Infra/networking thread

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Infra/networking thread

shackleford: Sep 4, 2006

Captain Foo posted:

lol Comcast

# ¿ Mar 22, 2024 21:45

Adbot: ADBOT LOVES YOU

# ¿ May 8, 2024 22:11

shackleford: Sep 4, 2006

multiple default routes work just fine but if you're using provider-assigned address space from multiple providers of course you'll need some policy rules to make sure source address selection is performed correctly

hell you can even put a whole rear end routing table in a linux box

# ¿ Apr 7, 2024 15:38

shackleford: Sep 4, 2006

yeah if we're talking about the miktrotik CLI it's a little bit quirky and bespoke but it probably compares favorably to the rats nest of dozens of quirky and bespoke formats that is /etc/* on a linux box with equivalent services?

i do disable all the winbox, web interface, HTTP API, etc. garbage on mikrotiks, though, that poo poo's awful

# ¿ Apr 15, 2024 20:17

shackleford: Sep 4, 2006

i mean you probably don't want to think too much about all those CVE's in mikrotik's homegrown protocol implementations since they didn't want to use off the shelf daemons

# ¿ Apr 15, 2024 20:23

shackleford: Sep 4, 2006

well i definitely just got trolled into looking up whether that's real or not

# ¿ Apr 18, 2024 04:13

shackleford: Sep 4, 2006

Progressive JPEG posted:

separately in networking news i moved the dhcp serving for the home router off of systemd-networkd just because its so goddamn barebones. specifically it doesnt retain the client ids at all, so if you check the list of leases (itself a bizarre encoded blob buried in a dbus entry) it's just got macs paired with their assigned IPs. not very useful if you want a client list that any router from the last 25 years would provide. separately and more generally, it feels like networkd specifically has fallen into the sendmail trap of adding functionality/fixes that everyone would want/need but leaving everything disabled by default.

now running isc-kea in docker with postgres backend (why not - the router has 32GB mem after all) and its working pretty good so far, modulo the isc-provided docker image lacking preinstalled tools needed for db-init - gave up automating that and just wrote down the manual steps if I ever need to do it again:
code:
$ docker run -it debian /bin/bash
# apt-get update && apt-get install -y curl && curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-5/setup.deb.sh' | bash
# apt-get install -y isc-kea-admin postgresql-client
# kea-admin db-init pgsql --name kea --host <postgres_ip> --user <user> --password
<then discard the container>
i'd like to assemble some kind of periodic sync for fetching the leases from kea-agent's http api and putting them into /etc/hosts or thereabouts so that they show up on local dns provided by adguard home. the kea-stork thing looks interesting in terms of being able to extract prom metrics but no rush on that, could also diy an exporter against kea-agent APIs pretty trivially

what's wrong with apt-get install dnsmasq and something like

code:

grepcidr 0.0.0.0/0 /var/lib/misc/dnsmasq.leases | awk '{print$3,$4}' | egrep -v ' \*$'

# ¿ Apr 29, 2024 02:37

shackleford: Sep 4, 2006

Skinnymansbeerbelly posted:

After a network upgrade yesterday, my ISP's IPv6 transport ceased entirely. I think I sussed it out, but the system has won: the prospect of trying to get past level 1 support when the internet still halfway works is

do they also announce the (same or different) MTU via the DHCPv4 option?

i wonder what windows and OS X do if they get such a large MTU advertisement. arguably jumbo frames are not IEEE standard Ethernet and you'd be justified in clamping it unless the sysadmin enabled some "enable jumbo frames" tunable

heck i wonder what their gateways do. if their gateways get the bad advertisement from the WAN but hardcode or clamp to 1500 on the LAN that would mask the issue for like 99% of their customers

# ¿ Apr 30, 2024 20:41

shackleford: Sep 4, 2006

abigserve posted:

There's another company out there that's been selling dodgy, inferior Cisco products for the last decade.

# ¿ May 8, 2024 07:33

Adbot: ADBOT LOVES YOU

# ¿ May 8, 2024 22:11

shackleford: Sep 4, 2006

quote:

In a statement this week, Bryan Denny, special agent in charge of the US Department of Defense (DoD) Office of Inspector General, Defense Criminal Investigative Service in the Western Field Office, said that Aksoy "knowingly defrauded the Department of Defense by introducing counterfeit products into its supply chain that routinely failed or did not work at all." [...]

The DOJ hasn't further specified how the US military purchased counterfeit Cisco gear or how much fake tech it got from Aksoy. Online marketplaces like Amazon and eBay are known to have suspicious tech listings, so it would be alarming if government entities, especially military ones, were acquiring gear purchased by these means. Buyers and resellers working with government bodies also could have purchased the Pro Network Entities products directly.

the DOD OIG weasels around the issue with their "introducing counterfeit products into [our] supply chain" statement and the ars technica writer alludes to it, but presumably the DOD is not firing up the amazon.com web retail store front and ordering a $1000 "new" "cisco" switch from the amazon marketplace delivered to an F35 base

like presumably they're paying $25K to SAIC or General Dynamics or Booz Allen Hamilton or whichever huge federal IT contractor has the contract for IT services at that F35 base for that same $1K switch

and presumably the DOD OIG went to those huge federal IT contractors and asked them if they knew these were counterfeit switches and their lawyers told them to say "iunno :shrug:

# ¿ May 8, 2024 18:52

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > YOSPOS > Infra/networking thread