#networking

yeah

those are shit

if you have to crimp 100s of jacks

takes gonna take days

or rather

it took me 3-5 mins for 1 of them

with the new ones I can do it in like a minute

I know, but the real issue for me is the cable order, because it's not standardized. I only have to crimp one so it's not a big deal

just easier getting the insulation inside it

@potent shuttle just write down the order

:P

as long as its the same on other side, doesnt matter what color the wires are

but I look at that picture of yours

that looks like https://i.imgur.com/wBvL9f0.png

waiiit

did this come from a factory?

or was this done by hand??

As you can see, the orange and blue wires are together so it doesn't match the standard. Also the brown wire is not the last one left to right either

I bought it, so it was probably made in a factory

So, since it doesn't match the pattern, would this cause issues even if I replicated the order in the other end?

im wondering, how many people can be on a raspi 4 domain

like a .com

You should look at the underside of it, not the top.. it is too hard to see the top, you usually use the underside to make sure you have the wires in the correct places

Was wondering if I could set up a switch that's connected directly to the modem, and have another cable connect to the router from the that switch

Depends, if the router is the ONLY device connected and the switch is unmanaged and doesn't grab an IP then yes

@icy oxide you should be able to, with vlans

It would be a TL-SG105 connecting to a Tp 1500x

Would experiment myself, but I'd have an angry family with no internet lol

you'd set up a vlan between the modem and the router through the switch

If something else plugs in then it won't get an IP or it will steal it from the router causing everything else to drop

Ingress protection :P

You'd have to do a lot of tagging and trunking to make it work so it goes through the router and not touch the modem causing issues

So I'd be better off connecting the Modem to Router to Switch?

yes

Aight

connecting the modem to the switch then to the router is a fairly common setup, "router-on-a-stick" it is often called, but if you do not know what you are doing, it is going to be a lot trickier to set it up properly than simply connecting the modem to the router

@tender hazel@clear igloolol my friend was asking how to do multi wan multi router and I suggested just plugging both wans into a switch...blew their mind

Since their customer has a biz fiber connection with multiple statics, so they wanted both of their routers to use the same connection

Then starlink failover

@tender hazel I was helping someone with their Telus fiber optic connection, and we got the Alcatel Lucent functional on the SFP+ port

However only at 1G

It does not work with auto negotiate, and there is no way to me to set ethernet to 2.5G when I manually assign a speed

Any idea on what to do?

on the SFP+ port on what device?

https://cdn.discordapp.com/attachments/829722257700945920/843191998756421723/image0.jpg

@tender hazel currently an RB4011, soon to be CRS309 (once they have all the cables)

We've got it functional @ 1G

but they have 1.5G fiber service, so it needs to run at higher rate

is that a GPON ONT SFP?

After speaking with someone over in the r/Apple server, I think a much simpler solution would be to get a new router, set it up in the second floor of the house at the most central point and bridge mode the BBox, connecting it to the bridge mode BBox and get everything set up, I guess?

@tender hazel yes. https://i.imgur.com/OSNcUtu.png

I interpreted it to mean:
The BBox in bridge mode will pass stuff to the new router, who will do all the work.

@vestal lotus in bridge mode, it will only act as a modem. It sets up an ethernet network

PPPoE is PPP, a tunnel for IP packets, over ethernet

PPP = Point to Point Protocol

this is how you "login" to your ISP network

https://eu.store.ui.com/products/unifi-dream-machine

I currently have some interest in Ubiquiti's Dream Machine.

the issue is that it is an RB4011.. the SFP+ port on the RB4011 doesn't work with GPON SFP modules at 2.5G

@tender hazel so this is specific on the RB4011?

The CRS309 has those Marvell chips

yes, the module would work in any mikrotik device except the RB4011

🤣

Okay, guess I'll have him wait till then

If I got it right, the WAN port could likely be used and connected to the Dream Machine.

Dream machine?

we need :containment: over here

jk

...don't ask why Ubiquiti named it that.

probably it is to imply "this is the all-in-one Uni-Fi device that you have been dreaming of"

@tender hazel for me, that would be an RB4011

@tender hazel one interesting point, the CRS305 I have, has same kind of switching chip, just a smaller model

and it doesn't have the 2.5G option either

https://i.imgur.com/DCTwcA3.png

Lmao wasup

yeah nothing will have the 2.5G option, it will probably work on auto though

@tender hazel so wait, that would mean it would work on auto negotiate with 1G

and it didn't.

it didnt auto negotiate at all

you mean you tried it in something other than an RB4011 on auto?

nope.

Okay, I will wait then

Why not just grab another eth card?

@tender hazel is this a flake with the RB4011?

Wants both wans on both routers

Oh yea okay.

The RB4011 is based on Annapurna Labs chipset AL21400

any device based on that chipset will have that issue

@tall grotto I do the same at home lol, its super nice....anything on VLAN 69 is directly connected to WAN

okay

also, nice.

And since my ISP just gives out DHCP to anything on the network I can have multiple devices on WAN

back when mikrotik used to sell their own GPON ONU SFP module, they had a warning on the RB4011 page that the SFPONU was not compatible with it

https://blob.rocks/MmGbRHCwd3.png

they removed the warning when they discontinued the SFPONU

brb gonna port scan that IP

I already moved my computer back over to another port on the switch 😛

Nothing's on that IP anymore

Ohhhhh. so thats why they removed it. I thought they somehow patched it

Because I could remember reading this warning

Ill scan the whole range then lmao

You probably won't find much lol

its all residential

Thats cool though, I have two modems running from the same ISP.
I had to upgrade to the newer ones they were using. But they never asked for the old one back and left it enabled on there network. So i run them both on a gateway group on PFsense get double the speeds for the same price lmao

wow....they didn't disassociate the old mac...

the mac on the old modem isnt linked to my account anymore either but its still connects and receives new packages lmao

Usually you have to activate your new modem's MAC

I taught they at least allowed one PPPoE thing to work at a single time

A lot of coaxial/fiber connections in the US don't use PPPoE

Its just DHCP over Ethernet

to the customer

Ah we have fiber here and use PPPoE actually

I didnt even know PPPoE was a thing for a long time

It basically dosent exist in the US

my ISP doesn't seem to give a shit what I've done so far lol

it exists wherever DSL exists

Including when I asked for 5 IPs 😂

Handy when I can't rely on SNI for web servers/etc 😂

I have DHCP over Ethernet here as well

Yeah, PPPoE is common for DSL

except my ISP uses VLANs for the various services

161 for internet and 168 for TV

Most ISPs are already using VLANs if they're doing other IP services

Usually the ONT/modem/etc. handles them

the guy I helped out today

he got a GPON module from Telus

and I expected them to use two vlans

Some may do VOIP to POTS conversion

but they don't use any at all

its straight DHCP on vlan1, and IPTV is on same network interface

Oh yea, funny thing about that. I got a new mikrotik switch after I virtualized my firewall. went to connect to the default IP and didn't see my device. Come to find out I can view there entire network

Yeah, DOCSIS is shared lol

untested firewall rules are the best ones

you'll see other customers too

@rocky badge loool yes

https://blob.rocks/HsXowZisU8.png

I can see like 10+ mikrotiks on the /22 I am on

for whatever reason

I can SSH onto my neighbors modem

Lol

Thats... their issue

not yours

lmao still fun tho

or your ISPs

My ISP doesn't do any isolation between IPs but you don't directly see it

why would you?

just MACs in the same domain

if you need to reach that IP

why route

xD

I'm on DOCSIS cable and I certainly do not see other customers traffic

ARP'n'go

you don't see the traffic, but you can see others

Oh yea I can see the traffic

I observed the same thing on Spectrum/Charter

As well as my current ISP

define what you mean by "see others"

MAC addresses

Of other things

I can get to the login page of the gateway

yeah, I can't

Belkin router lol https://blob.rocks/jmqv2nyPIN.png

ASUS router https://blob.rocks/efW70kHxnc.png
Adtran gpon shit https://blob.rocks/g5eEhxfkd2.png
A Synology MAC...

so there must be a way of doing it if my ISP is doing it

I had 25mbit coaxial internet in 2008,
Then I moved to a place with 8mbit dsl.
Moved again, in 2013 to a place with 4mbit dsl.
Finally got fiber optics,
Then I had to move again

and now I have singlemode fiber optics. as much bandwidth as I want

Either someone has their Synology NAS on the Internet or hopefully its the Synology router

i.e. somehow my ISP at home is doing layer 2 isolation on DOCSIS

Did i mention telnets open on a lot of there infrastructure as well

filters on the cmts side?

why would you do filtering lol

if you just treat all addresses as WAN

then there's no need?

finrod's isp

I am after a modem... which means I can't peek onto the neighbors traffic or what

warscript loading...

@rocky badge yes but they were just saying that that isn't possible with DOCSIS

but it must be because as I said, my ISP is doing it

and they are also doing local-proxy-arp

both are good practice

I'm surprised that I'm hearing here that what my ISP is doing is not possible somehow

because I've always thought it made a lot of sense

the combination of isolation and local proxy ARP solves a lot of security issues that you would have with DHCP on big shared subnets

Paying for 1 150x15 connection lmao

for security reasons, there is a need

Its a speed test shot but its relevant

lmao, my ISP isn't filtering 445

My isp dosent filter anything lmao

Mine does 80,8080,443 so far

this guy in the same /24 as me: https://blob.rocks/7WC9dFoL4V.png

lets hope the fun police isn't active.
https://i.imgur.com/qfvepa5.png

I pay for gigabit/500... get gigabit/500 😔

no fun here

I pay for 250

and I get exactly 250

with 0.5s burst to 800M

Me too, 260 tbh, but yeha

I usually get exactly 250x25

you can see that here https://i.imgur.com/ssZBBxH.png

I like that comcast is over provisioning gigabit to 1200Mbps

but the upload lolol

It goes to 800mbit and then back down

Although Gigabit Pro....

comcast tho

2Gbps/2Gbps and 1Gbps/1Gbps connection

you get 3Gbps worth of service for $300/mo

With a static v4 and /48

Just use https://ipv6.he.net/ lmao

host ipv6 only but

currency adjusted, I pay around $150 month for 250/250M and a public /29, and TV plan

$65/mo USD for Gig/500

but yeah if it is possible to do client isolation on DOCSIS I'm really surprised that the cable providers you are all on are not doing it

I pay $60 for 150x10

I think 200$, for 250/100, and TV

seems pretty bad

I quite like having more IPs, first ISP that I've used that offers this

this guy in another server said $90/mo for 100/100 was good

all my virtual machines have their own public IP

Actually 100$ but yea

when I said seems pretty bad, I meant the lack of client isolation

you should not see other customer's MAC addresses, and certainly not be able to ssh into their modems

I could get multiple IPS but each one is $5 a month so if i need a new IP I throw another virtual adapter on one of the wan nics connected to pfsense on my virtualizer and it gets a new DHCP address

yeah here its like 2 euros/ip/month

and you can either get a vlan with a publicly addressed IP

or they route the entire subnet

I have the latter

Most of my VMS have there own IPV6 though

through the HE tunnel

I basically treat that entire subnet as a 'DMZ', I have vlans on it for some other devices

two tennants in other building rent 50/50mbit from me

I could very easliy do that tbh

I have IPv6 through my cable provider since I upgraded my modem early this year

my ISP dosent support v6 yet

I have a /56 and it hasn't changed yet, and it has been a few months at least

Same here, I got a new modem in 2019 and got v6 working fully

@tender hazel btw, I couldn't figure out how to get local-forwarding working across different bridges with capsman

But everything would be DHCP so

yeah

A /64 here but changes the prefix of it every reboot 😛

Finally found it lmao

I created a master interface, and a slave interface with a 2nd SSID and configuration

Spectrum?

Ah nah in the UAE xD not US

the slave was on a different bridge, and wouldn't work without encapsulation

lol, well we've got providers here who do that too 😛

different bridges? why would you have the slave on a different bridge?

layer 2 isolation, it was a bit of a haste job

should have used a vlan I presume

yeah put the slave on a VLAN, it is much easier

Damn I wish lmao

I wanna know who they expect to buy that

@tender hazel so what even is the point of creating a 2nd bridge?

They have quite a few customers

because I've got 5 xD

Its basically business at "consumer prices"

there is not much point in creating a second bridge in most cases

Its a consumer product?

its active ethernet, and that juniper is to vlans and monitoring

why not use a 10Gig Pon?

Comcast doesn't really have much PON

Its DOCSIS and Active Ethernet

so they do all that over AE

holy shit thats gotta be pricey

They do have GPON some new developments

For them anyway

$500 install and $500 equip fee

damn

Isn't it $299 a month?

Yes

so lol?

its actually not that bad

You get a fucking Juniper ACX2100

yea ik I wasnt saying it was

AE is the best

easiest and cleanest imo

its not the cheapest

which is why a lot of fiber ISPs use gpon

yeah

Its insanely expensive

need lots of tubes and fibers

https://www.juniper.net/us/en/partners/state-and-local-price-list/juniper-state-local-pricing-2020-03.pdf

lucky me

And all of your nodes need power

There's an LR module on here

10km

https://blob.rocks/ZdUXJw8gHO.png

15k list, of course Comcast isn't paying list price 😛

🤣

But still expensive

What's the most expensive thing on that list

this network I am using was built using taxpayer's money

Lmao

So was comcasts

or at least

it received public funding

https://www.juniper.net/us/en/partners/state-and-local-price-list/juniper-state-local-pricing-2020-03.pdf

Support licenses, insane routers & switches, etc

Probably the MX10003 linecards

Too bad it isn't an Excel lol

what does it cost if I want a DWDM to an IXP?

The big ISPS here get money form the government pocket 60% of it and then service 15% of the Tax area

@tall grotto the switch is crazy overkill too

Comcast is only using 3 ports

XE in, XE out, GE out

Depends on distance

35km

just a single WL or the whole spectrum

what do you think? whole spectrum

I hope your kidding

no I am curious lol

My ISP got funding for rural internet and municipal isps

basically dark fiber at that point

They cover all prices for install

So far it's a $15m license 😄

Yea, I have lots of experience with those rural funding programs

piece of paper

they always go the same way

They’ll rate your area on a 5 star scale, the higher the better. Depending on your area you may be “charged” for install, but that becomes credit on your bill

Mmmmniceee 😛

@tall grotto idk, they were forced here to open the network, so its a neutral thing. I could choose between like 8 different ISPs

So if you pay $100 for install, that can cover a month or two depending on your plan

But its still dark fiber if your after the whole thing.

For fiber, I have this ISP or AT&T. Cable I can get Spectrum.

and you basically need a splice from PTP

yeah, but I was just saying, that is what I've got right now

🖕 Spectrum

🖕 AT&T

you have ptp splice?

Yep

two lines

they go directly to the nearby node

they have fiber there too

https://blob.rocks/JxOqSyMtQN.png

I can get 10G if I wanted

Best page on Spectrum's website

So your fiber runs from the IX to your location without anything in between

no

I was just wondering what that would cost

if they had to make it so

Thats a question for your ISP then

becuase theres gonna be labor involved

There's two lines spliced, but they are of different lengths

its a ring basically

@clear igloo you still on AT&T?

they are used as simplex fibers

with BiDi interfaces

so they are both DS an UP?

oh god at school we have to have one router to send and one to receive

Its just a patch box, with 1 and 2, line 1 goes directly to my router

and then another for Spectrum enterprise

I am using their SFP module

where does the other one go

not connected

oh strange

they told me that its in case theres a local fibercut

they can move all the lines over to the 2nd one

and the physical light goes other way on the circle

So your on a patly lit ring?

@tall grotto oh also with gigabit pro https://blob.rocks/EtWAu5UbGe.png

Hey

there's a hefty cancellation fee

@tall grotto lit ring? is that what they call it?

I saw their maps

and it was bunch of circles

because they're not going to run fiber all the way to your house and for you to cancel it lol

with loops that go through the strees

is it a residential connection?

yes, but rural

farmland

I just have a business ISP

fiber carrier is another party

then its technically a biz connection lol

I just have no way to sleep 😤

https://www.deltafibernederland.nl/en/

This is the fiber operator

Not fun loading there webiste on the otherside of the world lmao

RIP

its just too much imagery and js bullcrap

webdevs have gone collectively insane

I see it all over the web

ttfb was 1.6s

ttfb?

time til first byte

ahh

ew ew ew its going over cogentco

@rocky badge mikrotik city

CCR1072's everywhere

lol

lol nice iframe

I think we're overseas now https://blob.rocks/FQz4vJDkXw.png

Like my country right now

Too much alerts

@rocky badge try this host: https://i.imgur.com/tfj3Ilw.png

hop 1

ccr there stands for cloud core router?

@tender hazel yes

I wouldn't expect cogent to use CCR's

there's CCR, CRS and CSS

CSS's run SwOS

yes I know

I'm so used to level3's rdns lol

juniper port names

but I didn't think ccr22 in the cogent trace route meant it was a cloud core router

https://blob.rocks/n9gjYQMdGe.png

probably not

agr tho, aggregate?

crystal said it was so that is why I was surprised

juan said those are ccr's

the CCR1072 would not be nearly enough for cogent I would think

when we had a lengthy talk on voice about ISP peerings

hmm.. interesting

I'm used to stuff like this 😂 https://blob.rocks/5giJCxKAqI.png

they just have

a tonn of them

the best way to optimize routing performance with a CCR1072 would be to get rid of all firewall rules and use IP range limits on the services to control who can winbox or ssh in

XE 10 gig and AE aggregate

@tender hazel they might just have a beefy edge machine, and then a bunch of CCR's for their peer links

bunch of 10G's

https://publicdata.caida.org/datasets/supplement/2019-imc-hoiho/web/201803/level3.net.html

lmao

So, looking by any angle it is very clear that the cable I bought is wrongly sorted (at least it doesn't match the T-568A or T-568B standards). I saw a pic that shows that there is a "patch" and a "crossover" wire layout. Is my cable an example of a crossover cable? And if it is, how should I proceed? This is the order looking from the bottom of my connector, left to right: green, white and green, orange, blue, white and blue, white and orange, brown and white and brown

This is the image for reference

@clear igloo Wait, Cisco's bundle ethernet = be, right?

depends on the platform, but some it's bundle-ether, yah

because my friend is saying be in that is bundle ethernet

then whatever

then airport codes & number

yeah somebody wired that strangely @potent shuttle

the funny thing is they wired it almost with the white/color and color reversed, except for pair 1

if they reversed everything it would probably be fine, even though it would still be wrong

but they reversed all pairs except for pair 1

that's the only thing that might be a bit of a red flag for getting higher rates

if you only need it to work at 1Gbps and it is working it will probably be ok

but if it only comes up at 100Mbps and you are expecting 1Gbps you'll probably want to replace it or redo the ends yourself

So the cable order only matters for speed?

@potent shuttle you need 2 pairs for 100M, and 4 pairs for 1000M/1G

I see

It's a cat 5e cable so I want it to go full speed for futureproofing and using it for a home network

thats not ideal for permanent installation

So I should recrimp both ends right?

I know, but 1gbps is enough for me

Yeah, I've been in their COLO and they do indeed have quite a bit of em

Then what's "RCR" there

Legend says that HE uses old broken dell optiplex

🤣

interesting.. I wouldn't think that their routing performance would be high enough for their needs

I had imagined like 100Gbps links all over the place

Maybe at peering & colo

but I doubt at their core backbone network, which that traceroute shows

Since its transatlantic

100G is not all the common still

40G is kinda what you see a lot

we are mid refresh and still only have 10g and very few 40G

it is also a case of why get it if you are not using it

100G is big ask if you are not working with large data

I could see why 100G to a peering point would be nice

also in Aus so yer we are tiny compared to the USA or euro

you can use the existing hardware and scale up easily

i have multi 10G peerings but we hardly get over 1G

I'm talking about backhaul connections - the core, not the edge

well the issue there is routing

100G routed is big

and giant providers like cogent can easily push through a lot of data

you will a big router for that

@tender hazel yeah but isnt that just tunnelled then?

or somehow it doesnt show up in the trace

because of some other kind of routing protocol

@tame carbon MPLS 🙂

probablly

lot of it is just physical

DWDM point to point

the trace above with the "ccrXX" hostnames showed incrementing latency for each hop

do you think cogent just dynamically allocates these?

so that suggests that MPLS is not in use there

they just add capacity in the form of smaller units

because the naming alone suggests 100s of them

i think i missed part of this conversation as i had a bit of a read up

what is the issue?>

no issue

just curiosities

if cogent was using MPLS you should see the same latency for a bunch of hops

cogent running high end mikrotiks

that is not really true

and instead the latency is gradually incrementing from hop to hop across their core

@tender hazel what if lol, its just a bunch of stacked 10G's on a fiber? xD

what isn't really true?

if it is mpls it would be the same latency at a load of hope

could just be a cost saving measure

if could take different paths

those things cost 3 grand

and they can do 80gbit/s

MPLS everything appears next to each other

if you put one of those next to a big juniper

I mean, if they do, that would make sense

because cogent is shit lol

@rocky badge I've not had any issues with them

cognet would be a better name for them.. a network of cogs

Compared to Level3 & others

they could also be using bgp multipathing

My friend has worked with them before at DigitalOcean....they are bad

the biggest issue with cogent is how their actions and policies have resulted in us having two separate IPv6 internets

and they show no sign of changing that

i am not up with ipv6 how is that?

i always feel dumper talking to other network people

well, a lot of the early IPv6 internet was dominated by Hurricane Electric, who are not considered a tier 1 provider

so many businesses and people got connected to the IPv6 internet through HE, either by buying transit or peering or getting a tunnel

they wanted to peer with cogent but cogent said "you aren't a Tier 1 - our policy is to peer only with other tier 1's. You will have to buy transit from us instead."

and cogent did the same thing to Google

they told google "you are not a tier 1 - you have to buy transit from us"

so hurricane electric, which has probably way more IPv6 customers and subnets advertised than cogent does, does not have connectivity to cogent on the IPv6 internet

and google is not reachable via cogent IPv6

lmao

its google

wow

they could be like

ok fuck you

that is a bit fucked up

we'll dig our own hole

whatever happened to mutual peering

yeah, basically like Cogent was like "screw you google, you puny worthless company, we are a big tier 1, and you have to buy transit from us!"

The internet, where everyone works together....

so if you only have ipv6 from cogent, google takes longer to load, because it will try connecting to it over ipv6 first, fail, and then fail over to ipv4

it whould not

should not

happyeyes

so you rely entirely on happy eyeballs for google to load

yeah

it causes a delay though

https://www.cogentco.com/en/looking-glass

no route to google

https://blob.rocks/232wGVEuDt.png

they should redistribute IPv6 blocks into a blockchain

where ownership is just passed on

although, it would make it rigid and stale

breakfast time

oop https://blob.rocks/EwNdEIbhtC.png

yup

so we have this stupid double IPv6 internet.. so if you are unlucky enough to have Cogent as your only IPv6 feed then there are a bunch of things you can't get

and I think there is hardly anything on the IPv6 internet that is only available on Cogent and not elsewhere

I deal with how happy eyeballs works on a regular basis.. my home computer has an IPv4-only VPN connection into work.. when I resolve DNS names at the office I often get an AAAA record for something but it can't load because blocked by firewall (because that traffic isn't going through the VPN). It takes about 10-15 seconds for it to decide IPv6 isn't responding and load the page over IPv4

the delay is.. annoying

glad im on v4

_>

I know with happy eyeballs it is supposed to be fast to move to v4 but my experience is that it doesn't always work as designed

once the site has loaded it responds quickly after that

it is only when I try going to it the first time on a given day or whatever that I get that delay

I want my ISP to do v6

HE timers are meant to be subsec?

They have a /28

https://blob.rocks/Cd6uVbFnAX.png

hmm?

A /28 is 1 million /48s

or 256 million /56s

https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects

xD

step one, insert flash drive

I don't know what you are asking

oh happy eyeball timers

https://blob.rocks/eZg8nrTpWr.png

HE is an acronym for Hurricane Electric

so I thought you were saying Hurricane Electric timers are supposed to be subsecond

happy eyeballs = HE

the rfc says seb sec

well, it doesn't work so well for me

at least not in windows 10 with firefox

if I disable ipv6 when I am on the vpn everything loads instantly

I know what it is supposed to do, but in my experience it doesn't always work that great, it is possibly that in certain situations other factors impact it and prevent it from failing over as quickly as intended

based on that I wouldn't really comfortable being in a situation where you were dual stack and your only Ipv6 feed was cogent

there is an online happy eyeballs test that says my happy eyeballs is fine

yet on the VPN it doesn't seem to work

https://www.youtube.com/watch?v=uASUHbFEhWY

LOL

I've never really seen futurama aside from one or two clips

this one was pretty spot on though

is 10 gigabit worth it? ive been thinking of getting it
it costs 70 dollars per month and my gigabit plan rn costs 40

@thick minnow entry is quite expensive you need a fast router, new network cards, cables everything

ofcourse you can still use 1G clients

Same with fios, but seeing how they cannot fix their ICMP replies, I have no hope we are getting v6 anytime soon

they just will be bottlenecked

lol

@tender hazel this one would be quite nice for 10G, https://mikrotik.com/product/ccr2004_1g_12s_2xs#fndtn-specifications

right?

when it stabilizes.. and it only has around the overall performance of a CCR1016

the main thing it has is that the individual cores are faster than those of a 1016 even though it has fewer of them

so any single core tasks will be much faster than on a CCR1016

but it is the only one with more than one SFP+ port

and would suffice for a 10G wan

yea just realized im gonna need a new motherboard for 10 gbps, a new cpu cable and m.2 nvme ssd

the CCR1036 and CCR1072 both have multiple SFP+ ports

@thick minnow do you have a router?

but the CCR2004 has more than either and has two 25G ports as well

@tender hazel yes

I'm more excited about the CCR2016

but have you seen the pricetag on those? xD

supposed to be out later this year

The CCR2004 is only $595

yea ofc

@thick minnow which one?

idk some shit from vodafone which does gigabit

yes, it is a good cost, if only it was more stable

only I think they have almost finished getting the bugs fixed

its not really shit lol

@thick minnow but not fast enough for 10G

tru

they are getting closer to getting the bugs fixed, people are now reporting that their CCR2004's are no longer spontaneously rebooting once a week

so that is progress

some of the early adopters swapped them out for CCR1036's due to the stability issues

@thick minnow so the stable option with mikrotik, $1000

the newer one they have which is still being fixed, CCR2004 is only $600

it has all the connectivity you need

this is one issue that people are starting to report fixed in the latest 6.49beta

one user reported the reboots are all fixed in 6.48.2, another reported that they are still getting watchdog reboots.. but the person who is still getting the reboots might not have updated their routerboot firmware

not enough varied feedback to be sure that everything is fixed, but it is promising at least

mh interesting

wish they would really give us more access to source

it would make their already awesome system even more awesome

they only give access to the GPL code that they modified

but a lot of their stuff is proprietary

their platform support for TILE, their routing engine and routing protocols, and the OpenVPN client are all proprietary and not based on open source code

oh I like my new profile avatar way more than the old one

I didn't like the old one but I picked it in a hurry.. I was going to get kicked off a server b/c I only had the default game icon picture

dose anyone know if alexa devices can be used as a hotspot because my wifi at home dislike my pc because it is over 10 years old and has a i5-4590T and hotspot works better than wifi and i need to to work done and my Chromebook (i am in 8th grade i'm 14) and it is controlled by my my school so stuff is disabled and i was wondering if my alexa devices can be used as a hot spot i have 2 i have a kindal fire hd 10 5th gen and a alexa dot clock 4th gen the WiFi on bot is always on so if anyone can help please dm me if you can thank you.

and a add to it i also have a echo show 8

no it doesn't

you can have your phone as a hotspot though

using wifi on it and not your data

thank you

Typical behavior for windows:

1. Turn on Machine
2. Windows installs updates
3. Machine turns itself off.
4. ??? Why is it off?

.
5. Turns it on again
6. Login screen

@tame carbon

drop your colodences for me

@low pond Is that for 21H1?

so 20h2

I am on 20H2 now

ah yes same

I was on 1909 until yesterday

I've been on 21H1 for a couple months, no issues so far 🙂

how to upgrade xD

Go to windows update

and press

i installed dis like 15 days ago fresh (ye i migrated from archleenux)

"Install"

Ah, it's installed, just need to reboot to finish then

wait

there's another feature update?

soon

I'm on the insider program

wait do I hit that button-

Restart now

Yah and your pc reboots

kden bye

but why

lol

just use your PC

I like beta testing 😛

windows is 2nd grade citizen

@clear igloo and I am afraid whenever windows updates

I've got a bad track record with windows & updates

Ah, I've never had issues

If you run windows as only EFI image on a disk, and you have no esoteric hardware, then you'll likely never encounter these issues

except with Asus Aura and updates

but the moment, you run some kind of dual boot, with a modified bootloader and EFI installation

or armoury crate or whatever it's called

windows just breaks with updates

Ah, yah, I don't dual boot

Yeah

Windows on dual boot is a pain and a half

I'm sure

It works

but you have to sometimes, change settings for windows updates to propegate

like that feature update

bugfixes and patches are installed without problem

ah, good to know

@clear igloo windows in chainload configuration = trouble

windows bootloader has to be your primary

@clear igloo for the longest time it was possible to use the Metro bootloader instead of grub

but since the 1909 version of windows, I have been unable to turn it on, on home versions of windows

ah, I use pro or enterprise everywhere

Yeah, I dont have that kind of money.. for a fucking operating system xD

only Pro Install I run is at my dad's camping

Their POS server software (for restaurant, and receptionist) runs only on windows

ah

And they use RDP to login

yup, need pro for that

its just on a VMWare server in their office

@clear igloo oh the fun, with hardware keys for licenses xD

passthrough the license key to the virtual machine

so annoying

@clear igloo is there not a way to do RDP on Home versions of windows?

I saw some kind of registry hack that would enable it

Not sure, I've never tried

oh during initial setup where you only have the vmware console, yah

Nahh, the software their POS system uses

the manufacturer has a hardware key for their propietary software

Ah

its in the form of a USB stick

and they just installed this on the receptionists' computer

kinda dumb.

so I contacted the installer

and over the phone, had them reinstall it on a Windows Pro VM

There were/are some versions of windows where you had to put in the key before continuing install so you have to manually type in the key because the console won't let you copy paste

and then just recently, everything broke

when windows updated itself without prompting

and RDP broke

Ah, you have a backup server?

The POS does its own backups

its some kind of cloud crap

I'd look into Nakivo for VM backups, $99 per physical CPU in the server (not CPU in the VM)

the server program there basically just talks to all the cash registers in the building

it prints the "jobs" for the kitchen

on little labels

ah, I know that stuff

so they know what food to prepare

https://www.vectron-systems.com/

@clear igloo I am still not happy with it though

they put the entire cash registration system on the LAN

and I had a look around with wireshark

yeah.. not encrypted

I will be re-doing their entire network soon anyways, upgrading their gear to 802.1q-capable switches

lol, wow

they want public wifi, private wifi, as well as POS

VLANs.

VLANs everywhere.

vlan all the things!

I feel like the way Vectron installed their software on the computer that is "always on"

its like a mom&pap shop, except one crypto attack, and you are fucked.

yah

i came back 😭

did you break your install? :P

Oh, I was greeted by T E A M S on logon

but everything is alright 😛

I dont kno, i am still on 20h2

that wasnt an update, just that .NET patch probably

Why don't you turn it off then?

teams enables itself

ik, I am asking why don't you turn it off

its another stupid thing brought to your by: microshit

I just installed office suite today too so probably forgot and even disabling from the starting stuff it anyways starts on boot

Disable 'em all

minus the defender one

cortana

https://www.youtube.com/watch?v=8mbV-YIV9Uc amazing quality AD tho

Why it no embed?

i used < and >

I dont want it to embed on purpsoe xD

you can use it too to stop embeding

useful for rickrolls etc

Interesting

i used a debloater script

i think it removed a lot

SDD or HDD preferred when using pfSense?

doesnt really matter

@short condor it loads the OS from disk, and all runtime stuff, routing, is all done from memory

@tame carbonA HDD should then be "safer" right?

flash

or rather

ssd

saves power

Hi guys , I'm configuring my Tenda D151 Router as a extender via wireless connection and use it as a ethernet port , but im not able to connect to the old router though
can someone help me on how to connect to it?

edit : now im able to connect to it via ethernet thanks!

so what is the term for using your old router connected wirelessly to the main router and using the old router to connect other devices via ethernet? Bridge or Repeater or Extender?a

@zenith kettle access point, wireless bridge

bridge AP

various names

but the point is, its a bridge, with an ethernet interface and a wireless ethernet interface

no dhcp server, no firewall, no routing

okie

can you tell me a good video to set up my router : Tenda D151

idk

I only use 1 vendor

okay any general video regrdless of the model will do

but basic things you can do on your too

@zenith kettle usually there's only two parts to it

your WAN and LAN configuration

WAN is the connection to your ISP

and your LAN is your local network

most of the settings are usually under those categories

okay so can WAN Be configured from different ISP's?

WAN is just an interface you designate

cuz my old router uses a phone cable named DSP , and my newer ones uses fibre connection

and you define a method for it to obtain an addreses

the idea is that, anything that isn't on your lan, gets routed out to wan

local area network, wider area network

your local network is a private range, 192.168.0.0/24 most likely

and your wan is a public IP address

your router just exchanges the packets of data between those two networks

it "routes"

the consumer market has ruined the word "router"

okay

to most people, router just means: box that gives internet and wifi

anyways, I'd love to chat about this

but I just got called for dinner

okay thanks for helping!

@zenith kettle Thing for you to look at are NAT, and DHCP

NAT is important for port forwarding, if you wish to host your own services

and DHCP is the protocol responsible for handing out IP addresses to connected devices

both of these are handled by the router

Is there no MTR for windows with v6

I just can't seem to find a way

WinMTR only does v4, WSL with the stuff doesnt do v6 either

Aw comeon man

Hey guys, I have a question concerning my network switch. I have a 1gb/s that arrives to the switch. Then the switch is split up into 2 cables that go on 2 different computers. Do I get 1gb/s on both computer or 500 mb/s or does it depends on if the computers ask a lot of bandwith?

it should split... equally

even if 1 of the 2 computers do not ask for any bandwith?

All ports get 1gb speed.

but it can't at all time right

It can, all the time. But if 2 computers are talking to a 3rd at max speed, they will each get half of the 3rd’s port speed

Cause imagine I have 1gb/s that arrives at my house which is sent to the router. Then both computers want to download. Then they will both download at 500mb/s each

The connection is split 500b/s per PC if they're simultaneously downloading

Exactly

and if one is just cruising the internet and the other downloading? 10mb/s and 990mb/s for the other?

Yes

sounds great to me

thank you, I was scared that it would split up at all time

For this very reason, QoS is a factor in ensuring gaming and VOIP traffic maintains low latency on a saturated WAN connection.

No, split up all the time is Token Ring. That doesn't exist 😉

Note: Works on upload only. Which helpful, but only half the equation.

wym

https://en.wikipedia.org/wiki/Token_Ring

Emphasis on fair access. Again, that's no longer applicable with Ethernet.

Trivia: there was an obsolete 100BaseVG standard that was similar

https://en.wikipedia.org/wiki/100BaseVG

Your probably confusing him >.>

Probably.

Yes lmao

I just hope my switch isn’t token ring

It isn’t

Token Ring is practically extinct at this point.

And do y’all recommend me to test my speed between 2 Ethernet ports in my house?

I meant what app or software should I use to test my speed

iperf3

ye between computers or servers within a local or public too iperf works best

So I need 2 computers with gigabit ethernet

Well technically yes, in this case you'd be testing your switch

@clear igloo 😔 I need more SFP+ ports

I don’t have any more

Is anyone using Netgate TNSR? I don't know if it's actually worth learning if nobody uses it

😦

what are these metal thing in front of the ethernet connectors lmao

SFP

only the top one is an Ethernet cable

the others are DACs

https://en.wikipedia.org/wiki/Small_form-factor_pluggable_transceiver

@clear igloo I don't have a 10 gig link between my server and PC 😭

Damn you need that huge SFP switch itself blob

if I had $900 + tax to drop on a switch https://blob.rocks/fCOYpfy9TV.png

seriously ubiqituti?

¯_(ツ)_/¯

Works

My friend has one and its super nice lol

Then I can go 25 Gig to my PC /s

god im getting too jealous for a day

@clear igloo Have you looked at replacing your amcrest any time recently?

I have not

oof

All the options that are good don't seem to have what I need and everything that does have a cohesive set of cameras that do what I need are on par or worse than my current setup

rip

I wanna see if I can convince my parents to rip out our nest hello lol

for a g4 doorbell

lol

So we don't have to pay Google to store footage

Plus, Protect opens so much faster than Nest app

not stealing your data 😛

lol

ya

Nest sucks after Google purchased them. Though I do like Ring doorbell regardless of the controversy with Amazon.

Oop

The neighborhood is basically a collective Watch for stuff

It help police nail thieves

yesssss

blob reppin the ubnt

lol

You(american) should totally buy this 50 feet Cat7 SFTP(28awg?..) cable for 5$(-5$ coupon) & give it a review. https://www.amazon.com/Ethernet-QGeeM-Internet-Computer-Connector/dp/B0888BFQS9

You even get free usb 2-usb c cable together with it? https://www.amazon.com/dp/B07DZQ4T48

Will I need 2 wifi AP's for a guest network and employee network for maximum security

And what would I do to make guests sign a TOS whenever they login to the wifi

guest wifi

Just assign a different VLAN to the WiFi networks and set up a captive portal on the guest WiFi with whatever ToS you want. Ubiquiti Unifi handles this quite nicely I might add.

1 AP can easily handle at least 2 SSID’s

Alright, how do I setup a captive portal?

Not sure. I’m only familiar with Ubiquiti’s implementation.

Alright

there are a bunch of captive portal solutions that can run on linux servers

mikrotik also has a captive portal

In need of some guidance. I'm trying to figure out how to set up networking in Virtualbox so that when the host connects through Pritunl or any VPN for that matter, all the of the guest vms automatically get routed through as well.

Use case - I have multiple users running game servers on guests but I dont want them to individually have to be responsible for connecting through to a VPS that has active ddos protection plus domains resolving to it. No game servers have conflicting ports.

Thank you very much in advance if anyone can walk me through it, or at least point me in the right direction. Please ping or DM, again thank you!

Ok, can somebody help me. Im setting up PFsense with an DHCP ipv4 of 192.52.255.48 (testing purposes) and it asks me to enter the start adress of the IPv4 client adress. give him 192.52.255.40 and then it says This ip adress must be in the interface's subnet

If anybody know, please dm me, cuz im heading to bed, cuz its 4.26 am, and my head is exploded by all these ip's

@thick minnow I would explain it but you need to enter 192.52.255.1/24 is the easy answer. This simply means that from 192.52.255.1 to 192.52.255.255 addresses will be assigned from pfsense.

^

if you put 192.52.1.1/16 this means 192.52.1.1 to 192.52.255.255 can be assigned from a router

Are those chains or iptables? ...:Or chains used for iptables?

you shouldn't use 192.52.x.x

it is theoretically unused as a public range but it is hard to say if that will be the case forever

I am wondering if I will ever see IPv6 in my lifetime.

hmm?

I should say where IPv4 is no longer used due to its limitations for IPv4 of address.

You'll never see v4 go away in our lifetime

I'm a bit more optimistic than that, only because v6 has been growing steadily over the past 5 or 6 years

Majority of growth is due to carriers and really screws with the numbers. The chicken and egg situation with devs/sysadmins and SP as well as the number of people legit intimidated by v6 will mean it's here for the long haul

The best hope is the end of next year when the US gov has a mandate for 80% of the network be v6 only. Whether or not they actually follow through, hopefully 3rd times the charm and will force a big push forward

for a lot of residential users who want public IPv4, it is mostly for gaming.. but if most online gaming supports ipv6 (and PS5 finally has IPv6 support) there will be less of a need for residential users to have public IPv4

if ISPs hit a point where 80-90% of traffic is IPv6 there is less of a downside to only offering CG-NAT to home users

potentially involving 464XLAT or DS-Lite

the pressure for companies to move will come from the home users, who want to be able to do things like VPN in without issue

it is exactly what has been happening with meraki and the cellular providers moving to v6 only, notably T-Mobile in the US and Rogers in canada, and using 464XLAT for v4 access which breaks IPv4 VPN access

T-Mobile and Rogers aren't getting blamed, instead Meraki is getting blamed for not being quicker to implement IPv6 support

I'd disagree. Pressure comes from the businesses. Residential can make noise but in reality, they are not the ones paying a majority of the bills for the big players. Even if residential complains to their workplace and it becomes a NOC time sink, many of the times they don't push and just find work arounds.
We'll see though, but I'd stand firm though that v4 will be around until I croak

Especially if the new buzz word of the month "zero trust" gains steam where it doesn't matter about transit and VPNs are the past.

right, but if CEO's or other higher-ups find they can't do something because their company is running the older IPv4 only and it isn't working because their home service is IPv6 and does v4 only through transition technologies

then you begin to have top-down pressure on the IT department to do something about the situation

That's my point, when I mean businesses, typically I just mean the ones who make the decisions. It's only when it affects the business in some way either financial or the top in their day to day work is when something is done. Most the time it's pressure on the engineers and either they're reasonable and listen which they push their providers or sadly and more common, engineers need to make it work or get the boot

yeah - like what I suspect is going to start happening is CEO's are going to start saying "this isn't working for me from home/mobile", is the IT team really going to be like "oh yeah, it is because we are running old IPv4, all of the home/mobile providers are on IPv6 now, but it is too much work to upgrade, so you'll just have to live without it"?

they might come up with workarounds, but how many CEO's want to be told that they are using ancient networking technology and are behind the times and that that is why they are having to come up with workarounds?

it's kinda like if they said "sorry sir, we are having a huge number of problems, our fleet of 80486 computers is failing.."

Too many don't know nor care. All they know is it's working and the the business is still making money. They'll end up getting another provider, a mobile hotspot or they're engineers will incorporate a legacy system to make them happy.

Unfortunately it's the mindset of most businesses corporates. Just make it work!+IPv4 still works will stagnate so much of the progress

Out of all the large enterprise customers we have, the amount of them that get escalated to me about v6 in someway shape or form can be counted on no hands. Even the problem child ones that we end up getting dragged into doing thinga for them

I mean look at the number or enterprises still relying on AS400 for billing. Devs and support is becoming scarce and this can/will have a major impact on finances, but decades later...

welllll

the answer should be to just forecebilly "yeet" the ip's as a RIR or so

I heard that they are doing it, slowly taking IP's away or so

https://blog.apnic.net/2020/07/06/reclaiming-unused-ipv4-address-space/

but I don't think that is the type of taking-IPs-away that will impact enterprise

I'm guessing that not many enterprise customers actually have lots of internal systems on public IPv4

aside from government and universities

government and university clients typically put all internal systems on public IPv4 and do not use NAT

We have a big government customer and they are running into big problems because they are being forced to use public IPv4 for everything and cannot use NAT, and they are out of addresses

Having internal systems having public IP addresses is a real quick way for any hole to immediately be exploited. Think of all the vsphere boxes people just left connected to the internet, and just this year an exploit came out that just let you auth as admin

No - internal systems on public IP addresses by itself doesn't cause any issues, if your firewall is configured properly

As the person that responds to incidents like that - they're not

well, that's the problem of whoever did that and didn't put a firewall in place

It's a consistent trend of firewalls that are rendered useless because a test port was open, or a sysadmin left a backdoor in, etc

doing NAT is not a good solution for that because it introduces more problems than it fixes

Or just exploits that are just a few special characters in a tcp connection away from root, where firewalls just don't matter

we need to get better firewalls, not remove public IP addresses

with IPv6 everything is global.. except for some businesses who might run ULA but ULA is only recommended in certain cases

We need a lot. The past 6 months has demonstrably shown that security needs to be rethought from the ground up

Can't just rely on people taking care of keeping everything secure after the fact.

I think that's what juan was bringing up in terms of zero trust

you can't treat everything inside the perimeter as being completely trusted, because otherwise once you have access to anything inside the perimeter you get into everything

The trick (other than forcing dev's to focus more on security when they make stuff) is high fidelity monitoring, with heuristic models, and a modicum of machine learning

As an aside, about 10-15% of our network traffic now is IPv6.. given that only about 20% of our customers have routers that work properly with IPv6, that's actually quite good

how do i connect to ipv6 network

my router supports it

@void shell your ISP has to provide IPv6 - otherwise you'll have to get a tunnel through a provider like Hurricane Electric

it is best of your ISP provides it

since if you are going through Hurricane Electric, it can impact your ability to watch netflix

Hi so is it normal for a memory test on a NAS taking up to 75 hours....... for just two stick 2x2gb 4gb in total

Hello!

I just made an update install for TrueNAS from 12.0 U1 to U3.1. It worked out so far, the pools are back online and the shares seem to be set right. But when I want to access my files now from windows it says my credentials are false. The webinterface works but i can't access the server through the explorer / total commander etc. Is there something I have to change?

Already restarted the SMB service but that didn't help

Ok. Thank you

It's out of stock now
Who bought it?
I demand a review. :triumph:

@lurker

So i have the lan interface soot up. When i ping it it replys

But i still ain getting any ethernet thru

Seems good?

Although that isn't a private ip range

Why are you using it

This is not the finished build, im just doing some testing in vm

Yeah but why the not private range

Well im kinda new to pfsense. But ive pretty much used 192 in most instances

That's not exclusive to pfsense

Its just routing

192.x.x.x is not a private range

192.168.x.x is tho

But 192.52 isn't

If you want a bit address space use 10.0.0.0/8

Ah.... now it makes sense

Aka 10.x.x.x

You can subnet that of course

At home for example my trusted lan is 10.0.20.0/24

And management is 10.10.10.0/24

So trusted lan static on the Lan side right

Cuz this is current interface config

Dont know how i got static on the wan end

it is static

just you have a dhcp6 client listening on that interface

for v6 addresses

Well now i managed to change it to dhcp4 wich is equal ipv4 right

yeah

Yes cuz im using ipv4 adresses

then for it to get a address you need to have a dhcp server somewhere on the subnet that the wan interface is connected to

So now WAN is 192.168.222.105/24

what's WAN connected to?

Its connected to another laptop briging two connections briged and passing it thru

yeah, so I assume that's your main router subnet