« hitch a ride downtown

Amator Profesionist

posts tagged 'IPv6'

Note de subsol, scrise de Skee.

fractal

January 25

sysadmin
geek
ipv6
tech

Overused services on abused servers

Things I’ve learned while running a public BitTorrent tracker that handles about 66k torrents and, on average, about 70k peers. On a 7 year old desktop machine turned server, nonetheless.

Load averages can get up to the high three hundreds, heh:

19:22:59 up 11 days,  1:56,  1 user,  load average: 380.23, 384.55, 292.47

Once you’ve reached a critical efficiency level in software, the hardware will screw you over: went from handling 15-20 requests/sec via a PHP and flat-file based tracker (lighttpd + fastcgi + php-cgi) to handling around 200 reqs/sec and 600 live connections at any moment with xbtt reverse proxied from lighttpd. But the line was so saturated that I was seeing latencies of 16-20s on connections. And when you’re running on 256 MBs of RAM, … well, welcome to swap hell.

Although never explicitly mentioned anywhere, lighttpd can use the source IP as a parameter in a rewrite. It’s just a question of doing the rewrite inside a regex IP address conditional:

$HTTP["remoteip"] =~ "(.*)" {

    url.rewrite-once = ( "\/target\?(.*)$" => "/target?ip=%1&$1" )

}

The %1 parameter is the match of the $HTTP[“remoteip”] check, while the $1 parameter is the match of the rewrite check itself. So you can basically reproduce nginx’s $remote_addr in rewrites, and then use it for reverse proxying, thus passing the original IP to the target webserver as a GET parameter, not just as a header.

Unless IPv6 is enabled. Because apparently if it is, you can’t just do matching against $HTTP[“remoteip”], probably because IPs show up as v4-mapped IPv6s (::ffff:127.0.0.1). And as I’m an IPv6 enthusiast, that’s a no-no.

Consumer-grade routers suck. I’ve been blaming that NetGear router for a while for dropping connections like mad. How is it that a shitty 7 year old system with a load in the hundreds which actually processes requests can still handle more connections than a one year old router?! And it isn’t exactly one of the cheap ones either.

Praise be to lighttpd! Quirky, buggy software, might exchange it for nginx one day. But for now, it’s everything I need and keeps everything running smooth.

And in the end, when all was said and done, I decided that running a BitTorrent tracker is too much hassle for no reward whatsoever, I’ve already gleaned all the knowledge I could from this experience and I had simply become bored with it. So I just CNAMEd tracker.token.ro to tracker.publicbt.com - let them handle all those thousands of peers! That’s what they’re there for.

March 13

tech
opinion
geek
sysadmin
IPv6

emergent online technologies!

So recently I’ve been earning myself a couple of techie/geek badges with token.ro, as it now supports/implements a bunch of next-gen technologies and ideas. Some are useful, others are implemented just because I could.

  • IPv6 support
    The site has been fully IPv6 enabled for a few months. I’ve got a httpd listening on an IPv6 address, AAAA records in my nameservers, which are IPv6-accessible themselves *and* have IPv6 glue at the ccTLD authority. Only 3 of the 6 root nameservers for .ro are IPv6 enabled, but we’re getting there.
  • SPF and DKIM for email
    I’m now publishing strict SPF records and a DomainKey. All outgoing emails from this domain are signed with DKIM, all incoming+forwarded emails go thru SRS to prevent any SPF breakage. Take that, spam!
  • OpenID
    This one isn’t exactly new: this domain is also my OpenID, via delegation to the provider of my choice (currently idproxy.net). The advantages of OpenID are numerous, the advantage of using your own site as your OpenID is that you’re not tied to any one provider - provider delegations are easily changed.
  • FOAF
    So I got into the whole semantic web craze and published my FOAF description. Basically, FOAF is a means of creating a distributed social network, with each participant retaining full control over the data made public (as the FOAF description is just an XML file published on your website).
  • microID signatures
    The entire site (including this blog) has been signed with my microID. Not extremely useful (with microID, the possibility of verification implies the possibility of spoofing), but I liked the concept. Added bonus: claimid now recognizes me as the author of my own website, isn’t that awesome? And, well, I like microformats.
  • CDN delivery
    As a tiny experiment, this tumblelog’s static content is now served via the Coral Content Distribution Network. I don’t expect speed improvements, I just want to see how it… feels. I’m thinking of deploying my own CDN for the whole domain, seeing as how I have access to servers on multiple continents. And deploying a CDN with GeoScaling, my DNS provider, would be a breeze.

Next up on the list? Probably a hosted XMPP+SIP solution, some LOC records for the domain, putting my SSL cert to good use by enabling HTTPS and whatever else will pique my interest.

February 16

networking
ipv6
geek
certification

IPv6 certification

IPv6 Certification Badge for skee

Mi-am luat într-un final certificarea maximă (adică Sage) pentru IPv6 de la he.net \o/. Thanks to Smarty şi soluţia lui de advanced hosted DNS services, că am putut să folosesc nameserverele geoscaling (care au suport IPv6) sub subdomeniile mele, încât să se transmită glue (A şi AAAA) de la RoTLD.

usefulness += 0;

geek_cred++;