laptops suck

https://asset.msi.com/global/picture/article/article_147485967257e89298b357c0.png

Who makes these graphics?!

their mobos are good

1gbit voor twitch

BRUH

no but

Its..

Simply adding the max rated speeds for all the interfaces

that's cheating

@clear igloo yeah its basically what you said https://i.imgur.com/PABxGqL.png

MSI laptops I feel arent bad, BUT they can overheat

@waxen scroll yeah but the BS marketing is consistent across all of their products

Like, companies hire those people to make adverts for the non-savvy

thats why wifi numbers got changed

that was a good call though

Andybody here use Fortinet?

I don't like MSI

Never believe someone with an Anime avatar

...

That's my config.

I don't see any keepalive setting under vpdn or l2tp.

kewl. my bag of rj45 keystones arrived

100 STP keystones for 30 euros

https://www.amazon.ca/dp/B07PHVBQVS/ref=cm_sw_r_cp_api_glc_i_KG2QRNMQ3S432DRASK8K?_encoding=UTF8&psc=1
Can anyone tell me if this supports 10G or if it's just restricted to 1G.

We're upgrading our 900mbps internet to 1.5Gbps so considering to buy that switch.

@flat wagon That's a big waste of money

oh wait

PoE

@flat wagon no.

@flat wagon https://mikrotik.com/product/CRS326-24G-2SplusRM

@flat wagon from what I can see no 10G support

Something like this, has 2x 10G

Even the SFP ports are restricted to 1G

can you link me a managed switch with up to 12+ ports that is also 10G from Netgear on Amazon?

@flat wagon that one is managed ^

one sec

and honestly, far more versatile than a netgear equivalent

is it on amazon tho

that switch has bunch of L3 features too

prefer to get it on Amazon

https://www.amazon.com/Mikrotik-CRS326-24G-2S-RM-326-24G-2S-rackmount/dp/B0747TBTDX/ref=sr_1_1?dchild=1&keywords=CRS326&qid=1617810216&sr=8-1

CRS326

@flat wagon those SFP+ cages fit a module than can be used for 10gbit networking

either via a fiber optic, or another type of SFP+ module

10GbE (on copper) is very expensive and not really worth it

oooo ok. thank u so much. i'll order it rn

@flat wagon though wait

you get 1.5G?

do you know what kind of interface they will provide ?

yes

it's fibre optic

yeah I am wondering if a 2.5G is what they will supply

ahh

@flat wagon have you got a fitting router?

walks away as he needs more coffee before he types

I'll link i what I currently got hold on

https://www.amazon.ca/dp/B01MYTIPG2/ref=cm_sw_r_cp_api_glc_i_HZ99PAJBC3WF15XFXQVS

it was fine for the needs we had when we bought it but our needs have grown since then plus it's not 10G compatible

so we going to replace it

@flat wagon yeah when you have gigabit network speeds, having a fast backbone is important

@flat wagon https://mikrotik.com/product/rb4011igs_rm

@flat wagon I have that one at home for my fiber optic connection

it has a 10G port, you can use to expand connectivity with like a switch

You can get short distance SFP+ cables for $20

I'll just spend a lot this one time and get the white switch u suggested

@flat wagon I invite you to have a look https://mikrotik.com/products

They sell many many products

and the software is the same on all of them, which is very nice

Is there a config section for specifying PPP? While im familiar with BNG, VPDN not so much. L2TP is just carrying the PPP control packets but there should also be configuration for the PPP side which is where the keepalives need to be setup

Just a huge disclaimer re: Mikrotik L3 it's ass-tier speed and feature wise

It'll do L2 all day everyday

@reef gazelle on their switches? yes.

very much so

Don't expect near line speed L3

nope

What's L2 and L3?

@reef gazelle The CRS305 I have, caps out around ~1200mbit/s

but it switches at full 40G

As most QoS setups, most the times its complete garbage, especially when you have no control of specifics

@thick minnow switching/routing

Ah okay

L3 is where VLAN communicate to each other

inter vlan routing yes

@reef gazelle though some of the switches are actually capable of high throughput inter-vlan routing

for the switch u linked

depends on the switching chips they use

yes

@flat wagon err

I don't read amazong reviews. I just know mikrotik's products are reliable and affordable

VLAN capabilities is where L3 gets most of its use, but not all.

and the interface yeah its a bit more complicated but nothing you couldn't do

Inter-VLAN and ACL's

@reef gazelle I just have my RB4011 doing all the gruntwork

router on a stick

The latter being "hey, iot devices can't talk to printers, but computers can" in layman's terms

I plan on upgrading my network stack but not until I move.

@flat wagon This is what RouterOS looks like: https://i.imgur.com/2EaPFzE.png

@flat wagon same screen is also available as web configuration.

I'm on Unifi currently but only to have central control at a sensible price

USG is on wan failover because Eth0 oofed

CloudKey needs to be migrated to VM

@reef gazelle lol I got my IoT devices and LAN seperated

LAN masquarades to reach IoT

Easiest way to allow one way communication

I have little IoT but it's locked down a fair bit

my IPcams are completely isolated

they get NTP from the router, and the surveilance VM has a vlan port to talk to the cams

no route to 0.0.0.0/0

I have one camera, no expansion until moving

@flat wagon that screenshot btw, is on this device:
https://i.mt.lv/cdn/rb_images/1659_l.jpg

CRS305

does it have like anti-ddos mitigation because the $100netgear one I have right now does, not sure if the one you linked has it or not, I couldnt find it on its page

wat?

antiddos?

like idk dos

or ddos

@flat wagon its called having a faster internet connection than the person flooding you

wait

@flat wagon its marketing jazz

doesnt matter

by the time the traffic you wish to filter has reached your device

it has already come over your fiber line

thus, has no effect.

Youd have to have two things in effect for "anti-ddos"

Full tunnel vpn tunnel to AWS or somethere (not to mention the money to pay for it)

it's what mine has currently

@flat wagon that's marketing jazz.

And a firewall there to mitigate traffic to your internal network

@tame carbon that sounds like STP actually

Okay even if it does

Mikrotik supports all of that xD

@flat wagon Its not something you'll need or have to care about. trust me ^^

Rate my networking

I can tolerate the pile of cables

what I cannot tolerate is that asus router

Pile of cables is annoying given there's an empty rack right there

Ziptie the devices down or something

@reef gazelle or better

You buy one of these

Also, don't piggy back power strips

YOu dont have a lot of equipment anyways

Where my modem

@cosmic steeple https://cdn.discordapp.com/attachments/776722183119699988/777646103775674368/IMG-20200922-WA0001.jpg

other half of the network is on that fiber

goes to my office

The 2U wall vertical mounts are only useful for oob mountable equipment usually

@reef gazelle or a CPE switch for multiple fiber customers or something

You could use 3m tape or hook and strap strips

I've seen this before, where they had a highspeed 25G switch

and bunch of access ports going to each tenant

bunch of vlans

But a US-8 and mini router don't justify a wall mount for me

Most of that CPE has ears though

Amazon link please

And if not there's usually a wall mounting frame that comes with them

@reef gazelle lol that vertical wallmount +

Big brain

I hinted at that with the 3m tape but it'd be a pain imo

It'd be cleaner and less deep with target branded pegboard

@reef gazelle Im doing a big outdoor installation soon

gonna be using one of those RB4011's as centerpiece

I still can't think of an excuse to not use it

Looks like a DIN panel router

@reef gazelle I got one of those at home

and whatever I can throw at it, it chomps through with ease

https://mikrotik.com/product/mantbox_52_15s

i'll be using around 10 of those

and a couple 60GHz backhaul antennas

got a total of 1 gigabit to distribute

Any guides to cable networking a house or a company in USA ct

for one, that router...
get a patch panel to terminate all the runs at
beware of electrical lines, know where they are

Planing to move this need out and move pc in here

get fish tape

Only 2 wall power by the door and need

plan it out

know where your beams are

which direction they run

easiest would be get into the basement (if you have one) and back up

Want like a modern power cable plates

yes

wall plates

I have a ton

I have like 8k to spend lol

why 8k..

that's way too much

Taxes

spend your return on other things as well

save it as well

I planing to wire the electric and networking to the house

if you are doing electricity get someone who knows their stuff

don't do it yourself

unless you know the codes

and how to do it

How much would it be for someone to do it for me

no clue

What about my ax11000

it's asus...

and just

spikes

cringe

The like 3 power in this whole house

My friend have the next up model

Do you need a permit /contractor

idk

I wired my house with no permit

I can put the server room in the gym

for high voltage you technically do

key word

technically

@flat wagon that auto DoS feature is potentially dangerous - I am reading that what it does is it turns off the switch port if it receives more than 3 malformed packets from that port

a malformed packet doesn't necessarily constitute an attack

I'm seeing message from people about it blocking their printer because their printer software has some kind of bug where it sends certain packet types malformed, or blocking their uplink port for the same reason and then the entire switch goes down

@peak cloak i'd get in trouble just for using romex

my area is conduit only.

if you do whips its gotta be like less than 2 foot

there are places like that?

never knew

My basement is just romex everywhere

yep

infact there are places that go a step further and want all low voltage in conduits

why...

keep the union workers employeed

@tender hazel the L3 hw offloading to the switching chips for routing on those CRS317 is crazy

juan showed me some of the stuff they did on rOS v7

if they bring this to the CRS305, that would be so nice

its same series of switching chip

sup guys

i got me something

TP-Link Range Extender RE450

and it gives me good speed

yes, it is a nice feature being able to do routing, it can sustain really high throughput

that's quite good for an extender, arvine

it's triple chain, your router must be triple chain too

that's the only way you could get that rate

whats a triple chain

it's the number of antennas/polarizations

more chains mean more bandwidth per device if the connecting device has that number of chains

an AP with three chains will be faster than an AP with two chains as long as the device also has three chains, otherwise it won't be any faster

most devices are dual chain so you are limited to around 500-600Mbps in best scenarios

triple chain devices can give more theoretically

your extender is knocking the bandwidth in half, which means that the huawei by itself is capable of giving at least 700Mbps which is really only possible if it has three chains

unless of course you are plugged into the range extender with a cable from your computer

That's all the ppp settings that are available. Non have like keepalive or timeout there.

are you doing LAC/LNS stuff?

@frigid pine I don't work with Cisco very often anymore but MikroTik has an example config here using Cisco as a LAC that may help

https://help.mikrotik.com/docs/display/ROS/LAC+and+LNS+setup+with+Cisco+as+LAC

I'm sure you don't care about the mikrotik parts of that example config but perhaps the Cisco part will be helpful

Let me check.

Unfortunately it does not contain the information I need. The link contains very basic configuration just to make it work.

I keep wondering if it is even possible from LAC side.

anyways I never noticed Mikrotik have a subdomain named help. This looks better than their Wiki pages. xD

@frigid pine it is the replacement for the wiki

the wiki is going to be shut down after they finish moving their pages over to the new help domain

Nice.

actually something I've figured out is that they have moved some pages over but haven't linked the old wiki pages to the new help pages yet, so the help pages are more up to date

@frigid pine https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/vpdn/configuration/15-mt/vpdn-15-mt-book/vpd-tunnel-mgmt.html

@frigid pine that might be the command you need?

No this command is only used for tunnel. I need something which may affect the sessions inside that tunnel.

My tunnel hello is configured as default 60secs.

ok

Hey yall real quick question... I host a server on zap hosting for one of my games but I'm looking to move over to a vps. I saw contabo was cheap but offers good packages... have any of you guys ever dealt with that company for a vps?

Contabo
No. Dont.
Reliable Site does good Dedis if you can consider that
So You Start/OVH ... well they are cheap sure but
Datacenter Fire, Bad Support, Bad Hardware Reliability
Hetzner, idk thats not in the States so I didnt ever used them.

Okay thanks, I appriciate that for sure!

https://lowendbox.com/ @fringe crow Heres a good place to look

Thanks I appriciate that!

https://www.lowendtalk.com/categories/offers
https://www.lowendtalk.com/categories/shared-hosting-offers

This is basically the market place central for that kinda stuff

Sweet, thank you

@fringe crow linode is also great for hosting

https://www.linode.com/

What tools do you guys use to draw network diagrams?

@frigid pine draw-io is quite nice

https://github.com/jgraph/drawio-desktop

I use that too but don't like it's interface for some reason :3

ohkay so there's a desktop app too. lemme check.

I havent really done that much diagramming for networks

most of my work entails software design

so I am more into the UML-design of things

I use a combination of Visual Paradigm for certain diagrams

and Astah UML for domain and use-case

I have an RDS Farm in Microsoft Azure and bossman now wants to create a whitelist only for accessing websites. Does anyone have any experience with this?

@grizzled cove run everything through an HTTP Proxy

thats what schools do to make sure people only use the internet for surfing

all traffic is blocked, except HTTP and a few other exceptions

I did look at proxies but to me its a dead technology and easy to get around.. if you want to bypass a proxy, you can. I was thinking of using OpenDNS and configuring my forwarders on our DNS servers to point to OpenDNS servers

@grizzled cove and then someone uses 1.1.1.1

you could block outgoing DNS server requests, but that will just upset people

It's an RDS server, so users don't have access to change network properties

So, any RD Sessions should only access XYZ Websites Listed in Said Whitelist right?

Yeah that's the idea

So your best bet is prob Proxies. Squid is a good choice. You would use Group Policy to set the Proxy config

Microsoft ISA Server is another option

Its a Proxy server

Sorry ... Forefront TMG as its known as now

Too bad its basically old and dead lol

(squid)

I settled for the middle ground

Had my DNS servers use OpenDNS IP's as the forwarders and used the Moderate preset in OpenDNS control panel

Strict preset caused some issues with Outlook as it blocks access to office365.com

Doing some research having a whitelist in a production environment is a recipe for disaster

ah yes german internet

i pay 40€ for this shit

@vestal patrol nice DSL line you have there

I paid about the same a couple years ago

but for 4 down and 0.6mbit up

Hi 😄

so question

so this is my home NAS

@tawny flint you got permissions?

the group is under is USERS

i pay 105 dollars for this

@tawny flint yeah that's network, but what about file permissions?

same

clearly not

yes i did

because you dont have read rights on the directory you are trying to list

owner is admin

are you logged in as admin/

nope

theres ur problem.

There's user and group permissions

for the Filezilla im using the FTP_USER account

and idk what this GUI is doing

netgear Readynas OS 6.x.x

because I've always configured this stuff directly from config files

unless you have some kind of access log

gonna be hard to debug

i havent play with it alot

i know a few people in this server who has a Netgear Readynas

^

work with web

but why isn't working with FileZilla 😦

working with local IP but not with my public IP/ no-ip.com

ok so the issues is my Public IP i want to connect while im outside or at uni/college just dumping files in there

i dont know what sensitivity info but show this but im not from the US

@plain siren I was hoping so badly that this tool would have a T568B pinout on the side

I might just print out my own, and use some masking plastic and stick it on the tool

oof

Fingernail Polish/Sharpie

@plain siren im still fucking around with wires.

I thought this pushthrough would be much easier

fucking orange wire keeps going in the wrong hole

lets see if this tool was worth it.

never had an issue with passthough

@peak cloak its just

xD

me fucking aroudn

make sure to straighten your wires first

I did

don't look like it

It's hard to explain what I do

I like wiggle the wires in my hand

perfect.

time to test the wire tester

@peak cloak I remove insulation, untwist the ends

and then pull orange appart

and group green blue and brown

and put the orange inbetween

slide it onto the keystone

and pull it close

its always striped/solid/striped/solid etc

and Im an idiot

@peak cloak LOL

the cable I cut in half

was terminated with T568A

I just made a crossover cable O.o

wait no, I did the T568A and the cable was B

either way. I now have a crossover cable

take 2.

booyah. it works

perfect

@peak cloak $10 cable tester :D

I'm a big fan of this passthrough

makes life so much easier getting the insulation inside the keystone

I got this same one from microcenter

@plain siren they are just simple continuity testers

I opened up the back, electronics are actually quite simple

yeah mines in pieces too

@plain siren that's it lol

there's a tiny IC on the backside under some goop.

Guys I just upgraded my internet to 1.5GBPS (from 940MBS) and I'm so conflicted on which speed test to trust.
My Ethernet cable is temporarily on Cat5 which is limited to 1gbps but idk which speed test to trust

fast.com is the fastest because it uses netflix

your isp probobly has a netflix cache server right on their network

and your cable is not the limiting factor

it's your computer and router ethernet ports

Okay because I ran 4 other website tests and they also coming up with 930MBPS-ish

you would need to upgrade both to have at least 2.5G connectivity

which is expensive

that's why imo 1.5G just isn't worth it

1G is perfectly fine

our home networking is revamped with expensive switches and the ISP just gave us their new 10G router

Overhead.

930mbit sounds about right

Theres protocol overhead which it doesnt measure.

ah your computer needs a 2.5G card

and are the switches 2.5G?

@flat wagon I recently linked you to some 10G capable gear

Gigabit wont cut it at those speeds. or at least not at full throttle.

yes I know and my switch is 10G atm but it's 8 ports

I'll link to my motherboard hold on

@flat wagon 10GbE (10G ethernet over copper) is NOT worth it.

The interfaces are far more expensive

You're better off using SFP+

and getting a fiber

https://www.gigabyte.com/ca/Motherboard/GA-AX370-Gaming-K7-rev-10 I think this motherboard does support speeds such as 1.5G out of the box

not sure though

That's gigabit.

o

so I need a 2.5G card too?

@flat wagon Skip 2.5G

its relatively new, poorly supported.

and expensive

just go with SFP+ (10G)

You need one of these cards

They have SFP+ cages, like the switch I linked you

okay hold on

(The card in the image is an Intel X520-DA1)

https://ark.intel.com/content/www/us/en/ark/products/68669/intel-ethernet-converged-network-adapter-x520-da1.html

You dont have to get 1.5G on every computer

i got the basic knowledge in networking but not super extensive, so what ethernet cable do I need to plug it into that? it seems like a different connector

1G is still fine for a laptop and such

@flat wagon ah ok. normally with copper ethernet, we all use RJ45

but once you go to higher speeds, the connector becomes a module

those SFP+ cages are holes for such modules

https://www.fs.com/de-en/c/10g-sfp-dac-1114

This is a copper cable, that you can directly plug into those cages

The same is possible with fiber optics.

its all SFP+

im just copying all the links on a notepad atm

hold on

@flat wagon now, such a Direct-Attach cable is only cost-effective within 3 meters.

ok i need like

Once you need longer runs, you can either get active optical cables.

50 feet

https://www.fs.com/de-en/c/10g-sfp-aoc-2689

@flat wagon these are the same as copper

but they have fiber inbetween

also plugs into SFP+

will that support the full 1.5g?

@flat wagon it does 10G.

@flat wagon You use these kinds of cables between your Switch & Router

if you want to have full speed networking on your computer, you'll need one of those 10G interfaces

can you link me the SFS product on amazon including the pci card and a 50feet

cable

@flat wagon no just buy off FS.com directly.

they ship worldwide.

And they are the cheapest

@flat wagon network card leaves some options open. You don't have to get an intel card.

but it has to be SFP+

so where's something like a 50ft?

https://i.imgur.com/Hq8WKvv.png

o im blind

ok

@flat wagon active optical is the easiest

because you can also get SFP+ modules with seperate patch fibers

That's what i have here

how are they the easiest

Because if you get dust in the fiber patch

then you have no signal

those active optical cables cannot be removed, they are spliced onto the connector

ooo

ok

thse prices

arent bad

i was expecting worse tbh

@flat wagon for 10G its very good :D

2.5G is about the same price, but you can barely find gear for it.

Thats why I suggested use 10G instead.

its futureproof, and not a gimmick :D

@flat wagon have a look at this: https://www.fs.com/de-en/products/11555.html

These are pure fiber modules

you remove the rubber plug, and plug your fiber in there

are they using the same image across all the cable products on their webpage

Yea..

because they all look the same, its just the length that is different

there's 1000s of different SFP+ modules

for different types of fibers, different wavelengths for the lasers

simplex, duplex

Active optical is therefor a bit "easier"

because you cant make a wrong purchase.

https://i.imgur.com/Hq8WKvv.png

They just come as-is

and you plug them in, and boop. it works

so the switch u linked also supports SFP but my router itself doesnt have a SFP connector support, just regular ethernet

@flat wagon SFP or SFP+ ?

sfp+

but it has cat8 running tot he switch

to the*

@flat wagon that could be 10GbE

10G on copper. which works.. up to 25 meters

https://www.fs.com/de-en/products/74680.html?attribute=113&id=219394

You'd want something like this ^

This plugs into SFP+

and has RJ45 on the other side

But these things are very expensive.

$55

RJ45 10G costs a lot more

ok accept fr cuz i'll probs be asking a lotof questions in the coming days when i order stuff

it's a lot to take in

all at once

@flat wagon ye it is :D

I went on this journey 3 years ago

took me about a month or so to do research

but I went into fiber specifically

@flat wagon those individual modules I linked earlier https://i.imgur.com/Px0MRJC.png

These are good for 10 kilometers of fiber

xD

but if i wanted to, i can just get a 25 meter cat 6 cable and a sfp+ pci card and the generic ethernet adapter and plug it into the card?

@flat wagon I would only do that if the network card in your computer is 10G RJ45

if you have to choose, I would get something with SFP+

its more flexible, as you can do fiber or copper

@flat wagon if you wanted to run copper, you have to get cat6a (make sure all sides are shielded)

high speed ethernet on copper is subject to interference.

so you need shielded cables

http://westcoastcomm.com/wp-content/uploads/2018/05/UTP-STP.png

Shielded ethernet means that there's a grounding jacket around the core

@flat wagon the interference, and the price of RJ45 interfaces, and extra costs in cabling make it not really attractive

https://i.mt.lv/cdn/rb_images/1301_l.jpg

If you go back to that switch of yours (CRS326), if you really wanted 10G for every computer.. this wouldnt be ideal

CRS317 is an all-SFP+ switch:

https://mikrotik.com/product/crs317_1g_16s_rm#fndtn-gallery

But that CRS317 is for really heavy switching (and soon maybe routing)

Back

let me read

@flat wagon no questions are stupid questions. esp if everything is new to you

so ask away

ok so just back up a little bit, so my router which is a ISP provided router (they also provided a small UPS battery backup for some reason for the router)
but ok so my isp provided router.... it doesnt have SFP+ so I would need an adaptor between that router and the switch?

for the active optical cable or do I just keep the CAT8 I have running between my switch and my router

im so confused

@flat wagon okay, so such an active optical cable is for directly connecting two SFP+ cages to eachother

And @flat wagon as for the ISP equipment, you'd have to look at the datasheet or manual

If they use 10GbE then you can use a module to adapt it to SFP+

@flat wagon if you had some more information on the ISP equipment, I could have a look

Yes one second

https://www.telus.com/en/internet/wifi

Honestly it's super limited information on it idk where the specs on it are

they also gave us

ugh

@flat wagon if you are in luck, you may not need that device at all

the ISP I have here, doesnt even ship a modem :)

I just have a fiber with SFP that plugs directly into my gear

which device do I not need?

o

@flat wagon yaasss. it makes life so much easier not having to deal with shitty ISP gear

Normally I would agree

but this router seems to be pretty high end and it's a mesh network with 4 boosters around the house

since it's a 3 story house

@flat wagon yeah but all that mesh shit

is garbage

o?

because they are an internet provider, not a hardware manufacturer.

If you want a reliable wireless setup, you buy specialized gear

those mikrotiks have a very nice way to do managed wireless

@flat wagon errr, can't find specifics on telus' website

same

hold on

gimme another 30 mins. I just got called for dinner, I'll be back soon ^^

Thats all I found and okay!

why have telus when you could have ubiquiti

because since we been with TELUS for 10 years they gave us all the equipment for free and u can't argue with free stuff :D

you sure? check your bill for fees

our internet for 1.5G is 70/month because it's a loyalty plan

that's CAD too it's lower in USD

loyalty plan? wtf is this concept

i have to quit and join back to get low rates

they got a loyalty department and they are responsible for ensuring to keep make sure their long-time customers (minimum 4 years) dont end up switching so that's when they start offering special rates.

We have TELUS mobile phone (so 3 iPhones on their plan), TELUS landline phone, TELUS cable tv (I never watch tv but got it in the bundle abyway) and finally TELUS internet at 1.5G.
All this costed $200/month