> Now another question about directly connected 44net addresses - is there
> a way for them to reach tunneled addresses? I would prefer to have my
> services accessible from all 44net addresses when I start offering
> something serious later this year. ATM, it appears my /24 would be
> unreachable from these addresses, because even if there is a host route
> to an endpoint, the 44net address is not exposed to directly connected
> endpoints (they see the public IP of my router). And those direct
> connected addresses not running tunnels wouldn't reach me for obvious
> reasons.
When you get BGP routing on internet for a certain subnet, you should install
and register an IPIP tunnel gateway for the same subnet as well.
Until now this required a public (outside net 44) IP address on the gateway
system, but with the mod discussed in this thread you may be able to put the
tunnel endpoint inside your BGP routed subnet.
Of course it will take some time for all people to pickup the necessary
software and configuration changes for this to actually work. So you will
still be reachable for only part of the users for some time.
Rob
> Now, ampr-ripd does identify this host as directly connected, which
> appears to be the expected behaviour with the new version. All well and
> good from the Pi, but there is one significant implication - the source
> IP is no longer my 44 net IP, but it's the public IP of my router, and
> the internal IP is the 10.x IP of the Pi (my regular IP range. I think
> that's where things are breaking.
Ah yes, it would be better when ampr-ripd added a "src" option with the IP
of the tunnel interface to the /32 routes it adds to the table...
Rob
> Good morning all,
> I seem to have my gatway up (44.131.192.128)
> It responds to some of the ampr ping tools in the service list but not others. Could I ask a few of you to ping it and see if you can see it.
It works!
Note it is a bit controversial to use the first (and last) address of your subnet.
You may run into problems sometime. You have a /29 so you should use 6 addresses.
Also, please register DNS names for your addresses.
Rob
I have a small subnet I was assigned by the Florida administration. I
have since moved to Nevada. Should I return the assigned block and get
a new one from the Nevada coordinator, just to keep things square and
straight?
Mike, the problem is that the n8lrf gateway has an address on
the subnet instead of a commercial IP address and is therefore
not reachable.
- Brian
On Wed, Apr 05, 2017 at 07:43:15AM -0400, Michael Wolthuis wrote:
> Rob,
> I have managed that subnet since early 90's. What is your concern? You are welcome to be assigned ips on it in Kent County. I have several other subnets for our HamWan project and even an IPv6 assignment from ARIN.
>
> How can I help meet your goals?
>
> Feel free to call me at 616-422-5412 or on the 145.27 Lowell repeater
>
> Mike
> KB8ZGL
>
> Sent from my iPhone
>
> > On Apr 5, 2017, at 6:13 AM, Brian Kantor <Brian(a)UCSD.Edu> wrote:
> >
> > I think it's a mistake. It's confusing. The gateway belongs to
> > n8lrf(a)comcast.net but the subnet belongs to kb8zgl(a)kb8zgl.net.
> > I'm guessing that n8lrf entered a gateway hostname that belongs to the
> > ampr side of the gateway rather than the commercial IP.
> > - Brian
> >
> >> On Wed, Apr 05, 2017 at 11:53:40AM +0200, Rob Janssen wrote:
> >> But there also is a network 44.102.128.0/24 and it does not work. Is that one okay or is
> >> it another config mistake? I suppose so, as its gateway 44.102.128.1 is routed to amprgw.
> >>
> >> I'm afraid we need better directions and/or safeguards in the portal.
> >>
> >> Rob
> >> _________________________________________
> >> 44Net mailing list
> >> 44Net(a)hamradio.ucsd.edu
> >> http://hamradio.ucsd.edu/mailman/listinfo/44net
I have installed the 1.16 on our gateway (without the safeguard for now) and it appears
to be doing its thing. I can ping hosts on those test networks.
But there also is a network 44.102.128.0/24 and it does not work. Is that one okay or is
it another config mistake? I suppose so, as its gateway 44.102.128.1 is routed to amprgw.
I'm afraid we need better directions and/or safeguards in the portal.
Rob
> Wouldn't you achieve the same result by adding that network's IP/subnet
> to the -a list?
Yes, but then I would have to know the offender's IP beforehand :-)
However, it would be possible to just delete the route in the -x script that we already have.
I think ampr-ripd will not detect that and the route will not be added every 5 minutes, right?
Rob
> If the daemon encounters a 44 gateway in the RIP data, it creates a host
> route to that specific host via the default gateway of the system.
I was thinking about one specific issue: when we run this code on our gateway, which is
BGP-routed for our 44.137.0.0/16 network and is on the IPIP network as well and runs ampr-ripd,
and some portal user who does not understand the system well, they could add a gateway with an
endpoint address inside the 44.137.0.0/16 network and we would add a circular route for that
address to our table.
Of course users should not do that. But they have done so, in the past.
Maybe we would need an option to specify a (list of) subnet(s) where this new mode of operation
would not be performed. Then a gateway can set that to the BGP routed network(s) it serves.
(similar to the -a option)
Rob
Good morning all,
I seem to have my gatway up (44.131.192.128)
It responds to some of the ampr ping tools in the service list but not others. Could I ask a few of you to ping it and see if you can see it.
Many thanks
Marc ("2W0PNT)
> No, but it is quite simple.
> If the daemon encounters a 44 gateway in the RIP data, it creates a host
> route to that specific host via the default gateway of the system.
Aha ok that is a nice solution. It should fix the problem for those that have two routing tables.
In our gateway we are using a single routing table (with some different metrics) so we don't have
the problem for isolated gateways, but your solution would still fix the case where the endpoint
has an address inside the subnet being routed (Sweden??).
I'll try to install it soon.
Rob
