Fellow radio amateurs, I am writing to you on behalf of the ARDC TAC, which I represent.
Those of you that were on our Community Call last Saturday may remember that I promised you we would share our first proposal with the community. A few days after that, I am happy to send that to you for your review, feedback, comments, questions, and information!
You can find our 5-page PDF here: https://pdf.daknob.net/ardc/tac128.pdf <https://pdf.daknob.net/ardc/tac128.pdf>
The title is "ARDC 44.128/10 Allocation Proposal” and it briefly explains what we propose to do with the IPv4 space of ARDC. It is based on careful consideration, planning, and actual research[1] performed on the IP network and the Portal allocations.
Since the TAC does not have any authority on the IP (or any other) resources of ARDC, and we only have an advisory role, we end this document with a proposed resolution we intend to submit soon to the ARDC Board of Directors, where we urge them to vote and approve some key things required for us to be able to achieve what is described.
We believe that the TAC represents the community and the 44 Net users, so we created this document and post it here in advance, with the purpose of being able to answer your questions, collect your feedback, and hear from you. This is why we briefly explain the situation in about 4 pages, and then we end with the resolution we want the ARDC Board of Directors to approve.
I hope you like it, and I remain at your disposal for anything you may need.
Antonis
Links:
[1] - https://blog.daknob.net/mapping-44net/ <https://blog.daknob.net/mapping-44net/>
Hello,
just fyi: I was unsubscribed from the list since 2921-95-26 (where I received a last posting), without notice.
Over the past weeks I thought, it's so quiet - nice, everyone enjoys vacation ;)
Anyone else had this issue?
vy 73,
- Thomas dl9sau
Dear Mario,
> On 30 Jul 2021, at 17:11, Mario Lorenz <ml(a)vdazone.org> wrote:
>
> Dear Antonios,
>
> Am 30. Jul 2021, um 15:32:26 schrieb Antonios Chariton (daknob):
>
>> That’s what people want to do though. They want to use an amateur radio resource (44.0/10) to talk to people on the Internet that are not licensed. Normally in RF you use a ham radio frequency to only talk to radio amateurs. In the IP world, the src and dst can be different. People want to use an amateur radio resource to talk to a commercial resource, and a commercial resource to talk to a ham radio resource.
>
> Please define "people". Are these radio amateurs ? If so, why do you
> want to restrict communication with them ? What they have to say can go
> over amateur radio airwaves. If not, why are they in 44.(0). in the
> first place ? Here's the thing: If there are "people" that are not radio
> amateurs but want IP space for non amateur communication, they can go
> and get it somewhere else, and pay for the privilege.
> If that needs any TAC resolution to propose at ARDC,
> I think you would find much support on this list.
The first reference of people is hams, the second is non-hams. So this sentence becomes:
That’s what hams want to do though. Hams want to use an amateur radio resource (44.0/10) to talk to non-hams on the Internet (that are not licensed).
We do not want to restrict people on 44.0/10 and we want them to be able to speak to anyone on the Internet. Of course, ARDC here may have some policies against e.g. spam, piracy, etc. but that’s not relevant. They are responsible of figuring out though if their communication is legal.
The proposal simply puts all the people that want to talk to the Internet in 44.0/10 and leaves all the people that don’t want to talk to the Internet with a 44 address to 44.128/10.
>> These two networks can interconnect. EchoLink now bridges the Internet with the amateur radio spectrum. But we don’t use IP addresses on EchoLink, we use our callsigns, transmitted over IP packets. And similarly, when we do IP / Internet connectivity over amateur radio spectrum, we use IP addresses on top of callsigns.
>
> In which case you need to differentiate between amateur radio and third
> party traffic.
Indeed, yes. This is up to the operators of these services. We do not want to interfere with what they do and how.
>> We have collected minutes of meetings that we did as the TAC, and they capture a part of the total work that has been put through this. However, at this time, they are not public. Is there something specific that you’re looking for? I could help provide more information on that.
>
> As discussed before, the pdf statement contains contradictory, not
> sufficiently specific language. Your explanations, as given in your role
> as TAC speaker, appear to contradict the specific resolutions that
> TAC wants to propose to ARDC. The specific example being whether 44.0/9
> should be able to communicate with 44.128/10.
> I'd like to resolve this obvious misunderstanding by looking at primary sources.
To be clear: 44.0/9 *cannot* directly to 44.128/10 and 44.128/10 *cannot* talk directly to 44.0/9 under our proposal. I believe that this is what we include in the proposal text as well. For all intents and purposes, we treat 44.0/9 as any other IPv4 address on the Internet when we talk to it from the Intranet. The same way a 10/8 host cannot talk to 1.1.1.1 a 44.128/10 address cannot talk to 44.0.0.1. The operators of the networks will have to use NAT (like they do today), or they can also request a 44.0/10 space and do a 1:1 mapping of hosts, or anything else.
- You should never receive a packet in your 44.128/10 address from a non-44.128/10 address
- You should never receive a packet in your non-44.128/10 network from a 44.128/10 address
>>
>> So far, we are not working on any such response, and all TAC members agree with the responses provided by me.
>>
> They are inconsistent...
>
>> We only want to preserve some IP space that can be used for ham-to-ham communication. How they communicate is up to them. If they want to use radio-only, they can get an allocation off this space and build a radio-only network. If they want to communicate with carrier pigeons only, they can get an allocation and build a carrier-pigeon-only network. If they are okay with using tunnels *through* the Internet, then they can do that.
>
> OK, having established that, you would agree that any references to a
> "radio-only networks" in the PDF should be reworded.
Yes, this is something we can do, and it’s a good idea.
>> We just want to make sure that we have some space reserved for this type of communication. Going back to the RF analogy, ALL amateur radio space is for ham-to-ham only. In our proposal SOME of the space is for ham-to-ham, and the rest is for ham-to-Internet-and-possibly-hopefully-some-hams-too. If anything, and we go by RF standards, advertisement of 44/8 should be prohibited on the Internet as non-hams can reach you.
>
> Each packet bears a source and a destination IP. If we agree
> that any packet originating from IP from either 44/9 or 44.128/10
> are licensed ham radio amateurs (as stipulated by current ARDC AUP).
We agree that this is what should happen. However, for any Internet-connected network, there’s no guarantee it will always be true.
> If they are destined to a 44.destination via a radio link, it can be
> assumed they have sufficient authority to be passed on as ham-ham
> communications.
What happens if they do not have sufficient authority to pass? Where will this be reflected and how can users pick an alternative path?
> If they are destined to non-44, or originate from non-44
> they *may* still be allowed as third-party communication, but this will
> be jurisdiction-specific.
I guess this is up to the operators and the local laws they have for each link, as you mention. However, how is it signaled and to whom that packets can or cannot pass from a link so if they’ll be dropped I can avoid sending them and pick a different path. Can I as an end-user pick a different path?
It seems to me that some paths on this global BGP network will only pass some forms of traffic based on the source and the destination. Accounting for the destination is easy: if no traffic should go there, remove / filter out the route. But what happens when you want to filter by source a few hops down the network? How does my router know (and everything else in the network) which *source* decision is also made? What happens with combinations of (src, dst) and how will they be reflected on BGP? Do you plan to introduce BGP Extended Communities that will have a global meaning and all users should alter their path selection algorithm by using these and applying appropriate terms and rules in their BGP peerings?
The problem here is how do I know which path I need to follow (and since I only control the first hop, the path that everyone must route with, through 44/8) that will get me to a given destination within 44/8? If I see 20 paths, but only 2 of them will forward my traffic based on my use case (src, dst) how can I tell which ones are that, and how can I affect the routing from my node to this one in order to ensure packet delivery? Do I just have to rely that BGP will hopefully pick the path that doesn’t drop my packets instead of the ones that does?
Will every router in the entire network apply source-based policy routing? How will this be signaled? Will every have to manually maintain tables of “if src is x, use table y”? Most routers today can do this as statically configured firewall rules + additional routing tables. Is there a way to dynamically propagate this information to the entire network? Is it safe to allow people to control your routing policy? Who can modify your firewall rules to point to the “no radio” table?
> Any station in the business of forwarding packets (ie. not your "end
> user") can and must make the decision whether he actually forwards those
> packets. Therefore anyone implementing a ham-to-ham-only policy can do
> so within his network, *without placing any undue burden on other
> people* to do the same or leave.
You can’t just advertise routes on the single BGP control plane and then drop packets based on firewall rules. If you do this, any connection becomes unpredictable, and whether you get or not to your destination is a hit or miss, even if there are multiple valid paths to this network. If we use simple BGP then you only control the routes you advertise to your neighbors, and the AS Path. You can’t tell them “this route is available, but only if you are from 44.154/16, and if not, it doesn’t exist”. It’s all or nothing. If you advertise it, then for a correctly functioning network you must forward to this destination all traffic you receive for it, unconditionally.
> If for convenience (and thats strictly convenience) several networks
> want to partake on such a common strategy, it is *their* task to find
> some unused IP range and renumber there. Precedent here is the original
> HAMNET, which did this because it could not or did not want to use the
> old 44.130 german network.
As you can see above, creating a single BGP control plane across the entire network, that works with every use case people want can be a problem. Not only does it require advanced BGP knowledge and configuration, but it may not even be possible with most common hardware. For example MikroTik is known not to support Extended Communities in the first place.
>> This is partly true: there is not a “single 44.128/10” but anyone can create their own network within this space. However, if some of these networks don’t want to talk to everything else, then this is working as intended, and they are by design not reachable. We hope that most of the networks there would want to be interconnected and they can do so through radio links, VPNs, Internet tunnels, satellites, or any other technology they see fit. One of them (but not a mandatory or the only one) will be the ARDC-provided PoPs. They will act as one of the many methods people could use to make sure that these networks talk to each other.
>
> Now if one such network does not want to take part in this, then what do
> you do ? Networking is a mutual understanding. Apparently therer seem
> some difficulties between the dutch network and HAMNET. As long as
> they dont get resolved, there will be no traffic exchange. meaning I as
> an end user would have to have some sort of separate routing. This is
> independent of which IP space is used.
This is true, and a very common problem in community networks that I know of. People at one point have a diverging vision and don’t agree anymore and then they stop exchanging traffic. It is unfortunate to see in a network that’s supposed to connect people and it can really slow down deployment efforts, but it can always happen. We even see parts of that in the Internet too. I don’t think there’s anything ARDC can do to prevent this. The only thing is to make sure there’s enough room for everyone and interconnecting is easy. If some people want to be isolated or not talk to specific people, then I guess that’s that..
>> This is an important distinction and something we still allow: the ONLY thing we say is that 44.128/10 MUST NOT be reachable from a non-44.128/10 address. By definition, that means that no part of this space may appear on the Internet. Of course, the exception here is that ARDC will still advertise it to combat hijacking, etc. but will DROP ALL traffic sent to it. It will be dropped at the edge and not forwarded anywhere.
>
> You are making this decision on top and over that of the people who
> built and have run their respective networks for 25+ years.
> You want to build such a network ? Fine. You find some unused space
> and build it, or convince some existing ones to adopt that policy.
> You need to learn sandbox etiquette. I appreciate you want to build a
> bigger castle, but if you do that by trampling over the small ones built
> by the other kids, you will be the bully. Nobody wants to play with
> bullies.
>
> You also destroy the other ones completely unnecessarily, since your
> isolationist approach can be solved by an ACL. Ultimately it will be
> anyhow because ARDC will want to announce the space to prevent
> hijacking.
> And telling them that they can move to another sandbox isnt cutting it
> either.
This proposal aims to have ARDC continuously advertise 44.128/10 on the Internet, but as a whole block to which all traffic is dropped and not forwarded. We don’t want to change that. We have to keep advertising the space, for many reasons. Hopefully if we could get RPKI we could publish a ROA that would cause people validating to drop all announcements smaller than /10 in this space as well, so they are automatically discarded by filtering ISPs.
As I have mentioned above, this problem is not simply solved by an ACL. It’s not a firewall rule to drop all traffic and that’s it. If all want to be on the same routing plane without causing massive packet loss and unreachable destinations, we have to find a way to inform everyone else of our policy. And BGP cannot currently do this, especially with the limitations of vendors like Ubiquiti and MikroTik. An ACL could solve this problem if we had a very centralized network where everyone connects to the PoPs and it’s mandatory, and interconnections between end users or networks is not allowed. If 44 Net looked like this then applying any type of police would be much easier. But if you allow for any use case, like hundreds of nodes connecting to each other, and only talk to the PoPs from 3 points on the Internet, then things can get more complicated. “Simple ACL” is easy on paper, but in reality it’s much more complicated than that.
>> We can’t be certain, I agree with what you say. What we can do is make it much better than it is right now. We think that even if we can’t provide a perfect solution, we should still make steps to improve the situation.
>>
>> If you are in this 44.128/10 network, it’s extremely less likely for non-hams to reach you. If you are connected to the Internet, and you advertise your space with BGP, it is in fact *guaranteed* for non-ham traffic to reach you.
>
> I think your fundamental problem is that you confuse network nodes,
> which are identified by IPs, and vertices, or links. The legal mandates
> pertain to the links, not to the nodes. it is the responsibility of a
> licensed ham to make sure only suitable stuff gets sent over a radio
> link. There is no legal mandate not to communicate, using the radio ID,
> over a non amateurradio link.
Of course, I agree that there isn’t any mandate that I know of. However, all the policies of each and every individual link in every single part of the network must be immediately available to every single (at least “backbone”) router and must be used in the routing decision making. If people have links visible through BGP that silently drop traffic this will cause a lot of practical issues with unreachability like many we see in the network today. And the people, no matter how much they want to fix them, won’t be able to.
>> You could argue that you could deploy ACLs or Firewalls, or any measure like that, and this would help you only accept 44/8 traffic. But this is still worse: packets on the Internet today can be spoofed. A non radio amateur could send a spoofed packet appearing from 44/8 from a commercial ISP, and it would get through your firewall and possibly over your RF links just fine.
> That was true more in the past than now due to reverse-path protection
> and so on. It does not make a difference - you could tune a transmitter
> to any frequency all the time. If you forward such packets, you have to
> take certain responsibilities. Mind you, youre not an end user then.
> You would employ things like route verification, checking if the packet
> arrived via the correct tunnel etc. pp.
> If you are not prepared to handle this, you should not be running a
> gateway.
Unfortunately mechanisms like uRPF that you mention only work to protect others from your network. If anything is more than a hop away, especially in a scenario where a gateway has a single transit provider / default route, then they can’t do anything. If you have a default route on your Vultr VPS (or even a full table, doesn’t matter), you see the entire Internet behind “eth0”. So everything coming that way will make it into your network just fine. The only thing that uRPF will do is to not allow packets from your own network to come via the Internet. Which you may have to allow eventually if e.g. your network is connected to the Internet via 3 points, and you want to go over the Internet in the case of a net split. So a lot of networks will end up disabling it (or choosing a more relaxed version, or technically not enabling it as it’s off by default) in the first place because it breaks legitimate use cases.
I would personally agree that people running more core parts of the network should have more networking knowledge, and that would be expected, but I wouldn’t expect perfect, state-of-the-art operational expertise and equipment support. I would still expect to see operators like these to simply configure BGP and a few filters. And that’s fine. We’ve learned from the Internet that any system that relies on everyone adopting it and playing fair is far less likely to be useful.
If the network was more centralized and every 44 island required the PoPs to connect to each other, and everything had to go through them, then you could argue that the ARDC staff maintaining it would have to follow state-of-the-art procedures and since it’s only a few points we could also have capable equipment, etc. So this becomes kinda better. But still, this means a centralized network. Do we really want that?
> Moreover, if two 44/8 networks connect with intermediate hops over the Internet, e.g.:
>>
>> 1. 44.1.2.3
>> 2. 44.3.2.1
>> 3. 192.0.2.15
>> 4. 193.5.16.50
>> 5. 44.4.6.7
>> 6. 44.7.6.5
>>
>> (Which I assume is what you want to do if you want to be on the Internet BGP and block all incoming traffic from non-44/8 hosts)
>
>>
>> Then hosts #3 and #4 that are non-hams can easily modify any and all traffic and cause a transmission in a ham band of packets that are not from a ham. This is much more common than you can imagine, and not always done maliciously. If I am node #1 and I do a traceroute to node #6, due to the way the traceroute utility works, nodes #3 and #4 will generate a new packet themselves (TTL Exceeded) and send it back to #2, who will forward it over a ham link to #1. Node #2 probably did something illegal, as they transmitted a packet that was not generated by a radio amateur (it’s a non-manned station / router of Cogent / Telia / Hurricane Electric, …) over a ham band.
>
> Yes. And an ACL would block those packets, and I'd see * * * in the
> traceroute. That is not unusual. Though they may not be illegal in all
> jurisdictions with more liberal third party rules.
Yes, exactly, the ACL would drop these packets, but how do nodes #1 and #6 know that this path drops certain packets? How do they know which packets are dropped? Do they have to manually set up routes to an alternative path to route around these links if they want to send some types of packets? Will they maintain a separate table of static routes by hand? How often will they update it? What if the policy of a link changes and suddenly more packets are dropped than before? Will they have to notice packet loss and take action to route around this region of the network?
>> Now for the use case where you want to be on the Internet with 44.0/10 addresses, but don’t want to drop all incoming traffic that is not sourced from 44/8, then it is normal to expect that all these port scans that people do will reach all IPv4 addresses in your network. Since you know this is going to happen, you cannot use any radio link in a non-ham band, as it is guaranteed that these stations will transmit a message over an amateur radio band that is not from a licensed user. Even with a stateful firewall that only allows outgoing connections, all responses you get from Facebook, Netflix, Altavista, etc. will be from a non-radio-amateur and you will be transmitting them over a band illegally.
>
> They *might* qualify as valid third party traffic. Someone sending an
> to a loved one, for example when only ham radio links are available. You
> can not know. The operator of the radio must make that decision.
>
> The control knob for such things is called an access control list. Thats
> a different concept than that of a route.
Yes, and that’s exactly the problem! The control plane that BGP sees is different than the data plane where the ACL drops the packets at. People using BGP see a valid path, but then without telling anyone the operator(s) of the link drop the packets. There’s no way for BGP to convey what firewall rules each link has attached to it and then take it into account during path selection based on packet values. And there’s probably a good reason for that, as you can’t accelerate any of that on hardware I imagine.
>> If this law applies to you, then you cannot use the ham bands to “communicate with the open Internet”.
>> I think that we both agree on that.
> I can not use an amateur radio link as part of that communication. I can
> still identify as a ham radio operator.
Yes, I agree.
>> Now moving to the case of “communicating through the Internet”. Let’s examine that.
>>
>> If the network does not appear via BGP on the Internet, then everyone has to set up tunnels to interconnect everything. You can’t just send traffic to a commercial ISP and have it delivered. It will be dropped by ARDC. This guarantees that the traceroute problem I described earlier (and any other similar case) won’t happen. The only routers and equipment that participates in this network is (or must be) owned and operated legally by hams. You don’t rely on Internet infra and expect any guaranteed. This means that it is almost guaranteed to not break the law or at least it is much much much much much much more certain that such a system would not break the law than talking transparently “through the Internet”.
>
> You can easily build such infrastructure. In fact it has been done that
> way for all the 25+ years I am in this game.
Yes, this can easily be built. But isn’t building it easier if we guarantee that 44.128/10 does not appear on the Internet and should only be routed either on top of the Internet (tunnels, VPNs, …) or other means (radio) ?
>> There are a lot of people that would have to renumber e.g. 200 hosts that we saw earlier, or possibly more. But I think this is a testament that the current network is not easy to use: you may have 20 users, but a single person was managing it and has to renumber everyone. If anyone participating was an expect, they would simply have to renumber their own hosts, that would be less than 200 for a typical setup.
>
> I do not follow this logic.
> Your statement that one person renumbering 200 hosts is more work than
> 20 persons renumbering 10 each. That is certainly not true, in fact it
> is the opposite, youd have to coordinate those 200 people, and you would
> have to assume these 200 people are fully competent -- that is the
> opposite of your assumption in the first place...
What I’m trying to say is that if every user of the network was competent and could easily do such changes (like many people have claimed in this thread), then we wouldn’t have cases where a single person is managing the network of 20 others. Everyone would probably manage their own network. So it’s a point to make towards the fact that not even the existing users are or want to be involved in all this routing.
>> And the current users force their world view upon future users and also a large part of this network. I don’t think that it’s about who wins and who gets forced to submission. The TAC tries to create space for both use cases so we all win, and we are all happy. Like any rule in any civilized society, some people will have to make some sacrifices to co-exist. They will have to understand why they need to do this, and then they will have to give the others space to grow and have fun as well.
>
> Yes, and their demonstrated contributions over decades give them the
> right to do that. And no, this is not a win-win solution. Youre taking
> some peoples toys away and force them to expend work. .
> If people voluntarily *agree* to move and make this sacrifice, that is
> one thing. But this appears not to be the case here.
We don’t really know to be honest as only a few people have participated in this conversation out of the thousands that use the network. So our margin of error here is 99% ;)
We’re also not taking away anyone’s toys, if anything, we give them more.
I respect the people that have been doing this for decades, but I also understand that we need to leave a lot of room for people that do this one decade, or 5 years, or 1 year, or 0 to grow as well and do what they want to achieve. Just because some people started this 25 years does not mean that this thing we have shouldn’t evolve to allow for more and more users to participate.
>> I am aware that the bands are different for different regions of the world, but I do not want to make the example complicated. I thought that it was enough for people to understand my point, even if it’s region-specific, and that you can easily replace those numbers with your local ones. I did not see a benefit in being extremely precise in something that is not related to the point I try to make when the audience can probably understand it.
>>
>> If you did not get my point because of the fact that two digits are off, then I can rephrase the sentence with these digits as they stand around the world.
> Now if you changed those digits, we would now have a transceiver
> transmitting on 146..148 in Region 1, which in some jurisdictions can be
> illegal.
>>> Secondly, why would I not be allowed to listen to that amateur radio
>>> repeater using my commercial all-band radio receiver?
>>
>> First of all, it may be illegal in some areas of the world, e.g. I think the U.K. or Greece. But I think that’s not your point ;)
>
> I am not sure about that, but see, thats the thing. The decision of this
> being illegal can not be made globally (and your intranet is consisting
> of the current allocations for allmost all of the world) but it needs to
> be made on a local / country basis, as it has been in the past.
There are certainly arguments for and against country-based vs use-case-based allocations. I feel like if we do country-based allocations, as is evident from my e-mail above, we will have a lot of trouble finding a way to represent the ACLs of each link on BGP (or any other mechanism that can reconfigure all network routers). If this is not possible, then we’ll need to have people maintain complex routing tables to go around entire countries (if they even can) just to be able to deliver some traffic, because the BGP Best Path drops it.
If we go with a system based on use case, then this is not needed, as people can easily hardcode the two network policies that exist and easily route any way they want based on them. This list of links is easy to aggregate: any link in 44.128/10 has policy X, and each link in 44.0/9 has policy(ies?) Y.
Antonis
This is not a direct reaction to the TAC proposal, but something that's been on my mind in watching the discussion about the TAC proposal unfold on the 44Net mailing list - specifically around what the "goals" should be of... AMPRNet... ARDC... something else?
This community needs to be looking to the future and not the past. The 44Net AMPR "network" is part of the past. It's a key resource, and currently, an exceptionally valuable one based on the current market for large contiguous IPv4 address blocks. Personally, I think selling off part of that IP range was a great move to fund the future. But I think that the future needs to be talked about beyond a reallocating of existing 44Net space and/or how people interact with it (e.g. the apparently now-defunct 44NGN project).
The future of Amateur Radio needs to be in modern technologies and for this community that means IPv6 networks. Specifically, the goal for the future of ARDC/AMPRNet should be that AMPRNet as it exists today is just not that important anymore 5-10 years down the road, and hopefully closer to five. IPv6 has been hyped for decades now and if you've worked in and around networking, IPv6 is "just around the corner" according to the media and industry rags. But what many don't realize is that IPv6 is already here and has been for a long time. For example, Google already sees 35% of its worldwide traffic access using IPv6. The US-based adoption rate is 48%. Japan is 42%. Germany is 52%. India is 61%. My local club sites and personal websites see on average about half of all real connections using IPv6. Mobile phone networks are almost exclusively Carrier Grade NAT for legacy IPv4 + global IPv6 with the IPv6 traffic preferred. I'm sure the other large providers such as Microsoft would see something similar if they published such statistics. Major ISPs here in the US have handed out /64 and /56 IPv6 address blocks to properly configured/enabled equipment by default for at least five years. My point here is that while many pundits keep talking about an IPv6 "cliff event", the adoption of IPv6 was only going to be an over-time uptake and it's been going on in the background for years. IPv6 is very much here, has been for awhile now, and is of paramount importance to emerging countries in regions like APNIC and AFRINIC that don't have massive holdings of legacy IPv4 space like ARIN and RIPE regions do.
ADRC/AMPRNet should be working with and encouraging the amateur radio community to make progress on tools and technologies that render IPv4, and notably the 44.0.0.0/8(ish) allocation, obsolete. Some areas that cry out for an active community leader include:
1. Make useful, educational information available accessible to the amateur operator that helps them understand what IPv6 is, how to use it with their ISP where available, how it's 90% the same as IPv4, benefits of IPv6, etc. I don't think this all needs to be net new material. Perhaps a curation effort with some original content that fills in the gaps important to radio users.
1. Work with hams and the major projects to enable IPv6 natively for common application such as digital voice (D-STAR, YSF, DMR, etc.), Pi-STAR, Allstar Link, IRLP, APRS, etc. This would include providing some funding, maybe in a Google "Summer of Code"-style project, and some expertise. Our area WAN network currently using 44Net space has been dual-stack IPv6 for years. However while our core non-radio systems could all be 100% IPv6, basically nothing about any of the amateur radio stuff we operate even knows what IPv6 is let alone has a prayer of working on it. There's a lot of great stuff out there that was written by someone who wanted to scratch an itch. All that software is great and serves the need, but it requires help and resources to move forward.
1. ARDC/AMPRNet should consider the merits of either outright becoming an LIR[2] and issuing global IPv6 space OR, at minimum, create a formalized "non-collisions registry" of the IPv6 ULA fc00::/7 space[3]. As part of the latter option, it should also define a set of rules for Global/ULA interoperability for "ham purposes" when operators may want their own global IPv6 space to interact with some common/shared ULA space.
1. Work with countries/regions/communities on their radio-based networks. Encourage and support the adoption of IPv6 addressing across these networks including making equipment recommendations, sample configurations, case studies, etc.
1. Help hams understand different protocols that are essential to operation of IPv6 networks. This includes things like SLAAC, DHCPv6, Route Advertisements, Neighbor Discovery, and basic dynamic routing protocols (static routes are wholly impractical in IPv6 networks).
1. ARDC should consider standardized IPv6 capability an essential component of any grant of funds for a project when a project has a networking component.
None of the above is exhaustive, nor any sort of immediately workable plan. But all of this discussion on the re-re-allocation of the 44Net space has had me thinking today about what goals of this community should be and it struck me that we're all talking about a technology from the 1970s that most of the world is actively trying to replace or, at least, deprioritize.
Heading outside now to dig out a bunker....
Jason N8EI
[1] https://www.google.com/intl/en/ipv6/statistics.html
[2] https://en.wikipedia.org/wiki/Regional_Internet_registry#Local_Internet_reg…
[3] https://en.wikipedia.org/wiki/Unique_local_address
Apologies, I sent this only to Mario and not the list. Here it is!
> On 30 Jul 2021, at 14:08, Mario Lorenz <ml(a)vdazone.org> wrote:
>
> Dear Antonios,
>
> Am 30. Jul 2021, um 03:18:53 schrieb Antonios Chariton (daknob) via 44Net:
>> Hello Mario, please find my answers below:
>
> Thank you very much for those insights. Although the image this paints
> is very bleak indeed.
>
>> We do not want to limit the hardware, but we would like to have an IP version of the frequency plan: 44.128/10, however you connect to it, is the radio amateur band, and 44.0/10 is the commercial 5G band or the ISM band of WiFi. One is for people that are licensed, and the other is simply the Internet that anyone can use.
>
> Thats unbelivable, I can but hope that something is lost in translation.
> Let me rephrase that:
> The proposal is nothing short of ripping out 44.0/10 from the diverse
> cloud of radio amateurs that AMPRnet stands for, and making it part of
> the regular internet, available to anyone without a license and removing
> traffic exchange with the remainder (44.128) of the AMPRnet. This
> proposal is, in your spectrum analogy, taking away valuable ham radio
> spectrum and dedicating it to general internet usage.
That’s what people want to do though. They want to use an amateur radio resource (44.0/10) to talk to people on the Internet that are not licensed. Normally in RF you use a ham radio frequency to only talk to radio amateurs. In the IP world, the src and dst can be different. People want to use an amateur radio resource to talk to a commercial resource, and a commercial resource to talk to a ham radio resource.
These two networks can interconnect. EchoLink now bridges the Internet with the amateur radio spectrum. But we don’t use IP addresses on EchoLink, we use our callsigns, transmitted over IP packets. And similarly, when we do IP / Internet connectivity over amateur radio spectrum, we use IP addresses on top of callsigns.
> I call on the ARDC board to disapprove this plan.
>
> Then again, this is the opposite of the language in the
> official proposal (last page), making me wonder whether
> this is truly what the TAC actually discussed and decided.
> Are there any public TAC meeting minutes or the like by chance ?
We have collected minutes of meetings that we did as the TAC, and they capture a part of the total work that has been put through this. However, at this time, they are not public. Is there something specific that you’re looking for? I could help provide more information on that.
The TAC discussed and proposed the PDF document you see, and more importantly the resolution at the end of it. Everything else is me trying to answer questions, provide reasoning and context, and try to address things not covered in the document.
The reason we decided on me for this role (but still representing the TAC’s opinion, not giving my own) is that if we had to find a time to meet and discuss every single e-mail that we receive here and jointly write a response to that would massively increase the latency of answers you receive from minutes or hours to days or weeks.
In order to make sure that I can still represent the opinion of the TAC, we discuss all e-mail asynchronously and a corrective statement needs to be issued, we will do so promptly, with a text that has been approved from all of us.
So far, we are not working on any such response, and all TAC members agree with the responses provided by me.
>>> The former could also be read as a policy/guarantee that no
>>> non-amateur-radio based means of communication are involved.
>>> Is that intended ?
>>
>> Yes, correct. One of the things that this proposal can bring is that a part of the network is reserved for radio amateur to radio amateur communication.
>>
>>> I note that you also use the term "radio-only network" on page 3.
>>> Since 44.0/9 according to your proposal is not "radio-only", this
>>> would mean that 44.128/12 should not be accessible from 44.0/9, which
>>> is the opposite to your proposed resolution.
>>
>> This is actually (part of) the proposal. That we guarantee that people in 44.128/10 can only be reached by other people there, and people in 44.0/10 (technically /9) can be reached from the entire Internet, except 44.128/10 (natively). This is similar to how only radio amateurs can transmit in a ham band, but everyone can transmit to an ISM band (including hams).
>
> Your two statements are again contradictory.
> One point of view, taken by some amateurs back in the 90s was that
> the communication between two Amateurs should ONLY occur via radio
> waves. In other words, a "radio only" network should, as the name
> implies, not be using any other mode of communication, for example
> an IP tunnel THROUGH the Internet. That is a different, much more
> extreme position than defining some sort of an "Intranet" for amateur
> radio usage, which could include internet links, tunneled or not,
> as long as both end users are licensed amateurs. This is another
> example why TAC should be very careful with wordings, and maybe provide
> stringent definitions of some key terms.
We only want to preserve some IP space that can be used for ham-to-ham communication. How they communicate is up to them. If they want to use radio-only, they can get an allocation off this space and build a radio-only network. If they want to communicate with carrier pigeons only, they can get an allocation and build a carrier-pigeon-only network. If they are okay with using tunnels *through* the Internet, then they can do that.
We just want to make sure that we have some space reserved for this type of communication. Going back to the RF analogy, ALL amateur radio space is for ham-to-ham only. In our proposal SOME of the space is for ham-to-ham, and the rest is for ham-to-Internet-and-possibly-hopefully-some-hams-too. If anything, and we go by RF standards, advertisement of 44/8 should be prohibited on the Internet as non-hams can reach you.
>>> b) Which route do I need to put into my router to address the radio
>>> network ? In particular, how can you answer this question without
>>> considering the specifics of each individual case ? Why would there
>>> be only one route?
>>
>> You can address the “radio network” with a single route: 44.128/10. This proposal guarantees that everyone there will be on the radio-only network, the same way transmitting to 144-146 MHz in the EU is to reach hams only. Any traffic you receive is (should be) from a ham, and you should only send anything if you are a ham, and you intend to reach other hams. Transmitting to 2.4 GHz in the ISM band allows you to talk to more people (anyone), but also anyone can talk to you.
>
> That is simply not true, since there is no homogenous radio network.
This is partly true: there is not a “single 44.128/10” but anyone can create their own network within this space. However, if some of these networks don’t want to talk to everything else, then this is working as intended, and they are by design not reachable. We hope that most of the networks there would want to be interconnected and they can do so through radio links, VPNs, Internet tunnels, satellites, or any other technology they see fit. One of them (but not a mandatory or the only one) will be the ARDC-provided PoPs. They will act as one of the many methods people could use to make sure that these networks talk to each other.
The only exception that would make the single static route argument not true is that if a single user wants to participate in more than one of those networks, and none of them, by design and choice, want to be interconnected with anything else. In this extreme case this person would need to use one static route per such network. This is still far less and changes much less frequently than if it’s a free-for-all where everyone can do whatever they want in any part of the IPv4 space.
>>> c) Can you back up the "originally intended"
>>> claim somehow ? I note that net-44 originated in the USA, which
>>> historically has rather liberal third-party traffic rules compared
>>> to other countries,
>>
>> We probably have a lot of people in this mailing list that were even a part of this and can speak up, but this happened before the Internet was (broadly) adopted and the 44/8 was a way for this “Internet” project some people were working on to talk to this network of these “radio amateurs” that they set up in the USA or Europe, etc.
>
> You (the TAC), made the claim and used it as a foundation
> of your proposal. It is your onus to prove it or at least to plausibly
> support it.
I thought that people that actually set it up themselves would speak up, instead of me, where I just got to read and hear about it, but if nobody did it, I will come back to you with a proper statement. I just felt that it would be better to hear this from the people that were there for it.
>>> d) You propose a policy of not announcing the prefix on the internet.
>>> "the prefix" is presumably 44.128/10. Do I have to understand this as
>>> going back to pre-2012 (no direct BGP) or pre, uh, 1990 (someone
>>> remind me please when mirrorshades started providing encap tunnels and
>>> announcing 44/8).
>>
>> Yes, correct. This proposal wants 44.128/10 to not have any direct BGP allocations that appear on the Internet. Connectivity of these networks should happen between themselves (network to network VPN, radio links, …), the ARDC (or anyone else’s) PoPs, etc. and they will not communicate through the open Internet.
>
> Sigh. This was not a yes/no question, but rather a question how far you
> want to turn back the wheels of time for 44.128. Pre-2012, individual
> networks did not have direct BGP announcements, but had connectivity
> (or lets say the option to connect) through mirrorshades(.ucsd.edu)
> which announced 44/8. I can bear witness that this worked that way at
> least from 1995, but likely much longer.
>
> Radio network access has at all times been set according to the
> gateway's jurisdiction and ham radio regulations, namely
> third party traffic. In most of Europe, any non-44 IP frame over an
> amateur radio link was (and likely still is) illegal. Not so in
> the US under third party traffic rules, albeit the situation has
> become considerably murkier with the advent of encryption (HTTPS, SSH).
>
> Again, please observe the careful distinction of "communicating
> with the open internet" vs. "communicating through the internet"
This is an important distinction and something we still allow: the ONLY thing we say is that 44.128/10 MUST NOT be reachable from a non-44.128/10 address. By definition, that means that no part of this space may appear on the Internet. Of course, the exception here is that ARDC will still advertise it to combat hijacking, etc. but will DROP ALL traffic sent to it. It will be dropped at the edge and not forwarded anywhere.
With this definition you can then create any type of construct you want on top of that. We only want to provide this guarantee to you. Depending on local or national or international laws you may have to do different things, but we only want to provide this very simple guarantee. Nothing more, nothing else. If it’s illegal to use 44.128/10 in some countries based on this guarantee, then you can always use 44.0/10. If it’s illegal for a country to use 44.0/10 and can only use 44.128/10, then they have to move to this part by law.
>>> e) Is there a rationale why existing regional networks cannot decide
>>> themselves what level of internet connectivity they desire,
>>> considering e.g. the local ham radio regulations
>>> and keeping their numbering and infrastructure which have been
>>> assigned to them long before ARDC existed as an entity. Is there
>>> a particular reason for not grandfathering them ?
>>
>> Unfortunately this would be difficult to accommodate as the guarantees cannot be offered then. If radio amateurs don’t have a dedicated band to talk to each other, and they have to use the ISM bands, there’s no way to distinguish between normal people and licensed hams. You can’t tell and there’s no guarantee that the person you’re speaking with is a ham or anyone else.
>
> You *never* can be certain. How many QSOs have you made where you
> asked first for a copy of your partners license to be faxed ?
> The problem is the problem of those allowing the traffic to cross
> to a radio operated under amateur radio regulations, i.e. the operators
> of that radio. Pre-2019, most of them would in the past have accepted
> access to a sufficiently routed 44/8 IP as sufficient authentication,
> although of course it is not perfect. Others required authentication
> though a login on the gateway.
We can’t be certain, I agree with what you say. What we can do is make it much better than it is right now. We think that even if we can’t provide a perfect solution, we should still make steps to improve the situation.
If you are in this 44.128/10 network, it’s extremely less likely for non-hams to reach you. If you are connected to the Internet, and you advertise your space with BGP, it is in fact *guaranteed* for non-ham traffic to reach you.
You could argue that you could deploy ACLs or Firewalls, or any measure like that, and this would help you only accept 44/8 traffic. But this is still worse: packets on the Internet today can be spoofed. A non radio amateur could send a spoofed packet appearing from 44/8 from a commercial ISP, and it would get through your firewall and possibly over your RF links just fine. Moreover, if two 44/8 networks connect with intermediate hops over the Internet, e.g.:
1. 44.1.2.3
2. 44.3.2.1
3. 192.0.2.15
4. 193.5.16.50
5. 44.4.6.7
6. 44.7.6.5
(Which I assume is what you want to do if you want to be on the Internet BGP and block all incoming traffic from non-44/8 hosts)
Then hosts #3 and #4 that are non-hams can easily modify any and all traffic and cause a transmission in a ham band of packets that are not from a ham. This is much more common than you can imagine, and not always done maliciously. If I am node #1 and I do a traceroute to node #6, due to the way the traceroute utility works, nodes #3 and #4 will generate a new packet themselves (TTL Exceeded) and send it back to #2, who will forward it over a ham link to #1. Node #2 probably did something illegal, as they transmitted a packet that was not generated by a radio amateur (it’s a non-manned station / router of Cogent / Telia / Hurricane Electric, …) over a ham band.
If you have the knowledge that any host you traceroute within 44.128/10 is (to the best of your knowledge and ability to tell) a radio amateur, and that these packets will not travel raw over the Internet, and no packets from the Internet can be introduced into this connection (because it’s inside a VPN for example), then you can be sure that running the traceroute command will not cause a number of people to break the law along the way.
Now for the use case where you want to be on the Internet with 44.0/10 addresses, but don’t want to drop all incoming traffic that is not sourced from 44/8, then it is normal to expect that all these port scans that people do will reach all IPv4 addresses in your network. Since you know this is going to happen, you cannot use any radio link in a non-ham band, as it is guaranteed that these stations will transmit a message over an amateur radio band that is not from a licensed user. Even with a stateful firewall that only allows outgoing connections, all responses you get from Facebook, Netflix, Altavista, etc. will be from a non-radio-amateur and you will be transmitting them over a band illegally.
If this law applies to you, then you cannot use the ham bands to “communicate with the open Internet”. I think that we both agree on that. Now moving to the case of “communicating through the Internet”. Let’s examine that.
If the network does not appear via BGP on the Internet, then everyone has to set up tunnels to interconnect everything. You can’t just send traffic to a commercial ISP and have it delivered. It will be dropped by ARDC. This guarantees that the traceroute problem I described earlier (and any other similar case) won’t happen. The only routers and equipment that participates in this network is (or must be) owned and operated legally by hams. You don’t rely on Internet infra and expect any guaranteed. This means that it is almost guaranteed to not break the law or at least it is much much much much much much more certain that such a system would not break the law than talking transparently “through the Internet”.
>> Similarly to the RF world, in IP there’s this kind of problem as well. If you have IP addresses on the Internet, you could receive traffic from anyone. Sure, you can use an ACL or a firewall, but that’s not guaranteed. Packets could be spoofed for example. If you have a special network where you know that all senders and recipients are hams, then you can build things with different assumptions. You can build internal tools or apps, websites, etc. It’s up to you. It’s a band where you will only find people of the same hobby as you, that are licensed.
>
> This used to be the description of 44/8 (now, sans the AMAZN part). To
> my knowledge, this never changed (see ARDC's AUP). If it did, I would
> support a reversion of that change.
>
>> The other part is like an ISM band. Sure, you can use this to talk to other hams, and you can use it to talk to non-hams, and non-hams can use it to talk to you, and you have to establish by your own means who is who, and ensure that they can’t trick you.
>>
>> What our proposal aims to do is to create a separate “Ham Band” / Intranet / 44.128/10 and a separate "ISM band” / Internet / 44.0/9. By using simple RF or IP you can’t have them collocated into the same space.
>>
>> This is the reason why we cannot have scattered space and we want to have it aggregated and easy to address. Instead of our “band plan” being hundreds of lines and have it change daily, and move band from “ISM” to “Amateur Radio” and vice versa, we want to create a very simple band plan of 2 entries that don’t change. One is, and will remain to be “ISM” (44.0/9) and one is, and will remain to be “Radio Amateur” (44.128/10).
>>
>> Having a more stable and simple band plan is easier for everyone. They can make more informed decisions for the future, they can choose who they want to talk to, and they can even decide to use both bands: use a handheld radio (Radio Amateur) and a phone with WiFi (ISM). This is what we try to do on a technical level. Clearly define the two bands, and make sure that they are very few, and very stable.
>
> People *DID* that, based on the current policy that each subnet can
> decide if it wants internet connectivity. This was the policy that
> governed AMPRNet for at least since the mid-nineties.
> People built their network around that policy (and the legal
> requirements). Later they *DID* opt for BGP or not.
>
> It is the TAC with this proposal that is flipping over the apple-cart.
> For such a proposal, in addition to the potential benefits that such
> a plan may bring, TAC MUST also address the cost epecially the work you force
> uppon the affected users.
I agree that we must address this work, and it could be a lot of it. Unfortunately the best the TAC can do is to include these resolutions for the board to vote on (give enough help, time, …). Anything else will have to come from the Board as we do not have any authority to help in any other way.
There are a lot of people that would have to renumber e.g. 200 hosts that we saw earlier, or possibly more. But I think this is a testament that the current network is not easy to use: you may have 20 users, but a single person was managing it and has to renumber everyone. If anyone participating was an expect, they would simply have to renumber their own hosts, that would be less than 200 for a typical setup.
>> In the IP world this translates to easier routing (each “band plan” entry is a route, and if it’s just one, it could even be a static one), and less frequent changes. I don’t have to consult today’s band plan to know why 44.5.5.5 does not respond from 44.128.128.128, if the reason is that 44.5.5.5 decided to be Internet-only today or Intranet-only tomorrow.
>>
>> We could have made use of complex routing protocols and policies that would dynamically try to discover what each address or subnet is (because it’s not always clear and we can’t always tell what each address wants to do, even if we forced everyone to connect to an ARDC PoP) and then continually adjust this and maintain a complex state. This is something that a lot of people would also have to do, or they would have to find someone to do it for them (e.g. the ARDC PoPs). Going towards our value of being as inclusive as possible, we did not want to force people that don’t want to to have to do this or to have to connect via an entity that can do this. By having a 2-line band plan that doesn’t change over time people can even hard-code it if they don’t want to deal with all of this complexity or necessarily rely on someone to do it for them and then form a dependency to them.
>
> You are forcing your world-view uppon all existing users of 44.128/0
> and require those that disagree to leave and expend effort to renumber.
> I do not think that "inclusive" is quite the correct word for that.
And the current users force their world view upon future users and also a large part of this network. I don’t think that it’s about who wins and who gets forced to submission. The TAC tries to create space for both use cases so we all win, and we are all happy. Like any rule in any civilized society, some people will have to make some sacrifices to co-exist. They will have to understand why they need to do this, and then they will have to give the others space to grow and have fun as well.
Under no circumstances do we want a minority of very vocal people that shout to bend the majority to their will, simply because they can’t shout loud enough. And it seems that this happens frequently on the modern world. We have to understand that by forcing people to do anything, we only drive them away. I would consider it a failure if people gave up on a project or hobby or resource just because the environment there does allow room for them to grow, and I did not do my best to speak up for them.
We have to understand that not everyone can shout. We are all different, and we all want different things, and we all have different needs. Some people are too shy to shout. Some people have weak vocal cords. Some people don’t speak the language we shout in.
If we let these people be ignored, and we only do what these few vocal people say, then we will create something that is only inclusive and welcome to people that can and want to shout. This almost certainly guarantees a toxic environment that people will slowly start to abandon and leave it be, simply because it’s not what they want to do.
If someone creates their own “People that shout” club, then that’s fine. They can all gather every week and shout to each other. I personally don’t want to join this club, I find no value in it. But we should collectively never allow these people to take over a public resource for all of us, that can benefit all of us, as this is dangerous. Just because they have the privilege to shout does not mean that other voices should not be heard. And not only that, but we should make all these decisions proportionately. Because this is a common resource, for all of us. Not only for some of us.
Speaking personally, I will continue to be an ally and use my privilege of being able to shout to defend all these users and protect them and make sure that their voices are heard.
> There are people that are fine with having the world communicate with
> their 44. IPs. Nothing in your ham radio license forbids you talking
> to other people, as long as you dont do it over a (amateur-) radio.
> You proudly wear baseball caps with your callsign on it. Why can't
> you wear your 44 IP?
We want people to use their 44 IPs on the Internet! We are happy to see them do it, and we are really looking forward to all the nice things they can achieve by doing so. We just want to make sure that they’re not the only ones, and we leave some room for people that like something different. The current proposal gives enough space for now and in the future for people to do any of the two, or both things, as they wish. It’s about choice.
> That said, removing the currently existing option to connect to the
> internet by central gateway or direct BGP is a major, destructive
> change of current policy. Sometimes, such destruction is requisite for
> progress. It is the duty of the TAC to review such a change.
> Such a review must be balanced, and necessarily must include a detailed
> discussion of opposing views, a discussion why there is no
> simple technical solution to the problem, and a discussion of those
> negatively affected by this change. This all should be documented
> for the record. Meaningful review would probably have also included a
> documented poll of the affected network's coordinators.
First of all, we do not remove the option for Direct BGP, and we won’t force anyone to use ARDC’s PoPs. That’s our goal. We reserve just as much space for Direct BGP as we reserve for non-Internet communication. Each user can decide which part of the network they want to be in, and they also have the option of picking both.
Destruction is indeed sometimes necessary, but of course I think that we all agree that we should try to limit it. We don’t want to destroy anything. We just want to make a change over the next year so that it’s easier for everyone to move on in the future. We want to look at the long-term benefit of the network over the short-term trouble of renumbering a part of it.
We are interested in the opposing views, the voices of the people that want to renumber, and we want to hear from all of you. This is why we started this thread a few days ago so we can get to hear all of you, and discuss with you. The PDF does not include a proposal that is final and that we have sent to the Board for a vote. It only includes *what we want to propose* and why we arrived at it after 4 months of work.
If we get a good recommendation and we see the value in that, we would be happy to change it. It has not reached the Board and the Board is not going to vote on it if we don’t tell them we want them to.
> At this time, I therefore believe the current TAC's proposal is
> deficient and thus should be rejected (albeit without prejudice)
As I said earlier, there’s nothing yet to reject. There’s no official motion made to the Board, and we will only send one after we get to hear you.
>> Furthering the analogy, a handheld VHF manufacturer relies on a constant band plan to allow TX to 144-146 MHz and doesn’t have to build a system for their product to download this hour’s or this day’s Amateur Radio allocation and change the functionality based on that. You can also be sure that your local amateur radio repeater won’t be today at 89.7 MHz and your favorite radio station won’t transmit to 145.500 MHz this afternoon.
>
> This analogy is not suitable. For starters, the 2m band extends up
> to 148 MHz in IARU Regions 2 and 3, which should give you pause to
> consider the difference of what you are used to, what is legal in your
> country, and what may be so in the rest of the world.
I am aware that the bands are different for different regions of the world, but I do not want to make the example complicated. I thought that it was enough for people to understand my point, even if it’s region-specific, and that you can easily replace those numbers with your local ones. I did not see a benefit in being extremely precise in something that is not related to the point I try to make when the audience can probably understand it.
If you did not get my point because of the fact that two digits are off, then I can rephrase the sentence with these digits as they stand around the world.
> Secondly, why would I not be allowed to listen to that amateur radio
> repeater using my commercial all-band radio receiver?
First of all, it may be illegal in some areas of the world, e.g. I think the U.K. or Greece. But I think that’s not your point ;)
If your radio supports both bands and you’re licensed for both, then you can talk to both using the same radio. If you’re not licensed for one of them, but a friend is, and you want to talk over it, you can set up a cross-band repeater (netmap, …) to allow you to do this.
Antonis
Hello Ruben, please find my answers below:
> On 30 Jul 2021, at 14:46, Ruben ON3RVH <on3rvh(a)on3rvh.be> wrote:
>
> If we currently use 1% as you say (which I do not believe, but that's another discussion. One that I'm not going to have), what will change after the renumbering? Nothing. We would still use 1%.
Yes, we will still use 1%. But if we exclude half of our users, then we’ll use 0.5%, which is much less (about half!). We can’t force people to use the space, we just try to help them use it for what they want to. Hopefully, if we do that, we can grow to 2%!
> The other 99% would sit idly unused but reserved for an intranet that 90% of the hams don't use.
I do not believe that, but that’s another discussion: one I’m not going to have ;)
On a serious note, right now, today, Friday, we have more users that are on the Intranet and want to remain there than the rest of the network. Germany has most of the users of 44/8 and they all seem to want to join this Intranet.
If anything, the people that want to use BGP are the minority. Yet we still want to serve them, as they should too be able to what they want with the IP addresses.
> We currently only use 1% because the current IPIP mesh and current way of internet connectivity from the 44 space is a big mess. IPIP just does not work and is not scalable anymore, you have to be a network savage to know how to set up and use the IPIP mesh.
> That part is the job of the TAC to facilitate. Making sure that every ham can use 44 space, can set it up, can use it and can be reachable from the internet (or not) as he/she wants to be.
Yes, the IPIP Mesh (and setting up BGP) are not easy, and I definitely believe that we will see more use if we make it simpler. And this is what the PoP will try to address. We’re working on it, just as we work on this policy.
In this proposal we reserve enough space for both use cases. If any of them reaches 100% (44.0/10 or 44.128/10), then we will proceed to give out space from 44.64/10. Until one of them is close to that, we do not consider resource exhaustion a problem.
> You say that you want to make it easier for ppl to connect to 44 net, but you're making it harder. If one wants to be part of global 44 net AND the "intranet", they have to have 2 subnets, have to have a router capable of handling policy based routing, have to be able to configure PBR, etc etc..
> This is not something an average ham can be asked to do, not without major problems and issues. No ISP owned router is possible of PBR, at least not in a way that the user can configure it.
> So effectively the TAC is shunning hams away from the intranet resources unless they know what they're doing.
This is not technically accurate. A user that wants to be on both networks can add a static route to 44.128/10 and then connect to 44.0/9 through their ISP, over the normal Internet.
If they want to use a 44-address to reach BGP hosts then they can add another static route to 44.0/9 to a service that can connect them, such as the ARDC PoPs. Then this service can statelessly and effortlessly netmap their 128 space to 0.
Alternatively, this user can make use of ARDC’s (or anyone else’s) VPN profiles to receive a dynamic IP within both networks (by making two VPN connections) and then depending on the destination their computer or phone will automatically choose the correct IP.
They don’t even need any allocation, or any set up. Just two VPN profiles on their phone, and they can reach anything and everything without any problems.
This works because OpenVPN or Wireguard or […] can only route specific networks over the connection by sending a route to the user.
> Also, taking into account that the 44.128/10 network is the most widely used, used by repeaters that cannot use dns or dynamic ip updates of it's peers, the disruption would be massive. How can any TAC support such a disruptive method.
This proposal does not make any changes to the technical means a site is connected with. We leave this up to the user. All these operators of repeaters can still connect to the Internet using NAT, netmap, IPv6, or any other way the operators want to!
> It is true that most of the Belgian ip 44 space is unused. I was waiting to build that out since there was a discussion that the TAC would create a draft on how to provision and route and interconnect networks, but now that I am reading the proposal over and over again, I just cannot believe that the TAC wants to destroy what we all hold precious. You can clearly read from the list that no one is happy about the changes, everyone questions it and does not see any added benefit in the current proposal. Hams disagree, networking hams that do this for a living (including myself) disagree, .. I really don't see how any network engineer can support such a disruptive and inadequate and besides the point design.
First of all I think that you are being excessive. We are not destroying anything and we do not want to cause any harm to anyone. We are also hams and networking hams.
If you are just building your network, you can decide on which part you prefer to be, and receive an allocation there. You are not affected by any renumbering.
As I said in an e-mail to Mario a bit before, we don’t think that the only people that use the network are the ones on the mailing list. We also don’t expect every network user to be on the list. And finally, by definition the people that are against something will speak up much more than the people in favor. So I don’t think what you say about most people disagreeing is true.
The current TAC supports this design because we want to set the policy, and not impose any technical changes to anyone.
THIS IS NOT A TECHNICAL PROBLEM WE ARE TRYING TO SOLVE!
That said, it’s unlikely that this can be solved with a technical solution. It’s a people problem. We need to make room for more people and make it AS EASY AS POSSIBLE for them to do WHAT THEY WANT, and HOWEVER they want to do this, ANYWHERE where they want to do this.
Forcing people to do anything of technical nature goes against that.
A lot of times technical people think they can solve every problem there is out there with a technical solution. This couldn’t be farther than the truth. We can easily get dragged into designing the perfect network with 200 PoPs and 50 VPN technologies, and we go over the fact that some problems are simply community issues, people issues, etc.
I doubt that anyone can come up with a technical PoP infrastructure that addresses every possible need and use case that people might want to do. So instead of trying to have a solution that does it all or that it forces people to follow a certain path, we just opted for a solution that guarantees two things, and from that point on anyone can build anything they want on top of them.
Try to imagine this solution in a world where the ARDC PoP system will never arrive. We will never deliver, or we will and then we will turn it down 6 months later. Do not rely on some Holy PoPs, Masters of Everything that are supposed to coordinate everything in a centralized fashion. Try to have a more distributed and mesh system in mind where everyone can connect to everyone else and exchange packets without any central authority to tell you what to do and when to do it and how to do it.
> Please create a public poll on the matter of the intranet and disruptive way of carving the 44 network out, with a clear description of the intranet will be, will hold and what services will be hosted on the intranet and it's value.
> I am looking forward to those poll numbers. I can be mistaken, but imo the results will not be in favor of the proposal.
We do not know or care about what the Intranet will have. We do not know or care about what the Internet will have. We have no control over any of that, and this is up to the users. The Intranet will have whatever you set up for it to have, and the Internet will have whatever you set up for it have.
We just have a lot of people that tell us that they want this, and if they say so, we are trying to give them what they want.
We also have a lot of people that tell us they want free IPv4, and since they so, we are trying to give them what they want as well.
Just become I belong to the second category doesn’t mean I should prevent the people in the first from having what they want.
How would you feel if we had a poll on “which use case do you want for 44/8” and people voted “Intranet”? Would you like it for us to make the entire space Intranet and prevent all BGP advertisements and revoke all LOAs? Would you like 44/8 to disappear from the Internet, and ARDC to tell people who want free IPv4 to go and buy it?
If you don’t like this thing, why force other people to do it the same way you are? Because if we have a poll, there is a real chance that people will vote Intranet only. Does that mean that the ARDC should take all your space?
We believe that every person should have their space to do whatever they like. Intranet people should have their space, Internet people should have their space, and if a new use case exists in the future, we also want to be able to give these people their space as well. It’s a huge space and we can all fit inside and play nicely without being limited by others.
> Please don't take my mails the wrong way. I appreciate the time the TAC is giving to this matter and the time everyone puts into it. I am just one voice amidst several that disagrees with the current proposal and the matters that the TAC sees as a priority (carving up the IP space to create an intranet versus creating more POPS, interconnect points and a global backbone. The issues for which that the TAC was created in the first place).
It’s okay! As long as we stay calm and civil here it should all be fine :) We are always interested in hearing more opinions. We now have the problem of “we’ve been discussing this for 5 months, and we have everything thought of and in our head, and we just have to present it to the people”. Of course, there’s always the chance we missed something, and that’s why we want to have this public discussion. It’s just that a lot of points that are brought up were also brought up internally. I myself even asked if using public IP space for an Intranet is a good idea. I also did not like it the first time I heard of it. But I always tried to keep an open mind, look at the problem, and then evaluate this possibility. And the more I thought about it, the more it made sense and seemed as the only way to guarantee users of both networks a global uniqueness. But that wasn’t enough. We then studied how people currently use the space, how much we have, how many new allocation requests we get daily, etc. This gave us another piece of data: we have enough addresses. We then kept looking for other solutions, and by the time we had to decide, we looked at many things, we thought of many ways, and we had to combine it all and arrive at a final choice. This wasn’t easy. We had to make tradeoffs and we had to make some users unhappy. I wish we could avoid it, but any choice we made would lead to some people being unhappy. We could only try to minimize this amount of people, and even then try to give them as much support as we can to ease the pain. We understand that a /10 is very expensive, we’ve looked at the market price, we compared the price per IP depending on size (to see how much more a /10 is worth over 64 * /16 for example). Eventually we decided that we prefer to use more IPv4 addresses instead of making more actual humans unhappy. A lot of people may disagree with this decision, and they would prefer to see more unhappy people than IPv4 being used like that. That’s also fine, and we accept that. Our goal here is not to convince people. We’re just trying to help you understand why we made *this* decision and not the *other*, and why we stand by it. But we always do this with an open mind, and without looking at our personal interest. We are open to the fact that we could have missed something entirely. It may appear as we have already set our mind, but I can assure that we’re willing to reevaluate at any time. It’s just that we’ve been through most of these arguments internally and we thought about it, and we already have an answer that is good enough for us.
Finally, the TAC is working on many other things as well, including PoPs, IPv6, RPKI, etc. but this just happened to be the first one that came out of the pipeline. We have done work in parallel, and it will slowly start to get to this mailing list for your feedback. Please also keep in mind that the TAC has no budget or staff assigned to it, which means that we can’t approve expenses, anything we do has to be approved by the Board (and ARDC Staff). We also have no staff allocation to us to work on things. We have an advisory role where we tell ARDC how we think they should build a PoP system (and that they should) and then it’s up to ARDC to build and maintain this. It’s not us that will be writing the code or administering it. We can experiment on our own time and come up with some advice (e.g. PPTP did not work, use L2TP), but eventually it is ARDC and its staff and contractors that will deliver the final product.
Antonis
Hello all together,
Here in Austria we use our 44.143/16 net purely for Hamnet/Intranet
purpose. Most users are not on this mailing list and simple use the
network.
Most of the network is radio based with a few interlinks tunneled trough
the internet
https://hamnetdb.net/map.cgi#zoom=8&lat=47.811&lon=13.37&layer=Mapnik&overl…
The nodes are using BGP routing as most of Hamnet in Europe, most users
are only connecting to the Network and don't have to care about BGP.
The question I'm getting over and over again is, which Subnets should be
routed to Hamnet to reach most of it and at the same time not blocking
the Internet routed subnets. So this clear separation would clearly help
us as well.
Finally, those OMs who have Internet routed Subnets (outside 44.143)
would have to move, but its clearly worth the effort. Some of us are in
training as we had to move allot of infrastructure after the subnet was
sold.
73
Lucas OE2LSP/KC1GDN
This was accidentally only sent to Ruben.
> Begin forwarded message:
>
> From: "Antonios Chariton (daknob)" <daknob(a)daknob.net>
> Subject: Re: [44net] A new era of IPv4 Allocations
> Date: 30 July 2021 at 14:18:24 CEST
> To: Ruben ON3RVH <on3rvh(a)on3rvh.be>
>
>
>> On 30 Jul 2021, at 13:36, Ruben ON3RVH <on3rvh(a)on3rvh.be> wrote:
>>
>> Hi Antonio,
>>
>> Good day. (past noon here)
>> I still don't get it sorry, your analogy makes no sense either because 44.0/8 was amateur radio only and 44/9 and 44.128/10 IS still amateur radio only.
>> So there is no public, there is no FM, there is no VHF/UHF...
>>
>> Using public address space for an intranet nobody but some germans care about makes no sense at all.
>
> And one can also say that using amateur radio frequencies makes no sense at all. Is that true?
>
> If you use 44 addresses on the Internet, then they are simply IPv4 addresses. There’s nothing special about them. It’s just that some privileged people that got a license can get free IPv4, while some other not-so-privileged people have to pay insane amounts of money to get them. Do we want ARDC to only support the use case of connecting people to the Internet and being a global ISP?
>
> We think that amateur radio has much more to offer than just “connect to the Internet with no NAT”. There are more use cases, and I am sad to see that people don’t want to accept this or help accommodate the people that have these use cases. Especially at a time where more than half of us belong to this category, and there’s no cost involved in doing so, nor danger of running out of IPv4 addresses. I still don’t understand why some people prefer to harm their colleagues (the majority even) by depriving them of resources, just because they don’t enjoy to do the same things as them. How would you feel if we proposed a total ban on all use of 44/8 on the Internet? No more BGP, no more LOAs, no more IPIP Mesh routing to the Internet, no PoPs. We turn all of it into an intranet.
>
> That would feel terrible to me if I just wanted free IPv4 and just because other (most!) people don’t want it, they decided to completely prevent this use case.
>
> I am telling you again: we use 1-5% of the IPv4 space. 99% of it is sitting idle, and not being used. Why do you insist on keeping such an expensive and valuable resource unused, if other people (most people?) want to use it? That sounds like a terrible decision.
>
> If we only used 1% of our RF spectrum, it would start to disappear and be gone very soon. Would you prefer that we lose anything above 50 MHz, just because you only like to use < 50 MHz? Why can’t we all accept that some people only like VHF, and some only like UHF, and some only like HF? Why do we only have to force people to use one band, if we have all of them available? I am really struggling to understand this logic. This is really beyond me. We prefer to have space sit there until the end of time, not used, instead of giving it to our colleagues and friends that want to use this. I am sorry if I don’t get it, but this seems crazy and insane to me.
>
> We are using 1% of the space, and instead of wanting to use more of it, we tell more than half our users to move away from it. Why? So we can use 0.5% of it then? How is this any good? Why would we like to use *less* space, if we are already “borderline using it”?
>
> I know a lot of you have networking experience and have worked in ISPs and know how valuable IPv4 is. But this is way beyond what most ISPs deal with. We have 48 *thousand* /24s! We have 192 /16’s! I’m willing to bet that we have more space than 99.99% of the ISPs out there (by definition too, since we hold 1/200th or so of the “globally unique" Internet). A commercial ISP with 5000 customers and a /24 needs to save every drop. On the other hand, we only use one drop of our ocean.
>
> We are privileged to have more IPs than 99.99% of everyone else right now. Why do you not like us to use it for amateur radio purposes and instead prefer to just keep it unused? What’s the point of it?
>
> This is like the argument that we should preserve IPv6 space and not give each LAN a /64. I think most people that claim this simply don’t understand the sheer volume of “2^64”. The human brain just isn’t good at wrapping around these types of numbers. But if you look at the mathematics behind it, then maybe you can understand this better.
>
> We have a car with a tank of gasoline, and we only want to use half a liter of it, and then every time we consume half a liter, we want to go back to the gas station and fill it up again. We have a range of 720km with this car, yet we only want to do 5 km at a time, and then go to the station.
>
>> I'm looking forward to the poll data. (although I don't get why that has to take a few days as you already have that poll data as you've taken the poll amongst the German and American hams as you say)
>
> The TAC has not performed a poll, but instead we talked in 1:1 sessions with users and coordinators of these networks. If you feel like we should create a poll though, I imagine we could organize it and send one.
>
> Antonis
Apologies, I sent this to Ruben only, and not to the list.
> On 30 Jul 2021, at 13:36, Ruben ON3RVH <on3rvh(a)on3rvh.be> wrote:
>
> Hi Antonio,
>
> Good day. (past noon here)
> I still don't get it sorry, your analogy makes no sense either because 44.0/8 was amateur radio only and 44/9 and 44.128/10 IS still amateur radio only.
> So there is no public, there is no FM, there is no VHF/UHF...
>
> Using public address space for an intranet nobody but some germans care about makes no sense at all.
And one can also say that using amateur radio frequencies makes no sense at all. Is that true?
If you use 44 addresses on the Internet, then they are simply IPv4 addresses. There’s nothing special about them. It’s just that some privileged people that got a license can get free IPv4, while some other not-so-privileged people have to pay insane amounts of money to get them. Do we want ARDC to only support the use case of connecting people to the Internet and being a global ISP?
We think that amateur radio has much more to offer than just “connect to the Internet with no NAT”. There are more use cases, and I am sad to see that people don’t want to accept this or help accommodate the people that have these use cases. Especially at a time where more than half of us belong to this category, and there’s no cost involved in doing so, nor danger of running out of IPv4 addresses. I still don’t understand why some people prefer to harm their colleagues (the majority even) by depriving them of resources, just because they don’t enjoy to do the same things as them. How would you feel if we proposed a total ban on all use of 44/8 on the Internet? No more BGP, no more LOAs, no more IPIP Mesh routing to the Internet, no PoPs. We turn all of it into an intranet.
That would feel terrible to me if I just wanted free IPv4 and just because other (most!) people don’t want it, they decided to completely prevent this use case.
I am telling you again: we use 1-5% of the IPv4 space. 99% of it is sitting idle, and not being used. Why do you insist on keeping such an expensive and valuable resource unused, if other people (most people?) want to use it? That sounds like a terrible decision.
If we only used 1% of our RF spectrum, it would start to disappear and be gone very soon. Would you prefer that we lose anything above 50 MHz, just because you only like to use < 50 MHz? Why can’t we all accept that some people only like VHF, and some only like UHF, and some only like HF? Why do we only have to force people to use one band, if we have all of them available? I am really struggling to understand this logic. This is really beyond me. We prefer to have space sit there until the end of time, not used, instead of giving it to our colleagues and friends that want to use this. I am sorry if I don’t get it, but this seems crazy and insane to me.
We are using 1% of the space, and instead of wanting to use more of it, we tell more than half our users to move away from it. Why? So we can use 0.5% of it then? How is this any good? Why would we like to use *less* space, if we are already “borderline using it”?
I know a lot of you have networking experience and have worked in ISPs and know how valuable IPv4 is. But this is way beyond what most ISPs deal with. We have 48 *thousand* /24s! We have 192 /16’s! I’m willing to bet that we have more space than 99.99% of the ISPs out there (by definition too, since we hold 1/200th or so of the “globally unique" Internet). A commercial ISP with 5000 customers and a /24 needs to save every drop. On the other hand, we only use one drop of our ocean.
We are privileged to have more IPs than 99.99% of everyone else right now. Why do you not like us to use it for amateur radio purposes and instead prefer to just keep it unused? What’s the point of it?
This is like the argument that we should preserve IPv6 space and not give each LAN a /64. I think most people that claim this simply don’t understand the sheer volume of “2^64”. The human brain just isn’t good at wrapping around these types of numbers. But if you look at the mathematics behind it, then maybe you can understand this better.
We have a car with a tank of gasoline, and we only want to use half a liter of it, and then every time we consume half a liter, we want to go back to the gas station and fill it up again. We have a range of 720km with this car, yet we only want to do 5 km at a time, and then go to the station.
> I'm looking forward to the poll data. (although I don't get why that has to take a few days as you already have that poll data as you've taken the poll amongst the German and American hams as you say)
The TAC has not performed a poll, but instead we talked in 1:1 sessions with users and coordinators of these networks. If you feel like we should create a poll though, I imagine we could organize it and send one.
Antonis
This was accidentally only sent to Mario.
> Begin forwarded message:
>
> From: "Antonios Chariton (daknob)" <daknob(a)daknob.net>
> Subject: Re: [44net] A new era of IPv4 Allocations
> Date: 30 July 2021 at 15:32:26 CEST
> To: Mario Lorenz <ml(a)vdazone.org>
>
>
>
>> On 30 Jul 2021, at 14:08, Mario Lorenz <ml(a)vdazone.org> wrote:
>>
>> Dear Antonios,
>>
>> Am 30. Jul 2021, um 03:18:53 schrieb Antonios Chariton (daknob) via 44Net:
>>> Hello Mario, please find my answers below:
>>
>> Thank you very much for those insights. Although the image this paints
>> is very bleak indeed.
>>
>>> We do not want to limit the hardware, but we would like to have an IP version of the frequency plan: 44.128/10, however you connect to it, is the radio amateur band, and 44.0/10 is the commercial 5G band or the ISM band of WiFi. One is for people that are licensed, and the other is simply the Internet that anyone can use.
>>
>> Thats unbelivable, I can but hope that something is lost in translation.
>> Let me rephrase that:
>> The proposal is nothing short of ripping out 44.0/10 from the diverse
>> cloud of radio amateurs that AMPRnet stands for, and making it part of
>> the regular internet, available to anyone without a license and removing
>> traffic exchange with the remainder (44.128) of the AMPRnet. This
>> proposal is, in your spectrum analogy, taking away valuable ham radio
>> spectrum and dedicating it to general internet usage.
>
> That’s what people want to do though. They want to use an amateur radio resource (44.0/10) to talk to people on the Internet that are not licensed. Normally in RF you use a ham radio frequency to only talk to radio amateurs. In the IP world, the src and dst can be different. People want to use an amateur radio resource to talk to a commercial resource, and a commercial resource to talk to a ham radio resource.
>
> These two networks can interconnect. EchoLink now bridges the Internet with the amateur radio spectrum. But we don’t use IP addresses on EchoLink, we use our callsigns, transmitted over IP packets. And similarly, when we do IP / Internet connectivity over amateur radio spectrum, we use IP addresses on top of callsigns.
>
>> I call on the ARDC board to disapprove this plan.
>>
>> Then again, this is the opposite of the language in the
>> official proposal (last page), making me wonder whether
>> this is truly what the TAC actually discussed and decided.
>> Are there any public TAC meeting minutes or the like by chance ?
>
> We have collected minutes of meetings that we did as the TAC, and they capture a part of the total work that has been put through this. However, at this time, they are not public. Is there something specific that you’re looking for? I could help provide more information on that.
>
> The TAC discussed and proposed the PDF document you see, and more importantly the resolution at the end of it. Everything else is me trying to answer questions, provide reasoning and context, and try to address things not covered in the document.
>
> The reason we decided on me for this role (but still representing the TAC’s opinion, not giving my own) is that if we had to find a time to meet and discuss every single e-mail that we receive here and jointly write a response to that would massively increase the latency of answers you receive from minutes or hours to days or weeks.
>
> In order to make sure that I can still represent the opinion of the TAC, we discuss all e-mail asynchronously and a corrective statement needs to be issued, we will do so promptly, with a text that has been approved from all of us.
>
> So far, we are not working on any such response, and all TAC members agree with the responses provided by me.
>
>>>> The former could also be read as a policy/guarantee that no
>>>> non-amateur-radio based means of communication are involved.
>>>> Is that intended ?
>>>
>>> Yes, correct. One of the things that this proposal can bring is that a part of the network is reserved for radio amateur to radio amateur communication.
>>>
>>>> I note that you also use the term "radio-only network" on page 3.
>>>> Since 44.0/9 according to your proposal is not "radio-only", this
>>>> would mean that 44.128/12 should not be accessible from 44.0/9, which
>>>> is the opposite to your proposed resolution.
>>>
>>> This is actually (part of) the proposal. That we guarantee that people in 44.128/10 can only be reached by other people there, and people in 44.0/10 (technically /9) can be reached from the entire Internet, except 44.128/10 (natively). This is similar to how only radio amateurs can transmit in a ham band, but everyone can transmit to an ISM band (including hams).
>>
>> Your two statements are again contradictory.
>> One point of view, taken by some amateurs back in the 90s was that
>> the communication between two Amateurs should ONLY occur via radio
>> waves. In other words, a "radio only" network should, as the name
>> implies, not be using any other mode of communication, for example
>> an IP tunnel THROUGH the Internet. That is a different, much more
>> extreme position than defining some sort of an "Intranet" for amateur
>> radio usage, which could include internet links, tunneled or not,
>> as long as both end users are licensed amateurs. This is another
>> example why TAC should be very careful with wordings, and maybe provide
>> stringent definitions of some key terms.
>
> We only want to preserve some IP space that can be used for ham-to-ham communication. How they communicate is up to them. If they want to use radio-only, they can get an allocation off this space and build a radio-only network. If they want to communicate with carrier pigeons only, they can get an allocation and build a carrier-pigeon-only network. If they are okay with using tunnels *through* the Internet, then they can do that.
>
> We just want to make sure that we have some space reserved for this type of communication. Going back to the RF analogy, ALL amateur radio space is for ham-to-ham only. In our proposal SOME of the space is for ham-to-ham, and the rest is for ham-to-Internet-and-possibly-hopefully-some-hams-too. If anything, and we go by RF standards, advertisement of 44/8 should be prohibited on the Internet as non-hams can reach you.
>
>>>> b) Which route do I need to put into my router to address the radio
>>>> network ? In particular, how can you answer this question without
>>>> considering the specifics of each individual case ? Why would there
>>>> be only one route?
>>>
>>> You can address the “radio network” with a single route: 44.128/10. This proposal guarantees that everyone there will be on the radio-only network, the same way transmitting to 144-146 MHz in the EU is to reach hams only. Any traffic you receive is (should be) from a ham, and you should only send anything if you are a ham, and you intend to reach other hams. Transmitting to 2.4 GHz in the ISM band allows you to talk to more people (anyone), but also anyone can talk to you.
>>
>> That is simply not true, since there is no homogenous radio network.
>
> This is partly true: there is not a “single 44.128/10” but anyone can create their own network within this space. However, if some of these networks don’t want to talk to everything else, then this is working as intended, and they are by design not reachable. We hope that most of the networks there would want to be interconnected and they can do so through radio links, VPNs, Internet tunnels, satellites, or any other technology they see fit. One of them (but not a mandatory or the only one) will be the ARDC-provided PoPs. They will act as one of the many methods people could use to make sure that these networks talk to each other.
>
> The only exception that would make the single static route argument not true is that if a single user wants to participate in more than one of those networks, and none of them, by design and choice, want to be interconnected with anything else. In this extreme case this person would need to use one static route per such network. This is still far less and changes much less frequently than if it’s a free-for-all where everyone can do whatever they want in any part of the IPv4 space.
>
>>>> c) Can you back up the "originally intended"
>>>> claim somehow ? I note that net-44 originated in the USA, which
>>>> historically has rather liberal third-party traffic rules compared
>>>> to other countries,
>>>
>>> We probably have a lot of people in this mailing list that were even a part of this and can speak up, but this happened before the Internet was (broadly) adopted and the 44/8 was a way for this “Internet” project some people were working on to talk to this network of these “radio amateurs” that they set up in the USA or Europe, etc.
>>
>> You (the TAC), made the claim and used it as a foundation
>> of your proposal. It is your onus to prove it or at least to plausibly
>> support it.
>
> I thought that people that actually set it up themselves would speak up, instead of me, where I just got to read and hear about it, but if nobody did it, I will come back to you with a proper statement. I just felt that it would be better to hear this from the people that were there for it.
>
>>>> d) You propose a policy of not announcing the prefix on the internet.
>>>> "the prefix" is presumably 44.128/10. Do I have to understand this as
>>>> going back to pre-2012 (no direct BGP) or pre, uh, 1990 (someone
>>>> remind me please when mirrorshades started providing encap tunnels and
>>>> announcing 44/8).
>>>
>>> Yes, correct. This proposal wants 44.128/10 to not have any direct BGP allocations that appear on the Internet. Connectivity of these networks should happen between themselves (network to network VPN, radio links, …), the ARDC (or anyone else’s) PoPs, etc. and they will not communicate through the open Internet.
>>
>> Sigh. This was not a yes/no question, but rather a question how far you
>> want to turn back the wheels of time for 44.128. Pre-2012, individual
>> networks did not have direct BGP announcements, but had connectivity
>> (or lets say the option to connect) through mirrorshades(.ucsd.edu)
>> which announced 44/8. I can bear witness that this worked that way at
>> least from 1995, but likely much longer.
>>
>> Radio network access has at all times been set according to the
>> gateway's jurisdiction and ham radio regulations, namely
>> third party traffic. In most of Europe, any non-44 IP frame over an
>> amateur radio link was (and likely still is) illegal. Not so in
>> the US under third party traffic rules, albeit the situation has
>> become considerably murkier with the advent of encryption (HTTPS, SSH).
>>
>> Again, please observe the careful distinction of "communicating
>> with the open internet" vs. "communicating through the internet"
>
> This is an important distinction and something we still allow: the ONLY thing we say is that 44.128/10 MUST NOT be reachable from a non-44.128/10 address. By definition, that means that no part of this space may appear on the Internet. Of course, the exception here is that ARDC will still advertise it to combat hijacking, etc. but will DROP ALL traffic sent to it. It will be dropped at the edge and not forwarded anywhere.
>
> With this definition you can then create any type of construct you want on top of that. We only want to provide this guarantee to you. Depending on local or national or international laws you may have to do different things, but we only want to provide this very simple guarantee. Nothing more, nothing else. If it’s illegal to use 44.128/10 in some countries based on this guarantee, then you can always use 44.0/10. If it’s illegal for a country to use 44.0/10 and can only use 44.128/10, then they have to move to this part by law.
>
>>>> e) Is there a rationale why existing regional networks cannot decide
>>>> themselves what level of internet connectivity they desire,
>>>> considering e.g. the local ham radio regulations
>>>> and keeping their numbering and infrastructure which have been
>>>> assigned to them long before ARDC existed as an entity. Is there
>>>> a particular reason for not grandfathering them ?
>>>
>>> Unfortunately this would be difficult to accommodate as the guarantees cannot be offered then. If radio amateurs don’t have a dedicated band to talk to each other, and they have to use the ISM bands, there’s no way to distinguish between normal people and licensed hams. You can’t tell and there’s no guarantee that the person you’re speaking with is a ham or anyone else.
>>
>> You *never* can be certain. How many QSOs have you made where you
>> asked first for a copy of your partners license to be faxed ?
>> The problem is the problem of those allowing the traffic to cross
>> to a radio operated under amateur radio regulations, i.e. the operators
>> of that radio. Pre-2019, most of them would in the past have accepted
>> access to a sufficiently routed 44/8 IP as sufficient authentication,
>> although of course it is not perfect. Others required authentication
>> though a login on the gateway.
>
> We can’t be certain, I agree with what you say. What we can do is make it much better than it is right now. We think that even if we can’t provide a perfect solution, we should still make steps to improve the situation.
>
> If you are in this 44.128/10 network, it’s extremely less likely for non-hams to reach you. If you are connected to the Internet, and you advertise your space with BGP, it is in fact *guaranteed* for non-ham traffic to reach you.
>
> You could argue that you could deploy ACLs or Firewalls, or any measure like that, and this would help you only accept 44/8 traffic. But this is still worse: packets on the Internet today can be spoofed. A non radio amateur could send a spoofed packet appearing from 44/8 from a commercial ISP, and it would get through your firewall and possibly over your RF links just fine. Moreover, if two 44/8 networks connect with intermediate hops over the Internet, e.g.:
>
> 1. 44.1.2.3
> 2. 44.3.2.1
> 3. 192.0.2.15
> 4. 193.5.16.50
> 5. 44.4.6.7
> 6. 44.7.6.5
>
> (Which I assume is what you want to do if you want to be on the Internet BGP and block all incoming traffic from non-44/8 hosts)
>
> Then hosts #3 and #4 that are non-hams can easily modify any and all traffic and cause a transmission in a ham band of packets that are not from a ham. This is much more common than you can imagine, and not always done maliciously. If I am node #1 and I do a traceroute to node #6, due to the way the traceroute utility works, nodes #3 and #4 will generate a new packet themselves (TTL Exceeded) and send it back to #2, who will forward it over a ham link to #1. Node #2 probably did something illegal, as they transmitted a packet that was not generated by a radio amateur (it’s a non-manned station / router of Cogent / Telia / Hurricane Electric, …) over a ham band.
>
> If you have the knowledge that any host you traceroute within 44.128/10 is (to the best of your knowledge and ability to tell) a radio amateur, and that these packets will not travel raw over the Internet, and no packets from the Internet can be introduced into this connection (because it’s inside a VPN for example), then you can be sure that running the traceroute command will not cause a number of people to break the law along the way.
>
> Now for the use case where you want to be on the Internet with 44.0/10 addresses, but don’t want to drop all incoming traffic that is not sourced from 44/8, then it is normal to expect that all these port scans that people do will reach all IPv4 addresses in your network. Since you know this is going to happen, you cannot use any radio link in a non-ham band, as it is guaranteed that these stations will transmit a message over an amateur radio band that is not from a licensed user. Even with a stateful firewall that only allows outgoing connections, all responses you get from Facebook, Netflix, Altavista, etc. will be from a non-radio-amateur and you will be transmitting them over a band illegally.
>
> If this law applies to you, then you cannot use the ham bands to “communicate with the open Internet”. I think that we both agree on that. Now moving to the case of “communicating through the Internet”. Let’s examine that.
>
> If the network does not appear via BGP on the Internet, then everyone has to set up tunnels to interconnect everything. You can’t just send traffic to a commercial ISP and have it delivered. It will be dropped by ARDC. This guarantees that the traceroute problem I described earlier (and any other similar case) won’t happen. The only routers and equipment that participates in this network is (or must be) owned and operated legally by hams. You don’t rely on Internet infra and expect any guaranteed. This means that it is almost guaranteed to not break the law or at least it is much much much much much much more certain that such a system would not break the law than talking transparently “through the Internet”.
>
>>> Similarly to the RF world, in IP there’s this kind of problem as well. If you have IP addresses on the Internet, you could receive traffic from anyone. Sure, you can use an ACL or a firewall, but that’s not guaranteed. Packets could be spoofed for example. If you have a special network where you know that all senders and recipients are hams, then you can build things with different assumptions. You can build internal tools or apps, websites, etc. It’s up to you. It’s a band where you will only find people of the same hobby as you, that are licensed.
>>
>> This used to be the description of 44/8 (now, sans the AMAZN part). To
>> my knowledge, this never changed (see ARDC's AUP). If it did, I would
>> support a reversion of that change.
>>
>>> The other part is like an ISM band. Sure, you can use this to talk to other hams, and you can use it to talk to non-hams, and non-hams can use it to talk to you, and you have to establish by your own means who is who, and ensure that they can’t trick you.
>>>
>>> What our proposal aims to do is to create a separate “Ham Band” / Intranet / 44.128/10 and a separate "ISM band” / Internet / 44.0/9. By using simple RF or IP you can’t have them collocated into the same space.
>>>
>>> This is the reason why we cannot have scattered space and we want to have it aggregated and easy to address. Instead of our “band plan” being hundreds of lines and have it change daily, and move band from “ISM” to “Amateur Radio” and vice versa, we want to create a very simple band plan of 2 entries that don’t change. One is, and will remain to be “ISM” (44.0/9) and one is, and will remain to be “Radio Amateur” (44.128/10).
>>>
>>> Having a more stable and simple band plan is easier for everyone. They can make more informed decisions for the future, they can choose who they want to talk to, and they can even decide to use both bands: use a handheld radio (Radio Amateur) and a phone with WiFi (ISM). This is what we try to do on a technical level. Clearly define the two bands, and make sure that they are very few, and very stable.
>>
>> People *DID* that, based on the current policy that each subnet can
>> decide if it wants internet connectivity. This was the policy that
>> governed AMPRNet for at least since the mid-nineties.
>> People built their network around that policy (and the legal
>> requirements). Later they *DID* opt for BGP or not.
>>
>> It is the TAC with this proposal that is flipping over the apple-cart.
>> For such a proposal, in addition to the potential benefits that such
>> a plan may bring, TAC MUST also address the cost epecially the work you force
>> uppon the affected users.
>
> I agree that we must address this work, and it could be a lot of it. Unfortunately the best the TAC can do is to include these resolutions for the board to vote on (give enough help, time, …). Anything else will have to come from the Board as we do not have any authority to help in any other way.
>
> There are a lot of people that would have to renumber e.g. 200 hosts that we saw earlier, or possibly more. But I think this is a testament that the current network is not easy to use: you may have 20 users, but a single person was managing it and has to renumber everyone. If anyone participating was an expect, they would simply have to renumber their own hosts, that would be less than 200 for a typical setup.
>
>>> In the IP world this translates to easier routing (each “band plan” entry is a route, and if it’s just one, it could even be a static one), and less frequent changes. I don’t have to consult today’s band plan to know why 44.5.5.5 does not respond from 44.128.128.128, if the reason is that 44.5.5.5 decided to be Internet-only today or Intranet-only tomorrow.
>>>
>>> We could have made use of complex routing protocols and policies that would dynamically try to discover what each address or subnet is (because it’s not always clear and we can’t always tell what each address wants to do, even if we forced everyone to connect to an ARDC PoP) and then continually adjust this and maintain a complex state. This is something that a lot of people would also have to do, or they would have to find someone to do it for them (e.g. the ARDC PoPs). Going towards our value of being as inclusive as possible, we did not want to force people that don’t want to to have to do this or to have to connect via an entity that can do this. By having a 2-line band plan that doesn’t change over time people can even hard-code it if they don’t want to deal with all of this complexity or necessarily rely on someone to do it for them and then form a dependency to them.
>>
>> You are forcing your world-view uppon all existing users of 44.128/0
>> and require those that disagree to leave and expend effort to renumber.
>> I do not think that "inclusive" is quite the correct word for that.
>
> And the current users force their world view upon future users and also a large part of this network. I don’t think that it’s about who wins and who gets forced to submission. The TAC tries to create space for both use cases so we all win, and we are all happy. Like any rule in any civilized society, some people will have to make some sacrifices to co-exist. They will have to understand why they need to do this, and then they will have to give the others space to grow and have fun as well.
>
> Under no circumstances do we want a minority of very vocal people that shout to bend the majority to their will, simply because they can’t shout loud enough. And it seems that this happens frequently on the modern world. We have to understand that by forcing people to do anything, we only drive them away. I would consider it a failure if people gave up on a project or hobby or resource just because the environment there does allow room for them to grow, and I did not do my best to speak up for them.
>
> We have to understand that not everyone can shout. We are all different, and we all want different things, and we all have different needs. Some people are too shy to shout. Some people have weak vocal cords. Some people don’t speak the language we shout in.
>
> If we let these people be ignored, and we only do what these few vocal people say, then we will create something that is only inclusive and welcome to people that can and want to shout. This almost certainly guarantees a toxic environment that people will slowly start to abandon and leave it be, simply because it’s not what they want to do.
>
> If someone creates their own “People that shout” club, then that’s fine. They can all gather every week and shout to each other. I personally don’t want to join this club, I find no value in it. But we should collectively never allow these people to take over a public resource for all of us, that can benefit all of us, as this is dangerous. Just because they have the privilege to shout does not mean that other voices should not be heard. And not only that, but we should make all these decisions proportionately. Because this is a common resource, for all of us. Not only for some of us.
>
> Speaking personally, I will continue to be an ally and use my privilege of being able to shout to defend all these users and protect them and make sure that their voices are heard.
>
>> There are people that are fine with having the world communicate with
>> their 44. IPs. Nothing in your ham radio license forbids you talking
>> to other people, as long as you dont do it over a (amateur-) radio.
>> You proudly wear baseball caps with your callsign on it. Why can't
>> you wear your 44 IP?
>
> We want people to use their 44 IPs on the Internet! We are happy to see them do it, and we are really looking forward to all the nice things they can achieve by doing so. We just want to make sure that they’re not the only ones, and we leave some room for people that like something different. The current proposal gives enough space for now and in the future for people to do any of the two, or both things, as they wish. It’s about choice.
>
>> That said, removing the currently existing option to connect to the
>> internet by central gateway or direct BGP is a major, destructive
>> change of current policy. Sometimes, such destruction is requisite for
>> progress. It is the duty of the TAC to review such a change.
>> Such a review must be balanced, and necessarily must include a detailed
>> discussion of opposing views, a discussion why there is no
>> simple technical solution to the problem, and a discussion of those
>> negatively affected by this change. This all should be documented
>> for the record. Meaningful review would probably have also included a
>> documented poll of the affected network's coordinators.
>
> First of all, we do not remove the option for Direct BGP, and we won’t force anyone to use ARDC’s PoPs. That’s our goal. We reserve just as much space for Direct BGP as we reserve for non-Internet communication. Each user can decide which part of the network they want to be in, and they also have the option of picking both.
>
> Destruction is indeed sometimes necessary, but of course I think that we all agree that we should try to limit it. We don’t want to destroy anything. We just want to make a change over the next year so that it’s easier for everyone to move on in the future. We want to look at the long-term benefit of the network over the short-term trouble of renumbering a part of it.
>
> We are interested in the opposing views, the voices of the people that want to renumber, and we want to hear from all of you. This is why we started this thread a few days ago so we can get to hear all of you, and discuss with you. The PDF does not include a proposal that is final and that we have sent to the Board for a vote. It only includes *what we want to propose* and why we arrived at it after 4 months of work.
>
> If we get a good recommendation and we see the value in that, we would be happy to change it. It has not reached the Board and the Board is not going to vote on it if we don’t tell them we want them to.
>
>> At this time, I therefore believe the current TAC's proposal is
>> deficient and thus should be rejected (albeit without prejudice)
>
> As I said earlier, there’s nothing yet to reject. There’s no official motion made to the Board, and we will only send one after we get to hear you.
>
>>> Furthering the analogy, a handheld VHF manufacturer relies on a constant band plan to allow TX to 144-146 MHz and doesn’t have to build a system for their product to download this hour’s or this day’s Amateur Radio allocation and change the functionality based on that. You can also be sure that your local amateur radio repeater won’t be today at 89.7 MHz and your favorite radio station won’t transmit to 145.500 MHz this afternoon.
>>
>> This analogy is not suitable. For starters, the 2m band extends up
>> to 148 MHz in IARU Regions 2 and 3, which should give you pause to
>> consider the difference of what you are used to, what is legal in your
>> country, and what may be so in the rest of the world.
>
> I am aware that the bands are different for different regions of the world, but I do not want to make the example complicated. I thought that it was enough for people to understand my point, even if it’s region-specific, and that you can easily replace those numbers with your local ones. I did not see a benefit in being extremely precise in something that is not related to the point I try to make when the audience can probably understand it.
>
> If you did not get my point because of the fact that two digits are off, then I can rephrase the sentence with these digits as they stand around the world.
>
>> Secondly, why would I not be allowed to listen to that amateur radio
>> repeater using my commercial all-band radio receiver?
>
> First of all, it may be illegal in some areas of the world, e.g. I think the U.K. or Greece. But I think that’s not your point ;)
>
> If your radio supports both bands and you’re licensed for both, then you can talk to both using the same radio. If you’re not licensed for one of them, but a friend is, and you want to talk over it, you can set up a cross-band repeater (netmap, …) to allow you to do this.
>
> Antonis
