- 44net - mailman.ardc.net

ASN # and Network Service Provider (NSP)
by Angelo 22 Feb '21

22 Feb '21

Hi Guys, I am trying to locate two pieces of information to be able to complete my BGP request. This seems to be more of a challenge then I though it would be. Is there a reference page or wiki that I can provide to my ISP to be able to locate this information. We have been dealing with these two questions for over 2 weeks. I am not sure if the ISP or the NSP know exactly what we are looking. From what I understand the ASN is just a number. No letters involved in this number. Is this true??? Any help in providing information to the NSP would help. Break Down - I will be connecting to ISP via VPN connection. The ISP connects to his feed in Houston via I ATT fiber connect to his NSP in Houston. The ISP sell service to clients in his area. He has a /6 himself. Please don't laugh. I am trying to lay this out the best I can. Any help would be appreciated. 73 de Angelo / N5UXT

21 63

Question about setting up 44net connection on BPQ
by CJ Kelley 20 Feb '21

20 Feb '21

Hi Everyone, I am trying to set up a BPQ node for access over the 44net and I have been running into trouble getting the connection working. I am running into an issue where I am not able to ping any 44 nodes. I can ping the local 44net interface, but can't ping past that. The host is in a DMZ, so it should be receiving the rip44 table. Even though the IPs are internal, I scrubbed them. What am I missing here? I am not able to ping any 44net nodes. I pulled 44.44.6.33 for sample: ping 44.44.6.33 PBSNOD:W7PBS-7} OK My arp table: arp PBSNOD:W7PBS-7} x.x.x.191 70:2a:d5:4a:29:9d 255 E 2770 The portion of bpq32.cfg for configuring the 44net connection. Port 1 is AXIP and Port 3 is the telnet port. IPGATEWAY Adapter \Device\NPF_{64EA23A4-79E1-4342-83E5-E92D65C2CA3D} 44ENCAP x.x.x.147 # Enable AMPRNET Tunnels and RIP44. I used 148 as the Tunnel Enpoint IPAddr 44.124.1.17 #This is the first IP in your AMPRnet allocation. IPNetmask 255.255.255.248 #AMPRnet netmask (Why is this 248 ? This is for your AMPRnet subnet. Your AMPRnet subnet is /29) IPPorts 1,3 ARP 44.124.1.17 x.x.x.147 3 D route 44.124.1.16/29 44.124.1.17 ; AMPRnet routes. route addprivate 44.124.1.16/29 encap 70.167.209.246 ; Arizona routes route addprivate 44.124.9.0/24 encap 65.49.149.125 route addprivate 44.124.7.0/25 encap 174.74.248.93 route addprivate 44.124.10/30 encap 50.116.8.127 route addprivate 44.124.1.8/29 encap 107.2.6.33 Thank you for your time, Christopher Kelley KG7UJH

4 10

Recap (incl video!) from Feb. 06 Meeting
by Rosy Wolfe 19 Feb '21

19 Feb '21

Hello 44net, Please find a recap of our Feb. 06 meeting here: https://www.ampr.org/feb-06-community-meeting-recap-2020-annual-report-new-… Thank you for your patience - it's been a busy couple of weeks. One thing that's happened is that we've been getting our new TAC and GAC up to speed. Read about the new committee members in the link above! Have a great weekend, Rosy -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

1 0

Greetings and http vs https
by traderbeckola＠tahoma.com 17 Feb '21

17 Feb '21

Hello! I am new to 44net and AMPR. As I am learning about the AMPR system and setting up a gateway, I have been working through the ampr.org website and found that a lot of internal links are broken, as they reference http://... , but the links have been converted to https://. Anyone else having the same issue? 73's Erik, N7FYO

2 3

Updated Granting Goals
by Rosy Wolfe 12 Feb '21

12 Feb '21

Hello 44net, I'm pleased to share that ARDC has updated our granting goals for 2021. You can see them posted here: https://www.ampr.org/grantmaking-categories-requirements-goals/ The changes were made following feedback that the previous version was a bit confusing (including feedback from last year's 44net survey). This version breaks things down a bit more simply, into 3 high-level categories: * Support and Growth of Amateur Radio, * Education, and * Technical Innovation. Technical Innovation applies to the following areas: * Amateur Radio Technology & Experimentation, * Internet Technologies, * Digital Communications, and * Communication Science & Technology If you are interested in applying for a grant, please take a look at this new language. On a related note, we're looking forward to putting resources and effort into improving the Portal in 2021. I'll have more to share at our upcoming community meeting on Saturday 06 Feb. Learn more and sign up here: https://www.ampr.org/feb-6-meeting-sign-up/ Like last time, we'll share a report following the meeting for folks who can't attend, along with supplemental materials, including our first-ever annual report. More soon! Best wishes and 73, Rosy -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

2 2

Contact request
by G1FEF 08 Feb '21

08 Feb '21

Hi, Does anyone know Ryan, K0RET and can get a message to him please? Ryan, if you are reading this, please could you drop me an email? Thank you, Chris - G1FEF

1 0

Feb. 6 Community Meeting + New Survey
by Rosy Wolfe 06 Feb '21

06 Feb '21

Hello, 44net! It's 2021, and things are already getting off to a running start at ARDC. We've got a big year of grantmaking and 44net portal work in store for the year, with additional members being added to our Grants Advisory Committee (GAC) and a new Technical Advisory Committee (TAC) being created to support both efforts. We'll have more to share about it soon, and we'd love to tell you about it at our next **community meeting**: * Saturday, 06 Feb 2021 * 18:00 GMT (10am PT / 1pm ET / 7pm CET) Join us by signing up here: https://www.ampr.org/feb-6-meeting-sign-up/ In this meeting, we'll cover: * Highlights from 2020, * Grantmaking goals in 2021, * Introductions of new Technical Advisory Committee (TAC) and Grants Advisory Committee (GAC) Members, * Survey results from our latest survey, discussed below, and * Questions from our attendees. This meeting will be similar to the one we held on 10 Oct. 2020: https://www.ampr.org/recap-ardc-44net-oct-10-community-call/ This one is intended for a much broader audience. So - please tell your friends! We also plan to record this meeting for those who can't make it. ## New Survey Leading up to the meeting, we're also asking amateur radio enthusiasts to give us their thoughts in this survey: https://survey.alchemer.com/s3/6096699/ARDC-Amateur-Radio-Survey Please share it with other hams you know. As with the last survey, the aim is to get to know the people we aim to support through our grantmaking. And like our upcoming meeting, it too is meant for a broader audience. That's all for now! Looking forward to sharing more with everyone soon. All the best, Rosy -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

1 1

BGP et al
by Colin Bodor 05 Feb '21

05 Feb '21

Hello, with all the talk of BGP on the list I thought I would drop a note. I am also part of another volunteer effort for those of you already doing your own BGP. Project TON, its sort of like a RBL but via BGP www.projectton.com<http://www.projectton.com> you can setup a peering, and block bad actors (mostly SSH scans currently but our mix is always growing) or even do blocking by prefixes based on country. All free of course - and currently experimental so YMMV, we are just trying to contribute to the community and make the internet "safer". If anyone also had any questions about BGP stuff in Western Canada (Calgary), I could help with that as well - its my day job. My thanks to everyone dedicating their time to this effort. -C/VA6CCB

1 0

Portal user name
by Tracy Markham 01 Feb '21

01 Feb '21

I forgot my portal login info ... entered my email address into the password reset and got the link, but it is asking to confirm my email address by entering my username - holy bazoombas I must have forgotten that one as well ... How to find your username? Years ago I deleted the welcome email ... Thanks Tracy N4LGH

2 1

Re: [44net] Concerning over undocumented BGP announcements
by Nat Morris 31 Jan '21

31 Jan '21

On Sun, Jan 31, 2021 at 2:55 PM G1FEF <chris(a)g1fef.co.uk> wrote: > > > > On 31 Jan 2021, at 14:09, Nat Morris <nat(a)nuqe.net> wrote: > > > > Which blocks did you report? > > I don’t really want to go into specific details on an open mailing list. Suffice to say that keeping an eye on these and responding to problems keeps me busy enough! Why not? what is to hide? hijack discussions happen on other mailing lists in the public. So no more comment from yourself as the BGP co-ordinator on the prefixes in the report? https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd… If you really do have the details on all these prefixes, there should be no reason you can't provide a statement on each, if it is an expected announcement, misconfiguration or hijackk Without you being slightly more forthcoming in public, in my eyes it puts the whole integrity of co-ordinating AMPRnet BGP announcements in doubt. > > Any explanation for these prefixes announced in the UK by AS61337, > > along side your portal prefixes, they are not documented at all in the > > portal: > > Not all allocations appear in the public listing on the portal, for various reasons. Try the Whois server if you want by check specific prefixes. Where is this publicly documented? > > RADB is ok, but not sufficient for the future. A better investment > > would be for the ARDC to negotiation with one of the 5 RIRs for > > prefixes to be registered there, so we could all benefit from use of > > their RPKI trust anchors. > > I can’t see that happening anytime soon I’m afraid, if ever, unless they drastically change their terms. We won’t do anything that risks losing our legacy status. Have the ARDC approached each RIR and discussed this? > > Having prefixes in RADB will not provide > > trust anchor functionality. > > Agreed, and RPKI is something we understand is desirable, there are several ways it could be achieved and will be the focus for the TAC at some point in the future. > > >> Which repo is this development taking place in? > > The development is taking place currently and will be open sourced when it’s ready. In the meantime, if you want to have input on any features you would like to see, feel free to contact Rosy and/or myself. I'd like to see planning for this taking place in the open, not closed. > > I noticed the github.com AMPRnet Portal repo has been removed. > > There was no point in it being there, we tried that route a couple of years ago and didn’t get anywhere. Nat, -- Nat https://nat.ms +44 7531 750292

4 4

Concerning over undocumented BGP announcements
by Nat Morris 31 Jan '21

31 Jan '21

Hello all, Over the last few months I have noticed some odd BGP announcements of prefixes which have no allocations in the AMPRnet portal. After spotting 5 or 6 of these it made me wonder how many existed. This evening I took a snapshot of the RIPE RIS data for announcements within 44.0.0.0/9 and 44.128.0.0/10, which took place in 2021. Then scraped the allocations from the AMPRnet portal, compared prefixes directly and then used a radix tree to find a best match. The resulting data https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd… At first glance there are some expected entries, for example users with a /22 or /23 announcing a more specific /24. What really worries me is the amount of announcements of /24s where the closest portal documented prefix is a /16. Are these being used legitimately? do AMPR co-ordinators what details about them? or have they been hijacked? Look for example at /24 announcements within country assignments, but no specific description! I would like to start a discussion around these specific prefixes. The scripts I wrote are here https://github.com/natm/amprnet-observer Kind regards, Nat. -- Nat https://nat.ms +44 7531 750292

8 10

Ubiquiti XRouter X Gateway
by Lee D Bengston 31 Jan '21

31 Jan '21

Hello, I have followed the instructions at https://wiki.ampr.org/wiki/Installing_ampr-ripd_on_a_Ubiquiti_EdgeRouter_or…, but am encountering an error when running the ampr.sh script. line 28: /usr/sbin/ampr-ripd: cannot execute binary file The binary file is executable and I am attempting to run it from root. Line 28 has not been modified in the script: ampr-ripd -s -t 44 -i tun44 -m 90 The instructions say only to modify if needed, and based on the info in the Wiki I did not see a need to modify it, but I may be missing something. Any ideas? 73, Lee K5DAT

3 15

BGP
by Angelo 31 Jan '21

31 Jan '21

I was wondering how long does it take for the routing tables to update on the internet? I have setup a 44.108.2.12 as a test machine. My BGP has been approved. I am able to surf the web with no issues, but here still seems to be no route to the ip address. It seems to stop at : sdsc-7710-7--mcore-vl2995-p2p.ucsd.edu [132.239.255.50] Tracing route to bbs.n5eqo.ampr.org [44.108.2.12] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms dsldevice.attlocal.net [192.168.1.1] 2 2 ms 1 ms 1 ms 108-196-208-1.lightspeed.nworla.sbcglobal.net [108.196.208.1] 3 * * * Request timed out. 4 18 ms 15 ms 15 ms 12.123.239.110 5 15 ms 15 ms 15 ms 12.122.28.29 6 19 ms 15 ms 15 ms attga402igs.ip.att.net [12.122.117.121] 7 13 ms 14 ms 16 ms 4.68.62.225 8 * * * Request timed out. 9 53 ms 53 ms 53 ms CENIC.ear1.LosAngeles1.Level3.net [4.35.156.66] 10 55 ms 57 ms 54 ms dc-lax-agg8--lax-agg6-100ge-2.cenic.net [137.164.11.7] 11 55 ms 55 ms 54 ms dc-tus-agg8--lax-agg8-300g.cenic.net [137.164.11.83] 12 56 ms 55 ms 55 ms dc-sdg-agg4--tus-agg8-300g.cenic.net [137.164.11.85] 13 63 ms 55 ms 55 ms dc-ucsd-100ge--sdg-agg4.cenic.net [137.164.23.177] 14 55 ms 54 ms 54 ms nodem-core-6807-vlan2767-gw.ucsd.edu [132.239.254.61] 15 55 ms 55 ms 55 ms sdsc-7710-7--mcore-vl2995-p2p.ucsd.edu [132.239.255.50] 16 * * * Request timed out. 17 * * * Request timed out. Any help would be appreciated. 73 de Angelo

5 5

New /24 IP allocation "referred to BGP coordinator" No visible action.
by Geoff Joy 31 Jan '21

31 Jan '21

On or about January 5, 2021 I received an end-user allocation request for a "direct" /24 allocation "for working with ARDEN and IRLP for VPN and link setups" which I approved and submitted via portal.ampr.org. It didn't create the allocation I assigned to the network but was "referred to BGP coordinator". So far, there has been no action and no response to the original request nor a follow up to my request via the "contact us" link on the black hole that is the ampr.org portal. What is the status of the system and how are coordinators expected to act in this regard? I try to give my users timely, responsive service but it's very frustrating when I can't even track a submission or review submission histories. The end user has informed me that he is still awaiting action on the request. ke6qh

5 9

Re: [44net] 44Net Digest, Vol 9, Issue 131
by Jay Koby 28 Jan '21

28 Jan '21

Confirming that ARIN's web-based IRR system won't allow 44net addresses, since there's no underlying allocation from one of ARIN's ranges. Your upstream provider will probably not be able to put in the IRR objects for you. For IRR, AltDB doesn't have a simple web interface but it does work regardless of the RIR (or lack of) that originally allocated the IPs. I don't think there's a way to use RPKI on the 44net range as of yet, though - that would likely need either a contract for one of the RIRs to sign resources or ARDC to set up, maintain, and gain trust for a certificate authority and handle RPKI requests like the RIRs do. Either of these is a pretty significant undertaking. 73 de K0BYJ, -- Jay On Mon, Dec 14, 2020 at 3:00 PM <44net-request(a)mailman.ampr.org> wrote: > Send 44Net mailing list submissions to > 44net(a)mailman.ampr.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.ampr.org/mailman/listinfo/44net > or, via email, send a message with subject or body 'help' to > 44net-request(a)mailman.ampr.org > > You can reach the person managing the list at > 44net-owner(a)mailman.ampr.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of 44Net digest..." > Today's Topics: > > 1. Re: 44NET Route Objects IRR (Caleb Pal) > 2. Re: 44NET Route Objects IRR (G1FEF) > > > > ---------- Forwarded message ---------- > From: Caleb Pal <cleb(a)defcon-3.net> > To: James Colderwood via 44Net <44net(a)mailman.ampr.org> > Cc: > Bcc: > Date: Mon, 14 Dec 2020 08:57:53 -0800 > Subject: Re: [44net] 44NET Route Objects IRR > Hello, > > Your upstream providers may be able to put a proxy obj into the ARIN db > for you. Unfortunately ARIN changed their IRR db in June of this year. > They added a web based IRR service. According to ARIN, the web based > service only allows you to add object for resources you own (your > upstream ISP could not create those proxy objects since they do not own > the 44net resources). If they still use the ARIN email IRR system, they > can add proxy objects, they will just appear as ARIN-NOAUTH in the IRR > db. I don't think NOAUTH is a problem for most providers now, but could > be down the road if they start filtering/ignoring NOAUTH entries. > > Of course altdb, radb and others are options (full list at: > http://www.irr.net/docs/list.html). Not sure how other RIR's outside the > US are handling NOAUTH entries. > > I assume since AMPR does not have a RSA with ARIN, Chris cannot create > IRR records for those folks who BGP advertise AMPR resources? > > v/r, > > Caleb > > On 12/13/2020 10:08, James Colderwood via 44Net wrote: > > Hi Pierre, > > > > Thank you for the heads up. I was aware of altdb but it hadn't crossed > > my mind. Hopefully one of these solutions will work :-). > > > > On 2020-12-13 17:32, Pierre Emeriaud wrote: > >> Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net > >> <44net(a)mailman.ampr.org> a écrit : > >>> > >>> > On 13 Dec 2020, at 09:54, James Colderwood via 44Net > >>> <44net(a)mailman.ampr.org> wrote: > >>> > > >>> > Hi All, > >>> > > >>> > May I wish you all happy holidays! > >>> > > >>> > Quick question, I'm working on establising my 3rd upstream but hit > >>> a snag. The suppliers validation automation prohibits announcing > >>> AMPR addresses as the system can't qualify validity. > >>> > >>> Are you talking about automatically checking entries in an IRR, or > >>> RPKI? > >> > >> For service providers requesting an IRR route object to automate > >> filter creation I've been using altdb. While it has not a lot of value > >> in terms of authorization (anyone can create objects about any > >> resource - a proper LOA has more value here) it is usually enough for > >> provisioning tools to create appropriate filters / prefix-lists: > >> > >> $ whois -h whois.altdb.net 44.151.210.0 > >> route: 44.151.210.0/24 > >> descr: F4INU > >> origin: AS206155 > >> mnt-by: MAINT-AS206155 > >> > >> $ bgpq3 -4 -l F4INU as206155 > >> no ip prefix-list F4INU > >> ip prefix-list F4INU permit 44.151.210.0/24 > >> > >> > >> 73 de F4INU > >> -- > >> pierre > > > > > > > ---------- Forwarded message ---------- > From: G1FEF <chris(a)g1fef.co.uk> > To: AMPRNet working group <44net(a)mailman.ampr.org> > Cc: > Bcc: > Date: Mon, 14 Dec 2020 17:26:28 +0000 > Subject: Re: [44net] 44NET Route Objects IRR > > I assume since AMPR does not have a RSA with ARIN, Chris cannot create > > IRR records for those folks who BGP advertise AMPR resources? > > The vast majority of folk advertising their subnet over BGP are using > altdb with no issues (currently). > > IIRC, altdb is run by one person, so if you don’t already have a MNTNER > object there, it can sometimes take some time to get one. > > Chris > > > > > v/r, > > > > Caleb > > > > On 12/13/2020 10:08, James Colderwood via 44Net wrote: > >> Hi Pierre, > >> > >> Thank you for the heads up. I was aware of altdb but it hadn't crossed > >> my mind. Hopefully one of these solutions will work :-). > >> > >> On 2020-12-13 17:32, Pierre Emeriaud wrote: > >>> Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net > >>> <44net(a)mailman.ampr.org> a écrit : > >>>> > >>>>> On 13 Dec 2020, at 09:54, James Colderwood via 44Net > >>>> <44net(a)mailman.ampr.org> wrote: > >>>>> > >>>>> Hi All, > >>>>> > >>>>> May I wish you all happy holidays! > >>>>> > >>>>> Quick question, I'm working on establising my 3rd upstream but hit > >>>> a snag. The suppliers validation automation prohibits announcing > >>>> AMPR addresses as the system can't qualify validity. > >>>> > >>>> Are you talking about automatically checking entries in an IRR, or > >>>> RPKI? > >>> > >>> For service providers requesting an IRR route object to automate > >>> filter creation I've been using altdb. While it has not a lot of value > >>> in terms of authorization (anyone can create objects about any > >>> resource - a proper LOA has more value here) it is usually enough for > >>> provisioning tools to create appropriate filters / prefix-lists: > >>> > >>> $ whois -h whois.altdb.net 44.151.210.0 > >>> route: 44.151.210.0/24 > >>> descr: F4INU > >>> origin: AS206155 > >>> mnt-by: MAINT-AS206155 > >>> > >>> $ bgpq3 -4 -l F4INU as206155 > >>> no ip prefix-list F4INU > >>> ip prefix-list F4INU permit 44.151.210.0/24 > >>> > >>> > >>> 73 de F4INU > >>> -- > >>> pierre > >> > > _________________________________________ > > 44Net mailing list > > 44Net(a)mailman.ampr.org > > https://mailman.ampr.org/mailman/listinfo/44net > > > > _______________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net >

2 1

other decentralized p2p networks
by Steve L 25 Jan '21

25 Jan '21

Since there are people talking about revamping how we are doing this with the amprnet it might not be a bad idea to look at what others are doing. Here is one: https://en.wikipedia.org/wiki/Decentralized_network_42 https://dn42.eu/Home

1 0

Updated setup instructions for vyos
by Kevin Hastings 17 Jan '21

17 Jan '21

Hello all, Does anyone have up to date setup instructions for Vyos? I have been able to get ampir-rip installed and it appears to be creating routes and can receive pings via one of my IPs with a DNS address configured however pings to that address from a non 44 machine are being responded to via the wrong interface. I have so far been unable to ping anything on the 44 side but am not currently convinced the routing is configured correctly. Thanks, Kevin VA3PSL

2 1

BGP/openvpn finally all ok.
by pete M 16 Jan '21

16 Jan '21

I want to thanks all that helped with the setup of my vultr vps with BGP and openvpn to distribute the /24 that was assigned to me. I played a lot with the openvpn and wireguard software up to a point I had to redo the whole install of the VPS. here is the receipy I have been able to use for the task. I am running a Debian10 that was updated to the latest software First I have use the tutorial at https://www.vultr.com/docs/configuring-bgp-on-vultr Be aware that on my version of bird I was not able to open the "/var/log/bird.log" files because of a propriatary right. the file belongned to root and it was supposed to belong to bird it is a known bug that I hope will be fixed soon. this helped me create that information into my bird.conf ------------------------------------------------------------------------------ log "/var/log/bird.log" all; router id xxx.xxx.xxx.xxx ; use the ipv4 address assigned to your vps protocol device { scan time 60; } protocol static { route 44.xxx.xxx.0/24 via xxx.xxx.xxx.xxx ; use your assigned /24 from ampr and the ipv4 from your vps } protocol bgp vultr { local as yyyyyyyyyyy; this is the private asn given to you by vultr and availble on your dashboard on myvultr.com for your vps source address xxx.xxx.xxx.xxx; import none; export all; graceful restart on; next hop self; multihop 2; neighbor 169.254.169.254 as 64515; password "YourSecretPassword" ; } ------------------------------------------------------------------------------ On the openvpn side of thing I have use the install script from angristan available at https://github.com/angristan/openvpn-install just followed the instruction and all was good. from there I changed some things on my network at etc/network/interfaces -------------------------------------------------------------------------- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). #source /etc/network/interfaces.d/* auto lo iface lo inet loopback auto ens3 allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet static address 44.135.59.1/32 --------------------------------------------------------------------- the last line point at the first address of my /24 put yours into your file. then on the openvpn server I changed into the server.conf file only one line the file is at /etc/openvpn/server.conf i switched the server line from server 10.8.0.0 255.255.255.0 to server 44.135.59.0 255.255.255.0 the 44 address is my /24 put yours if you follow my exemple. that's it! it was not that complicated. But I had to dig a bit to understand the whole thing. My next step will be to split my /24 in parts. one section will be for the single connections like now, but I want to have connection that are like blocks of /28 or /29. I know I will have to make another instence of the openvpn server That is the part that is the less clear for me yet. The conf file is more clear. As I want to strat and stop each instence easily I will have to make a new starting script for systemd And that is where I will need to read more. If this helps someone I will be happy! If you see a problem with my setup please let me know! Pierre VE2PF

7 27

44.170.120.59
by Rob PE1CHL 16 Jan '21

16 Jan '21

Who is 44.170.120.59? And why is (s)he portscanning for SSH servers? I think everyone should register their addresses in DNS and have reverse lookup working. Rob

5 12

IPIP-Mesh routes 44.103.0.0/19 and 44.103.32.0/21
by Jann Traschewski 16 Jan '21

16 Jan '21

Hi, 44.103.34.4 (dvswitch.org) isn't reachable on the IPIP-Mesh (tested from 44.130.60.100). Who can fix it? (remove routes or make the host available) Thank you, 73, Jann -- Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany Tel.: +49-911-99946898, Mobile: +49-170-1045937, E-Mail: jann(a)gmx.de Ham: DG8NGN / DB0VOX / DB0FOX / DB0ZM / DB0DBA / DB0HZS

1 0

Ping: Is the list down?
by Roland Schwarz 09 Jan '21

09 Jan '21

-- __________________________________________ _ _ | Roland Schwarz |_)(_ | | \__) | mailto:roland.schwarz@blackspace.at ________| http://www.blackspace.at

1 1

Re: [44net] Test Script for ipip Gateway
by Mark Herson, N2MH 04 Jan '21

04 Jan '21

> If anyone wants to test my incoming access, you can try n2mh.ampr.org > or http://n2mh-web.ampr.org. Please let me know the results. Sorry, that web url is a typo. It should be http://n2mh-web.n2mh.ampr.org I have received several emails to n2mh(a)n2mh.ampr.org. 73, Mark, N2MH

8 12

Scope, limited scope, and policies
by Jeff Goeke-Smith 03 Jan '21

03 Jan '21

So, I'm going to continue to harp on the question of what capabilities/services are we attempting to enable? On that note, I'm going to point out the ARDC ToS which expressly indicates that the entirety of connectivity is outside the scope of what ARDC does. Specifically, section 3, "ARDC DOES NOT provide network services. Specifically, we do NOT provide network connectivity,"... [1]. While that document does cover address assignment agreements, it doesn't talk about the IPIP mesh at all. Is it out of scope? Is the IPIP tunnel service in scope and a thing that should be covered by the ToS? Secondly, and less critically, that document has an inaccurate assessment of AMPRNet as far as I understand: > “AMPRNet” means the network 44/8; that is, all Internet IP addresses from 44.0.0.0 through 44.255.255.255. So, is the IPIP mesh network gateway an actual service from ARDC? Should it be? How is it related to address assignment service? I'm putting forward this question because of the following reasoning: The primary resource of interest is the IPv4 address space. Those that already know how to work with allocations of address on the internet, either personally or by proxy, can and do get allocations of /24 and greater regularly and utilize them. Anybody who can do this prefers to do this. (I'm willing to be told that I'm wrong here, but I haven't seen that case.). The substantial problems show up in the form of addresses being used over IPIP or VPN connections, due to bandwidth, latency (to California and back!), and configuration complexity (610 IPIP tunnels last I counted). What if we give up on that, and just start pushing users to regional operators with local connectivity solutions? What if we spent the time here building the parts for those local connectivity solutions? To some extent, that's already the discussions underway. Because I think regional operators will be completely happy to just announce address space out of their existing infrastructure. Seeing the variety of framings regarding protocol and hardware choices leads me to think that there's not much agreement at all about the scale (Hardware vs Software, ISP / Enterprise / SMB / roll-your-own devices) of the solution that's needed. How those regional operations interconnect, also a regional to regional question. Is this whole question out of scope for ARDC/AMPRnet? [1] https://www.ampr.org/terms-of-service/

1 1

Contact request
by G1FEF 03 Jan '21

03 Jan '21

I need to contact Ian - VE7BST urgently. Ian, if you are reading this please can you contact me off list asap. If anyone knows how to contact Ian, please could they pass this on. Thank you, Chris - G1FEF

1 0

IPEncap (proto 4) - how to add to UFW?
by nasluch＠jestok.com 02 Jan '21

02 Jan '21

Hello I am using the UFW firewall on Debian Buster. What rule do I have to use to enable protocol 4 (ipencap) for the ampr-ripd script to work? Tom SQ4BJA

3 3

Re: [44net] ipencap routing question
by Rob Janssen 02 Jan '21

02 Jan '21

> If we replaced the IPIP mesh with a collection of geographically > distributed VPN servers (OpenVPN?) which advertised routes for /24 (or > larger) subnets, and dual homed each subnet to two or more VPN servers we > would have pretty good redundancy and could end the distribution of IPIP > endpoints and just let the Internet route between subnets. That, or alternatively we could setup a number of routers across the globe with a tunnel mesh between them (similar to what is now done on IPIP, but probably better to use something like GRE/IPsec tunnels), with BGP talking between all those routers, and let users connect their router to one or more of them as they desire. When one, they could use a VPN with static routing of their subnet, when they use 2 or 3 connections they could use BGP as well to advertise their own subnet plus maybe local people's subnets they have routed over radio. (in the above, with BGP I mean BGP on private AS with only AMPRNet routes, not full internet BGP) In such a setup, a single router failing would have little or no impact on the network as a whole. And everyone can participate with simpler or more complex setups without having to forcibly deal with a 600-tunnel mesh (that still does not allow redundancy of the internet connection, i.e. the current IPIP tunnel mesh cannot handle redundant internet connections that present a different internet IP to the tunnel system). Routers in this system could also announce, directly or via their ISP, subnets from AMPRnet directly to internet. That would just mean there is a more direct path between AMPRNet users and internet users in that region. But it is not a firm requirement to do so. But well, it has all been discussed several times already. In the beginning, the counter-argument was "it would cost money and who is going to pay that??". I think that is resolved now. The next one was "but we won't have a full mesh, traffic to my buddy is going to take 2 or 3 tunnel hops instead of one". Well, not really true, one can always setup a direct tunnel to someone else, and a BGP session over that, and direct traffic will take that path because it has less visible hops. So then we usually end up in the "it has always been done this way (IPIP mesh) and I am not going to change". Where the discussion usually stops until the next new user turns up that has difficulty getting connected to the mesh, e.g. because they are behind a NAT router they cannot change, their address is very dynamic, they want to use an off-the-shelf router, etc etc. By now it appears to be the classical "it was difficult for me should it should be difficult for everyone else trying to join" that has also been abused for so long in the battle to get rid of CW exams when obtaining a ham radio license... Rob

16 38

hsmm-gw.kb9mwr.ampr.org
by Mark Herson, N2MH 02 Jan '21

02 Jan '21

Hi Steve, First of all, thanks for checking out my connectivity as requested in my post to Net44 Second, I notice that your hostname begins with hsmm. Have you done anything with that or advanced to AREDN? Third, I'm interested in your report of gateways with errors. Is that a custom script that you wrote that inspects incoming frames from the tunnel? Lastly, I tried calling your sip phone on 44.92.21.20 but there was no response. Is that an active device? 73, Mark, N2MH

2 1

Test Script for ipip Gateway
by Mark Herson, N2MH 02 Jan '21

02 Jan '21

To the List, I have my ipip gateway set up and working. I can get to a lot of hosts/networks. However, I am not sure I have it set up completely right. Is there a test script that I can run to test out its functionality? Or, even a list of hosts/networks known to be reachable via a properly operating ipip gateway? There's a lot of destinations that I can not reach. Unfortunately, I can't tell if an individual destination is unreachable or simple off the air. A known-hosts list will tell me a lot. If anyone wants to test my incoming access, you can try n2mh.ampr.org or http://n2mh-web.ampr.org. Please let me know the results. Thanks and 73, Mark, N2MH

3 2

Re: [44net] ipencap routing question -> What about the future ?
by Rob Janssen 31 Dec '20

31 Dec '20

> I don't really agree. IMHO, the key for mass adoption is the > availability of ready-to-use images for tiny computers such as Raspberry > Pi. Such images can be made as a by-product of a new network design, but please understand that the main objective of the network changes should be that such special images should become unnecessary to get a working network connection. It should work with a normal router. "normal" in the sense that it requires a little more than basic home NAT router functionality, but any commercial router that is able to setup a VPN like L2TP/IPsec, SSTP, PPTP etc should be able to join the network just using its standard configuration interface. And when it supports BGP, it should be able to participate in routing towards others. So, no special tricks required like we now have multipoint tunnels, ampr-ripd, etc and which would require preparation of an image for a newbie to be able to join. Sure it can be done as one of the options, as a project for someone who likes to make such images (with an initial configuration dialog etc) and loves to keep such things uptodate. A simple router like the MikroTik RB750Gr3 is in the same price class as a Raspberry Pi (when SD card, housing and power supply are included) and it conveniently provides 5 ethernet ports and a USB connector. For such a router, just an example configuration is required and the software is kept uptodate by someone else. Rob

10 22

Re: [44net] ipencap routing question -> What about the future ?
by Rob Janssen 31 Dec '20

31 Dec '20

> Yes, a 44 BGP network would do the trick, but I am certainly not willing > to pay hundreds of USD per month for such an endeavor. BGP peering is > not cheap and not readily available in the whole wide world unless it is > not piggy backed on another preexisting AS for a select few working in > the network business. Aside from the discussion "what it really costs", this is one reason why I think the deployment of access routers around the world should be coordinated by ARDC instead of being an individual effort by hams around the world each serving only their local region. Certainly there should be room for that, but it should not be the only option. ARDC can investigate and find one or more VPS providers where they can order a number of VPS including BGP announcement of a subnet at several datacenters, for some fixed price which should be within the ARDC budget. In the network structure as I see it, there would be routers connected by tunnels and serving a VPN service for the users, but they would not all need to have BGP announced subnets. When it is too expensive to have that in some country, that can be done in a nearby country instead. The private-AS internal BGP routing of all AMPRnet addresses will handle that. Of course one usually would want a country subnet to be announced somewhere nearby, to reduce latency for the users not connected to AMPRnet. With a well-connected router mesh in good datacenters, the latency will be in the millisecond region, and not like the values we now see for traffic going via amprgw. Rob

6 9

GL.iNet openWRT Rip44 support?
by Tracy Markham 30 Dec '20

30 Dec '20

I had reached out to the good people at GL.iNet and asked for help getting one of their openWRT routers to run my 44 net assignment. I referred them to the page explaining openWRT setup ( wiki.ampr.org/wiki/Setting_up_a_gateway_on_OpenWRT) and requested they compile an executable for the processor in the router. Apparently they did it. It will be a bit before I can try to configure it but its a one click installation. It's available to anyone with a GL.iNet router product, just navigate to Applications -> Plugins and Update, then navigate to the R section. I have a screencap of all the dependencies it installed if anyone is interested. I reached out to them because I've failed on my previous attempts to set up an EdgerouterX for my assignment... I am by no means a network engineer, this is my foray into getting a gateway going. If anyone could confirm this works that would be great. If you're willing to help me get mine going that would be even better. Tracy N4LGH

7 10

Re: [44net] - > What about the future ?
by Rob PE1CHL 30 Dec '20

30 Dec '20

> Previously, we were talking about network topology. Here, we are talking > about applications. This is one of the drawbacks of the current 44net : > lots of applications are installed on 44net addresses, but there's no > current catalog, and no way to find them. > Maybe an idea of a project that can be handled by ARDC : a search engine > / catalog of all existing applications on 44net. I have been thinking about that before. My idea was to setup a search site which has a database of existing services, where a visitor could search by different attributes of an entry, where possible with a user interface that suggests valid values. So not a "google" style textbox where you can only search for things of which you already know the name, but also can "explore" and find new unknown things (e.g. a service type is a dropdown list or there is a page with all known types and links that you can click to search them). Now the major problem is "how do we keep this uptodate". It is quite common that someone newly active on the Dutch network experiments and installs something like a "HamServer Pi" and would register it in the database. But maybe after a couple of weeks he reprograms the Pi for something else and that entry would remain in the database and people trying to visit it would encounter a timeout. As I also do not really like systems that are constantly probing and scanning to find new services, my idea was to devise some way where a service would automatically refresh its entry by re-submitting it, and the search engine would only display entries that have been recently refreshed. (e.g. once per week or so) With such a system, the risk of stale entries is a lot less. But I have not yet devised a way to refresh entries without limiting the platform on which they can run (a Linux or Windows system can easily schedule a job that runs some program to post a form, but I do not want to limit too much what platforms can provide and auto-refresh services) Rob

3 8

Re: [44net] ipencap routing question -> What about the future ? (many messages in 44Net Digest, Vol 9, Issue 139)
by Stuart W. Card 30 Dec '20

30 Dec '20

On 12/29/2020 3:00 PM, 44net-request(a)mailman.ampr.org wrote: > > Today's Topics: > ... > 7. Re: ipencap routing question -> What about the future ? > (Toussaint OTTAVI) I would like to comment briefly on several points made in this thread. Has the 44NGN list been shut down? Concurrently with it being mentioned in this thread on this list, I received a message indicating I had been unsubscribed from that list. If lurkers like myself, who post very rarely, only when we feel we really have something to add, are welcome on the TAC, I will apply. Please take a look at the Host Identity Protocol (HIP) as one way of providing a persistent identity with a reputation (like a call sign) on the Internet, and dynamically establishing tunnels as needed to the corresponding IP addresses (despite changes due to DHCP or mobility). _Inter alia_, this would obviate moving from a resilient flat mesh to a fragile, congestion-prone hierarchy. It would also facilitate using 44 and non-44 addresses as needed. It uses strong crypto to mutually authenticate endpoints. Yes, HIP enables encryption, automagically establishing IPsec ESP tunnels, but it does not force encryption to be used _over the air_. See these IETF documents (neither experimental nor obsoleted) on HIP: RFC 4423 architecture RFC 5207 NAT firewall issues RFC 7401 HIPv2 protocol specification RFC 7402 ESP RFC 8002 certificates RFC 8003 registration extension RFC 8004 rendezvous extension RFC 8005 DNS extension RFC 8046 mobility RFC 8047 multicast a draft addressing how to deal with the issues in RFC 5207 https://datatracker.ietf.org/doc/draft-ietf-hip-native-nat-traversal/ and especially the draft update to the 1st doc above https://datatracker.ietf.org/doc/draft-ietf-hip-rfc4423-bis/ I have a ton of other materials I am willing to share explaining how HIP deconflates identities ("names") from logical locations (IP addresses used for actual packet routing) in the Internet, and naturally integrates cryptographic authentication of said identities, thereby solving many of the problems with current practice that motivated the "clean slate Internet redesign" hype several years ago. Our company has used it for lots of things, military and commercial, including mesh WANs. Currently I am working with various standards development organizations, government agencies, commercial product and service providers, _et al_, to standardize/promote its use to identify observed [unmanned] aircraft (and other cyber-physical systems) in a trustworthy manner, enabling authorized observers to immediately establish mutually authenticated communications with the parties responsible for their safe operation. There is 1 commercial product line that explicitly admits to being HIP based (some others formerly admitted that but no longer disclose the basis of their secret sauce): Tempered Networks https://discover.tempered.io/webinars/how-tempered-uses-hip-to-achieve-zero… There are 2 arguably usable open source implementations, one of which is being updated to HIPv2 and enhancements currently being standardized: OpenHIP https://bitbucket.org/openhip/openhip/branches/ 73, AC2WH (long ago WB2IEP) -- Stuart W. Card, PhD: VP & Chief Scientist, Critical Technologies Inc. * Creativity * Diversity * Expertise * Flexibility * Integrity * Suite 400 Technology Center, 4th Floor 1001 Broad St, Utica NY 13501 315-793-0248 x141 FAX -9710 <Stu.Card(a)critical.com> www.critical.com

2 1

Re: [44net] ipencap routing question
by lleachii＠aol.com 30 Dec '20

30 Dec '20

Roland, I guess the best way to answer this is, what Network Operating System are you using? - Windows - unknown (I last attempted in 2012) - *nix - only one tunnel need to be enumerated - Cisco - multiple tunnels are needed You can see this from the relevant Wikis. 73, - Lynwood KB3VWG

5 17

Re: [44net] ipencap routing question -> What about the future ?
by Rob Janssen 30 Dec '20

30 Dec '20

> I think Rob, PE1CHL, had some approach to offer 44net VPN access using > LOTW certificate for authentication if I remember correctly... Maybe he > could tell us more on how people where attracted to it. No, that is not me. I think it is a Finnish ham who is doing that. Over here we have OpenVPN access with locally issued certificates, not connected to any officially trusted source. When a Dutch amateur wants to use OpenVPN, they request a certificate (usually via me) and there is a script which generates a certificate for the requested callsign and makes an OpenVPN config file containing the correct parameters, the user certificate, and the CA certificate. When the user uses this to connect to the OpenVPN server, their IP address is retrieved from DNS (based on the certificate name which is their callsign), so they get their fixed IP address. A route is distributed via BGP to route the traffic to their OpenVPN connection from anywhere within the network, as long as the connection is up. While such a system could be used to "give all amateurs their own fixed IP address" (either via this locally issued certificate or with something like LOTW) I agree that there is little point in doing that "to make use of our IP space". Such a bank of allocated but rarely ever used addresses should not be considered "used" just for sake of "use it or lose it". Rob

1 0

Re: [44net] ipencap routing question -> What about the future ?
by Rob Janssen 29 Dec '20

29 Dec '20

> I don't know if "44NGN" is related to "DG8NGN", but Jann is a reference here : European HamNet already has thousands of nodes with iBGP routing, and he's the inititor of 44.190 routing policy. Lots of things already exist. I think we don't need to reinvent the wheel. Just find out the right wheel diameter that could be adopted worldwide No, this is not at all related I think. It was just made to mean "Next Generation Network". You are right that most of the things being proposed here already exist regionally. In the Netherlands we have a similar network to "European HamNet" except that it also routes from/to internet. (HamNet uses NAT routers placed at some points in the network, making the routing asymmetric) The proposed new topology would allow HamNet to join in and maybe get a bit better connected when desired. (and maybe resolving some of the difficulties that arise from the setup as it is now with combined BGP and IPIP/AMPR-RIP routing) Rob

2 1

Re: [44net] ipencap routing question -> What about the future ?
by Rob Janssen 29 Dec '20

29 Dec '20

> This is exactly the sort of thing we would like to have the TAC get together for. Why don’t any interested parties email me and maybe we can finally get this going. If we’re going to do this properly it will needs some structure and the extra noise it will generate should be moved to a separate list. > Chris - G1FEF That has been done before. Brian created the 44NGN list one of the previous times this discussion ran. I surely want to share my ideas about that but frankly I am not prepared to argue against the "what we have is good and we don't want change" gang. That is why I did not take part in what happened before on 44NGN. Rob

3 2

Re: [44net] ipencap routing question -> What about the future ?
by Rob Janssen 29 Dec '20

29 Dec '20

> The main issue is to separate regular users from a backbone infrastructure. > What is done in the infrastructure and how it is interconnected is not > important to the end user. It can be mesh, direct routing, whatever. > But the user needs to be able to connect his subnet to the backbone via > a (local) point of presence (POP) using a easy to use way, a way that is > supported by regular, or at least some commercial routers out of the box > or regular operating systems, without scripts and custom code running on > them. > From my point of view, It should be the choice of the operator of the > POP to decide what user access protocol they choose. For example L2TP is > still supported on many devices and is a good candidate, and even the > old PPTP will do. > There is no need to find a single universal solution for everything. If > the backbone works (and the current mesh could be the base of this > backbone, with simple users just opting out as other connection options > become available). I fully agree with what Marius has written there. We already operate such a POP, and there are others in the world. The implementation and connection options need not be the same all over the world, as long as some of the base requirements ("works behind NAT router, does not require to open ports or protocols in router, works well with a dynamic endpoint address") are satisfied by at least one of the offered connection options. And in my opinion, there should be the option to use BGP over the endpoint connections so that locally routed networks can be advertised over links to the POP. Operators can choose whether they want to offer a static routing option but of course it will limit the versatility and redundancy options. At the same time, I think it would be worthwhile to have a standard solution and deployment of that solution in datacenters all over the globe (in the form of a VPS so that no physical visits are required) so that everyone can have a good connection even when there is no local activity to setup a POP. Those would be managed by/via ARDC in a similar way as how the UCSD gw is managed now. This network of POPs would replace the current IPIP mesh as the connection option for users. The effort now spent on maintaining the IPIP mesh, RIP, gateway list can be spent on such a system instead and it will make it much easier for people to join and use the network. Rob

1 0

Re: [44net] ipencap routing question
by Rob Janssen 28 Dec '20

28 Dec '20

> I am trying to learn how ipip routing works by studying the various > setup scripts and wiki pages. Now I came upon a FAQ answer in > https://wiki.ampr.org/wiki/FAQ which I do not quite understand: > " > Can I just route all 44net traffic via a single tunnel? > No. The main AMPRNET gateway does not provide this functionality - you > must have a tunnel to each system you wish to contact. > " > Does this mean that I will need to create that many tunnel devices or > will a single device be able to handle all the required multiple tunnels? That depends on your device. A plain Linux system will not require multiple tunnel devices because on device tunl0 it can use the routing table to define the endpoints for all the different destinations. So you don't set a tunnel endpoint on the device, it is set in the routing table. And the routing table preferably is maintained by a program that processes the AMPR RIP packets. However, when you have some other router, like Cisco or MikroTik, this mode is often not offered and you *do* require a separate tunnel device for each destination (currently about 600...) It is all a bit outdated. I hope the community sometime soon decides to migrate to a somewhat more modern setup that does not mandate a full mesh tunnel network when users do not desire to have it. (i.e. establish a number of routers in datacenters around the world so one can connect to one or a few routers instead of to all individual end users, many of whom are not even operational) Rob

1 0

ipencap routing question
by Roland Schwarz 28 Dec '20

28 Dec '20

Dear all, I am trying to learn how ipip routing works by studying the various setup scripts and wiki pages. Now I came upon a FAQ answer in https://wiki.ampr.org/wiki/FAQ which I do not quite understand: " Can I just route all 44net traffic via a single tunnel? No. The main AMPRNET gateway does not provide this functionality - you must have a tunnel to each system you wish to contact. " Does this mean that I will need to create that many tunnel devices or will a single device be able to handle all the required multiple tunnels? Thank you for considering my question. vy 73 de Roland oe1rsa -- __________________________________________ _ _ | Roland Schwarz |_)(_ | | \__) | mailto:roland.schwarz@blackspace.at ________| http://www.blackspace.at

1 0

AMPR / HAMNET Spain?
by Volker Kerkhoff 25 Dec '20

25 Dec '20

Hello, AMPR / HAMNET Spain seems to be defunct... No active radio nodes anywhere, last update on website https://hamnetspain.wordpress.com/ is from 1 year ago... Our national and local ham radio associations seem to be quite uninterested and indifferent to AMPR as well. IF the current co-ordinators for Spain are impeeded, gone or overworked, well, I would love to jump in. I am an IT engineer, have some time and some resources and and I would be glad to assist and help with any tasks, and also do some advocacy for AMPR / HAMNET with local fellow OMs and the local and national associations. I have really great internet at home (1Gb symmetric fiber) and could initially give VPN access to quite some hams unable to connect via radio. Any suggestions, requests or pointers are welcome! 73 de EA7KLK, Volker

1 0

Re: [44net] JNOS and IP forwarding?
by Chris Maness 22 Dec '20

22 Dec '20

I am trying to create a local LAN, and I can get it to work in pure Linux using 9k6 modems and kissattach. However, it does not seem that JNOS is allowing forwarding or IP access. It also looks like the help ip info may be depreciated because I tried the examples allowing access, and they did not seem to work. Any hints would be appreciated. 73 de KQ6UP On Tue, Dec 22, 2020 at 12:10 PM Stuart Longland <stuartl(a)longlandclan.id.au> wrote: > > kq6up, > > On 23/12/20 5:56 am, kq6up via 44Net wrote: > > _________________________________________ > > 44Net mailing list > > 44Net(a)mailman.ampr.org > > https://mailman.ampr.org/mailman/listinfo/44net > > > > Your email message got lost, the above quoted section is all I received > this end, maybe try sending the email unsigned to see if the mailing > list software is stripping your message body by mistake. > > Regards, > -- > Stuart Longland (aka Redhatter, VK4MSL) > > I haven't lost my mind... > ...it's backed up on a tape somewhere.

1 0

JNOS and IP forwarding?
by chris＠chrismaness.com 22 Dec '20

22 Dec '20

1 0

Anyone running Linux Kernel 5.4.* using on 44-net (or Raspberry Pi)?
by Chris Maness 18 Dec '20

18 Dec '20

I am having a major headache trying to get my encap tunnels going. Old commands don't seem to work correctly. I can make single tun* devices for each IPIP route and they work, but I know I should be able to add routes to tunl0 device and have them all encapsulated when I use the gw flag in routes add command. This is not working on the Raspberry Pi. -Chris KQ6UP

3 4

ARDC now accepting applications for Technical and Grants Advisory Committees - due Jan. 7, 2021
by Rosy Wolfe 17 Dec '20

17 Dec '20

Hello 44net, In addition to welcoming new board members - Keith Packard (KD7SQG) and Bob McGwier (N4HY) - ARDC is now welcoming applications for 2021 Technical and Grants Advisory Committee members. **Grants Advisory Committee (GAC)** The job of the GAC is to review and provide advice to the Board regarding inbound grant proposals and other grantmaking opportunities. In 2021, ARDC is looking to process likely hundreds of grant applications for quality projects. The job of the GAC is to review and provide feedback on eligible proposals. **Technical Advisory Committee (TAC)** The Technical Advisory Committee (TAC) plans and executes improvements in the 44net technology, architecture, and policy. In 2021, some of the TAC's primary goals will be: * oversee a complete rewrite of the Portal * improve address allocation policies and responsiveness * investigate and instigate next steps toward making IPv6 usable in the Amateur Radio service * investigate options for RPKI or other automated subnet verifications **How to Apply** If you are interested in joining either of these committees, please send a resume and brief cover letter to contact(a)ampr.org by Thursday, Jan. 7, with the name of the committee you'd like to join in the subject line. We'll review all applications and seek to make a determination by Friday, Jan. 29. * These committees meet twice a month for at least an hour. There is also email correspondence and reviews that happen between meetings. Estimated level of effort (LOE) is about 2-3 hours/week. * The term for each of these is a year. For more information about the roles and duties of these committees, you can read the Advisory Committee Policy in full here: https://www.ampr.org/advisory-committee-policy/ Feel free to ask any questions here on 44net or email us at contact(a)ampr.org. We're looking forward to seeing your application! All the best, Rosy -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

2 1

ARDC welcomes Bob McGwier N4HY and Keith Packard KD7SQG to our Board of Directors
by Phil Karn 16 Dec '20

16 Dec '20

Hello 44net, ARDC is delighted to announce two new members of our Board of Directors: * Robert McGwier, N4HY, of Opelika, AL, and * Keith Packard, KD7SQG, of Portland, OR. Both bring long and valuable experience in ham radio, digital communications and open source development to ARDC's mission of managing the amateur TCP/IP network and its new grantmaking foundation. Keith Packard, KD7SQG, was first licensed as a Novice (WB7OQI) in 1977. Keith has developed free software since 1986, working on the X Window System, Linux, amateur rocketry and educational robotics. Mr. Packard and fellow board member Bdale Garbee design rocketry electronics with GPS receivers and amateur radio digital telemetry systems in the 70cm band. Keith volunteers in local schools teaching computer programming and robotics to students from ages 10-17. He received the Usenix Lifetime Achievement award in 1999, an O'Reilly Open Source award in 2011 and sits on the X.org foundation board. Dr. Robert McGwier, N4HY, has been licensed since 1964. He holds a PhD in Applied Mathematics from Brown University. He was an early pioneer of software defined radio (SDR) for both government and amateur applications through his position at the Institute for Defense Analyses Center for Communication Research, as a long time technical contributor to AMSAT and GNU Radio, and as an architect and software author for Flex Radio. Bob founded Federated Wireless Inc in 2012 and Hawkeye 360 Inc in 2017. He holds major awards from the Dayton Hamvention and the Central States VHF Society. Bob recently moved back to his home state of Alabama after retiring from Virginia Tech as a professor, Director of Research and Chief Scientist of the Hume Center. He has most recently served as a member of the ARDC Grant Advisory Committee. The rest of the ARDC board welcomes Bob and Keith, and we look forward to working with them. The ARDC Board now has the following members: Phil Karn, KA9Q (President and Chair), San Diego, CA Bdale Garbee, KB0G, Black Forest, CO John Gilmore W0GNU, San Francisco, CA Kimberly Claffy, KC6KCC, San Diego, CA Bob McGwier, N4HY, Opelika, AL Keith Packard, KD7SQG, Portland, OR ARDC's Executive Director is Rosy Wolfe, KJ7RYV, Portland, OR. If you have any questions, please don't hesitate to reach out: contact(a)ampr.org. Please join us in welcoming Bob and Keith! Sincerely, Phil Karn, KA9Q President and Chair, ARDC

1 0

Munge Script Still a thing?
by Chris Maness 16 Dec '20

16 Dec '20

I have been inactive for a long time, and I am trying to get my Raspberry Pi to talk to 44 net the way I did with my slackware boxes 10-15 years ago. I am not having a lot of luck doing things the way I did back in the day. Maybe a bruit force munge script is the way to go. What is the current way to pull the encap.txt? 73 de Chris KQ6UP

7 9

gmail bounces
by G1FEF 15 Dec '20

15 Dec '20

A bit off-topic, but does anyone know anything about what’s going on with gmail currently? I’m getting hundreds of bounce messages from posts sent to this list but only for @gmail.com emails. It’s not specific to us either, a groups.io <http://groups.io/> group I’m a member of is experiencing the same issue. Chris

4 3

PGP Signature (and text) stripped?
by Chris Maness 15 Dec '20

15 Dec '20

For some reason my whole email content was stripped out. I am guessing some issue with PGP signed mime content. Ouchie -Chris KQ6UP

4 5

ampr-rip2d on Raspberry Pi?
by Chris Maness 15 Dec '20

15 Dec '20

I was able to compile the above daemon on my Pi 4. My Pi is exposed to the wild with a static IP. When I run the daemon with the -dg option (to hang in the foreground) , it does not exit or crash. But I get no notices of traffic or nothing happens in the system's routing tables. Is a password needed? I do see a flag for that, but the website for the daemon has it showing output even without a password. Any help would be greatly appreciated. -73 de Chris KQ6UP SK..

1 0

ampr-rip2d on Raspberry Pi?
by chris＠chrismaness.com 15 Dec '20

15 Dec '20

1 0

Re: [44net] 44NET Route Objects IRR
by James Colderwood 14 Dec '20

14 Dec '20

Hi Pierre, Thank you for the heads up. I was aware of altdb but it hadn't crossed my mind. Hopefully one of these solutions will work :-). On 2020-12-13 17:32, Pierre Emeriaud wrote: > Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net <44net(a)mailman.ampr.org> > a écrit : >> >> > On 13 Dec 2020, at 09:54, James Colderwood via 44Net <44net(a)mailman.ampr.org> wrote: >> > >> > Hi All, >> > >> > May I wish you all happy holidays! >> > >> > Quick question, I'm working on establising my 3rd upstream but hit a snag. The suppliers validation automation prohibits announcing AMPR addresses as the system can't qualify validity. >> >> Are you talking about automatically checking entries in an IRR, or >> RPKI? > > For service providers requesting an IRR route object to automate > filter creation I've been using altdb. While it has not a lot of value > in terms of authorization (anyone can create objects about any > resource - a proper LOA has more value here) it is usually enough for > provisioning tools to create appropriate filters / prefix-lists: > > $ whois -h whois.altdb.net 44.151.210.0 > route: 44.151.210.0/24 > descr: F4INU > origin: AS206155 > mnt-by: MAINT-AS206155 > > $ bgpq3 -4 -l F4INU as206155 > no ip prefix-list F4INU > ip prefix-list F4INU permit 44.151.210.0/24 > > > 73 de F4INU > -- > pierre -- Kind Regards James B Colderwood M0ZAH

3 2

44NET Route Objects IRR
by James Colderwood 13 Dec '20

13 Dec '20

Hi All, May I wish you all happy holidays! Quick question, I'm working on establising my 3rd upstream but hit a snag. The suppliers validation automation prohibits announcing AMPR addresses as the system can't qualify validity. This isn't a deal breaker for me as they can announce my PA/PI IPv6 space. My question is, what are the future plans as many operators are going this route? -- Kind Regards James B Colderwood M0ZAH

4 5

WWconvers Chat Clients
by n2nov＠n2nov.ampr.org 13 Dec '20

13 Dec '20

I am looking to put together a list of what can be used as a client interface for the WWconvers servers like Hub_NA, Hub_EU, etc. So far I have: WinConvers (circa 2000) [WINDOWS] http://www.nyc-arecs.org/WinConvers.zip xConvers-0.8.3-26 (updated 2020) [LINUX Fedora/RedHat] https://fedora.pkgs.org/rawhide/fedora-aarch64/xconvers-0.8.3-26.fc33.aarch… COLRCONV-0.99.3-4 [LINUX Debian/Ubuntu/Raspbian] https://packages.debian.org/jessie/colrconv HexChat 2.14.3 [WINDOWS] http://hexchat.github.io Pidgin 2.13.0 [WINDOWS] http://pidgin.im/ WebConvers [ANY O/S AND ANY BROWSER] http://www.n2nov.net/webconvers/frame.php?jsflag=yes KiwiIRC Web Client [ANY O/S AND ANY BROWSER] https://kiwiirc.com/ Mozilla Thunderbird email software built-in chat tab -- 73 de N2NOV

5 4

Can't reach raqi.ca
by Jean-Pierre Desilets 07 Dec '20

07 Dec '20

Hi group We are many ham in the 44.135.0.0 (Canada) who can't reach raqi.ca (radio amateur du Quebec ) using ipip to the ucsd gateway . the reverse way won't work ether . Elsewhere is fine . Can you ping or traceroute to raqi.ca from your 44 address ? Let me know . Need help to solve this issue. The traceroute raqi.ca to ve2se.ampr.org : $ traceroute ve2se.ampr.org traceroute to ve2se.ampr.org (44.135.198.1), 30 hops max, 60 byte packets 1 66.159.41.1 (66.159.41.1) 0.195 ms 0.262 ms 0.294 ms 2 mtl.core-a3.cronomagic.com (66.159.42.25) 1.050 ms 1.133 ms 1.157 ms 3 161-81-55-206.static.cogecodata.net (206.55.81.161) 2.051 ms 2.090 ms 2.340 ms 4 199-167-152-144.beanfield.net (199.167.152.144) 2.507 ms 2.519 ms 2.521 ms 5 hu0-0-1-0.pe04.1250RenelevesqueBl01.YUL.beanfield.com (199.167.152.63) 2.636 ms 2.647 ms 2.709 ms 6 hu0-0-1-0.pe05.1250RenelevesqueBl01.YUL.beanfield.com (199.167.152.65) 2.376 ms 2.976 ms 2.836 ms 7 et52-1.lsr01.1250ReneLevesqueBl01.YUL.beanfield.com (199.167.152.67) 2.269 ms 2.347 ms 2.392 ms 8 lo0-1.bdr01.1250ReneLevesqueBl01.YUL.beanfield.com (72.15.48.50) 2.655 ms 2.775 ms 2.777 ms 9 et-1-0-29.edge2.NewYork6.Level3.net (4.30.176.121) 11.466 ms 11.516 ms 11.496 ms 10 * * * 11 CENIC.ear1.SanJose1.Level3.net (4.15.122.46) 77.857 ms 77.901 ms 76.474 ms 12 dc-svl-agg8--svl-agg10-300g.cenic.net (137.164.11.81) 75.180 ms 75.216 ms 75.823 ms 13 dc-lax-agg8--svl-agg8--100ge--2.cenic.net (137.164.11.20) 76.697 ms lax-agg8--svl-agg8-100g-3.cenic.net (137.164.11.66) 76.713 ms dc-lax-agg8--svl-agg8-100ge-1.cenic.net (137.164.11.0) 77.384 ms 14 * * * 15 dc-sdg-agg4--tus-agg8-300g.cenic.net (137.164.11.85) 77.520 ms 77.092 ms 76.981 ms 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * 73's de Jean-Pierre ve2se

8 11

Re: [44net] GRE tunnels
by Rob Janssen 05 Dec '20

05 Dec '20

>GRE works just fine depending on your system. We've never had any problems with GRE except using Mikrotik devices. There is a bug in the GRE implementation on MikroTiks where you will experience a 20-30% packet loss when the system is under any non-trivial use (e.g. multiple audio streams or a file transfer). Several versions of the OS and several different hardware platforms all experienced the same issue. We changed to IPIP and IPIP6 and the issue disappeared with no other reconfiguration. We're using a mix of IPIP, IPIP6, and GRE6 tunnels to a number of sites fed out of our VPS gateway. I cannot confirm that at all. We use GRE tunnels inside our network to connect isolated areas back to our gateway over internet tunnels, and it works very well. The gateway router is a MikroTik CCR1009 and most users use MikroTik RB750Gr3 or comparable routers. No packet loss issues at all. There are of course a couple of things you need to watch for: - the "keepalive" mechanism is a defacto-standard thingy that is not working in standard Linux systems so it has to be kept disabled when the other side is not a MikroTik or maybe Cisco or comparable router - as for any tunnel, the MTU is always lower than 1500 and you cannot send fullsize packets through it without fragmentation. it is best to install a TCP MSS clamping rule to limit the MTU of most traffic - there is a bug in the firewall of more recent RouterOS versions which causes GRE traffic not to be matched by Established/Related firewall rules, and be stamped as Invalid. So when you have the default ruleset of "accept Established/Related, drop Invalid, then accept certain incoming traffic" you need to insert a rule that accepts GRE traffic from your peers BEFORE the "drop Invalid" rule. Of course you can always use IPIP instead. I have chosen GRE in the hope that it is more widely available on other makes of routers, and also it can transport IPv6 in the future. But as GRE usually requires fixed public addresses on each end of the tunnel and also is often a bit troublesome to pass through NAT routers, we also offer the additional option of L2TP/IPsec tunnels, which can be setup from a dynamic address and have no issues with NAT on the client side. (the gateway router itself of course is directly on a fixed address) Rob

4 3

GRE tunnels
by pete M 05 Dec '20

05 Dec '20

Hi everyone, Anyone been playing with GRE tunneling? I am looking at that solution to bring part of my /24 to sites where I have multiple machine that each need a 44 address. GRE have no encryption, it is only an encapsulation of a Layer 2 packet. This lower the actual possible MTU size lowering the throughput slightly. But it is an easy way to connect a site to the VPS. At the same time, we dont need encryption as all the data that are passing into that tunnel is supposed to be ok to route on the internet. and if they contain special thing they should already be encrypted with tls/ssl or other mean of securing the connection. Anyone have experience with this? I would then use openvpn is its normal way for simple client. Then I imagine I will need to bridge both tunnel so that every one could talk to each other at the VPS level. Sounds plausible? Pierre VE2PF

6 16

Re: [44net] OT: Any OpenVPN Guru here?
by lleachii＠aol.com 01 Dec '20

01 Dec '20

Pierre, I'd personally suggest OpenVPN Access Server. There's a straightforward web GUI to setup everything. I think DHCP/Layer 2 requires Windows clients. https://openvpn.net/download-open-vpn/ 73, - Lynwood KB3VWG

3 3

OT: Any OpenVPN Guru here?
by pete M 30 Nov '20

30 Nov '20

Hi, me again with an OT kind of topic. I have been pretty happy with the way the vps at vultr and the bgp announce been doing, this did not missed a beat since it been fix, again thanks to every one that helped. Now I need a push in the right direction for OpenVpn. Went on the openvpn forum, asked a noob question, got shamed post by a prick, waited for someone else to try to help me. Now I am asking the ham community for help. I have seen many tutorial/video/explanation and how to's for OpenVpn. Most are tutorial where, you start a script, enter some magic numbers its start installing package after package and it start working. Youhou! NOT! That ain't the kind of stuff I am looking for. If I want to support the server and be able to debug it in case it fail I need to know where and how all this works. Let me tell you my goal. I will have multiple site that will connect to the vpn server. on those site Multiple machine will need a 44net address. some will have fix address but I want to also have some assigned by dhcp. Now I could also have some simple client that will connect and those will have dhcp address. How do I manage that into OpenVpn. Does the dhcp vs fix address is managed by the OpenVpn config? Or does I need to have a local dhcp server at the site (the router that will connect as the client) will I have to do some bridging between my site (client to client communication)? And finally is there a real good how to that is not 300 page long, as hard to read as the U.N. whole bylaws and treaty and that a layman can understand somewhere& hopefully that is not a recipe that say, add some pixi dust here, open notepad 3 time while typing "I will not read my sister's diary in front of the whole class" Copyright the Simpson's . 200 time, without saving the file between each opening and closing, and hoping that it will do the job. >From a pretty tired guy of searching the answer to life. Yeah I know its 42. Pierre VE2PF

3 2

Re: [44net] Proposed WWconvers Channel Scheme
by n2nov＠n2nov.ampr.org 27 Nov '20

27 Nov '20

That is why the discussion and exposing the long dormant system to new users. These are not rules but logical suggestion on using the system while playing nice in the sandbox called the entire planet. Time will tell, but not if we do not talk about it in the open. I agree about chat clients. I use HexChat. -- 73 de N2NOV

3 2

Proposed WWconvers Channel Scheme
by n2nov＠n2nov.ampr.org 27 Nov '20

27 Nov '20

PROPOSED WWCONVERS CHANNEL SCHEME There are 32767 possible channels in the WWconvers with channel 0 reserved for a local bbs to use as it's default when users log onto their system. Finding other stations by area, interest or any other special use can get a little confusing. Some countries have settled on a scheme where their users can find each other based on the second number of their assigned 44Net (AMPR) address. For example, Greece is assigned 44.154.0.0/16 and they can be found on channel 154. In the USA (because of sheer numbers of systems over the years) the second number in the address is typically an entire state with some having multiple subnets (California has 6). There has been an effort in recent years to clean up the numbers and subnets no longer in use and this resulted in the range from 44.191.0.0/16 to 44.255.0.0/16 to be sold to Amazon. To make things easier, I am proposing a somewhat logical layout to the channel usage, not only by the 44Net addresses but also by specilized uses for activities and watering holes like HF/VHF/UHF frequencies. As you can see, there will be plenty of space for adhoc arrangements. Discussions are welcomed and encouraged as how to use this space for the benefit of many different groups and interests. DEFAULT Channel 0 . default local use and not propagated across the WWconvers system. REGIONAL Channel 1 through 190 . based on second number in the 44Net/AMPR addresses MATCHING TO RF FREQUENCY USED (ie: net on 7240 kHz would use channel 7240) 1800-1999 160m Channels 3500-3999 80m Channels 7000-7299 40m Channels 10100-10149 30m Channels 14000-14349 20m Channels 18068-18167 17m Channels 21000-21449 20m Channels 24890-24989 12m Channels 28000-29699 10m Channels 5000-5399 6m Channels 14400-14799 2m Channels 22200-22499 1.25m Channels 4200-4499 70cm Channels 9020-9279 33cm Channels 12400-12999 23cm Channels CURRENT SPECIALTY USERS 625 . UHF Amateur TV Channel in UK 10177 . OK2KOJ Club Channel in Czech Republic 14736 . WC2OEM Channel for NYC Amateur Radio Emergency Communications Service SET AS LOCAL BBS USE (ie. JNOS Systems, etc) 211 . Local NCS/ALT Channel for nets 411 . Local WX Event Channel (Skywarn nets) 911 . Local Emergency Net Activation Channel -- 73 de N2NOV

2 1

Re: [44net] Routing from and to the internet
by Andy Holland 26 Nov '20

26 Nov '20

Andy, I have the ExgeRouter X… would the config file also work on my router? Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

1 0

Hub_NA WWconvers Available For Use
by n2nov＠n2nov.ampr.org 25 Nov '20

25 Nov '20

For those who have the capability to link their systems for WWconvers/chat, I host the Hub_NA chat server that links to various chat hubs in Europe. We are hoping that systems in other parts of the world get set up for chat. Hub_NA can be reached at 44.68.41.2 or convers.n2nov.net, both on port 3600. If you are using the non-44Net address, you have to contact me first at n2nov(a)n2nov.net to be added to the permissions file. -- 73 de N2NOV

1 0

Non-stop DNS requests
by lleachii＠aol.com 24 Nov '20

24 Nov '20

All, Can the operator of 44.178.0.0/30 contact me off thread and/or reconfigure their gateway's public 93.123.xxx.xxx address - as to stop sending incessant DNS requests. This traffic is blocked at my firewall and using the resources of AMPRGW. As an FYI and reminder, operators should use 44net IPs to access the DNS service. (times UTC) 09:06:20.787664 IP (tos 0x0, ttl 44, id 61193, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:21.788026 IP (tos 0x0, ttl 44, id 52880, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:22.788096 IP (tos 0x0, ttl 44, id 40377, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:23.792789 IP (tos 0x0, ttl 44, id 52426, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) 09:06:24.787615 IP (tos 0x0, ttl 44, id 8877, offset 0, flags [none], proto UDP (17), length 64) 93.123.xxx.xxx.5678 > 44.60.44.3.53: [udp sum ok] 42486+ A? cloud.mikrotik.com. (36) Is this the normal behavior of a MikroTik device? 73, - Lynwood KB3VWG

2 5

Help with tunnel
by Rodrigo Pérez CD5RPY 24 Nov '20

24 Nov '20

Hi, Some time ago I requested a /24 subnet. I have my network and I'm trying to make it work but with no success. I follow this tutorial https://wiki.ampr.org/wiki/Setting_up_a_gateway_on_MikroTik_Routers but it doesn't work. After this, I read that I need a dns record in ampr.org and fill the contact form in portal.ampr.org without answer yet. My other option is to change the network to bgp (my datacenter supports bgp). Can anyone help me to make my network work? Thanks ! -- Rodrigo Pérez R. CD5RPY

4 3

now what is he next step
by pete M 23 Nov '20

23 Nov '20

Hi I finally got my bpg annonce working, bird do works i have 2 interface on the machine, as stated here: ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 56:00:02:fc:bd:ba brd ff:ff:ff:ff:ff:ff inet 207.246.122.57/23 brd 207.246.123.255 scope global dynamic ens3 valid_lft 72787sec preferred_lft 72787sec 3: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 9e:fe:80:f5:a5:e2 brd ff:ff:ff:ff:ff:ff inet 44.135.59.0/24 brd 44.135.59.255 scope global dummy1 valid_lft forever preferred_lft forever when I list my route I have this: route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 207.246.122.1 0.0.0.0 UG 0 0 0 ens3 44.135.59.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy1 169.254.169.254 207.246.122.1 255.255.255.255 UGH 0 0 0 ens3 207.246.122.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3 Now my next thing is to have an openvpn server so that the client can use address from the /24 as there ip adress to the world. (openvpn is a vpn solution, but if you have other/better solution I am open). one little other thing. will the connection by the vpn be limited to one ip address by tunel or can I specify the number of address available by client configuration? one other thing, is there a dashboard to control/monitor by a web interface a server like openvpn? thanks Pierre VE2PF

6 31

Re: [44net] now what is he next step
by lleachii＠aol.com 23 Nov '20

23 Nov '20

Pete, Before you mess anything up. Your traffic is NOT going toward AMPRGW on this side of the Earth: user@machine:~$ tracepath 44.135.59.1 1?: [LOCALHOST] pmtu 1500 1: router7.lan 0.393ms 1: router7.lan 0.347ms 2: no reply 3: B3352.WASHDC-LCR-21.verizon-gni.net 1.831ms 4: no reply 5: 0.ae1.BR1.IAD8.ALTER.NET 3.582ms 6: 204.148.11.238 5.714ms 7: ae1.cr2-nyc4.ip4.gtt.net 7.653ms 8: ip4.gtt.net 21.672ms 9: no reply 10: vl20-br2.pnj1.choopa.net Some larger looking glasses you are pointing toward AS20473 - Choopa, LLC, not UCSD. 73, - Lynwood KB3VWG

1 1

Bird Wont start.
by pete M 22 Nov '20

22 Nov '20

I know it is not 44 net fully related, but I've been searching for some time. I have a vultr vps and I am trying to bgp announce my /24. When I look at the status I have this. systemctl status bird.service ● bird.service - BIRD Internet Routing Daemon (IPv4) Loaded: loaded (/lib/systemd/system/bird.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sun 2020-11-22 18:50:13 UTC; 16min ago Process: 25329 ExecStartPre=/usr/lib/bird/prepare-environment (code=exited, status=0/SUCCESS) Process: 25335 ExecStartPre=/usr/sbin/bird -p (code=exited, status=0/SUCCESS) Process: 25336 ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS (code=exited, status=1/FAILURE) Main PID: 25336 (code=exited, status=1/FAILURE) Nov 22 18:50:13 hamrad.ca systemd[1]: Starting BIRD Internet Routing Daemon (IPv4)... Nov 22 18:50:13 hamrad.ca systemd[1]: Started BIRD Internet Routing Daemon (IPv4). Nov 22 18:50:13 hamrad.ca bird[25336]: /etc/bird/bird.conf:1:5 Unable to open log file `/var/log/bird.log': Permission denied Nov 22 18:50:13 hamrad.ca bird[25336]: bird: /etc/bird/bird.conf:1:5 Unable to open log file `/var/log/bird.log': Permission denied Nov 22 18:50:13 hamrad.ca systemd[1]: bird.service: Main process exited, code=exited, status=1/FAILURE Nov 22 18:50:13 hamrad.ca systemd[1]: bird.service: Failed with result 'exit-code'. I understand that my log file is the problem. But I did set the rights of the log file properly. If I list the log file i have ls -l bir** -rw-r--r-- 1 root bird 0 Nov 20 18:55 bird.log Anyone can help? Pierre VE2PF

4 3

One year from WB6CYT Brian departure
by renzorossi＠libero.it 22 Nov '20

22 Nov '20

8 9

HTTP and DNS Server Changes
by lleachii＠aol.com 14 Nov '20

14 Nov '20

All, I am testing a AWS server that runs the DNS and HTTP services for my node. NTP (kb3vwg-001.ampr.org/44.60.44.1) was not moved. Please verify: ~ AMPR DNS (44.60.44.3) - OPEN ACCESS for AMPRNet hosts, 44 hosts can also AXFR 44.in-addr.arpa. and ampr.org - **if you accessed DNS via your WAN IP and it's now fails, let me know off thread about why and/or reconfigure to use your AMPRNet IP for inquires** - **If you used HTTP on this address, it now fails** --- ~ AMPR HTTP (44.60.44.10): - http://whatismyip.ampr.org - you will only receive your valid 44 SRC IP on AMPRNet, all other IPs receive the non-Internet-reachable 44.60.44.254 - http://speedtest.ampr.org - currently Error 302 redirects to https://speedtest.org/ - Main landing (http://kb3vwg-010.ampr.org / http://44.60.44.10) - amprdocs and tools pages should be visible here if you're on AMPRNet - **The 44-Trace and Ping tools to 44 IPs ONLY should work as intended - please message me off thread if not** - other IPs (and 44.0.0.1/32) use the AWS interface now - **Since this server is now hosted...I am able to add my device as an official Slave DNS of AMPRNet on its real interface...if you all desire (and it's approved)** - I'd like to test transfer on a temporary basis before we make it a go...I do pay for if it spikes, LOL --- ~ WAN HTTP (<IP>): - http://kb3vwg.ampr.org (WAN HTTP) - is no longer CMS-based - Main landing (http://<IP>/) - currently Error 302 redirects to https://speedtest.org/ (HINT: you can nslookup kb3vwg.ampr.org for the current WAN IP) NOTE: if you accessed NTP via your WAN IP, this may change in the future. Please migrate to using AMPRNet SRC IPs access to ALL AMPRNet services [on the KB3VWG node]. (This temp test may lead to proof-of-concept for a FREE/donated permanent site [for more services/CPUs] for VMs.) 73, - Lynwood KB3VWG

1 1

Re: [44net] Lost Packets
by lleachii＠aol.com 13 Nov '20

13 Nov '20

Chris et. al., You noted something possible loss along a path. Close to AMPRGW, I notice dc-tus-agg8--lax-agg8-300g.cenic.net is constantly giving me packet loss. Also CENIC.ear1.LosAngeles1.Level3.net is somewhat dropping (also dc-lax-agg8--lax-agg6-100ge-2.cenic.net). I'm able to see this loss running with the command 'mtr -u gw.ampr.org' (UDP seems to show more packet loss than 'mtr -T'). user@machine:~$ tracepath gw.ampr.org 1?: [LOCALHOST] pmtu 1500 1: OpenWrt.lan 0.540ms 1: OpenWrt.lan 0.824ms 2: no reply 3: B3352.WASHDC-LCR-21.verizon-gni.net 20.242ms 4: no reply 5: 0.ae1.BR1.IAD8.ALTER.NET 8.127ms 6: no reply 7: no reply 8: CENIC.ear1.LosAngeles1.Level3.net 65.995ms asymm 11 9: dc-lax-agg8--lax-agg6-100ge-2.cenic.net 71.811ms asymm 11 10: dc-tus-agg8--lax-agg8-300g.cenic.net 70.475ms asymm 11 11: dc-sdg-agg4--tus-agg8-300g.cenic.net 67.237ms 12: dc-ucsd-100ge--sdg-agg4.cenic.net 69.696ms 13: mcore-flow-bypass-mx0-p2p.ucsd.edu 68.723ms 14: sdsc-7710-7--mcore-vl2995-p2p.ucsd.edu 72.042ms 15: no reply - Lynwood KB3VWG

12 28

Re: [44net] Lost Packets
by Rob Janssen 11 Nov '20

11 Nov '20

I can only confirm that the amount of "network probing" traffic is ever increasing. We have the 44.137.0.0/16 network BGP routed towards us so we do not experience the described issues, but at the firewall there is a massive amount of incoming probes and I do use some techniques to auto-block these. For example, I have a static list of known probers (the likes of shodan.io, internet-census.org, binaryedge.ninja, etc etc. a total of 674 entries, 90 of them subnets (often /24). Additionally, I have an automatic blacklist of servers sending 10 or more probes per minute to any address in our /16 that is not in use (similar to the "are you in DNS" check in amprgw) and keeps the address blacklisted for an hour. That list usually contains about 75000 addresses! In the past I have tried several times to mail those "researchers" and "services that allow you to search for open ports" guys to get our subnet removed from their scan range. The results are limited. Sometimes it works, usually for limited time, sometimes just nothing changes. Maybe the contacts for the AMPRnet could try some of those requests as well. We get several Mbit/s of useless crap on our /16 so I can guess what it looks like for amprgw. Pity that there are so many of those jerks around. Rob

1 0

Talking 44net Maintenance/Improvement + TAC at this week's Office Hours
by Rosy Wolfe 10 Nov '20

10 Nov '20

Hello, 44net! This week we're doing our first office hours: Thurs. 12 Nov 18:00 UTC (10am PT / 1pm ET / 6pm GMT / 7pm CET) Will go to about 20:00 UTC Full Zoom invite below this message. Following our community call on Oct. 10, folks at ARDC have started to put together some thinking around 44net maintenance and improvement. This is especially true for Chris (G1FEF), who knows the most about the technological and administrative aspects of running the portal. Some items from his list include: * Improving logic using Laravel open source framework (Laravel framework enables easy internationalization) * Improving presentation, e.g. for use on mobile * Create workflows to improve admin tasks ...and that really just scratches the surface. Learn more on Thursday! If you are someone who is interested in 44net development, please join us at this Thursday's meeting! If you can't make it, feel free to share your thoughts via email. Note that we have a growing list of thoughts from previous messages and the survey to be prioritized as part of this work. Speaking of prioritization, as part of this effort to improve 44net, we'll be putting the Technical Advisory Committee (TAC) back together. The first job of the TAC will be to discuss, test, review, and collaborate on the work being done on the Portal. More information for how to apply to the TAC to come as soon as possible. In the meantime, hope you can join us on Thursday and share your thoughts here. Many thanks, Rosy // ARDC is inviting you to a scheduled Zoom meeting. Topic: ARDC Office Hours Time: Nov 12, 2020 10:00 AM Pacific Time (US and Canada) Join Zoom Meeting https://us02web.zoom.us/j/85376459195?pwd=TmpZQ2FqVW13TEU3VmpjNHp1TlhhUT09 Meeting ID: 853 7645 9195 Passcode: 440088 One tap mobile +13462487799,,85376459195#,,,,,,0#,,440088# US (Houston) +16699006833,,85376459195#,,,,,,0#,,440088# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 6833 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 929 205 6099 US (New York) +1 301 715 8592 US (Washington D.C) Meeting ID: 853 7645 9195 Passcode: 440088 Find your local number: https://us02web.zoom.us/u/kd4rPrWKJX -- Rosy Wolfe - KJ7RYV Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

1 1

Re: [44net] Lost Packets
by G1FEF 07 Nov '20

07 Nov '20

Hi David, > Chris: Are you the official administrator of the AMPRGW FreeBSD host now? Yes, I am. I’ve been doing some tests from the gw and it looks like there is some packet loss upstream depending on which route the packets are going, for example I ran a 100 count ping to one of my servers in the UK and got no packet loss at all with a consistent RTT: --- 85.199.212.83 ping statistics --- 100 packets transmitted, 100 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 147.366/147.491/151.369/0.409 ms Then I ran a test to 98.143.158.201 (the IP WB7AWL was using for his test) and I got 2% loss with varying RTT: --- 98.143.158.201 ping statistics --- 100 packets transmitted, 98 packets received, 2.0% packet loss round-trip min/avg/max/stddev = 3.514/12.592/209.460/30.918 ms I’ve repeated these tests a few times and looked at the routes taken and it does seem to indicate that the gw machine itself is not the issue. I will have a discussion with the folks at UCSD and let you know what transpires. Regards, Chris

1 0

Lost Packets
by Albert Lawson 06 Nov '20

06 Nov '20

Good Evening Folks, Is something going on with the gateway...????? I just noticed this today: --- ampr.org ping statistics --- 92 packets transmitted, 72 received, 21% packet loss, time 91427ms rtt min/avg/max/mdev = 33.320/41.448/51.167/2.890 ms As opposed to: --- aa6hf.ampr.org ping statistics --- 100 packets transmitted, 100 received, 0% packet loss, time 99146ms rtt min/avg/max/mdev = 47.409/56.381/70.304/4.552 ms Pings to my commercial IP (from my network at work) are 100%.....but pings to ampr.org (from my network at work) are showing dropped packets as well. 73's -Albert WB7AWL

3 3

Re: [44net] 44Net Digest, Vol 9, Issue 111
by Mark Stevenson 06 Nov '20

06 Nov '20

Hi, My pings seem stable, although high at around 200ms, they are consistent. Endpoint is in the UK Mark - 2W0YMS On Fri, 6 Nov 2020, 20:00 , <44net-request(a)mailman.ampr.org> wrote: > Send 44Net mailing list submissions to > 44net(a)mailman.ampr.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.ampr.org/mailman/listinfo/44net > or, via email, send a message with subject or body 'help' to > 44net-request(a)mailman.ampr.org > > You can reach the person managing the list at > 44net-owner(a)mailman.ampr.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of 44Net digest..." > Today's Topics: > > 1. Lost Packets (Albert Lawson) > > > > ---------- Forwarded message ---------- > From: Albert Lawson <wb7awl(a)lawsonpc.com> > To: AMPRNet working group <44net(a)mailman.ampr.org> > Cc: > Bcc: > Date: Fri, 6 Nov 2020 02:14:49 +0000 > Subject: [44net] Lost Packets > Good Evening Folks, > > Is something going on with the gateway...????? I just noticed this today: > > --- ampr.org ping statistics --- > 92 packets transmitted, 72 received, 21% packet loss, time 91427ms > rtt min/avg/max/mdev = 33.320/41.448/51.167/2.890 ms > > As opposed to: > > --- aa6hf.ampr.org ping statistics --- > 100 packets transmitted, 100 received, 0% packet loss, time 99146ms > rtt min/avg/max/mdev = 47.409/56.381/70.304/4.552 ms > > Pings to my commercial IP (from my network at work) are 100%.....but pings > to ampr.org (from my network at work) are showing dropped packets as > well. > > 73's > > -Albert > WB7AWL > > > _______________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net >

3 2

Re: [44net] 44Net Digest, Vol 9, Issue 111
by lleachii＠aol.com 06 Nov '20

06 Nov '20

Albert, Yes, something is wrong: root@OpenWrt:~# ping 44.0.0.1 -I 44.60.44.1 -A -c 100 -s 22 -q PING 44.0.0.1 (44.0.0.1) from 44.60.44.1: 22 data bytes --- 44.0.0.1 ping statistics --- 100 packets transmitted, 79 packets received, 21% packet loss round-trip min/avg/max = 66.029/66.446/69.157 ms You all can test from my end: http://kb3vwg-010.ampr.org/tools/ping/php-ping44.php 73, - Lynwood KB3VWG

1 0

Trying to contact VE3JGL
by G1FEF 01 Nov '20

01 Nov '20

Hi, If anyone is in touch with Luc - VE3JGL please could they ask him to drop me a private email asap. Thanks, Chris - G1FEF

1 0

Network topology and vpn connection.
by pete M 26 Oct '20

26 Oct '20

Hi! First I want to thanks the ampr group and especially G1FEF for providing me a /24 that I am in the process of being bgp annonce with a vultr vps in NJ. If what I am about to talk dont fit in the group, please let me know, I will move this else where. I am in no mean a network guru but I understand concept pretty easily. SO I am planning my /24 as this. the VPS at vultr will use Bird to annonce the route, I will use only the default route provided by vultr. >From there I created a dummy interface that have my /24 as its IP. I then want to make a VPN server to distribute the net and ip to remote site I have that use a mix of hardwired and wireless connection. The routers are all edgerouter-x from ubiquity they will all eventually be interconnected by 2 sources, the hardwired provided by many ISP and the wireless that I am building as a redundancy. If one sources fail, the router will fall back to the other link. the prefered links will always be the hardwired, the wireless is the backup. (some of the links are 40 Km long, but most are 5-6 Km and the smallest is under 1 Km.) >From those edge router I will have connection to the vpn and every router will have a dhcp server that will serve a part or the /24 like 16 ip for each site. (I have 3 site right now) and I will have fixed IP at each site for the repeaters and aprs gateways. Now the configuration of the vpn is my first problem. should I have the vpn server listening on the ipv4 address of vultr or should I made it listen to the dummy interface? I think this is juste the beginning of my quest! Pierre VE2PF

3 2

How long for attribution of a ip segment?
by pete M 23 Oct '20

23 Oct '20

Hi! I asked a few months ago for a /24 so I could advertise it by BGP on a vultr server. I had receive a request to fill up a form, but for personal reason I was not able to pursue the project. rewind to end of september and I redo the request, fill out the form and do everything in order, well I hope, but it was delayed cause the emails I was receiving kept going into the spam folder.. Sent a few email back to ask the status, if my form was filled ok, I had no answer. I am just wondering if I did something wrong or if the request is en route. Sorry if this is the wrong forum to ask. Pierre VE2PF

5 5

ARDC Office Hours: Thurs Nov. 12 @ 17:00 UTC
by Rosy Wolfe 22 Oct '20

22 Oct '20

Hello 44net! In our video call on Oct. 10, I heard from folks that they were interested in more regular meetings and office hours. So - let's give the office hours a try! I'll be online for two hours on Thurs. Nov. 12 @ 17:00 UTC (10am PT / 1pm ET / 6pm BST). Link to the video call will be posted in advance. Looking forward to chatting with you soon! All the best, Rosy -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

1 1

Re: [44net] Thanks to everyone for a good 44net community call!
by Rob Janssen 19 Oct '20

19 Oct '20

> Is the European Asterisk/DUNDI/AMPRNet voip network you describe below documented somewhere? I tried to google around but did not find anything. There is some scattered information, e.g. this at DB0WA: https://www.afu.rwth-aachen.de/projekte/hamnet/anwendungen/sip-telefonie https://www.afu.rwth-aachen.de/projekte/hamnet/infos-fuer-betreiber/dundi-n… This page also describes a crawler for such nodes and shows a map, but I think this crawler is dead as the map shows information from last year and has not been updated since. That is probably related to the renumbering of the German/Austrian network. (as you know these networks ended up being in the part that was sold) I don't know if the network itself is still actively maintained or if it is just an experiment that is not interesting to its inventers anymore and just keeps running until the servers crash, someone turns them off, or a disruption such as the renumbering occurs. At least locally for me it works fine, but I use it mainly for calls to one other person who is on the same PBX as I am. Rob

1 0

Re: [44net] Thanks to everyone for a good 44net community call!
by Rob Janssen 19 Oct '20

19 Oct '20

> If you're offering to organize, create and open-source a conferencing > system that does what Zoom does AND SCALES UP, be my guest! You could > even apply to us for a grant... I don't know how wide its coverage is, but here in Europe we have a network of Asterisk PABXes on AMPRnet that have interconnecting trunks between them that allow you to call anyone on the network on their roaming number. Phone numbers are allocated based on the callsign (using a scheme based on the letters printed on DTMF keypads. based on my callsign, my phone number is 713210234253 for "1st letter on key 7, 2nd letter on key 3, digit 1, 3rd letter on key 2, 2nd letter on key 4, 3rd letter on key 5" giving PE1CHL ). The DUNDi trunk protocol distributes the information about the home server for each number across the network, so all Asterisk servers know how to route the calls. It is easy to host a conference on one or more of the Asterisk servers and have everyone dial in to that. There is such a conference running on my local server where I have my IP phone connected all the time. I think such systems can do low-bandwidth video as well, but I have never tried that. For audio it works perfectly. > Seriously, this touches on one of my pet topics: IP multicasting. A huge > amount of work went into the development of IP multicast protocols in > the 1980s and 1990s, yet nearly all of it has been stillborn. It sees > use only in walled gardens like AT&T Uverse (an IPTV over VDSL service > in the US) and in degenerate form for intra-net resource discovery on LANs. I agree that would be much more efficient than having the basic star-type structure where everyone gets the same stream from one server. That would be one thing that could be implemented in AMPRnet to show the world that it really has advantages. For phone quality voice and the number of attendees we would expect, running this over AMPRnet in the star configuration should be no issue. Rob

5 4

Recap from Oct. 10 Video Call
by Rosy Wolfe 15 Oct '20

15 Oct '20

Hi 44net, Thanks again to everyone who joined us on Saturday's call. I really enjoyed getting to share about what we've been doing with all of you. A recap of the meeting has been posted here, including links to slides, survey results, and the chat. We've also provided answers to all of the questions brought up in the chat, to make sure we got them all covered. https://www.ampr.org/recap-ardc-44net-oct-10-community-call/ The one thing that's not posted is the video - we are having an issue with the file and will post it as soon as it's resolved. Thanks for your patience! In the meantime, please enjoy rest of the materials and written Q+A. Looking very forward to the next call! All the best, Rosy -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

1 0

HNAP4PlutoSDR - HAMNET on 70cm with the PlutoSDR
by Jann Traschewski 15 Oct '20

15 Oct '20

Hello AMPRNet, we like to announce a new open source HAMNET-access solution for the 70-cm-band making use of the popular ADALM Pluto SDR. Lukas Ostendorf recently finished his master thesis "Design of a Radio Communications Protocol for HAMNET Access in the 70cm Amateur Radio Band" at our employer Rohde & Schwarz in Munich. We are pleased to publish his work and further material today: https://hnap.de/2020/09/08/master-thesis-released.html There are still some tasks like signal amplification on the roadmap, but the community is growing and helping to move on. It seems the telegram group chat is currently the best place to exchange: https://t.me/hamnet_access_protocol Most communication is in German, however I'm pretty sure English is fine as well. At least you will find nice pictures of current experiments in the backlog :) Looking forward to your contribution, for the HNAP-Team, Jann DG8NGN -- Jann Traschewski, Faber-Castell-Str. 9, D-90522 Oberasbach, Germany Tel.: +49-911-99946898, Mobile: +49-170-1045937, E-Mail: jann(a)gmx.de Ham: DG8NGN / DB0VOX / DB0FOX / DB0ZM / DB0DBA / DB0HZS

2 3

Re: [44net] Thanks to everyone for a good 44net community call!
by Rob Janssen 13 Oct '20

13 Oct '20

> Mikrotik is the only one among cheaper gear to have a PIM (only Sparse mode) implementation. It is a bit clumsy but with a few tweaks it is (from my experience so far) manageable. Do you have a description somewhere how you set it up in a 44Net network? We have a national network over here with many (mostly) MikroTik routers linked by radio links and VPNs. It could be an interesting experiment... Rob

2 1

Re: [44net] Thanks to everyone for a good 44net community call!
by Rob Janssen 13 Oct '20

13 Oct '20

> We also have a network of PBX's tied together here in the US but using > AREDN Mesh connectivity. Phone numbers are a flat 4-digits for local > calling. For wide area calls, the person's (or service) 3-digit area > code is prepended to the 4-digit local number. There are around 40 pbx's > scattered around the world on this network. There is a White Pages > directory to determine a person's (or service) phone number. > It would be interesting to try to connect the two systems together. Of course it is always tricky to interconnect two systems that have a different and potentially conflicting numbering plan. I actually like the numbering plan they use here. You number is not tied to the PBX you have registered on, but it roams with you wherever you connect. So when the local situation changes (someone stops providing the service or some more nearby PBX appears where you have better connectivity or better services) you can just port your existing number without problem. And no directory is required, I can just dial numbers on the keypad knowing only the callsign. For you it would be 62206142 It would have been even better when they had thought of having some unique prefix that makes it recognizable as a HAM number and not a POTS phone number, and that avoids collisions with other numbering plans. Rob

1 0

Re: [44net] Thanks to everyone for a good 44net community call!
by Rob Janssen 12 Oct '20

12 Oct '20

> Sorry about the glitches at the beginning. Jitsi was giving us problems > (frozen or long-delayed video, etc) so I made the call to switch to > Zoom. We regularly use zoom internally within ARDC for Board and Grant > Advisory Committee meetings and it has performed well; it also seemed to > work well today. I am a bit disappointed that, as a group of radio amateurs active in IP networking, supposedly the people who know all about how to setup a communication system all by themselves, we have to resort to a system like zoom.us to hold a conference. Rob

8 12

Re: [44net] Thanks to everyone for a good 44net community call!
by Phil Karn 12 Oct '20

12 Oct '20

On 10/11/20 14:03, Stuart Longland wrote: > > I'd imagine for repeater linking, you'd be wanting sufficient bandwidth > for RTP streams. Would DMR be capable of this or would we have to look > to other solutions? I hadn't even considered DMR (by which I assume you mean C4FM). Waaaay too slow and inefficient. I was thinking either of WiFi on point-to-point microwave a la AREDN, or some new medium speed modem on UHF non-line-of-sight links. NPR could be a candidate, though I don't know about its multipath tolerance. > None of that is any use for linking internationally, which is one of the > draw-card use cases for things like IRLP, EchoLink, AllStarLink, … etc. > I'd imagine we'd need some sort of high-speed trunk links over HF radio > for that. Seems like a tall order in solar minimum. Admittedly I am biased by living in southern California, but I was thinking about the large linked repeater networks we have here. Some networks include dozens of mountaintop repeaters spread across several states linked full time. Traditionally a lot of that linking was done directly between hilltops on (hidden) analog UHF links, and I'm sure that today much of it is done over the commercial Internet. At least until the US gets its own QO-100, the regular Internet is likely to remain the only practical approach for long haul links, but it's certainly within the realm of possibility to move many of the intrastate or adjacent-state links to an IP network on ham frequencies. Phil

1 0

Thanks to everyone for a good 44net community call!
by Phil Karn 11 Oct '20

11 Oct '20

Thanks to everyone who participated in today's online meeting! Sorry about the glitches at the beginning. Jitsi was giving us problems (frozen or long-delayed video, etc) so I made the call to switch to Zoom. We regularly use zoom internally within ARDC for Board and Grant Advisory Committee meetings and it has performed well; it also seemed to work well today. Thanks for all the helpful comments and suggestions on our grantmaking activities. I invite everyone interested in ARDC and its mission to further amateur radio and related digital technologies to continue to make your helpful thoughts and suggestions known and to consider becoming more involved. But I want to reiterate: you might think that giving money away is the easiest thing in the world. It's not! (I keep thinking of the old Badfinger song, "Come and Get It!") It's surprisingly hard work to do it legally, effectively and efficiently, and I think those of you on the call today got a taste of that. Some of it is WAY too much like real work, like managing our finances and understanding and complying with the myriad IRS and state rules for nonprofit grant-making foundations like ours. As we explained, we do NOT want to limit our activities to the United States, but we have to jump through a lot of extra hoops when making grants to organizations in other countries. But we are determined to do this, just as we are determined to eventually give grants to individuals and groups that aren't formal charities. The terms of our IP address sale required an NDA (Non-Disclosure Agreement) that kept many details confidential for a time. We didn't like it, but there would have been no sale without it. Now that our 2019 tax returns and financial audit statements are a matter of public record, we won't have to be cagey about our finances. Except for Rosy, our executive director, and Chris, our 44net support guy, all of us are doing this as volunteers. Rosy has really hit the ground running in her new position, working with prospective grantees, politely reminding the rest of us of our action items and in general keeping things running smoothly. We do anticipate getting additional paid help as our work expands. Our treasurer, Bdale Garbee, NB0G, has done a stellar job of managing our finances, dealing with the regulatory and tax authorities, lawyers, auditors, grantees and support organizations. Our endowment, which we are conservatively managing ourselves, is split between low cost US and international stock and bond index funds as well as short term reserves. The reserves cover our expected expenses for the next few years. We hope the rest will generate enough income to keep us going indefinitely, but that depends on the markets. Our plan right now is to grant at least US $5 million every year. No other amateur radio foundation has ever operated on this scale, and we're still just getting started. Since we don't know what will pay off, we want to cast our nets broadly. We can afford to take risks with some high-risk, high-reward projects knowing full well that some -- maybe even most -- won't pan out. There's simply no other way to find out what works. What makes it all worthwhile is seeing the results of our work. We've only gotten started, but the new ARISS (Amateur Radio on the International Space Station) gear that we helped support is installed and operational. The power supply carries a plaque memorializing our founder, Brian Kantor WB6CYT, and his family was delighted to see the pictures. And I've just been going through the thank-you cards and letters (56 at last count) we've received from this year's recipients of ARRL Foundation scholarships. Back to where it all began -- the 44 net -- we invite suggestions on how it should evolve and expand. We certainly have the money to support a solid and growing infrastructure. So...we're just getting started! 73, Phil Karn, KA9Q ARDC President

2 2

!! Switching from Jitsi to Zoom this morning
by Rosy Wolfe 10 Oct '20

10 Oct '20

Hi folks, Due to some technical difficulty, we are switching to Zoom this morning: Please use the information below, and many apologies for the last-minute switch. Rosy // ARDC is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://us02web.zoom.us/j/3100460055?pwd=RS9SMlFRZTBXbjZCT2c2Y2llY09KQT09 Meeting ID: 310 046 0055 Passcode: 655698 One tap mobile +12532158782,,3100460055#,,,,,,0#,,655698# US (Tacoma) +13462487799,,3100460055#,,,,,,0#,,655698# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 6833 US (San Jose) +1 301 715 8592 US (Germantown) +1 312 626 6799 US (Chicago) +1 929 205 6099 US (New York) Meeting ID: 310 046 0055 Passcode: 655698 Find your local number: https://us02web.zoom.us/u/ko6SfVytQ -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

3 2

2019 Financial report + Amazon sale + Brokerage
by Paul Sladen 10 Oct '20

10 Oct '20

2019 financial filings for the ARDC, Inc. have been published by the Californian Register of Charities: * http://rct.doj.ca.gov/Verification/Web/Download.aspx?saveas=Amateur+Radio+D… * http://rct.doj.ca.gov/Verification/Web/Download.aspx?saveas=Amateur+Radio+D… * https://www.ampr.org/about/legal/ (links) TL;DR summary: 1. Sale price of $26/IP (to Amazon) minus 0.5% brokage commission [1] 2. $109 million raised, $545 thousand paid to Nationwide as broker 3. Funds now classified as Board-designated Endowment 4. Majority raised now invested in government bonds Trustees for 2019 are listed as: Brian Kantor - Former president Bdale Garbee - Treasurer Phil Karn - New president John Gilmore - Secretary KC Claffy is listed as a non-officer director---possibly for CAIDA conflict-of-interest handling(?) Erin Kenneally is no longer listed (nor referenced at all). (Suspect that a clear answer may not be easier to find). During Financial Year 2019, two grants were disbursed: 1. $10k - TAPR student scholarships 2. $110k - ARISS (International Space Station HAM) Variations of the wording use in different places (paraphrased): * "[support of] Amateur Radio Digital Communications" * "[support of] Amateur Radio _and_ Digitial Communcations". The latter is much wider than the former. Hopefully the trustees can make their own announcement in due course; but this should pre-answer the quick questions that people may have, [2] Before laying into the Trustees, this is pretty positive---cash was raised, and has been sensibly invested. The way the sale was handled was sub-optimal---picking the most dense/actively used part (HamNET) to sell...; but hopefully lessons from that have been learnt. Plus John Gilmore's long statement this week about the MoU with CAIDA/UCSD, will hopefully allow Amprnet's most significant R&D/ experimentation/academic contribution over the last 20 years to be finally be acknowleged openly, -Paul [1] To put things into perspective; had estimated was $24/IP, minus 1% brokage commission---so the amount realised by the Trustees was significantly higher; probably related to the size of the block sold, and clean nature of the IPs. [2] E&OE---refer to the actual documents for exact numbers + wording! Do not rely on this TL;DR---spend your own time, and do your own reading!

1 0

Please let us know if you're coming to Saturday's call!
by Rosy Wolfe 08 Oct '20

08 Oct '20

Hi 44net, Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: https://www.ampr.org/community-meeting/ Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. All the best, Rosy PS here's the survey link in case you haven't taken it yet: https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org

3 4

Re: [44net] Education about networking (Was Re: Inviting you
by f6cnb＠hutin.org 08 Oct '20

08 Oct '20

Just to clarify. 44.168.x.y/16 IS ROUTED via BGP on Internet. But the firewall is blocking most of the communications from outside the 44 world. 73 Remi F6CNB N5CNB Message: 1 Date: Wed, 7 Oct 2020 14:51:12 +0200 From: Toussaint OTTAVI <t.ottavi(a)bc-109.com> To: <44net(a)mailman.ampr.org> Subject: Re: [44net] Education about networking (Was Re: Inviting you to ARDC Grantmaking Survey + Community Jitsi Call) Message-ID: <68fa5d64-3b71-2326-3ab5-1a20b0c61d0d(a)bc-109.com> Content-Type: text/plain; charset="utf-8"; format=flowed Le 05/10/2020 ? 10:40, Rob Janssen via 44Net a ?crit?: > > Please understand that in the topology I am proposing (and have > proposed several times in the past) you don't need to do that as an > individual, it is left to local groups or ARDC to do that. +1 We are using a similar topology here. Anyway, the details of our implementation differ : - We are currently testing Wireguard as a replacement for OpenVPN (too much odd behaviors with OpenVPN) - Our endpoints are $20-$50 OpenWRT routers. We configure them, and send them to the local users / sites. - On any site, we typically route /29 (5 usable IPs) on small sites and /28 (13 usable IPs) on more important sites - We typically route a 44.190 subnet for things that requite public Internet addressing (D-Star, DMR, XLX) (as defined by DG8NGN), and a 44.168 subnet for all ham-related machines. - Any site can have a 44.190 subnet, a 44.168 subnet, or both. - There's no more dual adressing. All machines only have a 44.168 or 44.190 IP. Except for the central gateway, no machine / no server is using public Internet IP anymore. - Due to the highly experimental nature of the network and the tiny size, we do not have full internal dynamic routing yet, and we use static routing for now. Our dynamic experiments on some sites are using OSPF. - 44.190 subnet is routed on Internet with BGP via a Vultr VPS (which costs $5/month, is easy to implement, and is independent of local ISP BGP capabilities) - 44.168 subnet is currently not routed on Internet via BGP, because this does not have much sense. For now, it's not routed outside of our island. But we plan to implement IP-IP routing on the central gateway (as we had in our previous iteration) Maybe we should try to identify all people using this kind of topology all over the world (what I called a "Regional" or "local" gateways) ? Then, we may try to "normalize" our implementations : - Adoption of dual-addressing : 44.190 for things that require Internet access, and 44.<country> for other things - Choice of internal VPN tunneling protocol(s) - Choice of internal routing protocol - Choice of external routing method (tunnels and routing between gateways) 73 de TK1BI ------------------------------ Message: 2 Date: Wed, 7 Oct 2020 15:27:49 +0200 From: Toussaint OTTAVI <t.ottavi(a)bc-109.com> To: <44net(a)mailman.ampr.org> Subject: Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call Message-ID: <6833ec63-d59d-530b-3ffa-ef2b5585a99f(a)bc-109.com> Content-Type: text/plain; charset="utf-8"; format=flowed Le 03/10/2020 ? 18:55, Corey Dean via 44Net a ?crit?: > Part of the BrandMeister network is using some of the 44 range. The > main bm webpage is using it. Here are some quick and dirty stats : XLX is an open-source digital gateway used all over the world to interconnect D-Star and DMR repeaters (and many other protocols) XLX API provides a "hosts" file of all registered XLX nodes with their IP This file has approx. 1700 lines. Due to triple REF, DCS, XRF naming, we can assume there are roughly 560 independent nodes. The file contains only 36 entries using AMPR 44.x IP addressing, and among them, only 12 are unique *-> Only 2% of the XLX-connected reflectors are using AMPR addresses !!!* And this is only for reflectors (=servers), who are managed by people with more than average skills. I didn't find how to obtain stats for all the repeaters connected to all the reflectors, but adoption rate will be even lower ! COMMENTS : - AMPR addressing is used on country-wide servers, and by isolated teams around the world (including myself, HI)? mostly because people who maintain servers have the skills and equipment to do that. - We still have some work until mass adoption by the local reflectors and repeaters SysOps - And even more work for mass adoption by any HAM in the world... CONCLUSION : As I already said, IMHO, our #1 goal should be : make AMPR addressing easier to use, both for local SysOps/teams, and for end users. 73 de TK1BI ------------------------------ Message: 3 Date: Wed, 7 Oct 2020 14:01:29 +0000 From: pete M <petem001(a)hotmail.com> To: AMPRNet working group <44net(a)mailman.ampr.org> Subject: Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call Message-ID: <MWHPR2201MB14551B41D83E8BD2DF4F56A9970A0(a)MWHPR2201MB1455.namprd22.prod.outl ook.com> Content-Type: text/plain; charset="iso-8859-1" I am 100% with you. I don't count myself as top sys admin. But I am far from being a noob. And I have been struggling to have Ipip or other ways of connecting to the net. I have multiple site connected by VPN to my vps . I run multiple wireless link with fallback to lte modem. In case of a trouble with the link and yet, the only way I think I will achieve a stable way to have a connection and 44 net IP will be by bgp. That bring that I need a /24 at a minimum. Do I need a /24? Not at first and I hope I will be able to have other hams in my region to take some of my /24 ( will give them with the VPN server) but frankly this also mean the I will be responsible for there action on the 44 net. And that is putting some pressure on me. T?l?chargez Outlook pour Android<https://aka.ms/ghei36> ________________________________ From: 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> on behalf of Toussaint OTTAVI via 44Net <44net(a)mailman.ampr.org> Sent: Wednesday, October 7, 2020 9:27:49 AM To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org> Cc: Toussaint OTTAVI <t.ottavi(a)bc-109.com> Subject: Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call Le 03/10/2020 ? 18:55, Corey Dean via 44Net a ?crit : > Part of the BrandMeister network is using some of the 44 range. The > main bm webpage is using it. Here are some quick and dirty stats : XLX is an open-source digital gateway used all over the world to interconnect D-Star and DMR repeaters (and many other protocols) XLX API provides a "hosts" file of all registered XLX nodes with their IP This file has approx. 1700 lines. Due to triple REF, DCS, XRF naming, we can assume there are roughly 560 independent nodes. The file contains only 36 entries using AMPR 44.x IP addressing, and among them, only 12 are unique *-> Only 2% of the XLX-connected reflectors are using AMPR addresses !!!* And this is only for reflectors (=servers), who are managed by people with more than average skills. I didn't find how to obtain stats for all the repeaters connected to all the reflectors, but adoption rate will be even lower ! COMMENTS : - AMPR addressing is used on country-wide servers, and by isolated teams around the world (including myself, HI) mostly because people who maintain servers have the skills and equipment to do that. - We still have some work until mass adoption by the local reflectors and repeaters SysOps - And even more work for mass adoption by any HAM in the world... CONCLUSION : As I already said, IMHO, our #1 goal should be : make AMPR addressing easier to use, both for local SysOps/teams, and for end users. 73 de TK1BI _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net ------------------------------ Message: 4 Date: Wed, 7 Oct 2020 09:54:30 -0700 From: Rosy Wolfe <rosy(a)ampr.org> To: Amprnet 44 Net <44net(a)mailman.ampr.org> Subject: [44net] Please let us know if you're coming to Saturday's call! Message-ID: <745510ee-aeb4-0cad-7ace-8ec9abe9b0d5(a)ampr.org> Content-Type: text/plain; charset=utf-8; format=flowed Hi 44net, Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: https://www.ampr.org/community-meeting/ Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. All the best, Rosy PS here's the survey link in case you haven't taken it yet: https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org ------------------------------ Message: 5 Date: Wed, 7 Oct 2020 17:01:41 +0000 From: Ruben ON3RVH <on3rvh(a)on3rvh.be> To: AMPRNet working group <44net(a)mailman.ampr.org> Subject: Re: [44net] Please let us know if you're coming to Saturday's call! Message-ID: <AM0PR01MB3890CE45891B0A0C5286F569D30A0(a)AM0PR01MB3890.eurprd01.prod.exchange labs.com> Content-Type: text/plain; charset="us-ascii" Rosy, If I may give a suggestion: have everyone turn off their camera's and things will go much smoother with Jitsi. Most of the issues come from everyone sharing their camera and having a smallband internet connection, thus filling up that pipe with everyone's camera is a bad idea ;) 73 Ruben ON3RVH -----Original Message----- From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Rosy Wolfe via 44Net Sent: Wednesday, October 7, 2020 18:55 To: Amprnet 44 Net <44net(a)mailman.ampr.org> Cc: Rosy Wolfe <rosy(a)ampr.org> Subject: [44net] Please let us know if you're coming to Saturday's call! Hi 44net, Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: https://www.ampr.org/community-meeting/ Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. All the best, Rosy PS here's the survey link in case you haven't taken it yet: https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey -- Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net ------------------------------ Message: 6 Date: Wed, 7 Oct 2020 10:17:25 -0700 From: Rosy Wolfe <rosy(a)ampr.org> To: 44net(a)mailman.ampr.org Subject: Re: [44net] Please let us know if you're coming to Saturday's call! Message-ID: <aeffc385-d2ac-781f-b2c5-8bf4c656eeca(a)ampr.org> Content-Type: text/plain; charset=utf-8; format=flowed On 10/7/20 10:01 AM, Ruben ON3RVH via 44Net wrote: > Rosy, > > If I may give a suggestion: have everyone turn off their camera's and things will go much smoother with Jitsi. Most of the issues come from everyone sharing their camera and having a smallband internet connection, thus filling up that pipe with everyone's camera is a bad idea ;) Copy! The suggestion is most welcome. Thank you, Ruben. Rosy Rosy Wolfe Executive Director Amateur Radio Digital Communications (ARDC) ampr.org > > -----Original Message----- > From: 44Net <44net-bounces+on3rvh=on3rvh.be(a)mailman.ampr.org> On Behalf Of Rosy Wolfe via 44Net > Sent: Wednesday, October 7, 2020 18:55 > To: Amprnet 44 Net <44net(a)mailman.ampr.org> > Cc: Rosy Wolfe <rosy(a)ampr.org> > Subject: [44net] Please let us know if you're coming to Saturday's call! > > Hi 44net, > > Given how many people have responded to the survey (68!), I want to make sure that Jitsi can handle the number of people who might show up to our call on Saturday. > > In service of collecting a head count, please let us know if you're planning to join the call by filling out your name here: > > https://www.ampr.org/community-meeting/ > > Many thanks! If it looks like we're going to exceed the 75 person limit, we may switch to a Zoom call. In either case, we're planning on recording the meeting for anyone who can't make it. I'll post information here if anything changes. > > I'm looking forward to e-meeting many of you and am compiling ideas from your emails and the survey as we speak. > > All the best, > Rosy > > PS here's the survey link in case you haven't taken it yet: > https://www.mysurveygizmo.com/s3/5789610/ARDC-Grantmaking-Feedback-Survey > > -- > Rosy Wolfe > Executive Director > Amateur Radio Digital Communications (ARDC) ampr.org _________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net > > _________________________________________ > 44Net mailing list > 44Net(a)mailman.ampr.org > https://mailman.ampr.org/mailman/listinfo/44net > ------------------------------ Subject: Digest Footer _______________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net ------------------------------ End of 44Net Digest, Vol 9, Issue 97 ************************************

1 0

Re: [44net] Education about networking (Was Re: Inviting you to ARDC Grantmaking Survey + Community Jitsi Call)
by Rob Janssen 07 Oct '20

07 Oct '20

>Yeah this thread kinda went off the rails. Originally we WERE talking about global Internet BGP. That is what the folks need that are using net-44 for IRLP, Allstar, Echolink, D-Star and various types of DMR. 44-net addresses that need access to and from the global Internet. >It took my local data center provider about three weeks to set up advertising one of my /23. Mostly waiting for all of their upstream providers to accept the newly advertised routes. Vultr.com has a very slick set of tools allowing one to get it going in a few hours, assuming proper license from ARDC is obtained. Neither one charges anything extra for doing that. >But it is nothing anyone here can do on their own from home. Basically it requires support from a large data center or ISP. All of my blocks are globally routable, courtesy of my data center providers. I run an implementation of OpenVPN on a Linux VM to pass individual addresses (/32) to client IRLP nodes. Please understand that in the topology I am proposing (and have proposed several times in the past) you don't need to do that as an individual, it is left to local groups or ARDC to do that. You would have a local router in some datacenter that advertises some segment of the net-44 space on internet (or preferably, the ISP does the advertising and just statically routes the incoming traffic to you). Then in that datacenter you have a router that allows incoming VPN connections from small routers at the individual's homes or repeater locations. Those individual routers talk BGP as well, but that only travels between their router and the datacenter router. It is used to tell the datacenter router what subnet(s) of the net-44 space each one wants to receive. It does not influence what happens on the internet side, there it always receives the full /16../24 that is advertised on internet. Now, the individuals and repeaters can build radiolinks between them, they will form the AMPRnet over radio for that region. Traffic will (with proper setup) select those radiolinks first, the link to the datacenter is used for traffic towards internet or when there is no radiolink available. ARDC would arrange there is a full mesh (or almost full mesh) of GRE tunnels between all those datacenter routers where BGP is running as well. That means that redundancy can be built into the network, so you would not be dependent on a single router when you don't like that. You could setup a VPN to more than one datacenter router and again BGP will arrange that you will receive your network traffic, at least the AMPRnet traffic, at any time even when your main router is down. In my opinion that is a much better solution than the IPIP mesh we have now, which is completely static and has your gateway system as a single point of failure. Also it requires a mostly static IP, and possibility to forward the protocol 4 traffic to the gateway system. This is ever harder to get going on a modern internet connection that has a dynamic address and maybe even CGNAT. A VPN system does not suffer from that. Rob

2 1

Update on AmprGW, UCSD, and Network Telescope
by John Gilmore 05 Oct '20

05 Oct '20

Someone asked a few weeks ago: ... the Trustees would presumably be completely free to give an update on the planned relationship with CAIDA (UCSD Network Telescope), and long-term sustainable plans for AmprGW? The relationship between ARDC and UCSD's CAIDA research group remains as it was before Brian Kantor's death. There is a Memorandum of Understanding (MoU) between UCSD and ARDC that defines this relationship. The MoU was negotiated between Brian (for ARDC), and the UCSD management (for CAIDA). In particular, Brian wanted and succeeded to get this arrangement nailed down before he retired from being on staff at UCSD. The Network Telescope and the amateurs-to-Internet relay operate from the same network infrastructure in a lab at UCSD. Both parties gain from the arrangement. UCSD observes traffic sent to a large section of unused address space, and has created an analysis environment to facilitate its sharing of this data with vetted researchers. ARDC gets a well maintained, high speed interconnect between its users and the Internet. Typical amateur tunneled traffic through AmprGW is well under a gigabit per second, averaging about 30-60 megabits/sec, with bursts 60-90Mbps. (This traffic occupies twice that bandwidth, since every packet that comes in, then goes back out through one of hundreds of tunnels; and vice verse.) Typical non-amateur, Telescope traffic, bursts to 800Mbps and averages between 500 and 600 megabits/sec. There are currently no plans to change this arrangement. However, the main source of funding for the Telescope project expired this year, and it is not yet clear whether or how the data-sharing (i.e., the expensive) aspect of the project will continue. On the plus side, the existing hardware and software that supports ARDC is all paid for, installed, and running; it would involve work to tear it down. From the ARDC side, Chris Smith, G1FEF, has full access to AmprGW from the UK, and continues to maintain it as Brian did, with intermittent "hands-on" help from a local CAIDA sysadmin. As BDale recently reminded us, Chris also maintains other ARDC infrastructure such as the Portal and the website, which run in virtual machines hosted in various data centers. If UCSD and CAIDA ever decided to cancel the MoU, shut down the Telescope, and/or stop collaborating with ARDC, ARDC could move AmprGW to a virtual machine in a well connected data center anywhere in the world. Now that ARDC has more than nominal amounts of money, it can afford to pay for bandwidth and servers. AmprGW remains at UCSD today, partly because continuing that arrangement was simplest while scrambling to pick up the pieces after Brian died; and partly to honor the MoU, and Brian's history there, and to continue enabling Internet research worldwide, since CAIDA provides access to telescope data to vetted academic researchers. There are 4 pages of explanation, signatures, etc in the MoU, which is a public record of the Regents of the University of California, accessible under the California Public Records Act. Here are the relevent bits: This agreement is not intended to be legally binding, and instead is an aspirational document between the parties outlining responsibilities, and expectations of the parties. UCSD SHALL: o Operate network hardware and software to provide colocation services for the AMPRNet(TM) TCP/IP networks for Amateur Radio on UCSD infrastructure. o Agree to safeguard the UCSD equipment and network resources using best practices for network management. o Agree to use and comply with best practices for safeguarding data to mitigate privacy and security concems and to comply with legal requirements when using the data collected on AMPRnet's network for research critical to the Center for Applied Internet Analysis (CAIDA) research group located at the San Diego Super Computer Center. COLLABORATOR SHALL: o Agree to allow UCSD to collect, filter and curate data destined for the AMPRNet(TM) network for the purposes of network research and responsible data sharing with the network and security research communities. COMMENCEMENT/EXPIRATION DATE. This agreement is executed as of the date of last signature and is effective through [July 31, 2023] at which time it will expire unless extended. The U.S. federal research funding that supports the Telescope is: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1730661 The proposal that NSF funded is this one: https://www.caida.org/funding/stardust/ CAIDA's most recent slide deck about the Telescope is: https://www.caida.org/publications/presentations/2019/stardust_dust/stardus… The Principal Investigator of the Network Telescope is Alberto Dainotti <alberto(a)caida.org>. He intends to release a new web site and documentation for this project by the end of 2020. This will include a list of research enabled by the telescope (papers, data, analysis tools). In the meantime, there is a preliminary Grafana dashboard that shows that the Network Telescope is seeing (in real time, or from the past). https://explore.stardust.caida.org/d/ClIeIwOMk/stardust-public-protocols (It's work in progress! BTW, it uses Keycloak for authentication, so people can now use github or globus credentials to log in). Access to the Telescope data is controlled to preserve the privacy of the users all over the Internet whose (typically malware-contaminated) sites originated the packets. Researchers who use the data must sign a contract agreeing to maintain that privacy. Note that none of the data in this Network Telescope is the traffic of authorized amateur users. All that traffic is filtered out before it is recorded for researchers by the Telescope. We are happy to take questions or feedback on this list or at the community meeting next week. John Gilmore, W0GNU Board member and Secretary, ARDC

1 0

Re: [44net] Education about networking (Was Re: Inviting you to ARDC Grantmaking Survey + Community Jitsi Call)
by Rob Janssen 04 Oct '20

04 Oct '20

>>>/AMPRNet / HamNet routing is quite complicated for a non-IT guy... / >>/The advantage of using BGP even in this trivial case is... / >I don't think the most important question is about selling BGP or any >particular technology (I'm well versed in internetwork engineering and >worked in that field professionally for many years; I'm in academia >now). >I'm writing this because education was a specific question in the >survey. >The reason that we have amateur radio is to enable experimentation with >using the radio spectrum in a way that is otherwise not permitted or >practical. With the Internet, there are certain things that are only >possible to experiment with if you have your own addresses and other >network numbers. AMPRNet is (perhaps that's too strong, and we could >say, "can be") a way of enabling a kind of experimentation on the >Internet similar to what we do with the radio spectrum. It is not clear to me what you are getting at here! These are different layers of the cake. Your radio experimentation will result in some way to transport bits from A to B, but not in a network. To build a network you need another layer, and a way to define what you need to send where to get your message to the destination. That is what BGP is handling. By using BGP instead of static routing, we can connect many radio links and other links together and make a network out of it without getting buried in manual routing chores. Please make sure you understand that the use of BGP I am mentioning here has nothing to do with the use of BGP on internet to route all the internet networks. It is the same protocol, but they are different use cases. Don't get confused when people say they have their AMPRnet subnet BGP routed to them on internet, and other people propose to use BGP internal to the AMPRnet network to route things the correct way, these are two different things. Rob

3 2

Re: [44net] Inviting you to ARDC Grantmaking Survey + Community Jitsi Call
by Rob Janssen 04 Oct '20

04 Oct '20

> - AMPRNet / HamNet routing is quite complicated for a non-IT guy. BGP requires huge equipment and skills. IPIP requires hacking protocol redirect on Internet boxes. Those are not easy things for people operating a voice repeater or hotspot. They just build a Pi image, plug the machine, and it works. Why should they bother with complex addressing ? We have quite some repeaters that are connected via AMPRnet. We normally use MikroTik routers. I do not consider these "huge equipment" and they are not difficult to configure with BGP. I have some example configs for setting up an endpoint with L2TP/IPsec tunnel to our gateway router and using BGP to advertise their own subnet. This is much easier to get going than IPIP, for example there is no need to touch the existing internet router (open ports/protocols not required). This even makes it suitable for installation on buildings where the owner may make available some guest internet access but would not want you to tweak their network to pass IPIP. The advantage of using BGP even in this trivial case is that the network can now be extended when the opportunity arises without having another hurdle of complexity. A WiFi link to another station can be added, e.g. in some cases people have an internet connection at an amateur nearby the repeater, and then a WiFi link to the repeater itself. I would be all for rolling out such a system worldwide to replace the IPIP mesh. Routers (e.g. MikroTik CHR that can run as a VPS) in datacenters all over the world interconnected with a static tunnel mesh and offering VPN service for local amateurs to connect, and routing using BGP on private AS (this only routes AMPRnet, not full internet). In different places those routers could have the AMPRnet subnet(s) for that region announced on internet, like we do for 44.137.0.0/16 and others do for other country networks. And each of those can offer different VPN technologies so you are able to follow the trend of the day without having to do a migration in the entire network. Rob PE1CHL

4 4

ampr.org DNS and rDNS entries
by Marc, LX1DUC 27 Sep '20

27 Sep '20

Good evening, it's been a while since I had to add/change/delete DNS entries in the ampr.org DNS zone. The email robot I've used in the past seems to have gone. Could someone please point me into the right direction how this is done nowadays? vy 73 de Marc, LX1DUC

11 14

ARRL/TAPR Digital Communications Virtual Conference (DCC), September 11 - 12 (THIS WEEK)
by Mark Thompson 09 Sep '20

09 Sep '20

39th Annual ARRL / TAPR Digital Communications Conference (DCC) THIS WEEK - Friday, September 11th & Saturday, 12th DCC will be a virtual conference using Zoom video communications and YouTube video-sharing platforms. DCC information, Technical Papers, Presentation Schedule & Registration Available at: DCC Information DCC Technical Papers DCC Presentation Schedule DCC Registration Registered DCC attendees participating via Zoom will be able to interact with presenters and other attendees via a chat room as well as raise a virtual hand to ask questions. (you don’t need a Zoom account to register). Non-registered DCC attendees can watch the live stream for free on YouTube, however non-registered DCC attendees will not be able to ask questions or chat. No registration is required for YouTube access. The YouTube URL will be announced and posted on this webpage preceding the DCC. DCC registration is free for TAPR members and $30 for non-members. Members receive a 100% discount at checkout. Non-members who would like to join TAPR and receive the free DCC pass can simply add TAPR membership and DCC registration to their shopping carts. After checkout, they will receive the free DCC pass when their membership is processed.

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net