15 Dec
2014
15 Dec
'14
10:27 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cau,
jj, vim o tom, ze to tam chybi, bylo to v TODO na "nekdy priste", ale
jelikoz koukam, ze RouterOS na tech vecech uz pozastarava,
popremejslim o updatu a ze uz tohle konecne sfouknu.
Tak jako tak budeme muset updatnout i jadro, jelikoz na tomhle zas uz
nebezi novejsi systemd (Lennart, thank you!) + dalsi veci jsou konecne
poopravovany.
Nicmene dam tomu asi pres Vanoce cas na testovani, budu si hrat s
shiny new QA, ktery uz konecne mam konkretnejsi predstavu, jak to udelat.
All in all, je to ve fronte pozadavku, diky za report + reseni.
/snajpa
On 12/15/2014 01:37 PM, Stanislav Petr wrote:
Cau,
behem aktualniho vypadku node5.prg jsem si vsimnul ze doslo k
zaloopovani routingu:
7 78.102.13.33.static.b2b.upcbusiness.cz (78.102.13.33) 18.345 ms
15.667 ms 11.257 ms 8 cz-prg01a-ra4-vla2119.net.upc.cz
(84.116.221.78) 9.942 ms 10.872 ms 10.674 ms 9 213.46.172.222
(213.46.172.222) 12.096 ms 213.46.180.18 (213.46.180.18) 11.938
ms 213.46.172.229 (213.46.172.229) 12.523 ms 10
cz-prg-asbr1-te0-0-0-5.dialtelecom.cz (82.119.252.105) 12.487 ms
14.653 ms 14.992 ms 11 master-gw.dialtelecom.cz (212.24.145.50)
14.333 ms 14.180 ms 14.004 ms 12
praha-4d-c1-vl260.masterinter.net (81.31.39.82) 23.238 ms 55.936
ms 62.881 ms 13 praha-4d-c1-vl128-vpsfree.masterinter.net
(81.31.40.98) 34.070 ms 34.065 ms 34.029 ms 14
praha-4d-c1-vl128.masterinter.net (81.31.40.97) 65.664 ms 68.594
ms 48.617 ms 15 praha-4d-c1-vl128-vpsfree.masterinter.net
(81.31.40.98) 11.639 ms 15.290 ms 15.274 ms 16
praha-4d-c1-vl128.masterinter.net (81.31.40.97) 48.856 ms 48.797
ms 48.378 ms 17 praha-4d-c1-vl128-vpsfree.masterinter.net
(81.31.40.98) 16.499 ms 16.440 ms 24.008 ms 18
praha-4d-c1-vl128.masterinter.net (81.31.40.97) 42.477 ms 42.921
ms 42.380 ms 19 * * * 20 praha-4d-c1-vl128.masterinter.net
(81.31.40.97) 40.163 ms 36.560 ms 36.508 ms 21 *
praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98) 13.699 ms
9.331 ms 22 praha-4d-c1-vl128.masterinter.net (81.31.40.97)
146.441 ms 140.939 ms 129.520 ms 23
praha-4d-c1-vl128-vpsfree.masterinter.net (81.31.40.98) 15.748 ms
13.014 ms * 24 praha-4d-c1-vl128.masterinter.net (81.31.40.97)
120.222 ms 120.864 ms 120.865 ms
Predpokladam proto, ze jednotlive servery oznamuji kadresy OpenVZ
kontejneru dynamicky (asi OSPF). Tady bych si ale dovolil
navrhnout jednu upravu - na router vpsfree by to chtelo pridat
routu na rozsahy ze kterych jsou propagovany jednolive VPS jako
blackhole (a pro jistotu jeste s vetsi metrikou), tak aby ve chvili
kdy vypadne routa ke konkretniu VPS zacal router pakety zahazovat
misto posilani ven default routou. Protoze pokud by k padu serveru
doslo v dusledku DDoS utoku, stavajici nastaveni by monutnost utoku
jeste znasobilo (zbyvajici TTL/2*pocet paketu).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iF4EAREIAAYFAlSPYGsACgkQMBKdi9lkZ6oLZAEAr/QTmERISyV4kR8OGYNXNVfs
87g+Tf9I6g/DJ0taGG0A/0AHe/7LTY/F272qUwdeK2Nm2qPZaiZve1JZYtX2Mu8g
=62hT
-----END PGP SIGNATURE-----