|
ive started telling folks that koobernetis is a good solution if you require a massive distributed ad serving infrastructure platform that mostly works. it basically guarantees you will have some requests fail, which can be good or bad for you and your developers. its good in the sense that your developers must design error handling and retry into whatever the hell is calling into koobernetis: the js in the browser or java applet or whatever. the devs should have been doing this all along and itll kinda force them to at least think about it before they declare its too hard and just make the end user hitting the page reload button be their planned error recovery solution. its bad because see prev statement. your devs arent that good anyway don’t worry about it the end user will be the retry logic. oh, you wanted to run something that doesnt speak http/https ??? oh, its stateful? oh its stateful aaaand it has transactions that span out to other service providers that are really really painful and expensive to unwind if our transaction fails?? yeah maybe dont run that in koob. oh sure you caaaan run that in koob i guess, if your devs are really really good. ( they are not that good ) is it just me, or does it seem like all the silver bullet hotness for infrastructure over the last ~15 years has been built around solving one specific problem for one of the cloud providers and they all do it by punting all of the other harder problems higher up the stack to make it the app devs problem?
|
# ¿ Feb 18, 2021 14:07 |
|
|
# ¿ May 9, 2024 01:40 |
|
anyone have good pihole block lists they’d recommend? besides 0.0.0.0/0 and .* ?
|
# ¿ Dec 7, 2021 13:19 |
|
Mr. Crow posted:I use 0.0.0.0/1 and 128.0.0.0/1 works pretty well that would solve a lot of my problems, frankly
|
# ¿ Dec 9, 2021 19:29 |
|
Jonny 290 posted:https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts thanks Jonny
|
# ¿ Dec 9, 2021 20:36 |
|
my dev shop is all juniper, more than 10,000 ports worth, and multiple labs that size this is gonna suck, isnt it. i need to buy the network architect a bottle of something nice i think. hes gonna be real unhappy.
|
# ¿ Jan 12, 2024 12:09 |
|
i spent some time telling people that ospf was a better solution to deciding whether to use network 1 or network 2 when things wanted to talk to each other. the existing alternative being stupid dns games and local /etc/hosts overrides apparently i was wrong because ospf is hard or something.
|
# ¿ Feb 12, 2024 18:55 |
|
it seems to have gone away on real real important servers for the most part, replaced by link aggregation despite that solving a totally different set of problems the “which network” decision problem still exists and people are writing new magic smart bridging widgets to mash all the networks together to make the problem go away, introducing new and exciting failure modes!
|
# ¿ Feb 12, 2024 19:03 |
|
which one? the name game, or ospf hard? or both? i am not a genius but i can make a totally stubby area for a group of servers to talk to each other work. the name game specifically is dumb because you are baking network topology into app config or hijacking hostnames on specific machines to force the routing you want.
|
# ¿ Feb 12, 2024 19:08 |
|
theyre trying to take advantage of a fast internal magic rdma memory to memory hypervisor network when two guests are on the same host instead of having the hypervisor virtual switch handle it. its a latency/cpu cost thing. the usecase is real the existent solution is dumb.
|
# ¿ Feb 12, 2024 19:17 |
|
yea see but when you can use an ip address that gives you rdma to the target, or a different ip address in a different subnet because its a different L2 domain for vanilla ethernet - how do you know to choose the rdma capable non routed link? eg: every virtual machine has a real ethernet link to the external network and the world, and also a magic internal rdma link on a private subnet to talk to peers in the same hypervisor. how do you tell an application to use one link to talk to peers in the hypervisor, and a different link to talk to the world? stupid dns tricks and /etc/host fuckery? bridge the private rdma link to the world and use real ips everywhere? bake the network topology into the app config? what happens when you want to relocate a guest to a different hypervisor and the neighbors/peers/remote endpoints all switch around? ospf specifically handles all the above, but nooooooo its gross and weird and everyone wants to solve a routing question using some other method. as far as i can tell there are no good answers, just different kinds of bad
|
# ¿ Feb 12, 2024 20:16 |
|
psiox posted:okay i'll bite as someone doing a lot of vms on hosts all over the place (libvirt w/ kvm/qemu) depends on what youre doing in those vms. 90% of the time bridges to the real adapter are the right answer. but if you have a group of vms that stream gigs of data to each other constantly, on the same host it can be a major latency/throughput/cpu time savings to have a better local network in the hypervisor for them to use.
|
# ¿ Feb 12, 2024 20:21 |
|
yea if youre going to use ospf to interconnect a hodgepodge of routers on a campus with a “whatever was cheapest at the time” set of uplinks between buildings it will totally do that youre gonna want to murder whoever named all the terms though.
|
# ¿ Feb 12, 2024 20:43 |
|
it is cool as poo poo to watch the routing tables all converge on new pathing when you take a shared link down though a ping flood to an external device only sees 2-3 dropped packets on a ssh session that was running over the link you killed.
|
# ¿ Feb 12, 2024 20:47 |
|
node1: routed ip: 10.20.30.10 rdma not routed ip: 192.168.0.10 routes: 10.20.30.0/24 direct 192.168.0.0/16 direct default/0.0.0.0 via 10.20.30.1 node2: routed ip: 10.20.30.11 rdma not routed ip: 192.168.0.11 routes: 10.20.30.0/24 direct 192.168.0.0/16 direct default/0.0.0.0 via 10.20.30.1 are you sayin i should add these routes to the above? node1: 10.20.30.11/32 via 192.168.0.11 node2: 10.20.30.10/32 via 192.168.0.10 and automate the management thereof as i place virtual machines on hypervisors and them move them around? congrats you just reinvented ospf more or less.
|
# ¿ Feb 12, 2024 21:30 |
|
the most basic basic bit of info is that there are two different networks. one is very very fast, but only gets you to neighboring virtual machines in the hypervisor. thats 192.168.0.0 the other is the network that talks to the rest of the world. thats 10.20.30.0 re your question: yes. how do you let application code get the benefit of the fast network to adjacent peers while maintaining connectivity to remote peers that are unreachable over the fast network? and also do so across an environment running dozens/hundreds of hypervisors that contain these little island networks? and do so in a way such that you can start up a virtual machine on any one of those dozens of hosts and theyll just figure it out to get to the local peers with the fast network while still having access to everything else via the real network. without going so far as ospf - split horizon dns was the next least bad option. a dns service on the fast private network responding to all requests for locally fast attached hosts with the 192.168 fast ip, and forwarding all other requests to external dns to supply 10.x normal IPs. its a colossal pita to automate the maintenance of those per hypervisor zones though as you move virtual machines around.
|
# ¿ Feb 12, 2024 22:22 |
|
tortilla_chip posted:My comedy answer is consul thats just hurtful. im trying to save 0.4 ms of rtt and 1/32 of a cpu worth of compute time and youre just making GBS threads kubernetes everywhere. geddafuqouddahere
|
# ¿ Feb 12, 2024 22:36 |
|
Asymmetric POSTer posted:what is causing this situation to exist? why do the hosts to try to communicate with one another via their routed addresses and not their non-routed addresses i guess i dont understand the question? theres two paths between hosts that are on the same hypervisor. each path is via a unique subnet. the subnets are not routed to each other. ( why are the little fast subnets not routed to the world which would indeed make the entire problem go away you ask? because routing packets costs host cpu cycles that are better spent committing db transactions that make the real money and the boxes run at high 90% utilization so every cycle matters. )
|
# ¿ Feb 12, 2024 22:49 |
|
im thinkin dhcp and dynamic split horizon dns on a network services machine on each hypervisor might do the needful. network people get real grumpy about letting network services run on hosts though. that may take some beers to design a solution at an offsite with the network team. and “if youre doing rdma over ethernet you already failed”: whaddyo mean remote memory access over a lossy transport doesnt sound exciting to you?
|
# ¿ Feb 12, 2024 23:00 |
|
its for financial transactions when youre running millions/hr with a tight sla. yea for flappy bird fart app it wouldnt be worth it
|
# ¿ Feb 14, 2024 13:02 |
|
hft? gently caress no this is generic moving money around bank poo poo.
|
# ¿ Feb 15, 2024 13:08 |
|
gently caress, man thats just hurtful
|
# ¿ Feb 15, 2024 13:30 |
|
in all honesty id feel better about being called a nft crypto scammer than a hft it manager
|
# ¿ Feb 15, 2024 14:15 |
|
a) not my design - im just the QA guy - im supposed to be making sure the design and technology works even when its stupid b) finance companies are run by finance people who measure things financially and put financiers in charge of everything including IT. %utilization of an expensive asset is trivial to measure and there is generations of pressure to run them at 100% because otherwise youre “wasting money.” these are the people who until the past 5 years said poo poo like ”if you are not paging you bought too much memory.” c) buddy, if you think the entire it backbone of the world is well designed and not just a bunch of bodged together crap someone drew on a chalkboard 40 years ago i dunno what to tell you
|
# ¿ Feb 17, 2024 16:13 |
|
lol i have no certifications what so ever. ospf is just fukin cool. apparently im the only person alive who doesnt think its gross and has no place on multi homed servers.
|
# ¿ Feb 18, 2024 16:41 |
|
lagg/teaming/bonding is great for physical availability and load balancing within the context of a single layer2 broadcast domain. multipathing at layer3 is great on top of that for when you need to be worried about spanning tree loops taking down a whole L2 due to misconfigured bonds and bridges, for handling core router outages and maintenance, and also for magically handling relocation of virtual machines when your network cant do VXLAN because the BISO read an article on the jet that said it was a security vulnerability or some other bs
|
# ¿ Feb 18, 2024 19:02 |
|
networks are cool and good because they let computers talk to each other so you can play multiplayer myst and stuff networks are terrible because they let computers talk to each other and that will be the downfall of us all
|
# ¿ Feb 18, 2024 19:16 |
|
i dunno never done ibgp the “put it all in area 0” guy is right as long as you get that thats a joke. the network people own area 0 and the routers between that and your stubby area. they give you a stubby area 5 that you put all your crap in and then yea it works great. stubby just means your area only talks to itself and the routers the network team connects your junk to, your stubby area does not provide transit routing to other areas adjacent to or behind it.
|
# ¿ Feb 18, 2024 19:51 |
|
outhole surfer posted:can ospf do anycast? no idea, never tried that! you could try adding the same vipa dns service address to all the dns servers and let ospf select the closest one with a viable path. that may get you where you wanna be. youll have the same ip reachable on (dns hosts * interfaces per host ) paths in the ospf routing tables its chatty though by default - thats part of why it converges fast. youll maybe want to tune the link advertisement intervals if your environment is heavily virtualized and a hundred ospf daemons talking to each other on one core is gonna be too much.
|
# ¿ Feb 18, 2024 22:25 |
|
Nomnom Cookie posted:ha nailed it. i meant ccna-aboo as a parallel to weeaboo, i.e. someone who is a fan of the thing, wishes they were they thing, dreams of being the thing. good news for you getting a ccna is a hell of a lot easier than becoming japanese yea na gently caress everything about that im shitpostin about wacky network stuff in the networkin thread and you invite me to self harm by going for a cisco cert?
|
# ¿ Feb 19, 2024 20:59 |
|
Nomnom Cookie posted:have you considered making a home lab with a 6 raspberry pi kubernetes cluster, a dual socket sandy bridge VM host, and triple-NUC san. cause then you could run all the weirdo network protocols you want without bothering the people at work about it you mutherfuckers are perverts all trynna run routing protocols on rasberries pi when they just wanna dhcp thmselves a default route like every other normal big girl computer.
|
# ¿ Feb 20, 2024 03:02 |
|
seriously tho are you even doing real networking if all your routes are static?
|
# ¿ Feb 20, 2024 03:15 |
|
outhole surfer posted:lol if you use rpi 250k ? thats it? wheres the real computers?
|
# ¿ Feb 20, 2024 03:30 |
|
this tracks with what ive seen - on prem implementations of kube are effectively 1 app per cluster and as stateless as possible. a static kube cluster is a reliable kube cluster no upgrades or security fixes, make a new one and deploy the current version of the app to it and shoot the old cluster in the face.
|
# ¿ Feb 20, 2024 16:45 |
|
any design based on polling loops, no service dependancies but instead random retry and sleeps with eventual giving up, and otherwise timing windows on top of timing windows is a terrible design. its like the stupidest possible design that only could work if you have effectively infinite cores available and a network with infinite bandwidth and 0 latency.
|
# ¿ Feb 20, 2024 19:53 |
|
nobody should listen to me ever for any reason but forget rdma: when you have 2 network adapters, one is fast and talks to nearby stuff, and one is slow and talks to the entire world, how do you decide when you can use the fast network? no, you cannot bridge or route the fast network to the world. a) /etc/hosts overrides b) split horizon dns c) dynamic routing d) unique host names for all viable paths and configure the path in the application config e) ?????
|
# ¿ Feb 20, 2024 20:18 |
|
see? this is why i ask you excellent people, because you can see both forest and trees.
|
# ¿ Feb 20, 2024 20:42 |
|
12 rats tied together posted:the answer though OP is the route table. it's what it was designed for and it has all the features you need to solve that problem. invent my own dynamic routing automation based on internally discoverable topology facts. check. … gotta do both ends tho so i dont end up with asymmetric routes, so ill need a notification mechanism… aaaaand i just reinvented ospf. greaaaat.
|
# ¿ Feb 20, 2024 21:33 |
|
abigserve posted:in the situation where the two networks aren't connected d would be the objectively correct solution nah the two networks do not overlap in terms of ip addresses. the slow network is 10.0.0.0/8 and the fast network is 192.168.0.0/24
|
# ¿ Feb 20, 2024 21:36 |
|
if i hack a route for outbound traffic on host1 to use the fast network when it wants to talk to host2, i need a corresponding return path on host2 to also use the fast path to get the responses back to host1 its the coordination of both those changes across not just a pair of nodes, but every node running on the fast network that makes this effectively a use ospf or reimplement ospf poorly situation. i was hoping i was just too dumb to see a easy solution. nope, just dumb. situation is also dumb. everything is dumb except naps. naps rule.
|
# ¿ Feb 20, 2024 22:13 |
|
|
# ¿ May 9, 2024 01:40 |
|
Nomnom Cookie posted:ip route add 192.168.0.0/24 fast-nic lol ok im done youre right you win jesus gently caress goddamn
|
# ¿ Feb 21, 2024 01:01 |