[07:39:58] thanks for the deep dive ! [08:34:43] thx :D [09:46:42] missed the rest of the discussion yesterday [09:48:49] I'd been looking at this this morning, and yeah MSS should only be there when the SYN flag is set [09:48:53] SYN + RST is invalid [09:49:30] what had caused me some confusion was the typical iptables command you see like this: [09:49:36] -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss XXXX [09:50:10] as it turns out the "tcp-flags" directive takes two parameters, the first a list of flags that, when set, the action should apply to [09:50:22] the second, a list of flags that when set should NOT have it applied [09:50:34] so that basically says "do this for everything with SYN flag set" [09:50:50] but also "don't do it if SYN and RST are set" - but this latter example is an invalid packet anyway [09:52:45] also - MSS field is not present in packets without SYN flag - from looking at pcaps anyway [09:59:47] actually I think my explanation of the 'tcp flags' isn't right so maybe ignore me :) [10:36:16] 10netops, 10Infrastructure-Foundations, 10SRE: Add BGP to protocols contributing to aggregates - https://phabricator.wikimedia.org/T351456 (10cmooney) 05Open→03Resolved a:03cmooney [12:41:38] 10netops, 10Ganeti, 10Infrastructure-Foundations, 10SRE, 10Patch-For-Review: Investigate Ganeti in routed mode - https://phabricator.wikimedia.org/T300152 (10ayounsi) Cluster and cluster group created in Netbox : https://netbox.wikimedia.org/virtualization/cluster-groups/71/ Next (on Monday?) merge the... [13:23:43] 10netops, 10Infrastructure-Foundations, 10SRE, 10ops-codfw: Migrate hosts from codfw row A/B ASW to new LSW devices - https://phabricator.wikimedia.org/T355544 (10cmooney) [13:24:29] 10netops, 10Data-Persistence, 10Infrastructure-Foundations, 10SRE, 10ops-codfw: Migrate servers in codfw rack B5 from asw-b5-codfw to lsw1-b5-codfw - https://phabricator.wikimedia.org/T355549 (10cmooney) 05Open→03Resolved a:03cmooney All done, things working well on the new switches / EVPN vlans :) [17:00:23] 10Acme-chief, 10Traffic, 10Patch-For-Review: Create automation for registered MarkMonitor DNS and acme-chief/ncredir - https://phabricator.wikimedia.org/T355189 (10CodeReviewBot) brett merged https://gitlab.wikimedia.org/repos/sre/ncmonitor/-/merge_requests/3 Add configuration, user-supplied conf file/path [18:08:39] sukhe I added you as a reviewer on https://gerrit.wikimedia.org/r/c/operations/puppet/+/992748 if you have time. It can definitely wait until next wk, just didn't want to launch a new discovery svc w/out someone in traffic having a look [18:12:17] inflatador: thanks, will look! [18:15:56] {◕ ◡ ◕}