<BlessJah>
gchristensen: check out rule-based routing with per-source rules
<BlessJah>
I wonder if policies and multiple route tables are widely known
<BlessJah>
also, cransom ^
<cransom>
i widely know them, but i find if you find that if you ever strike up a conversation with someone who's adminned a server and ask them if they've ever routed or used route tables, their eyes glaze over and they disappear.
<cransom>
wow. the english processor there failed.
<BlessJah>
cransom: I've managed to admin for years without being aware of tables
<BlessJah>
also gchristensen was surprised that routers gonna route ;)
<cransom>
yep. you likely also had network administrators who were content with using vrrpd or other proprietary shared ip network failover stuff for your default gateway
<BlessJah>
it all depends on where you decide to draw "it's magic and unicorns beyond this point" line
<BlessJah>
when you have routers routing all admin needs to know is where to find said router
<gchristensen>
oh cool
<gchristensen>
thanks, BlessJah :)
<BlessJah>
it took me way to long to learn about policies and tables, and it was by pure accident
<gchristensen>
I'm surprised the router routed b/c I feel I had to painstaking describe everything else it does and I didn't have to describe that
<BlessJah>
that's shortcoming of organic way of learning I guess, you don't learn things you never had to use
<BlessJah>
I'm sure that you could abuse machines that have forwarding enabled but are not intented as routers
<cransom>
it's not interesting though if the machines only have one interface
<BlessJah>
virtualbox, docker, libvirt, lxc all tend to create NATs
<BlessJah>
anything wrong with VRRP?
<cransom>
but routing is still useful even if not forwarding. say you have 2 networks a machine is on and a load balancer can send you traffic on each. you always want to respond to traffic out the network it came in on and any traffic you make shoudl go out a working network. ospf/bgp there and you have a super flexible mechanism to take an entire network down for maintenance and nothing notices
<cransom>
docker/vbox/etc do create nats, though i don't thin i've seen an implementation that would nat traffic for an interface it didn't create
<cransom>
i consider the active/passive side of vrrp to be a downside.
<BlessJah>
something anycast-ish? nothing stops you from loadbalancing several virtual ips
<cransom>
active/passive means you paid money for one device to sit and do nothing other than 'be ready for something' and in the mean time, you may not know if when that something happens, if it will take over.
<BlessJah>
I'd say that you want passive so you wouldn't run out of capacity when active dies, better from capacity planning point of view
<BlessJah>
but that's hard to defend
* BlessJah
mumbling something about vertical and horizontal scaling
<cransom>
yes, capacity management requires monitoring. if you are loading up either device more than 50% in an active/active setup under normal stress conditions, thats bad. but if you happened to get slashdotted (do the kids to say that?) out of the blue, being able to use the capacity for your rainy day just worked out well
<cransom>
*kids still say that, that is
<BlessJah>
I think it's something about reddit now
<cransom>
i haven't started rinking today, i'll say thats my typing problem.
<BlessJah>
shaky hands?
<cransom>
i suppose 'reddit front paged' is probably far more gruesome now than slashdot probably was.
<cransom>
yeah. i'm not sure how i inherited the crochetyness of someone twice my age
<gchristensen>
probably unix taught you that
<gchristensen>
comptuers in general
<BlessJah>
computer-illiterate people
<BlessJah>
it's half as bad when it's illiterate user, I explain to devs that compile errors (clearly visible in logs) are problem with his code and not jenkins daily
<BlessJah>
I even got "works on my machine" excuse after introducing docker (devs idea to solve "works on my machine" problems)
* BlessJah
got grumpy
<cransom>
how about someone asking today 'is this how we log into this staging database?' and they paste a mysql command, which includes a "-p " in it. 'yep'. then they paste output where it prompts for a password and it returns access denied "(using password: NO)". did you enter a password? "oh, let me try that."
<BlessJah>
yep, same illiteracy and same kind of people