Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Ninja Rope
Oct 22, 2005

Wee.


fryzoy posted:

routing table stuff

On FreeBSD I'd use pf to set next-hop and reply-to based on source IP. On Linux I'd do the same thing with iptables marking packets and ip rule matching them and assigning them a different routing table with a different default gateway set.

Adbot
ADBOT LOVES YOU

Ninja Rope
Oct 22, 2005

Wee.


That is assuming you didn't click through any SSL certificate mismatch warnings, have malware install an untrusted certificate on your box (via an exploit injected while you were browsing unencrypted websites?), run into attackers with any one of the numerous stolen but valid signed certificates, fall prey to BEAST, etc.

Ninja Rope
Oct 22, 2005

Wee.


CuddleChunks posted:

Too bad the laptop is still using a lovely antenna built into the molding of the screen and even though you get tons of bars of signal now your own link back to the AP is just as weak as ever.

Antennas increase both signal reception and transmission equally.

Ninja Rope
Oct 22, 2005

Wee.


Wheelchair Stunts posted:

I was under the impression that while the AP does have a more focused ear, it also has a lot more noise to try to get a decent SnR from that bitty transmitter that is now competing with who knows how much more noise than before.

The antenna amplifies both the signal and noise by the same amount, if it is pointed at both a signal and a source of noise. A directional antenna only amplifies what it's pointed at, so if you point it at the source of the signal other sources of noise would be excluded and the signal to noise ratio would improve drastically. In the unlikely event the source of the signal is inline with the source of the noise then both will be amplified. In that case, you should move the laptop or antenna (merely moving the antenna but keeping it pointed at the laptop should suffice), move the source of the noise, or put the antenna on the laptop.

Ninja Rope fucked around with this message at 01:07 on Oct 25, 2011

Ninja Rope
Oct 22, 2005

Wee.


Triikan posted:

Probably a Mikrotik or the like would be good for this.
A goon is selling a higher end one here:
http://forums.somethingawful.com/sh...hreadid=3446462
They sell other versions in various price ranges.

I don't know a lot about Mikrotik but that router says it can do 199k pps with conntrack off, which I assume needs to be turned on to do NAT. So, do you need NAT?

Ninja Rope
Oct 22, 2005

Wee.


The_Franz posted:

The newer RB1100AH should do the trick as well. I think that within a month or two Mikrotik is also launching the RB1100AHx2 which is basically the RB1100AH with a dual-core CPU.

Since VPN was mentioned it also worth noting the the RB1000 and RB1100AH have hardware accelerated encryption. Some of Mikrotik's benchmarks showed that these things can still manage 500mbps+ when running encrypted VPN connections.

That does appear to be fast enough, but I doubt it does NAT in hardware so it's hard to estimate exactly what performance impact it would have. Something from Cisco or Juniper would run $750-$1000 if you bought it new.

Not really related, but I wonder how that differs from a standard PC in this instance. If NAT isn't done in hardware, you're limited by the CPU speed for NAT performance. In that case why not use a standard PC (form factor? power usage? price?)?

Ninja Rope
Oct 22, 2005

Wee.


The_Franz posted:

If you look at bottom of the spec page there is a row in the table with firewall: on and conntrack: on (conntrack is connection tracking for NAT). It can do near gigbit speeds with 512 byte frames and 2.5 gigabits with 1518 byte frames with routing, NAT and firewall capabilities turned on.

conntrack isn't necessarily NAT, it's just the module that allows for stateful logic (by tracking connections!). NAT requires conntrack but is another layer. conntrack does most of the work, but I don't know how much NAT costs on top of that. Maybe nothing!

Ninja Rope
Oct 22, 2005

Wee.


Scaramouche posted:

Was hoping you guys could help.

I've got a buddy who's running a small startup business, and he's got a little self-hosted web server. It's behind a D-Link WBR-2310 @ Firmware 1.04 (http://www.dlink.com/products/?pid=470) which is currently in EOL. I've went in there and set his virtual servers, port forwards, etc. But what happens is the thing will just flip out and not accept connections for 2-3 seconds at a time. I think it's resetting itself spontaneously. I think this because I can't get the drat thing to be 'on time'; every night the date/time reverts to April 1, 2002, 00:00:00.

Basically my question is, is this thing even worth salvaging/working with? Googling around shows me that lots of people are complaining about it, and the thing is EOL already. Otherwise I'll check out the first page and start shopping around.

No. It's a waste of time. Get something new and more reliable if he's trying to use it for business.

Ninja Rope
Oct 22, 2005

Wee.


Link aggregation/LACP won't improve the performance of one client to one server communication (unless a layer 4 hashing algorithm is used, available on some switches, and multiple connections are created between the client and server). It's useful for one-to-many, many-to-many, and redundant connections, though.

Ninja Rope
Oct 22, 2005

Wee.


Shaocaholica posted:

So if I did need those things 10G is the only option then?

Unless you can make your app use multiple connections at the same time, yes, 10G ethernet is your only option (without getting into infiniband, fibre channel, or whatever; I don't know what you're trying to do).

You already mentioned "a few machines", so maybe LACP will work for you (one to many!).

Ninja Rope
Oct 22, 2005

Wee.


Longinus00 posted:

IF you're just going one client one server then you can hook them together with crossover cables. No port trunking switch needed! You don't need specially rewritten software or anything if you use something like a bonding driver.

You don't need crossover cables any more, gige mandates auto-detection.

If you're going device to device without a switch involved, the Linux bonding driver includes the "balance-rr" mode which will aggregate bandwidth linearly. Adding a switch means you go back to my earlier caveats regarding hashing.

Ninja Rope
Oct 22, 2005

Wee.


CuddleChunks posted:

I imagine it's cheaper to build without using external antennas.

Also, modern chip antennas work pretty well.

Ninja Rope
Oct 22, 2005

Wee.


The_Franz posted:

High speed VPN performance isn't really something that a lot of SOHO users need so the extra cost of adding encryption hardware would go to waste most of the time.

That said, even those encryption acceleration cards that work with m0n0wall or pfsense are only good for about 40-50Mbps of traffic. For 75Mbps of encrypted traffic you need something like a higher end Routerboard (RB1100AH or better), a Sonicwall device or a full-blown PC. The Mikrotik and Sonicwall solutions will run around $400+. You could cobble together a PC for less, but chances are that the savings will be gradually eaten up by an increased electric bill

What cards are these? Modern CPUs have AES instructions built in which give huge performance speedups and you can get Cavium cards as fast/expensive as you could possibly want.

Ninja Rope
Oct 22, 2005

Wee.


Server racks are all the same width. Audio/telco/whatever else racks may be different, I don't know.

Are you sure you want those servers? Older servers tend to run 1-2.5 amps a piece depending on what's in them and what they're doing, that could put you over the 20a most outlets offer, not to mention the power bill and noise.

Edit: Any 24-port Netgear switch will be fine.

Ninja Rope
Oct 22, 2005

Wee.


Kaepora Gaebora posted:

Power consumption and noise are not concerns.

I still suggest you look up the power usage. I misspoke when I said "outlet", I meant per breaker. Most breakers are 20a, but I suppose in your new place it could be 30a. It's not uncommon for servers to use a poo poo ton of energy when they all come on at once, like after the power goes out. 2U servers like the 2850 could use way more than 2a each.

You don't need a managed switch. If you wanted vlans or mirrored ports then I guess a managed switch would be useful, but a managed switch isn't going to be faster and QoS on your internal network is probably not useful. Your router will do any/all of the important network stuff.

I don't know poo poo about mini-racks but I'm sure they exist. You'd need the rails (the part that bolts into the rack, the servers should have rails bolted to them that slide into the bolt-on rack rails) that came with the server but you could probably ebay replacements. They'll be model specific. Any 24 port switch is going to come with rack ears. That's all you'll need for one giant, loud, expensive pile of servers that you'll never need to use.

Ninja Rope
Oct 22, 2005

Wee.


You can't use velcro strips like everyone else? Get the ones you can cut to length.

Also you're not supposed to bundle too many Cat5 cables together like that due to interference. Cat5e and Cat6 each have higher ratings for bundling and I bet you could look up the details if you wanted.

Ninja Rope
Oct 22, 2005

Wee.


I bought a gig trendnet switch once. It was cheap but not as fast as the managed netgear that replaced it, though the managed netgear seems a little buggy, and that's coming from someone used to working with junos.

Ninja Rope
Oct 22, 2005

Wee.


Where does the network of powerline adapters end? At the pole? At the nearest transformer?

Can you share a coax cable between MOCA and digital TV/cable internet, or does it need to be a dedicated MOCA-only segment?

Ninja Rope
Oct 22, 2005

Wee.


Mr Man posted:

4mb down and 500kbits up??

That's your problem right there, you have a lovely upload...

Are you suggesting that his video game needs more than a half a megabit of upload bandwidth?

It sounds more likely that his connection is for some reason unstable and the latency spikes are the problem.

Ninja Rope
Oct 22, 2005

Wee.


Golbez posted:

For a while, I've been getting disconnected when downloading too much too fast. I can hit 1.5MB down for a few seconds, but if it's sustained for more than a minute, I lose connection for about 30 seconds. I was thinking it was my ISP and only happening when my torrents were set too fast, but now it's happening for normal downloads, which makes me think it's my router. It's a WRT54GL flashed with dd-wrt, v24-sp2. I tried restarting it but no change. Is my router hosed, or does anyone know some way to find out what exactly the problem could be? I'm wired in; I haven't had a chance to ask my girlfriend if her connection drops out at the same time.

I get the same thing. I'm on comcast in the bay area and I just assumed it's them being lovely or my old dlink cable modem being lovely. I've meant to replace the modem but I haven't had time.

Ninja Rope
Oct 22, 2005

Wee.


I never remember how this works but Jonny seems like a smart guy, but shouldn't you try and figure out the fresnel zone for the projected link too? I can't picture off the top of my head exactly how close those smoke stacks or trees are to the direct line of sight, but if you're pushing the limits of your radios as is the added interference might be enough to kill the link?

Ninja Rope
Oct 22, 2005

Wee.


2.4 ghz should have less loss in cabling and through the air as long as there isn't a lot of moisture in the air. I don't know where you live, how often it rains, or what comes out of that smoke stacks, but I don't know if blasting 2.4 ghz through pillars of steam is going to help unless it's much more powerful. You won't have to worry much about overcrowding with your laser-like antennas attenuating everything not directly in their LoS.

What is the fresnel zone for 900mhz? And just because there's poo poo in your zone doesn't mean it's harmful. That's why I was hoping someone who knew this poo poo better would chime in.

Ninja Rope fucked around with this message at 20:35 on Feb 24, 2012

Ninja Rope
Oct 22, 2005

Wee.


You could use UTP<->Fiber ethernet converters to get around electrical and distance concerns, but they'll run $100+ each.

Ninja Rope
Oct 22, 2005

Wee.


Does the ethernet cable look good? Is it wiggly or loose? You can try replacing it.

Ninja Rope
Oct 22, 2005

Wee.


Vivec posted:

Also would a wireless N adapter plugged into a computer connecting to an N router be as good as plugging a cable in from the router to the computer?

No. It will never be as good, but it might be good enough.

Ninja Rope
Oct 22, 2005

Wee.


I don't know anything about m0n0wall, but if you were to treat it as a standard FreeBSD box you generally get that error when you run out of a specific type of kernel memory. Is the OS 64 or 32 bits? Do you mind sharing the output of:

sysctl vm.kmem_size_min vm.kmem_size_max vm.kmem_size vm.kmem_size_scale
sysctl hw.physmem hw.usermem hw.realmem
sysctl hw.machine_arch
sysctl hw.pagesize hw.pagesizes hw.availpages

My first guess would be to take kmem_size and kmem_size_max and double them. These changes have to go into /boot/loader.conf.

Ninja Rope
Oct 22, 2005

Wee.


I've lived in places with those GE boxes and they want you to pay GE to come in and terminate the ends and install a switch. Instead, I use a cable tester to figure out which cable goes where and crimp the end of all of the cat5 cables that lead to jacks I want to use. If you do that you may have to restore it to the previous configuration before you move out.

Ninja Rope
Oct 22, 2005

Wee.


I've never had one that fancy. It's a box in the wall where all the cables go, and mine have had a device that acts as a phone and a tv cable splitter. I had one that plugged the ethernet into the phone splitter but it didn't do anything for ethernet (either it didn't work or the ethernet cables shouldn't have been plugged in there). There is a mounting point for what I assume is an ethernet switch and a phone number to call to pay GE to put that switch in too.

Ninja Rope
Oct 22, 2005

Wee.


Your ping to the 12th hop look fine, so it's likely the browndognetworks routers are forwarding traffic acceptably but are under high CPU load and are slow to respond to direct pings. This is normal because pings to the device are treated as lower priority than routed traffic. Have you tested for packet loss?

Ninja Rope
Oct 22, 2005

Wee.


lucidcharts.com works pretty good too.

Ninja Rope
Oct 22, 2005

Wee.


Gherkin Jerkin posted:

I first noticed problems while trying to download games through Steam. Any current connections would continue to work (IM; Skype; Steam download; bittorent) but after 5 to 10 minutes of downloading or so, trying to browse webpages would yield:

code:
The server at forums.somethingawful.com can't be found, because the DNS lookup failed. 

Is it possible your whole connection is dropping? What does the steam download graph look like when this happens? You're sure the steam download continues uninterrupted? Steam will continue to retry, so if you're not watching the graph you might not notice the outage.

My whole connection drops when I download games from steam or during other big downloads. I assume it's my crappy cable modem but I don't have the energy to troubleshoot it.

Ninja Rope
Oct 22, 2005

Wee.


You could try setting the DNS servers on your computer to 4.2.2.2 or whatever, and see if that fixes it? I guess it's possible that the router is so busy NATing it can't allocate an CPU to dnsmasq. If you set your computer to use a different DNS server rather than the router to use a different DNS server, it will just be forwarding DNS requests rather than processing them.

Or you can try unchecking "use dnsmasq for dns"? That might do the same thing.

Ninja Rope
Oct 22, 2005

Wee.


poxin posted:

Just purchased the asus rt-16n and flashed it with tomato usb. I'm connecting at 300mbps via wireless but I'm only getting about 2.3-3.3 MB/s transfer speed to another computer that is wired into the gigabit port, any ideas why it would be so slow? That's pretty much on par with G speeds of the wrt54g it replaced

Are there a lot of other AP/clients/noise on the channel you are using?

Ninja Rope
Oct 22, 2005

Wee.


Rexxed posted:

Not that one specifically, but I run a mini-itx system as a router. Mine's an old VIA EPIA 933mhz with 512 megs of ram I got on ebay. I boot off a CF card on a CF to IDE adapter. The processor never gets over about 3% usage (often less) and memory sits around 6%, so it's kind of overkill, but it works great, and it's rock solid. I've had up to about 4-5 months of uptime (interrupted due to power outages). I run m0n0wall but there's several router packages available, as well as just homebrewing a linux/bsd system with NATD and a firewall.

I did the same but replaced it with a Shuttle due to size. My "fanless" VIA still required a fan because the power throttling poo poo didn't work under FreeBSD. I still have it sitting here unused because it's too useful to get rid of but I don't actually have a use for it.

Ninja Rope
Oct 22, 2005

Wee.


It's possible your ISP is throttling your connection based on the fact it's transferring a lot of data to a lot of destinations and from a lot of sources. With a VPN, all your ISP sees is one big transfer (though if they were clever they could probably take a good guess that you're torrenting anyway).

Ninja Rope
Oct 22, 2005

Wee.


Wheelchair Stunts posted:

Why is using ICMP echo / ping a good connectivity test? I was under the impression (and have personally observed) numerous occurrences where ICMP traffic is (de/)prioritized which makes me think it'd be very tenuous for measuring packet loss among other things.

edit: Edited for politness.

What else will you use as a connectivity test? You could use TCP or UDP (or invalid IP?), but how do you know the other end won't silently discard the packet as part of a firewall rule? ICMP ECHO is what was decided on to be the connectivity testing packet and, as it doesn't contain data meant for applications it's intentions are easy to divine. You're free to use TCP or UDP packets or whatever else, but there are generally more problems that can come up with those.

I don't know about prioritizing, but most devices implement rate limiting. Answer as many connectivity tests as you can, but if it seems like they're being abused then drop the rest sounds good to me.

Ninja Rope
Oct 22, 2005

Wee.


Boner Wad posted:

Any thoughts on building a really tiny PC with a few Ethernet ports on the back? I've looked at Soekris boxes in the past and they seem way overpriced especially for the speed and compute power.

I bought a Shuttle x35 or something, I forget which one, the one without a HDD or OS. I stuck a compact flash<->sata adapter and a 2g CF card in it running BSD. It runs like a champ and even though it's fanless the CPU is way overkill for routing. The only downside is the only NIC is 10/100. You could add another USB NIC or use a switch that does VLAN tagging.

Ninja Rope
Oct 22, 2005

Wee.


Has anyone successfully RMA'd anything through Netgear? I have a GS108T v1 that gets hugely temperamental when I enable flow control so I was thinking of RMAing it, but they seem to want proof of purchase for my, what, 4 year old switch, and me to pay shipping both ways. I'm not sure if it's worth it.

Ninja Rope
Oct 22, 2005

Wee.


What was that highly recommended cable modem? I want to try ordering a replacement from Amazon to see if it fixes my disconnection while downloading problem. Unless maybe you think I should just rent one from Comcast and make it their problem?

Adbot
ADBOT LOVES YOU

Ninja Rope
Oct 22, 2005

Wee.


Probably, but MAC addresses are only unique to ethernet (and 802.11), and by the time we run out we'll probably be using something else (yeah that's what they said about IPv4, but layer 2 standards change faster than layer 3).

That is still a poo poo ton of MAC addresses, but there's also the caveat that old MAC addresses can never be re-used. Once they're assigned to a device they're never reclaimed, even if that device is destroyed.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply