Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sun May 01, 2005 1:30 am 
Offline
Junior Member
User avatar

Joined: Sun May 01, 2005 1:23 am
Posts: 31
Website: http://www.taupehat.com
Yahoo Messenger: pleasesendspamtothisaddess
Well, here goes. After reducing my beautiful, prisine debian small linode into a pile of gelatinous slag, I thought I'd post my own stupidity here in order to:
    a) Warn others off from my own foolish course of action
    b) Entice others to post here and do the same
    c) Laugh at the above
    d) ...
    e) Profit!

Well, ok, maybe I'm being a bit optimistic, especially toward the end there, but I do hope you all have fun reading and posting to this thread.

Cheers.


Top
   
 Post subject:
PostPosted: Sun May 01, 2005 1:42 am 
Offline
Junior Member
User avatar

Joined: Sun May 01, 2005 1:23 am
Posts: 31
Website: http://www.taupehat.com
Yahoo Messenger: pleasesendspamtothisaddess
OK, so here's my screwup. To begin with, a little background...

I've got a linode 64, and have been totally impressed with the service and the level of support I've recieved for it.</asskissing> Anyhow, I wanted to setup an iCal server for my personal needs, as well as a groupware solution for various projects I'm collaborating on. A bit of research showed me that my best bet would be to go with open-xchange, which is essentially Novell's groupware server. Very cool, very powerful, and it rocks. Seriously. Naturally, this was the thing to install on my 64.

Riiiiight....

Following along with the instructions for Debian Sarge, which incidentally happens to be the first set of instructions on the howto, I almost immediately ran into trouble. See, open-xchange relies heavily upon Java. Well, you know Java. If there's one thing it isn't, it's efficient. So installing Java meant running out of IO tickets, which then meant I got to learn what IO tickets are, and why I don't want to run out of them. You gotta love software that has a piggy, inefficient installer. Did not bode well.

Then there was getting Tomcat working. I did. But not without pain. Ant, postgresql, yadda yadda. Got it all going. Finally, after many false starts and re-going over the documentation, got the whole schmere running!

And then started getting timeouts on the client side. Lots of them. So I looked again at /proc/io_status, and guess what? Open-xchange, just running idle, chews through 500 tickets per second! Which means if I average more than 12 tickets per second beyond that (which means actually using open-xchange, or perhaps having people send me email, or visit my webpage), I'd be out of tickets quickly, and I was.

To top it all off, well, I'll quote from the install docs:
Quote:
... the bad news is that it seems to be "read-only"

Moral of the story? Friends don't let friends install enterprise web applications on a Linode/64.


Top
   
PostPosted: Mon May 09, 2005 2:53 pm 
Offline
Senior Member

Joined: Sat Jun 28, 2003 12:02 am
Posts: 66
Website: http://kenny.aust.in
Shortly after I got my linode I decided to disable the dhcp client on my linode. I somehow got the ip address of my linode and its gateway reversed and knocked host2 offline around 1am on a Saturday.

To Caker's credit (and my surpise) he got notification of it and had it back up in twenty minutes.

- kenny


Top
   
 Post subject:
PostPosted: Mon May 09, 2005 3:03 pm 
Offline
Senior Member
User avatar

Joined: Sun Feb 08, 2004 7:18 pm
Posts: 562
Location: Austin
Now that's funny. You found a way to screw up a whole host!


Top
   
 Post subject:
PostPosted: Mon May 09, 2005 4:51 pm 
Offline
Senior Member

Joined: Fri Feb 13, 2004 11:30 am
Posts: 140
Location: England, UK
I thought UML was supposed to be able to stop client virtualisations from binding to any old IP on the host?


Top
   
 Post subject:
PostPosted: Mon May 09, 2005 5:03 pm 
Offline
Senior Member

Joined: Sat Jun 28, 2003 12:02 am
Posts: 66
Website: http://kenny.aust.in
Ciaran wrote:
I thought UML was supposed to be able to stop client virtualisations from binding to any old IP on the host?

This happened sometime summer~fall of 2003. From talking to Chris afterwards, he was surprised that it even happened and said he fixed the problem so clients couldn't jack-up the host's routing tables (or something to that effect).

kenny


Top
   
 Post subject:
PostPosted: Mon May 09, 2005 5:34 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
That was a good one, indeed...

It had to do with allowing a node to respond to ARP requests for IPs it didn't own. Suddenly, the switch and other Linodes saw Kenny's Linode as the gateway :) It was fixed after discovering the problem (lots ot tcpdump time involved).

I went to great lengths to filter layer 2 and layer3 traffic -- not only to protect each Linode, but to protect the integrity of the Linode network as a whole. I doubt other providers have such thorough protection in place.

-Chris


Top
   
 Post subject:
PostPosted: Mon May 09, 2005 7:15 pm 
Offline
Senior Member

Joined: Fri Feb 13, 2004 11:30 am
Posts: 140
Location: England, UK
Ooo, dangerous situation. If, back then, somebody set up their own transparent proxying service and did that trick, he'd be able to use tcpdump on the machine to sniff all the Linodes' traffic on that host? Scary. I guess they'd find themselves without an account PDQ thouogh. :D


Top
   
 Post subject:
PostPosted: Mon May 09, 2005 8:35 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Ciaran wrote:
Ooo, dangerous situation. If, back then, somebody set up their own transparent proxying service and did that trick, he'd be able to use tcpdump on the machine to sniff all the Linodes' traffic on that host? Scary. I guess they'd find themselves without an account PDQ thouogh. :D

That was never possible -- we've always filtered layer 3 traffic to and from each Linode that didn't match IPs they've owned.

-Chris


Top
   
 Post subject:
PostPosted: Tue May 10, 2005 6:12 am 
Offline
Senior Member

Joined: Fri Feb 13, 2004 11:30 am
Posts: 140
Location: England, UK
Ah, cool. Okay then, thanks. :D


Top
   
PostPosted: Thu May 12, 2005 5:35 pm 
Offline
Junior Member

Joined: Fri Mar 18, 2005 11:04 pm
Posts: 32
AOL: surferdude18213
Location: the ssh window
kenny wrote:
Shortly after I got my linode I decided to disable the dhcp client on my linode. I somehow got the ip address of my linode and its gateway reversed and knocked host2 offline around 1am on a Saturday.

To Caker's credit (and my surpise) he got notification of it and had it back up in twenty minutes.

- kenny


Haha... Nice. 8)

Closest thing I have done (recent) is let 4 ircd's run on my linode at the same time when I only have 42gb of bandwith. I logged into the LPM just to check on things and I see that i have gone through nearly 90 percent of my bandwith in a matter of 2 weeks. I had to log into lish and block all traffic on port 6667 to avoid being charged an exorbitant fee for more bandwith

_________________
-- Surferdude


Last edited by surferdude on Thu May 12, 2005 6:40 pm, edited 1 time in total.

Top
   
 Post subject:
PostPosted: Thu May 12, 2005 6:02 pm 
Offline
Junior Member

Joined: Sat May 07, 2005 3:45 am
Posts: 35
Yahoo Messenger: funksolution
Location: DFW Texas
:shock:

That's alot of bandwidth. Were those servers part of another IRC network?

-Brian


Top
   
 Post subject:
PostPosted: Thu May 12, 2005 6:38 pm 
Offline
Junior Member

Joined: Fri Mar 18, 2005 11:04 pm
Posts: 32
AOL: surferdude18213
Location: the ssh window
I believe so, Because when I ran netstat, it took about 5 miniutes to finish. When my bandwith is replenished, ill enable traffic again and see how things go.

_________________
-- Surferdude


Top
   
 Post subject:
PostPosted: Fri May 13, 2005 10:28 am 
Offline
Senior Member
User avatar

Joined: Fri Aug 15, 2003 2:15 pm
Posts: 111
Website: http://fubegra.net/
Yup, you have to keep an eagle eye on your transfer stats - the bandwidth available to you is huge. When I seed a BitTorrent, I'll set my outgoing transfer rate to (usually) about 500 kB/s and make a worst-case calulation on how long it will take to get to X gigabytes, and then set a reminder on my cell phone to check up on how much has really been transferred.

Of course, if you're seeding a torrent, you should use an ext2 filesystem for the seed, otherwise, the I/O limiter will kill you. There's a lot of overhead involved in ext3 journalling.

Any other I/O instensive operations might also benefit from ext2, but you need to balance the better I/O performance against the need to run fsck on an unscheduled reboot.

EDIT: It is also possible to mount (or remount) an ext3 filesystem as ext2 temporarily.

_________________
Bus error (passengers dumped)


Top
   
 Post subject:
PostPosted: Mon May 30, 2005 6:50 am 
Offline
Junior Member

Joined: Sun Mar 13, 2005 4:42 am
Posts: 40
Yes, but I think they'll be even more overhead like that.
Correct me if I'm wrong.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group