#networking

and then it routes using those labels

So why the regular costumer would need it ?

https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching

no, but your ISP might

they don't

but ISPs do

Your ISP has to get their internet from somewhere

and they probably use MPLS internally

to get the different customer blocks going to the right NAT router

to untangle the mess that they created

to my own external IP gg ``` 2 * * *
3 10.250.3.78 (10.250.3.78) 7.677 ms 8.859 ms 9.843 ms
4 10.250.1.133 (10.250.1.133) 108.887 ms 149.874 ms 108.919 ms

bru WAT

yeah but you are pinging adresses of devices here that are just natted

so there's all kinds of translations going on in the background

that you can't see

yeah I know

thats why it sucks xD

but 150ms

overloaded

lets make it explode

but basically, MPLS is a layer 2.5 protocol

it essentially removes the need for layer 2

and allows you to operate an IP only network

ok

you can think of an MPLS network like a cloud

https://i.imgur.com/tUSEB4l.png

it seems to like a bad cloud with their configuration

omg it tooks the message 10 second to be sent

If your link is saturated

like, the ISPs link

They already moved me between all their servers xD

its same kind of thing when you watch something in 4K and your netspeed goes down

except your ISP is cheapskates

It's almost like a load-balancer

I think they need new engineers.

@low pond nah think of it as a way to route packets between two sites, instead of using a VPN over publicly routed IP

you get a tunnel

allows the two locations to basically exchange packets directly, they don't see the MPLS thing, its just a cloud

This is the only ISP in Israel with the highest end ddos protection from ARBOR

but the internet still sucks

from what i can read off wikipedia, it creates a label switched path

and it just routes packets using those labels

instead of looking at an address routing table

basically NAT

No

@lean pebble think of it this way

its a kind of VPN

provided by an ISP, to directly tunnel two locations to one another

thats how it shows in the picture

@lean pebble yeah but MPLS is just something that runs on routers that are in the ISP

each site probably has a WAN, and an MPLS vlan

but to the customer these are just two vlans

one vlan is internet, the other a direct layer 2 tunnel to their other site

so customer can directly route between their own routers

and MPLS allows the ISP internally, to switch those packets through their network

That sounds annoying, and pretty stupid routing option.

anyone got some decent access point recommendations that are not ubiquiti?

@short relic Mikrotik

for put the regular costumer in endless MPLS

available in US?

yes

thx

Made by European company

@short relic though they require a bit of know-how to set up

lol as long as I don't have to like import from ebay haha

you can use an app on the phone

or

use their configuration tools

tplink omada

its quite advanced, ISP tier-stuff

yeah

but cheap and reliable

with all the ubiquiti drama lately I am opening my mind to alternatives

@short relic what exactly do you need then?

MPLS is the only way to go. Farthest from a bad routing option

for now im just looking at access points only

@hollow marlin halp, I tried explaining mpls

but too much services that they use that make everything work slower than usual and overloading the systems.
without mpls everything would work better I guess

doubt

mpls helps

@lean pebble MPLS has nothing to do with that

its just overloaded, that's all

anyways, ill look up mikrotik and omada

they provides the shittiest cyber ptoection to the end costumer they just block everything they don't like for the costumer xD

and you can't disable it until you call them

@short relic are you looking for wall mounted access points?

or ceiling

or just a single AP. Give us some context

crystal wanna hear something funny?

idk, do I ?

lol not sure yet. Gonna be moving later this year so doing some pre-research for that

@short relic mikrotik has certain geek-factor to it xD

more looking for alternative ecosystems instead of specific hardware

Only in 2021 the "government" here decided to eliminate option of the ISPs to force costumers to purchase or rent the ISP routers.

incredibly versatile little routers

since I feel confident finding the exact products i need on my own

lol current router is an '08 optiplex running PFsense

@short relic what kind of netspeed do you have ?

why does my router have 8GB ram and 16GB swap?

that thing is a crime to run as router

Now the ISPs can help you configure your own gear

such waste of power

960/35 at the current location

uff

yeah

yeah i know but it was $5 at university surplus

@short relic okay and how many APs you plan on operating?

xDDD

nice.

kinda insane how much juice you are cranking out of that box

must have a light fw

dont have a new place picked out yet soooooooo idk

well either way, the standard dual band ceiling mounted APs they have are like $60 each

not bad

have two ports, and support PoE in

you can use either one of the APs as controller,
or control them on your main router

I guess for me the real question is if I stay with custom PFsense or move to a prefab router

@short relic my RB4011 can do 10G, and at full load consumes ~13watts

with PoE attachments

but again, just looking for other networking ecosystems to research on y own

max of 27watt

my RGB consumes like 15 watts

https://mikrotik.com/product/rb4011igs_rm

MPLS actually makes things more efficient. Its what it was designed to do

I just got a HEX S, going to put in prod this weekend

I got you, what were you trying to explain

the config is overwhelming at first

congrats present

@hollow marlin literally 2 mins before, scroll up. But I think the moment passed

At a high level, that looks correct

I guess it depends on who configured it

@hollow marlin he is fuming over https://i.imgur.com/A3L4dME.png

No, MPLS alone is less resource intensive

because his ISP is trash

and it says MPLS, I think @lean pebble you just confused it :P

haha

confused what?

those things being related to eachother

I'm saying they can't configured anything correctly

I think they just have not enough bandwidth

or

suck at queues.

MPLS relies on the routing table, it wouldn't be MPLS's problem if their routes are not efficient

@short relic this would be powerful enough for your use-case: https://mikrotik.com/product/hap_ac2

There is nothing I see wrong with the traceroute

they just added 25tb with a new fiber to europe

last week

ill look into it

@short relic if you do not require wireless functionality, but would like one additional ethernet port (SFP) https://mikrotik.com/product/hex_s

probably ditching this optiplex when i move

ok

even if I don't replace my Unifi AP immediately

@short relic one of the reasons I like this system is:

You can remotely manage those access points

Omeda does this too, but idk. Tplink is cursed for me

they all die after 3 years

probably why its so cheap

but basically

its pick and choose

all runs same OS

so you can just mash it all together

yeah

for your use-case

i just want to avoid cloud stuff

this is entirely offline

i was so close to buying a Dream Machine

@short relic I like the simplicity of their config lol https://i.imgur.com/DaWSqcF.png

lightweight wrapper for their CLI

Who is trying to crack my machine? There were 751 failed login attempts since the last successful login.

Its not honey pot

i took a computer networking for engineers class, but now i wish we had like an 'IT Networking professional' course lol

not yet

huh omg here we go again ``` 7 10.250.1.5 (10.250.1.5) 169.660 ms 217.858 ms 185.366 ms

its ok like the ISP say

cya later

🤣

its just a testing for pufferpanel slave node xD

took me 5 minutes to install it again and 4 hours to understand how to connect between the two because their discord server is half dead xd

stop attacking my server

😂

ye im attacing from Hetzner FSN

yeah for low latency xD

YES :D

like usual china trying to hack hetzner xD

Ah yes

this is why i ban china.

all chineese IP's

doing it since a long time

works the best

I hate windows

the POS server that needs windows (running w10 pro) has nuked itself

stupid 20H2 update

it just forced itself onto the machine

and not I cannot connect via RDP, and virtual console is borked too

3 reboots and now it works suddenly

I will never understand this OS ¯_(ツ)_/¯

xD

🤣

its simple.

Its windows.

k e k

So I'm trying to send a http request to my own public ip address, but here is the thing I can only send one and the next time I try the packet never send to the server. I can't get why this is going on. I have a router from at&t, it seems to be something in there.

mh

can only send one and the next time I try the packet never send to the server

what do you mean by this

Ok I can open the page in the browser, but all requests after this are dropped. Like the server isn't even running(I know that nothing is coming in on my test logs)

do you have an address for me?

so I can have a look

you can send this in dm if you like

It does this if I'm on the same network as the server

so wait

what address are you using?

not a private range, are you?

My public one

As I have a domain connected which I made sub domains for

yes

yeah ok, what's your goal tho

They are ipv4 so, it's an A record

yes...

did you port forward?

They are

If I get off of the network that my server is on, my server works fine

so it works from WAN, but not from LAN ?

hairpin NAT

yeah, that's what I was thinking too

yes

or use split horizon dns

either works

hairpin is more elegant

It's not the dns

dns is fine

@thick minnow no this is a common problem

no, you don't understand

and there's two ways to fix it

typing my public ip without the domain does the same thing

@thick minnow that port forward rule is currently only applied to traffic that enters your router from the WAN side

traffic from LAN to your public IP is not being translated

a Hairpin NAT is the solution to this

basically what you do is have it so you have a DNS server on your LAN that for server.example.com resolves to 192.168.1.2, while public records of DNS point to your puiblic IP @thick minnow

that's split horizon dns

This is more elegant

This is a hairpin ^

idk I heard enterprise uses split horizon more

@peak cloak yeah but in a home environment

there's some issues I heard with hairpin juan was talking about

you just want any dns server to work

oh yeah ofc

@thick minnow what router do you have

can you create a new NAT rule

Who can I create the nat rule

oh fuck its one of those shitty ISP routers

:/

Well I did pay for 1Gbit ethernet from at&t

I don't get your point

I have gigabit if I wanted to

@tame carbon https://forums.att.com/conversations/att-internet-equipment/nat-hairpinning/5f3442694833935a92d560a8?commentId=5f35677872a09d671dae4b2e

but I dont have any ISP gear :D

LOL

garbage.

@thick minnow join the light side of the force

next solution is split-horizon

Great at&t has no brain

or just get a good router

So you just set an internal DNS resolution to the private IP

^

can you even do static dns on that AT&T thingie?

yea

ATT boxes also don't support changing the DNS servers which could be used to resolve the private address internally and the public address externally, so again, you'll need a 3rd party router to handle this

ATT modem that does support it.

Yeah you're screwed no matter what

Just be glad it at least supports passthrough

but where I'm I going to add this record into it

wdym

@thick minnow you can't. That thing has almost no features

Its crap compared to a proper ethernet router

Well then what can I do now

you could order a router

doesnt have to be anything expensive

but I can recommend you something that can handle those speeds you require

https://mikrotik.com/product/hex_s

You know what I will just program the server to read fake subdomain using other methods

yeah you can just modify your hosts file

^

that's not network wide though

@thick minnow if I had a gigabit WAN I would totally get my own router

I can use this

I have 250M and I have a 10G router here lol

what's that

how will that help?

that's just a http url?

no its not

I can use the auth as a fake subdomain for local ips

its the URL scheme

I don't get it

yeah

http doesnt use auth

basic auth maybe

but those are headers

not usually supplied as a url

this applies to more things

like

they do

ssh://crystal@server:/home/documents/pr0n.png

still a url

yep

but I fail to see your point

the issue you have is much lower in the network stack

all this is layer 7 overhead

@hollow marlin this is pretty accurate right? https://i.imgur.com/NGky9O4.png

;)

Yep, L1-4 is where overhead usually lies

@hollow marlin no I'm looking at it from another perspective lol

5-7 is overhead xD

to a network engineer

Well technically based on that photo, yes it is "over"head lol

@hollow marlin I watched a 2h talk about longhaul fiber networks

the physical stuff

and this guy talked about layers 1-3 and how they do physical vlan transit

from fiber through to switch with x-connects and all

and he put up this diagram

I think layer 4 is where he put "overhead"

xD

Transport is a whole field in its own right

https://i.imgur.com/LlIgvZn.png

layer 8 is not to be further discussed

L1-4 is considered overhead, past that is the actually payload

Not sure what he was getting at there. I guess in terms of being transit, that payload is really their overhead from that point of view

Its ment as a joke

xD

I assume L0 is referencing sales

Wegerechte = permits for digging

trassen = those underground patch boxes where all tubes come together

rohre = pipes

kabel = cable, fasern = fibers

In telco space, 0 typically means sales and their sell first and make the engineer's make it work

lol

they shared this img https://i.imgur.com/SaYKo6V.png

of one of their jobs

they had to figure out which one was which, to get a x-connect going

and after years and years of this

Ive done fiber work in the pillars/pill boxes and thats about right. Documentation...I should say meaningful documentation is relatively new thing

its just like in modded minecraft

@hollow marlin the place i started working at this week... they.. wow yeah

their organization is a mess xD

they have a single server for everything

prod, test and their source code repository is all on the same box

they have git without a frontend page,
no propper issue tracking, they are trying to use teams

and nothing is properly documented

they are a team of programmers, who desperately need some tooling and guidance

Yeah, sadly this is too common place. I have done tons of docs for my current workplace and even trained on how do it. People still cannot figure out why its needed.

yeah but the thing is

they are saying that they all agreed to doing documentation

so I go through their docs

and I find a finely styled word document, with a table and coverage% of their unittests

and I am just sitting there... and thinking.. wat.

1 button in my IDE gives me this information

The key is to have it simple as possible, then break the docs down into more detail. Searching shouldn't be a chore

@hollow marlin I am going to use a very simple kanban system in gitea

They are using git, but just from shell without a webpage

you can just have 5 lanes, backlog, to-do, in progress, review, done

and then we can just create issues and track them this way

can even create templates for these issues

this must be easy

so people do them.

@hollow marlin being able to create a wiki page on gitea, and referencing to source directly as well as issues

that will be a huge gain for the team

Spending time to clean up docs and processes early on save soooooooo much time later. Some of our older sites will have techs spending hours just on discovery before tshooting even takes place. But with docs and organized site structure cuts that down to mins

@hollow marlin they are basically developing an old piece of software that used to be used in house

that is now to be sold to other businesses

they have refactored most of the backend

but have not got their infrastructure in order

the dev team is two older people, and a young inexperienced developer

they are all older than me

the young developer is promising, may not call him inexperienced, that I do not know yet

@hollow marlin but yeah, wednesday I was in a meeting, and I just overhear a situation of a bug that has just returned for the 2nd time

and I look at the visualization in git

and its just everyone working off master

Cleaning up a bit

helps a lot

@hollow marlin the only thing I am afraid of, is that I am going to step on people's toes :/

but from what I gathered so far, most of what i have heard so far is people agreeing to my ideas

they are just unsure about change

My windows vm begging me to finish this update xD

I just enabled fail2ban xD

Thats a fine line that is hard interpret at times. I only go head first in if I am confident but the hard part is knowing when to. Many bad decisions might already be known but for reasons outside control is why it cannot be immediately changed

yeah but the change I am making now

will initially not really impact them

Its good you are making way. Id keep pushing

all they have to do is change their remotes on git

@hollow marlin and the sales guy

was attempting to set up different instances for certain customers

or at least wants to

they lack someone that leads, I feel

Sales, you'll never change their ways

@hollow marlin well the main thing is, they cannot expand at all right now

with 170MB free memory

you aint gonna do much

@hollow marlin and I managed to persuade the boss by basically doing a dead simple ROI

estimating a 2 hour time saved per week

per developer

for a $20/month vps, I think thats good deal

so he was on board quite quickly

And thats just face value estimates, Id be surprised if it wasnt much higher

@hollow marlin they ahve a 3 license jira

me and 1 other dev dont have access

how is this supposed to work lol

so if I couldn't get this vps, yeah.

I would have used a raspberry pi

@hollow marlin feels like such a flashback from 8 years ago

where I joined a group of people on minecraft who had 2 people who were unorganized in developing minecraft plugins and maintaining a server

within a week, they were over from a managed hosting, to a dedicated machine, and I had full root access to everything

I still have access, I am just often not actively present anymore. I mostly am just there in case something goes seriously wrong with servers

You should join me in an adventure to the the "Minecraft Game Server" resellers community haven.

@dusty duneIIRC, its you running Pebblehost... or someone with similar PFP + Same name

Yeah it is, I knew you would be in here

Hey there guys.. are there any ways to get lower ping/latency? In mobile networks..?
Thanks..

Not really. You're at the mercy of the towers @thick minnow

I see..
Thanks bro..

Its just i get speeds upto 40mbps..
However ping is like 80 to 150 ms.. sometimes even 200ms.. thats really annoying to have a higer speed with higer ping..
40mbps is pretty much good actually for mobile networks according to me at least in my area where i live...

If you have access to the SIM's AT Command Interface, perhaps locking in a better tower instead of having it flip to a neighbor cell may work out

A 20 or 30 ms would do better

Oooohh

For example, my Hotspot defaults to the tower nearest to me which is Band 6, but Band 71 which is a tower a bit further is way better

Mine is probably band 40

But the signal strength lies between -60dbm 70asu.. to -75dbm 48asu.. at field testing..
Thats almost like touching tower.. pretty good..
But the ping keeps me

Ikr yeah

Whos your provider

I live in india... i use vodafone (uk company) at 4g lte..

Which circle too?

Ah, yeah. Then toying with band priorities may truly help.

Beats me!

Its andhra pradesh.(state)

Mmyea, you can try surely changing, Vi allows to change the bands

I see... youre from india too?

I presume this means Caste

I hate that term personally

Caste?

Oh i see

Technically speaking..

Haha

IIRC, India is very much "Classist" on Birth Right/Location/Geneology.

No i mean the state actually heh

Ye TN, but I don't live in India

Guys can i access my freeNAS setup over the internet?

Ye

This dude next to me named Vishal says Hi. hes from there too

You could, but this is a terrible idea to just expose outright.
Instead you would want a VPN

Is setting it up free of cost?

Yeah

I'd directly host it, its a bit more simpler than going thru VPN

Using a VPN, you could basically "login" to your LAN as if you were at home next to the machine from anywhere

Exposing NFS/SMB/CIFS over the internet is currently a very asking for it thing

Ohh hmph

Alright..

Or what could be a proper solution for a cloud storage type thing! We friends need to edit videos and all our gdrives our full and we could need over 500gb due to pandemic we cant meet hence the online solution

Umm guys whats freeNAS? Never heard it out this is my first time

S3 Buckets from AWS.

Seeing as S3 is dirt cheap rn

Mine chia?

Open Source OS for a DIY "network attached storage"

Right, because all we need is another open S3 bucket

a solution for a NAS on freebsd utilizing ZFS

Thanks..

Well.... dont click the checkbox that exposes it obviously

Thank you..

Just use aws-cli or fuse mount it

Or, nextcloud

Pydio

Minio

With freeNAS can i use next cloud ?

Yes

lol I am using NextCloud on top of Minio rn I love it.
Yes FreeNAS can be a storage solution for NextCloud

Just gotta mount the share to where nextcloud see's it.

I am literally a noob in this trying networking for the first time

thats why were here

The important part of freeNAS is the “NAS” part. Network Attached Storage. There’s a lot of them out there and they all are a bit different and have different features. But at the end of the day, they all allow you to access a centrally-managed storage that can be accessed over a network

Any helpful tutorial?

Not one that would prob get you through all the heartache of figuring it out. If you really want to, I(we) can walk you through it. Ill link one anyways

So i think first i need to setup FreeNas!

After that nextcloud maybe

https://wiki.seeedstudio.com/ODYSSEY-X86J4105-Installing-FreeNAS/ This one is pretty good, its meant for the Odyssey, but the instructions apply for generic use

Awesome thanks mate!

FreeNAS i can setup using tutorials i just need some steps or tutorials after that

For next cloud

Is Minio running on bare metal?

Containerized

Gross. Cloud AND containers

I aint using AWS personally

Containerized on bare metal? Or docker in a VM?

Containerized on Bare Metal. Alpine on the host

what's bad about containers

They are different.

So thats hard

Overused, don't really grab onto hardware like some stuff likes, is used by lazy devs as an excuse to not try to make things cross-compatible. They have their uses, but they are not the end all be all that some people laud them to be.

Honestly they whole containers thing is so misconstrued with half-assed info its no surprise people dont move to them after seeing the jank'd up documentation

I used to hate docker. Thought it was garbage and a waste. Turned out I was trying to use broken images. Once I found good ones and set them to run on Portainer, I’m FLYING. I can host way more than I ever dreamed of and far faster than I ever could before.

Containers should be way more interop'd with hardware..

yeah they are overused

They share the host kernel so the emulation layer is removed

You have never had to deconflict someone elses container BS to fix their product for them

I’ve even rolled my own containers that can tap into hardware to stream TV real-time to my network using multicast.

I dont set my shit up half-assed so that wont happen

Multicast support needs net_host IIRC or CAP_ADMIN

If I’m having to debug someone else’s container, I try to roll my own. It usually turns out pretty good.

I'm not arguing that you can't tune them to what you want. But give me a nice phat VM for a service any day over a container.

Yup. I use host net

I run all my containers in a VM. 🙂

Gotta use the vendor's stuff, or the FOSS solution that's allowed for

I rather not have to mess with shit like NTP ... 2 times to run a single service.

I already got the damn core OS setup, I dont wanna set up a whole other one

Don't have the time to finish my replacement product, and get it assessed and approved. I'm not getting the dev time I need for it.

Thats usually the pinch

So I'm having to use my free time/time at home to work on it

To actually make containers "good" at what they do, your stack has to be architected to make advantage.

And thats... time consuming

Containers are really good when services are trivially scalable, and bad for a lot of other tasks

The one thing that comes to mind is:

Databases.

I need to have a robust, easily built and maintained sensor environment. And I do NOT trust zeek, snort/suricata, or stenographer in a container

Mm, stuff like webservices, stream processors, etc are generally easy to scale

I got snort in a container, its working fantastic, havent ever used zeek or stenographer

Basically anything that doesn’t require complex synchronization

Job running cluster etc

MariaDB Galera Cluster

How is snort handling network traffic? AF_Packet? PF_Ring? Are you having to do multi-gigabit traffic AND verify that you are having less than 3% packet loss?

👁

I have 0% loss across my entire platform (Im picky on that), PF_Ring Cluster is running fine.

Yeah. Our in house testing of security onion's containerized network monitoring services has left us less than impressed

So heres the trick with PF_Ring: /lib/modules/$(uname -r)/kernel/net/pf_ring/pf_ring.ko In my container I build the Kernel Module and since the Kernel is shared with Host, its as if its running Bare Metal

And because they using "easy to build" containers, and aren't devving their own solutions, they make ad-hoc work arounds to get everything set up, we have to go in and tune everything

Yeah, cant half-ass this.

"Oh boy containers!" without concept understood and half-assed attempts will leave this looking like a joke

We don't have the luxury of doing custom work like that on our sensors. We move at a tactical pace, so the longer we build, the less time on network we have

Already the tuning we do is finicky enough stuff will still occasionally break

Ideally you would CI/CD your containers and use a Config Management System to make it ez

lol

But thats a whole other job

build_pfringkern() {
    if [ ! -f /lib/modules/$(uname -r)/kernel/net/pf_ring/pf_ring.ko ] 
    then
    echo "Building Kernel Module"
    cd $SPWD/PF_RING*/kernel
    make
    make install
    else
    echo "Kernel Module Already Exists"
    fi
}

in muh run.sh

Oh that’s nifty. Works even when you change the host kernel

The solution I'm working on is a super simple "use salt to bootstrap a centos box into a sensor", installs zeek, snort3, and stenographer, and joins the federation. I'm still working the federating solution, and backend.

Oh this is a huge gain on Containers. Remember: The container shares the Host Kernel instead of the Hypervisor layer sooo
Expose /lib/modules to the container and it can build modules for you kernel and have them "Configurationally Isolated" yet as if you did the changes on the Host OS. This also means I could launch another container without this build option since its already injected into the kernel.

If you ever have to build a kernel module but dont wanna muck up your Environment, a "Build Container" is awesome

Ever seen this?

https://i1.wp.com/rackn.com/wp-content/uploads/2021/01/DRPProvisioningWorkflow.gif

lol, a vendor solution?

I did a fun little POC with Digital Rebar. A raspi that configured a whole datacenter from scratch

Don't got the money for that

Neither did I lol, the Trial had an easy bypass

Can't do that in government work

Yeah. Def dont

https://tenor.com/view/you-dont-say-nicolas-cage-wow-really-no-kidding-gif-5343842

But damn, it even configed my PDU's, Switches, and TCG Opal (Self Encrypting Drives)

Don't care about thoses. Just need sensors and a master

And salt + install script solves that problem perfectly

What are you working on that has Sensor Telemetry so high

Unless its just InfraOps

(if you can even say)

Also lol, I deserved that

Hunting novel malware, where ever we're invited

So, we need to see everything, because we can't rely on any existing signatures/alert rules

Active Protection

Yes and No

Or is this like... I just stuck an extra LZMA Layer into your BIOS Kinda thing

We don't stay active on a network for an extended period of time. We come in, we hunt, we find, we leave. And take our kit with everywhere.

And I don't do that kind of stuff, but our host guys do

I do network analysis and system architecture for our kit

Oh I was just using terminology, I understand the job

I presume you are "Certifying" of some sort?

Nope, no certify. Literally, all we care about is the bad stuff. We don't care if our customer is following policy, or up to standards. We'll advise on it, but in general we don't really care.

Purely research then?

We do the rule making for everyone else, essentially

Hello FireEye

lol, I wish. Don't get paid near that much.

Stupid me 4 years ago turned down a job offer from them

I still punch myself

This is the actual cool areas of the job.
Maybe not paid like Redmon/FireEye but shit, the industry you work in alone is fascinating

someone offered you job? lol

mistakes were made

😄

In security no less, so def a mistake

they'll hire 19 year olds via temp agencies now for 6 month contracts

Yeah, and nice benefits like getting paid to go the defcon

Grrrrrr

that's the reality

I know

source: am looking for internship, fuckers don't even want interns anymore.

lol, not for high skill jobs like malware analysis

i've got 4,65/5,0 GPA and I'm not even getting interviews

Dont underestimate the cost cutting nature of the CFO's of these "Big Players" now...

so i'm slighlty getting disillusioned about education

Honestly, the quality of their work (especially the most recent) is showing it

Education and certs are nice, but its all about relationship building. That's where you get the foot in the door

Who you know, not what you know Every damn time 100/100 times

Gotta make friends every step of the way. It's if I leave my current job, I already got the next thing lined up.

My father taught me this. You quit when you are already hired. Easier to find a job when you are employed

• You can also take the offer back to current employer and see if they have deeper pockets

this cybersecurity firm has taken a couple of previous students as interns during senior year

going to apply

What firm?

I agree with this statement. If you know enough of the right people, opportunities do pop up every now and then to move up

monday is going to be a nightmare for our poor service desk.. one of our resellers hasn't entered any payments in the billing system, so basically every single one of their customers (about 70 in total) are going to go delinquent on Monday and get service cut off

and it is possible that they actually paid but that the reseller hasn't recorded the payment yet

If you happen to have the ability to do so: Prevent that

Yeah you dont have permission right now

But this is one of those moments where its good to do so

we contacted the reseller - they never responded

I expect they are doing it on purpose, to throw us under the bus when the customers get cut off

and claim it was our fault

and tell all of their customers that it was our fault

CYA, Send an Email, CC the Executive Board

My computer has a 192.162.X.X IP address, how could I find the IP address of my router?

Assuming you're on Windows, you can normally run ipconfig /all in command prompt then look for the gateway IP. If your device IPs are 192.168.x.x your gateway is probably 192.168.1.1 or 192.168.0.1

thanks

😆 I swear you nerds are badly needed on the forum. People ask all kinds of network questions there.

they should come here

That could work

Well, maybe. I think the forum format is better suited for troubleshooting. Discord is fine here only because its not often super busy like that other discord channel called 'buildapc'.

ye who uses forums now

Ya who uses the internet this days

who uses a computer these days?

for 8 months at my school, very very few

I was supporting an environment that gets no foot traffic lol

should change by summer and fall semester

lol

Yeah everyone working from smart phones

I use it, but usually only for tech news (and that too to get featured on Techlinked/the wan show)

hi how many $ could 15Meters of ordinary optic cable cost ?
ill do pic w8

idk if this is the correct channel but everytime i try to watch baby driver on netflix it doesnt go above like 480p, it seems to be only this one movie. any idea why or is it just the movie? but then again on the little preview at the start it shows good quality

You would need to specify a bit more. 15m for fiber is cheap but what are going to be using it for?

I think those cables are LC

LC are the connectors?

it's not terminated

fiber termination can be a pain I heard

without expensive eqipment

termination means putting on the connectors

doubt it's worth much

Yah, you can get 15m of cable for like $15-20 pre terminated and everything

seems like that cable, I just looked it up is a bundle

https://www.novalight.com/ofs-midia-micro-fx-288-fiber-loose-tube-micro-cable-AT-3CE453T-288.htm

did he steal it...

who steal what xD

WTF, why did he deleted all his messages

just got word from our ISP's techs, our middle-of-nowhere village house now has gigabit internet

maybe if a few years we'll also get tap water that doesnt lose pressure when too many people in the village use it

XD haha

Depends on the total bandwidth to the village itself tho

@low pond honestly, invest in a CCR

and you are done.

https://i.imgur.com/AYyTEtl.png

8x 10G

couple of those

and you can run a small ISP enough to provide 40gbit or more to a town

then its just a matter of the expensive permits and tunneling/cable laying that will bankrupt you

its 80% of the costs

CCR1072 is like $3000, equipment is the least of your problems

the physical infrastructure is where the trap is

Ye it is the well the whole deploying of fiber over a longer distance to their POP's

@low pond I hate the fact that they are doing GPON all over the place :/

Ye actually even in India many fiber providers do use GPON

its not even that big a problem

if only their ONTs would be at least standard

In what sense 😛

like dociss

You plug your pc into port 1 to configure

so you could just get a modem

and you set up vlan ports for each service

in the device

thats it

no ont/router combo

that's the worst

you need an ONT that can seperate the IPTV and VoIP stuff from your ISP to one ethernet box

this box, is responsible for all that crap

ah, in India the providers Airtel and Jio do use AIO. They are branded also (Jio's), but Airtel use Huawei/Nokia ones

Where I am currently (UAE), we have a Huawei Modem and then connected to a DLink router so yea

it has a WAN and a single LAN port

or a switch in it

but the whole point is

that the ONT should be able to hand off WAN to a designated port

so you can run your internet service on your own gear, and run the additional services through the ISP gear

We have that box here XD, wehave a deeicated ITPV port and a Telephone port and internet port

the problem now with GPON

is getting the ONU to work in your own gear

I'm helping @151100377331138560

mh

did he leave the serevr or soemting

no

he has a space in his name

so I cant @ him

oh i see

I thought using his id might work

But he's about to get GPON directly to his mikrotik

that's what fios ont does

waiting on final parts

@peak cloak yeah I am about to learn something here

see if it works directly

if not

we need to.. mod the ONU

short 4 pins out

with blob of solder

its kinda uhm

the problem in it lies that, it has a nonstandard pin-5

vendor lockin crap basically

and its just a pullup resistor

you just short it

problem solved

if we can't have a driver for the interface

we can SSH into it

and clone the serial and password

and move that onto a mikrotik ONU

hopefully then

we can get GPON service up

and then we need to figure out how to get the VLANs seperated

for IPTV and internet

since they enter the network on a switch

and not a router

complicated stuff

yeah reverse engineering the isps connection

https://github.com/hwti/G-010S-A

fios apparently is really complicated

This recently appeared ^

ONT are essentially managed switches, not much too them

@hollow marlin He was afraid to pick up a soldering iron

but no point, ONT works fine with no routing

yeah but the whole auth part, keys, etc.

@hollow marlin my backup plan is.. some tin foil and stickytape

@peak cloak its not even that

its just username password basically

very mundane

well depends on isp

fios is apprently like that

oot@SFP:/# onu gtcsng
errorcode=0 serial_number=ALCL98765432
root@SFP:/# onu gtcpg
errorcode=0 password=1234567890
root@SFP:/#
Set password and serial
root@SFP:/# fw_setenv nPassword 1234567890
root@SFP:/# fw_setenv nSerial ALCL98765432

This is Telus

Canadian ISP

@hollow marlin do you know what they run?

https://cdn.discordapp.com/attachments/829722257700945920/838476437551972392/image0.jpg

idk if this is going to work

I am not sure what equipment they run at the access layer. Majority is Calix/Adtran

they use AlcatelLucent

on the CPE

For the SFP that should technically work

@hollow marlin yeah but they are pulling some kind of vendor lock

https://rsaxvc.net/blog/2020/8/15/Nokia_G-010S-A_Pin_6_Issue.html

Quite interesting

The fix seems to be simple enough, short out this resistor(there are three white boxes above the 5 pin chip, the middle box has two resistors, the left is a zero-ohm, and the right is our 1k culprit, it's connected to pin 6, starting with pin 1 on the far right).

so they have a pulldown resistor

that breaks compatibility

Vendor lock as in the console access or something else?

As part of setting up a GPON lab at home, I noticed that my Nokia G-010S-A SFP refused to connect to my HP 530SFP+ NIC. Some research showed that a NIC modification was needed.

I decided to dig in a little deeper to figure out what was wrong.

Oh yeah, you can buy cheap boxes that change the ID of the SFP

FS.com used to sell them, let me find the name of them

@hollow marlin oh

really?

so we may not need this sfpmod?

because the plan was to mod it

snatch the ID

https://www.fs.com/products/96657.html

and then use the mikrotik onu he bought

cheap

wat

you are joking

and not even gpon

Many vendors lock their SFP port down to first party or certified 3rd parties. All you do is plug in the SFP and you'll get the binary, just flip the bits to the approved bits and done

@hollow marlin I just need those two values though ?

those onus use SSH

and a default pw

To access the ONT, you'll need to find the credentials. To modify the SFP you need a reprogrammer unless their ONT has special sauce that can actually do that

@hollow marlin no no

we are not using the ONT at all

the GPON SFP goes directly into the network

into a CRS309

That may or may not work

exactly

so we got this mikrotik ONU

which might work

and I am unsure as to, if telus lets you register another S/N

or maybe sends it to you

this is just like PPPoE details

ONTs typically are provisioned via MAC or 802.1x auth. Its not always as simple as plug and play. Some ISPs allow you to use your own and publicly give out the VLAN.

he contacted the ISP

and they somehow

'agreed' to have him run his custom stuff

and they are providing the phone service over copper now

Most don't to avoid situation where customers can potentially get free service or MITM

and IPTV will be a vlan supposedly

@hollow marlin thats why its a shitty implementation

All services will be VLANs, even voice

@hollow marlin yeah but TV and internet they do with their home hub "router"

but POTS is the ONT

and the issue we have

is that they provide 1.5G fiber

but their ONT only has gigabit

Yep, even the POTs is on a VLAN. SIP is used to register the lines

this is why we're in this shithole

If they agreed to this, they should be giving you 3 VLANs, voice, IPTV and data

Hopefully should be straight forward if they give out all the info you need

They don't

thats the problem

or

haven't yet

idk

@hollow marlin I got some rough idea on what i need

vlan is probably in the lower range somewhere, 35 probably

and tv 36

hoping that dhcp just clears up all

and if I cannot figure it out

I will configure a switch port forward

and plug in the ISP router

and run a packet sniffer

If they allow this, you could technically plug in a GPON SFP and run a PCAP to see which VLANs are being broadcasted

oh

so there is a way to do this

see what vlans are on a pipe

But thats assuming a very simplistic setup

@hollow marlin the ISP router gives 0 information. literally
https://i.gyazo.com/thumb/1200/6e227c69613b00740616312f28bf6dcc-png.jpg

is that a stock photo?

Status

Yeah the ONTs shouldn't show that info

yeah all wires are still inside me

@hollow marlin this isnt the ONT

but the the Router

it does the IPTV stuff

so it should have both VLANs

because its seperately connected

through a 1G service

not 1.5G

but it has 10G itself on the back

buuuut

gigabit switching ports

so kinda useless again

no way to get rid of the ISP crap

because of the ONT

and the mediocre router

Here is what it looks like from the SP perspective in Calix for ONT provisioning

@hollow marlin the problem with Telus is that they are a canadian company with Indian robots on the support phones

its hard to get through to a human

Thats became the standard unfortunately

@hollow marlin meanwhile, govt put all kinds of laws in place here, to make sure that support lines are free of charge, and waiting lines are at most 10 minutes.

for things like large businesses

still idiots on the phone

but you can ask for them to make an appointment with their technical team

and this usually takes a bit longer, but gets the right gears turning quicker

they call you back at a given time

and you can have someone who's a bit more... skilled

my current ISP has a 24/7 NOC I can call for urgent problems

and 6 hour SLA

I only had to call them once... to configure my network

Are you trying to replace the ont?

@vale reef Yes.

Helping someone else doing so

I forget if it was Telus but I remember if you "upgrade" to the router with sfp to the back of it you can take it out and put it straight in your router

It needs to be their ONT SFP module

@vale reef the problem with that SFP router they have, I know, the Home Hub, is that it only has gigabit LAN

you can't get the full 1.5G to a single machine

and that's the whole point of this

Is that for all customers? If so, damnnnnn

https://youtu.be/5WWO_4p4UP0

Watch this

@vale reef we're already got their ONU

we have all the gear mostly too

Is it the Nokia ont on a stick?

its just an issue with a potential hardware incompatibility

@vale reef ONT and ONU are two different parts

ONU is the fiber transceiver itself

ONT is the box it plugs into

Ok

https://cdn.discordapp.com/attachments/829722257700945920/838476437551972392/image0.jpg

However

https://rsaxvc.net/blog/2020/8/15/Nokia_G-010S-A_Pin_6_Issue.html

It has a hardware issue

that makes it not work with some chipsets

ONT/ONU are just interchangeable terms for an endpoint.

If you watch that video it might give you some info about the issues he ran into

He had to get a different nic

I'm hoping the Marvell 98DX does not have this issue

@vale reef yes

I'm hoping the Marvell chips will work

otherwise, i need to mod the SFP

you need to short out a resistor

and then it works

@vale reef we have a mikrotik ONU as well

we can just clone the credentials from the ISP provided one, to the mikrotik one

We have an intel 10G NIC which we can also attempt to use

intel never fails anyone

we'll see

Its work just trying to just plug the SFP in an see if its approved. I would assume in that blog, that NIC cannot accept GPON SFPs

@hollow marlin so what limits this?

https://i.imgur.com/7OsHvRH.png

Just the NIC really

But Marvell

@tame carbon do they already have a 309 to test with?

probably

d

@hollow marlin he just informed me ^ that he hasnt yet got the ONU*

the isp will give it to him apparently

we do one ONE ONT though

i mean

one ONU*

which is

connected

to the ONT

currently

please don't multiline so much in here ;)

ONT=ONU, same thing

okok

@hollow marlin he's talking about the SFP

apparently its removeable

from his current device

Most are, even if in a housing, you open them up they still have an SFP cage

yeah it just has a screw and a plastic bracket that locks it in place

but you can just remove it

and take itout

@flat wagon you could test the setup rn

if you power up the CRS309

Even a simple test of the SFP plugged into the 309, if you get a link you are pretty much golden

we can at least verify if the link works

wait

You have your switch right?

@hollow marlin oh ye, sidenote. I setup the git, with nginx proxy and ssl in like 1.5h today at work

I came into my Boss' office just before 1pm, 2h after he sent the email with the VPS hoster credentials

done

He was like: wait what, already?

We can try to do it in about an hour ish

Keep it up, small things like that push you up the ranks faster, just make sure they are following through

@hollow marlin yeah but being able to lock down branches and enforce reviews for commits

will be a big change

I just uploaded the code repository

and the developers were actually already working on it

so you could immediately see the 5 issues I tossed in as a demo (they were actual issues)

@flat wagon sure.

@tame carbon bro legit i dont see the module behind the ONT

it's just a green cable

some onts don't have a sfp module

@flat wagon you sent us a picture ages ago

fyi

ikik

hold on

https://cdn.discordapp.com/attachments/387022787480387605/829745263618687046/image1.jpg

I know I am stoned, but my memory isnt that bad

Exactly yeah

there's a plastic cover in front of it

there may not be a sfp there

you remove that

yes

i did

and what is it now?

it flips up

let me take a pic

yeah there should be a latch

https://i.imgur.com/mHeL2Df.png

like this green thing

you pull that down

and it disconnects the SFP

and then you can pull it out

may need to remove the fiber

make sure you dont leave the fiber unplugged, and immediately put it back in the SFP

if any dust gets in you are screwed

#networking

am i blind

@tame carbon doesn't seem to have sfp

blast.

ok then I guess not

:3

@tame carbon what are you doing with the 309 / ONT?

forwarding vlans

to a trunk

I was reading the history but couldn't make what was being discussed, almost like there were missing messages

is this for the campground?

He wants to use the 1.5G fiber internet speed

no

this is for someone else

ok

basically

Guys, so now I have a new problem. My Ethernet dies for no reason a lot randomly. I'm not 100% sure but ive noticed it goes out when i start scrolling through a youtube video, or like skipping forward. Usually it comes back if I disconnect and plug it back in but most of the time it just dies and requires me to restart my router. Wifi works perfectly fine, no problems. If you have a fix, please ping me!

@tame carbon

@tender hazel

Sry for ping

I was saying before that it was strange that the MAC Winbox was disconnecting when you tried connecting to the router with the mac address

@green forge

Did you try a different cable?

yep

nothin

@little schoonermaybe its software related?

my other computes work fine

Doesn't sound like it

I had it happen to me too. In my case, the cable tested fine but it was a CCA cable of poor quality

once I replaced mine, my issue went away

I've seen it happen where the modem was the culprit, too

But since you said it doesnt affect other devices on wifi

then maybe you can test with a different router if you connect directly to it with copper cable

you see

the routers in a closet

and im currently using in wall ethernet

the router that im using as a access point is also in wall ethernet connected

so it cant be the cable

I'd try connecting directly to the router, not using the in-wall ethernet to test