Home Page reload Search in this channel... Punch card Raw Text (irssi format) Fork on github switch to admin mode
Jump to...
redirecting...

Log for 電訊台

am 08:28:19
Stefan | ᕕ(◠ڼ◠)ᕗ
Birmingham破產😳
am 08:29:14
8000rpm 2km/h car
日落國不意外
am 08:29:16
Stefan | ᕕ(◠ڼ◠)ᕗ
不過呢啲類似大陸嘅二線城市破產應該無乜嘢
am 08:30:26
8000rpm 2km/h car
[photo](media:AgACAgUAAx0CT0ncdwABAwhtZPfIIkltDh2Dtx5HuFM5W6068rwAAqu0MRtTPsBXCkUpeMOZvYgBAAMCAANzAAMwBA@telegram)
am 09:31:57
Stefan | ᕕ(◠ڼ◠)ᕗ
https://www.theregister.com/2023/09/05/birmingham_city_council_oracle/
oracle又贏
pm 01:03:19
Stefan | ᕕ(◠ڼ◠)ᕗ
https://baturin.org/tools/encapcalc/?protocols=Ethernet,IPv4,UDP,VXLAN,IPv4
呢個係ip over vxlan over ip嘅packet size 有無計錯
pm 01:03:31
Stefan | ᕕ(◠ڼ◠)ᕗ
https://baturin.org/tools/encapcalc/?protocols=Ethernet,IPv4,IPv4,IPv4
呢個係ipip
pm 01:04:12
Licson Lee
ipip 笠兩次渣
pm 01:04:26
Stefan | ᕕ(◠ڼ◠)ᕗ
icic
pm 01:04:42
Stefan | ᕕ(◠ڼ◠)ᕗ
https://baturin.org/tools/encapcalc/?protocols=Ethernet,IPv4,VXLAN,IPv4
所以呢個係ip/vxlan/ip
pm 01:04:45
Licson Lee
vxlan 係 eth ip udp vxlan [original Ethernet frame]
pm 01:05:42
Licson Lee
eth ip udp vxlan [eth ip]
pm 01:05:44
Stefan | ᕕ(◠ڼ◠)ᕗ
個calculator嘅vxlan已經有udp packet計算在內
pm 01:05:57
Stefan | ᕕ(◠ڼ◠)ᕗ
https://baturin.org/tools/encapcalc/?protocols=Ethernet,IPv4,VXLAN,Ethernet,IPv4
所以應該係呢個
pm 01:06:33
Stefan | ᕕ(◠ڼ◠)ᕗ
1416 vs 1446
相差30 bytes per packet🤔
pm 01:06:53
Stefan | ᕕ(◠ڼ◠)ᕗ
不過我唔知點解我個ipip穿唔到我個firewall
pm 01:07:05
Stefan | ᕕ(◠ڼ◠)ᕗ
睇嚟ipip唔可以behind nat
pm 01:08:22
Licson Lee
可以
pm 01:08:55
Licson Lee
但係你要 match ip protocol 4
pm 01:09:13
Licson Lee
之後 forward 比 nat 後面個 host
pm 01:09:25
Licson Lee
match 唔到嘅話,幫唔到你,佢唔支援
pm 02:10:28
Stefan | ᕕ(◠ڼ◠)ᕗ
https://en.wikipedia.org/wiki/B.A.T.M.A.N.
wow
pm 02:15:16
Licson Lee
日本仔用 SRv6 嚟做
pm 02:15:33
Licson Lee
Segment Routing 有大廠 support
pm 02:15:39
Licson Lee
feasible 啲
pm 02:16:45
Licson Lee
SR 係 stateless 嘅,所以每個 node 都唔使特登 maintain 一份 routing table
pm 02:17:13
Licson Lee
SR 會將所有 routing information 塞落 label 到
pm 03:08:45
Stefan | ᕕ(◠ڼ◠)ᕗ
如果我想要l2 over full mesh l3呢
pm 03:28:23
Stefan | ᕕ(◠ڼ◠)ᕗ
原來叫EVPN...
pm 03:39:43
Licson Lee
evpn 有兩隻味道
pm 03:39:51
Licson Lee
一隻叫 vxlan evpn
pm 03:39:56
Licson Lee
一隻叫 mpls evpn
pm 03:40:11
Licson Lee
evpn 係個 control plane 來
pm 03:40:19
Licson Lee
vxlan / mpls 先係搬運工
pm 06:03:33
Licson Lee
segment routing evpn
pm 06:03:35
Licson Lee
[sticker](media:AAMCAgADHQJPSdx3AAEDCI1k-E53igN0kfUfe6wKPvV77NfI3wACaAADwZxgDIwln_N90TCxAQAHbQADMAQ@telegram)
pm 06:04:04
Licson Lee
係咪好亂
pm 06:18:27
Stefan | ᕕ(◠ڼ◠)ᕗ
...我都係evpn over bgp over wireguard算
pm 06:18:39
Stefan | ᕕ(◠ڼ◠)ᕗ
係唔知點處理mesh routing好
pm 06:18:48
Stefan | ᕕ(◠ڼ◠)ᕗ
因為有啲node係behind nat
pm 06:19:11
Licson Lee
其實可以唔使over wireguard
pm 06:19:21
Licson Lee
vxlan 自己本身都係一種 tunnel
pm 06:19:27
Licson Lee
你笠兩層冇著數
pm 06:19:30
fs
有無tutorial
pm 06:19:42
Stefan | ᕕ(◠ڼ◠)ᕗ
係 但問題係l2tp冇得full mesh
pm 06:20:30
Stefan | ᕕ(◠ڼ◠)ᕗ
自己手動起n條vxlan tunnel然後用evpn over bgp接駁咩
pm 06:20:39
Licson Lee
pm 06:20:43
Licson Lee
https://youtu.be/UZR0K6N1lAE?si=Ze12PvrGIAWtwMmY
pm 06:20:50
Licson Lee
唔使
pm 06:20:52
fs
SR呢
pm 06:21:04
fs
個名幾得意
pm 06:21:24
Licson Lee
evpn 就係用 bgp 做咗 discovery 同埋 signalling
pm 06:21:49
Stefan | ᕕ(◠ڼ◠)ᕗ
我反而想知evpn點處理nat
pm 06:22:06
Stefan | ᕕ(◠ڼ◠)ᕗ
最起碼linux我冇揾到文件
pm 06:22:20
Licson Lee
因為 linux 嘅 evpn implementation 唔完整
pm 06:22:23
Licson Lee
差唔少嘢
pm 06:22:52
Licson Lee
同埋 evpn 只係處理咗 ethernet mesh 阿 mobility 呢啲問題
pm 06:23:13
Licson Lee
你搵隻 nat router 塞入 evpn l2 裡面就得
pm 06:23:58
Stefan | ᕕ(◠ڼ◠)ᕗ
但係relation唔會反轉咩
pm 06:24:48
Licson Lee
等陣畫個圖解釋下
pm 06:24:56
Licson Lee
我都用咗唔少時間先明
pm 06:34:05
Stefan | ᕕ(◠ڼ◠)ᕗ
我呢家其實就係差揾個方法每個node都register一個vxlan endpoint 然後所有peer之間做hub and spoke
pm 06:34:37
Stefan | ᕕ(◠ڼ◠)ᕗ
其實就係tailscale/zerotier 不過我想要layer 2
pm 06:35:38
Stefan | ᕕ(◠ڼ◠)ᕗ
單純evpn over bgp唔夠
pm 06:40:42
Licson Lee
vxlan endpoint 有名
pm 06:40:46
Licson Lee
叫 VTEP
pm 06:41:17
Licson Lee
evpn 點可能唔夠
pm 06:41:26
Licson Lee
人哋已經幫你諗好晒
pm 06:41:48
Licson Lee
大廠班友仔幫我哋諗埋點樣 dci 點樣跨地域啦
pm 06:41:51
Stefan | ᕕ(◠ڼ◠)ᕗ
正正就係因為我有nat 如果我所有node都有static ip就乜都唔駛搞
pm 06:42:04
Licson Lee
有 EVPN Multi-site
pm 06:44:47
Stefan | ᕕ(◠ڼ◠)ᕗ
應該冇得failover? 例如我node 1 to node 2嘅internet connection突然斷咗 但node 3仲可以連去node 2
node 1應該唔會自動failover route去node 3再連去node2?
pm 06:44:59
Licson Lee
pm 06:45:04
Licson Lee
bgp 會斷開架嗎
pm 06:47:04
Stefan | ᕕ(◠ڼ◠)ᕗ
咁又係🤔
pm 06:47:34
Stefan | ᕕ(◠ڼ◠)ᕗ
我睇下點自動搞vxlan peering先
pm 06:48:14
Licson Lee
evpn
pm 06:48:54
Licson Lee
不過你小心 vxlan 做 broadcast 嘅時候
pm 06:49:17
Licson Lee
一種叫 head end replication,一種叫 multicast routing
pm 06:49:29
Licson Lee
multicast 過唔到internet 嘅
pm 06:54:14
Stefan | ᕕ(◠ڼ◠)ᕗ
i see
pm 06:55:04
Stefan | ᕕ(◠ڼ◠)ᕗ
其實我係為咗 為咗係其他server現有嘅幾隻ip 攞去畀我homelab嘅k8s load balancer用
pm 06:58:57
Stefan | ᕕ(◠ڼ◠)ᕗ
實際上我已經用wireguard + bgp做到部分 但係做唔到ha
pm 07:25:17
Stefan | ᕕ(◠ڼ◠)ᕗ
hmmmm
pm 07:25:32
Stefan | ᕕ(◠ڼ◠)ᕗ
睇嚟我揾到vxlan同wireguard混合嘅方式了
pm 07:30:09
Licson Lee
好容易
pm 07:31:16
Licson Lee
你而家的機有沒 loopback address 架
pm 07:31:33
Licson Lee
lo0 上面要加 ip address 先
pm 07:32:28
Stefan | ᕕ(◠ڼ◠)ᕗ
yes 我個wireguard可以隨便穿牆
vxlan嘅allocation都好容易
ip link add vxlan100 type vxlan \
  id 100 \
  dstport 9999 \
  dev vmbr0 \
  local <wg address 1>

bridge fdb append 00:00:00:00:00:00 dev vxlan100 dst <wg address 2>
bridge fdb append 00:00:00:00:00:00 dev vxlan100 dst <wg address 3>
ip addr add 123.123.123.1/24 dev vxlan100
ip link set vxlan100 up


我頭先諗嘅問題就係想bypass wireguard layer直接係raw行
pm 07:32:53
Licson Lee
唔好直接用 wireguard address
pm 07:33:16
Licson Lee
要係loopback address 行一浸 igp 先
pm 07:34:11
Stefan | ᕕ(◠ڼ◠)ᕗ
ok嘅 頭先個experiment試過下都唔駛了
pm 07:34:57
Stefan | ᕕ(◠ڼ◠)ᕗ
基本嘅connectivity都ok 剩低係routing resolution
pm 07:35:13
Licson Lee
你冇 igp 點 ha
pm 07:35:39
Licson Lee
你就係因為冇 igp 同 loopback 所以 wireguard 斷咗會出事
pm 07:35:58
Stefan | ᕕ(◠ڼ◠)ᕗ
i see
pm 07:36:05
Licson Lee
同埋用咗 evpn 可以唔使自己開 vxlan tunnel
pm 07:36:10
Licson Lee
裝個 frr 先
pm 07:36:36
Stefan | ᕕ(◠ڼ◠)ᕗ
係咪照用wireguard做peering
pm 07:36:53
Licson Lee
係,但係要用 loopback address
pm 07:37:06
Stefan | ᕕ(◠ڼ◠)ᕗ
i see
pm 07:37:17
Licson Lee
你首先 wireguard set 好 ip
pm 07:37:18
Stefan | ᕕ(◠ڼ◠)ᕗ
可惜ipv6個link local唔用得
pm 07:37:46
Licson Lee
用例如 ospf 呢啲 igp 打通晒咁多部機的 loopback 先
pm 07:38:37
Licson Lee
之後就算 wireguard 斷咗,ospf 幫你重新計路,你 ping 對家個 loopback 應該會繼續通只係 routing 唔同咗
pm 07:39:02
Licson Lee
你 on top of 呢個基礎再做 ibgp 同 vxlan evpn 嘅
pm 07:40:43
Stefan | ᕕ(◠ڼ◠)ᕗ
thanks 睇嚟我頭先個planning跳咗ospf呢到
pm 07:41:46
Licson Lee
唔一定要 ospf
pm 07:41:52
Licson Lee
其他都得
pm 07:42:03
Licson Lee
rip eigrp babel 呢啲都得
pm 07:42:55
Licson Lee
不過有啲 routing protocol 例如 isis 因為係 layer 2 所以過唔到 tunnel
pm 07:43:17
Licson Lee
ospf 可以過嘅
pm 07:43:57
Licson Lee
記得 specify network point-to-point,會 converge 快少少 skip 咗 dr/bdr election
pm 07:53:55
Stefan | ᕕ(◠ڼ◠)ᕗ
hmm 如果用foo over udp + ipip嘅話 應該可以replace走wireguard
pm 07:54:50
Stefan | ᕕ(◠ڼ◠)ᕗ
不過缺點係要加一大堆interface 但係你wireguard full mesh點都要
pm 08:06:34
Stefan | ᕕ(◠ڼ◠)ᕗ
oh
pm 08:06:35
Stefan | ᕕ(◠ڼ◠)ᕗ
what about gre
pm 08:27:01
Licson Lee
一樣嘅
pm 08:27:16
Stefan | ᕕ(◠ڼ◠)ᕗ
yep
pm 08:27:51
Stefan | ᕕ(◠ڼ◠)ᕗ
ip fou + gretap 幾成功
pm 08:47:03
Stefan | ᕕ(◠ڼ◠)ᕗ
mGRE又係點set...
pm 08:51:33
Licson Lee
普通 gre 就得
pm 08:51:49
Licson Lee
你 vxlan 直接用 headend replication 咪唔使 multicast
pm 08:52:51
Licson Lee
做完第一次 flood 之後 evpn 會有 type 2 route 架啦
pm 08:53:31
Licson Lee
可以做埋 arp supression 不過唔知 linux 有冇
pm 08:59:50
Class 168 Clubman 🚂 壽司郎 (Taskmaster)
《華爾街日報》引述消息人士指,過去數周有高級政府官員約見旗下員工,禁止他們在工作期間使用或攜帶iPhone等外國品牌設備,目的是減少對外國科技的依賴以及保障網絡安全。
pm 11:35:58
Stefan | ᕕ(◠ڼ◠)ᕗ
https://wiki.freifunk.net/images/e/e1/Batman-adv-scalability.pdf
batman-adv + fastd l2tp mode...seems just works
pm 11:36:26
Stefan | ᕕ(◠ڼ◠)ᕗ
但係唔知點解iperf3性能比raw ip connect差得遠
created by mmis1000 and release under MIT License
GitHub Repo