|
SwissArmyDruid posted:I can't tell if Ubiquiti are marketing geniuses or engineering morons anymore. People who've gotten the EA units of the Dream Router are saying it can't do gigabit, the best it can manage is 800 MB/sec despite having a dual core 1.35 GHz ARM CPU. People with ER-X's say they can manage 900 MB+/sec with QoS disabled on gigabit and that's a dual core MIPS running at 880 MHz, though it could be argued that the MIPS CPUs are a bit more efficient. Binary Badger fucked around with this message at 15:32 on Apr 28, 2022 |
#
?
Apr 28, 2022 15:30
|
|
|
|
| # ? May 17, 2024 17:17 |
|
|
Cyks posted:This does sound like my theory might be correct, but I can't think of a way of proving it without a bunch of hassle of running wireshark. I'd look into seeing if there's any new firmware available or if you can roll the device back to a previous one. Awful.app on my phone gave me this error with error code: Network Error A server with the specified hostname could not be found. (code -1003) Eero software is up-to-date and it doesn't look like I can downgrade to a previous version. Their "contact support and we'll check the logs for you" is a huge pain in the rear end.
|
|
#
?
Apr 28, 2022 21:17
|
|
|
Binary Badger posted:People who've gotten the EA units of the Dream Router are saying it can't do gigabit, the best it can manage is 800 MB/sec despite having a dual core 1.35 GHz ARM CPU. Does the Dream Router use hardware acceleration for routing? The ER-X achieves that routing speed by utilizing hardware offloading, which effectively removes the CPU from the routing process (it doesn't but the load is significantly reduced). Removing the offload means that it uses the CPU for routing, and that tanks the effective speed. If the Dream Router isn't using any hardware acceleration for routing, then 800mbit is understandable for that kind of CPU. Not saying it's great, just that the performance matches with the hardware being used.
|
|
#
?
Apr 28, 2022 21:45
|
|
|
Actuarial Fables posted:Does the Dream Router use hardware acceleration for routing? Handling packets is a very well-scoped issue (*), so doing it in an FPGA or ASIC is not just easy, it's also become incredibly cheap. *: It's so well-scoped, the BSD Packet Filter has been a virtual machine for it since the early 90s when it was invented. Weirdly, though, BPF nowadays gets used for kernel and userspace tracing in Linux, for reasons that defy all explanation other than: dtrace is CDDL and some lawyers think that GPL is compatible with CDDL. BlankSystemDaemon fucked around with this message at 21:55 on Apr 28, 2022 |
|
#
?
Apr 28, 2022 21:47
|
|
|
Is there anything on the market that ticks these boxes for a switch? - Multi-gig (1/2.5/5/10) - 8 port min - Layer 3 (internal and ACLs are all I care about) - Quiet - "reasonably" affordable I'm still on the "plan for multigig and a 10gb NAS" roadmap, but I'm resigning myself to the fact that short of building a SFF pfSense machine I'm unlikely to find any single device that is affordable and can do L3 routing at 10gbs line speeds, so if I go in with the assumption that I can have a switch intelligently route VLANs internally I can offload the firewall literally as a NAT ingress/egress security gateway. The real lynchpin of this design finding a switch that can route packets between VLANs internally, rather than bottlenecking them to the firewall at 1gig. I could theoretically make sure that all my 10gbe devices are on one VLAN and then I could just use a L2 10gbe switch, but I'll only make that tradeoff if I can't find something reasonable. I'm hesitant to go with a SFF machine just because I don't have the room in my little 8U network cabinet for a dell optiplex or whatever, and I'm hesitant to start hooking up equipment outside the rack for cleanliness sake, but ultimately something has to give so that MAY be a viable option which gives me 10gbe routing in a central device but who knows. If there was a way to get 10gbe on a USFF I would probably pay a lot of money to make that happen. The down side is that I'd have to do some weird router-on-a-stick config if I only have one port to work with, feeding my Internet into a 10gbe switch and feeding it to the USFF over a VLAN and my head hurts just trying to remember those weird configs from my CCN* days some kinda jackal fucked around with this message at 12:22 on Apr 29, 2022 |
|
#
?
Apr 29, 2022 12:20
|
|
|
some kinda jackal posted:Is there anything on the market that ticks these boxes for a switch? I assume you're open to going optical instead of copper here? For copper, about the cheapest I'm aware of would be something like the Netgear XS508M at $550, and that's unmanaged. The managed version is the XS708E and it's $800. SFP+ land, on the other hand, can get you the MikroTik CRS309-1G-8S with 8x10G ports and a pretty robust management OS for $300, and it'll support whatever $5 eBay SFP's you wanna slam in there. Might need to actually read the manual on how to set things up, but once you do they're solid little boxes. For a firewall box, you don't need anything as large as an Optiplex if you're using it as an ingress/egress firewall (and using it that way makes a lot of sense). You can pick up a wide variety of tiny boxes based around something like the Celeron J4125 for ~$200 like this one that are less than 5"x5"x2" that should work just fine for that unless you're doing some real heavy work with it. I managed to find one based around a 5200U running OPNSense and it handles 1Gb internet + DPI + routing + suricata (in IDS mode since it still crashes in IDP mode for some reason) at like...20% CPU usage under "heavy" load. DrDork fucked around with this message at 15:02 on Apr 29, 2022 |
|
#
?
Apr 29, 2022 14:59
|
|
|
I'm having intermittent connection downtime which I strongly suspect is my notoriously bad ISP, however I would like to log this in a way more elegant than running a long /ping command overnight and all day. I've seen some network connectivity analyzer software but it looks pretty sketchy. Has anyone heard of this for example? It would do exactly what I want but it screams malware. I'd love to hear any other solution anyone might have. I have a server on windows that I leave running 100% of the time so it could be grabbing this data. Actually I'd be curious to know if anyone has any ideas about other things I should be looking at which could be the source of my issues, so here's the quick story:
I don't think this is an IP conflict issue or anything like that. The local network never goes down - just the internet connection. Anything I can try? I've unplugged the modem multiple times to try to reset it's connection to the ISP.
|
|
#
?
Apr 29, 2022 18:00
|
|
|
You have one of two options: 1: A RIPE Atlas probe (it's free if they approve your request - usually it's no problem to get approval). Atlas is a internet measuring system whereby RIPE collects and publishes all the anonymized connection, and if you participate by hosting a probe, you earn credits to be able to set up your own measurements (in addition to the ones automatically performed by RIPE in order to provide the basic functionality). 2: Setup smokeping. This is a lot more work - in addition to setting up smokeping itself, finding servers to ping arbitrarily that won't oppotunistically drop your data like a lot of internet routers and public endpoints (like DNS servers) will, is no small task. Those are pretty much the only tools that're universally recognized for this kind of thing - but if your ISp is lovely enough, they might refuse to even acknowledge the data generated by either, in which case there's pretty much nothing you can do other than keep going through their script and demanding to be escalated to a higher tier.
|
|
#
?
Apr 29, 2022 18:36
|
|
|
BlankSystemDaemon posted:Those are pretty much the only tools that're universally recognized for this kind of thing - but if your ISp is lovely enough, they might refuse to even acknowledge the data generated by either, in which case there's pretty much nothing you can do other than keep going through their script and demanding to be escalated to a higher tier. The ISP is Comcast. Sooo, yeah. Their (in)ability to provide stable connections is a prime reason several friends of mine have skipped off to other services. Sadly their market-monopoly tactics can make that a challenge in many areas. At best you can try removing your router and connecting straight to the Comcast box temporarily and seeing if you still get the drops. If so, as BSD says, not much you can do other than bitch at them and hope they figure their crap out eventually. Or see if there's another ISP available in your building.
|
|
#
?
Apr 29, 2022 20:18
|
|
|
DrDork posted:The ISP is Comcast. Sooo, yeah. Their (in)ability to provide stable connections is a prime reason several friends of mine have skipped off to other services. Sadly their market-monopoly tactics can make that a challenge in many areas. I'm one of the dozens of people that live outside the USA, the ISP is actually 'Shaw'. It might be the same infrastructure. I've heard horrible things about Comcast, this is our version of that evil. Apparently there is an xb7 modem that the tech is bringing today, maybe that will help! The RIPE atlas thing sounds interesting. I'll read more about it but from an InfoSec perspective I'd want to have root control over anything I'm plugging into my network, just to ensure it's not an unintended vulnerability. e: looks like the probes actually do have great documentation with source code/APIs on their site. Can even use command line, neat. VelociBacon fucked around with this message at 20:55 on Apr 29, 2022 |
|
#
?
Apr 29, 2022 20:23
|
|
|
DrDork posted:The ISP is Comcast. Sooo, yeah. Their (in)ability to provide stable connections is a prime reason several friends of mine have skipped off to other services. Sadly their market-monopoly tactics can make that a challenge in many areas.  VelociBacon posted:I'm one of the dozens of people that live outside the USA, the ISP is actually 'Shaw'. It might be the same infrastructure. I've heard horrible things about Comcast, this is our version of that evil. What's the actual connection you have; DSL (via the phone line, can be variants like ADSL or G.Star), DOCSIS (via tv cable, which is a shared medium like wifi is), or fiber (can be to the last mile with copper the rest of the way, or fiber to the home)? I'm an infosec guy too, I wouldn't recommend Atlas probes if I knew them to be poo poo.
|
|
#
?
Apr 30, 2022 09:17
|
|
|
BlankSystemDaemon posted:I was checking the Atlas site for other things and noticed that Comcast is sponsoring them - which is hilarious. I feel like you can get whatever ISP at pretty much any address here (in a main Canadian city), it's mostly about whether fiber has been ran to your building or not. In my case I'm in a building built in 1999 and my connection is over DOCSIS. I was typing this out on my phone and my internet connection dropped again, with the new modem displaying the LED debug code for 'upstream registration'. Guess I'm escalating whatever on the ISP side tomorrow. I've ran multiple scans with malwarebytes and windows AV and have found nothing. The ISP tech seemed to know more or less what he was doing from the hardware side and suggested that it could be malicious code on my pc affecting the modem. I've never heard of someone going after modem access after they have the ability to remotely issue commands on a machine in the LAN so I dunno how much I believe that.
|
|
#
?
Apr 30, 2022 11:04
|
|
|
VelociBacon posted:I feel like you can get whatever ISP at pretty much any address here (in a main Canadian city), it's mostly about whether fiber has been ran to your building or not. In my case I'm in a building built in 1999 and my connection is over DOCSIS. I was typing this out on my phone and my internet connection dropped again, with the new modem displaying the LED debug code for 'upstream registration'. Guess I'm escalating whatever on the ISP side tomorrow. If they're suggesting malicious code going after modem access, they're absolutely going through a script since there's basically no point in doing that. Anyone not spearfishing can make much more money mining buttcoin on your equipment than trying to blackmail you, anyone spearfishing is likely to not bother with small stuff like that, and anyone attempting identity theft won't be trying to alert you to their presence. BlankSystemDaemon fucked around with this message at 15:24 on Apr 30, 2022 |
|
#
?
Apr 30, 2022 15:18
|
|
|
Agreed. "Oh maybe someone is hax0ring ur modem" to explain intermittent connectivity drops smells like a fat load of BS and them trying to throw up random explanations to deflect blame that 95% of their customer base isn't going to question because they have no idea how any of it works. Like an auto mechanic telling you they need to charge you an extra $250 because they had to replace the flux-capacitor main servo.
|
|
#
?
Apr 30, 2022 15:49
|
|
|
BlankSystemDaemon posted:Yeah, if you've got any kind of DOCSIS, since it's a shared medium you might have a chat with the other people you share a CMTS with, to hear whether they experience anything like it - if they do, you know it's a bigger issue than the ISPs are making it out to be, and if not you've pretty much isolated it to your own setup. Yeah there's over a hundred units in my tower and everything is clean for the other units, the tech yesterday called in a favor with a buddy back at the ISP and they were checking it. And yeah seems like quite a reach. I'd sooner think there was electromagnet interference causing it to reboot or something wacky.
|
|
#
?
Apr 30, 2022 16:21
|
|
|
BlankSystemDaemon posted:As far as I remember the situation in Canadia, Shaw and Bell Canada have a duopoly where they don't serve the same areas, so you're effectively hosed for choice as much as a lot of Comcast customers are? Close - when it comes to cableTV (ie: coax), the "competitors" are Rogers/Shaw/Cogeco and they don't have overlapping territories. Bell (as an ILEC) covers all areas and owns/manages the POTS infrastructure in most of Canada that anyone can rent (lots of asterisks on this) and competes with the above companies and is heavily deploying a FTTH solution of their own. In small geographic areas (usually cities) there might be additional competitors.
|
|
#
?
May 2, 2022 20:49
|
|
|
Boy, if it weren't for the EdgeRouter Infinity ($1,849.00) I wouldn't know what an EdgeRouter that's in stock looks like.
|
|
#
?
May 5, 2022 17:49
|
|
|
I finally upgraded my home office's network to 2.5 Gbe. Everything is working well, except the 2.5 Gbe switch is quite warm--significantly warmer than the gigabit switch before, even though the new switch has a metal body. Is that normal for multi-gig switches?
|
|
#
?
May 15, 2022 06:13
|
|
|
Boat Stuck posted:I finally upgraded my home office's network to 2.5 Gbe. Everything is working well, except the 2.5 Gbe switch is quite warm--significantly warmer than the gigabit switch before, even though the new switch has a metal body. Is that normal for multi-gig switches? Heat is normal for fast processing devices like that, generally. Is it passive cooled? If so, they are usually even hotter.
|
|
#
?
May 15, 2022 13:35
|
|
|
So my M90q finally came in and I started messing with it… Chelsio T520 barely fits! Had to remove the front little Wi-Fi antenna thing, which is fine because I’m not going to use Wi-Fi in this. I’m going to try and find a 2230 M.2 GPS module to put in there instead, and put an antenna on my roof so this guy can do NTP as well. Not sure if I could get PPS working on this, but kinda neat to have a GPS-disciplined local time source as well (and feed my itch to have every possible slot populated and in use). I need to find the guy on Reddit who was doing 3D printed brackets  It has an empty 2242 slot notionally for WWAN on the mobo, but even if I soldered a M.2 connector onto it, I bet BIOS likely doesn’t have lanes to it active. Good suite of I/O though, on the bottom as  I don’t think the RAM negotiated at the right speed sadly, but it should be CL16; Lenovo BIOS doesn’t show me what profile it loaded unfortunately, so will have to wait until I get an OS loaded to see if it even went with the right timings. Going to Proxmox it, and then add OPNsense and pass-through the T520. On-board NIC will be my poor-man ILO/BMC. I got an i9-11900T off eBay to replace the i5-11500 it came with — hoping the 35 W CPU + 65 W cooling solution does nicely for thermals. Will have to do some looking to see if the Chelsio driver can report temps, as I’m not sure how well that’s gonna do in this tiny case — at least with SFPs, it should run cooler than if it was 10Gbase-T. movax fucked around with this message at 19:02 on May 15, 2022 |
|
#
?
May 15, 2022 18:52
|
|
|
Excuse my ignorance but what is the benefit of using Promax instead of just installing on bare metal?
|
|
#
?
May 15, 2022 20:21
|
|
|
KKKLIP ART posted:Excuse my ignorance but what is the benefit of using Promax instead of just installing on bare metal? I’m thinking I’ll also run Home Assistant / Homebridge and make this machine my main “home infrastructure” type machine; i.e., way less likely to gently caress around with it and take down my Internet randomly.
|
|
#
?
May 15, 2022 20:54
|
|
|
movax posted:feed my itch to have every possible slot populated and in use.  Does the machine have a SIM slot, or are you planning on using eSIM for the WWAN NIC? You should probably also figure out if the WWAN modem is supported in FreeBSD, as the vast majority of the ones on M.2 or mini-pcie aren't - since almost all new WWAN NICs use the proprietary standard caled QMI (which is barely supported on Linux, let alone anything else - so maybe the best option is to pass it through to a Linux guest which can then bridge it with a virtual NIC you've got connected to your router guest OS). As for memory negotiation, I have at least one piece of gear at home that refuses to boot with CL16 memory, but will boot just fine with CL17.  Maybe dmidecode can help figure out memory training? If you're doing Proxmox, I hope the system has SR-IOV support as that makes virtualization of NICs much simpler. It's a super sweet system, though - would love to see some networking benchmarks done on it. BlankSystemDaemon fucked around with this message at 12:49 on May 16, 2022 |
|
#
?
May 16, 2022 12:44
|
|
|
So since I have early access, I updated the firmware on my EdgeRouter X from 2.0.9-hotfix.2 to 2.0.9-hotfix.3, no ill effects for the past few hours and it actually freed up a few MB of disk space more than hotfix.2.
|
|
#
?
May 16, 2022 20:45
|
|
|
BlankSystemDaemon posted:Huge Nah — the WWAN slot is physically not present / I’m not sure it would work if I soldered a connector on it. No one seems to make a LTE 2230 modem, but it seems like a GPS module might exist (lots of 2242, not a lot of 2230 sadly) from a few random companies. Or I’ll design a board for some u.blox module in 2230 and FOSS the files. Either way I’d probably pass the device to a guest VM / Linux VM as I don’t think FreeBSD is as strong as Linux when it comes to GPS integration. quote:As for memory negotiation, I have at least one piece of gear at home that refuses to boot with CL16 memory, but will boot just fine with CL17. Not sure if the desktop chipset / Rocket Lake does SR-IOV, but don’t think I need it if I just give the whole T520 to OPNsense.
|
|
#
?
May 16, 2022 21:05
|
|
|
Binary Badger posted:So since I have early access, I updated the firmware on my EdgeRouter X from 2.0.9-hotfix.2 to 2.0.9-hotfix.3, no ill effects for the past few hours and it actually freed up a few MB of disk space more than hotfix.2. Does it say what updates/fixes it has? I have been running hotfix 2 for a several months without issues and don't see a reason to update it.
|
|
#
?
May 16, 2022 22:58
|
|
|
god this blows posted:Does it say what updates/fixes it has? I have been running hotfix 2 for a several months without issues and don't see a reason to update it. Updates the MOTD on login to add 'lol we swear / pinky-promise EdgeMAX is NOT EOL'
|
|
#
?
May 17, 2022 00:01
|
|
|
movax posted:Updates the MOTD on login to add 'lol we swear / pinky-promise EdgeMAX is NOT EOL' That feels so true. I have an EdgeRouter 4 as I am lucky enough to have symmetric gigabit internet and got a good deal on a used one but don’t know what I would use instead
|
|
#
?
May 17, 2022 01:57
|
|
|
god this blows posted:Does it say what updates/fixes it has? I have been running hotfix 2 for a several months without issues and don't see a reason to update it. https://community.ui.com/releases/EdgeMAX-EdgeRouter-Firmware-v2-0-9-hotfix-3/bcbaedc8-41df-4a97-b389-bb122c8905cd Ubiquiti posted:Fixed CVE-2020-15078 in OpenVPN various security fixes including a DoS attack in the PnP routines.. And, as I said, my free space went from 142.7 MB free to 143.6 MB free. Not like that's a huge gain or anything. Oh, and a couple of my camera apps seem to access the cams faster now. If the MOTD changed to 'Buy a Dream Router now' I'd be worried. Binary Badger fucked around with this message at 03:00 on May 17, 2022 |
|
#
?
May 17, 2022 02:56
|
|
|
Does anyone know of a way to pull simple status data from home networking gear? I have an idea to write a little tool to sit in the system tray that shows a basic red/yellow/green icon for my network gear since my firewall is in a closet, and my wifi access points are either in other rooms than my office, or else are hidden behind my monitors. My firewall is a NetGate SG-4860 running pfSense My main network is a 2-node Linksys Velop mesh My guest network is a Linksys Ea9500 I’m not sure what the Cox wifi box is, but I’m not sure how critical that is - if it goes down it’s immediately obvious. If this were commercial gear, id look towards SNMP, but it’s not. Googling for Linksys and api or status or the like only returns references to their Smart web app, which isn’t helpful. Thanks.
|
|
#
?
May 17, 2022 23:43
|
|
|
LongSack posted:Does anyone know of a way to pull simple status data from home networking gear? I have an idea to write a little tool to sit in the system tray that shows a basic red/yellow/green icon for my network gear since my firewall is in a closet, and my wifi access points are either in other rooms than my office, or else are hidden behind my monitors. You can set up something to regularly ping those devices. That won't catch all failure cases though. Anything more complex than that should really be done using hardware that supports SNMP. Consumer poo poo generally won't have an API, so you'd have to do really hacky and time consuming stuff that isn't worth the effort.
|
|
#
?
May 18, 2022 01:32
|
|
|
Inept posted:You can set up something to regularly ping those devices. That won't catch all failure cases though. Anything more complex than that should really be done using hardware that supports SNMP. Consumer poo poo generally won't have an API, so you'd have to do really hacky and time consuming stuff that isn't worth the effort. Bah Thanks
|
|
#
?
May 18, 2022 02:48
|
|
|
movax posted:Nah — the WWAN slot is physically not present / I’m not sure it would work if I soldered a connector on it. No one seems to make a LTE 2230 modem, but it seems like a GPS module might exist (lots of 2242, not a lot of 2230 sadly) from a few random companies. Or I’ll design a board for some u.blox module in 2230 and FOSS the files. There's good news on the gps front, astro/gpsd works well - at least when I tested it with the Sony Ericsson F5521gw that was in my T420 for years before the HSPA network closed in Denmark. Also, PPS_SYNC has been in the kernel since October last year. Currently I have a Intel XMM7360 WWAN NIC in my T480s - but as is the case with ThinkPads, some of the devices are firmware locked and I don't think the T480s firmware has been hacked yet. Unfortunately it isn't supported yet in FreeBSD either, so I may have to throw NetBSD in a bhyve guest and use PCI passthrough and bridging there at some point when I get around to it. As an alternative to QMI, there's always MBIM - which has been making a bit of progress lately. The advantage of SR-IOV is that it makes one device appear as anywhere from 16 to 64 devices attached directly on the PCI bus, depending on how you configure the virtual functions. Each one can be used with a separate guest by the hypervisor (or as a FreeBSD jail network device), without a need for the typical vSwitch configuration. BlankSystemDaemon fucked around with this message at 10:15 on May 18, 2022 |
|
#
?
May 18, 2022 10:07
|
|
|
I have no idea what thread this question belongs in but technically it is for a home network... Soon, my workplace will only let me use my work-provided laptop to connect to their network, including everything that uses MS authentication (Teams/Outlook/etc). Instead of the comfy desktopping I've been doing so far, and I don't have a dock, only a crappy HDMI cable they provided. I cannot RDP to my work laptop from the desktop. However, it looks like casting and wireless connection can be OK. Doing some google around, I could potentially cast my work laptop to my desktop, and that would even let me control it with my mouse? My desktop states it isn't 'Miracast-capable'. Would buying a dongle for this solve the problem? bewilderment fucked around with this message at 12:34 on May 19, 2022 |
|
#
?
May 19, 2022 12:22
|
|
|
bewilderment posted:I have no idea what thread this question belongs in but technically it is for a home network... It sucks but I wouldn't attempt to circumvent your works' security processes.
|
|
#
?
May 19, 2022 14:27
|
|
|
bewilderment posted:I have no idea what thread this question belongs in but technically it is for a home network... Sounds like you need to just get a proper docking station for your work laptop.
|
|
#
?
May 19, 2022 14:42
|
|
|
bewilderment posted:I have no idea what thread this question belongs in but technically it is for a home network... casting is a laggy nightmare in the best of conditions. dealing with the half second of lag everytime you try to doubleclick will drive you insane like a Lovecraftian protagonist researching the esoteric unknown. I wouldn't advise. would a hdmi splitter be close enough to a dock for multi-monitor support?
|
|
#
?
May 19, 2022 14:46
|
|
|
Famethrowa posted:would a hdmi splitter be close enough to a dock for multi-monitor support?
|
|
#
?
May 19, 2022 16:16
|
|
|
Serjeant Buzfuz posted:Sounds like you need to just get a proper docking station for your work laptop.
|
|
#
?
May 19, 2022 17:31
|
|
|
|
| # ? May 17, 2024 17:17 |
|
|
Flipperwaldt posted:Maybe I missed something in the discussion, but these splitters are only for getting the same thing displayed on two monitors. Like duplicate, not extend the desktop. whoops you right. amend that to hdmi switch or Serjeant Buzfuz posted:Sounds like you need to just get a proper docking station for your work laptop.
|
|
#
?
May 19, 2022 18:14
|
|