44net

44net@mailman.ampr.org

3 participants
3195 discussions

Re: [44net] Tunnel mesh is (mostly) down
by Rob Janssen 07 Jan '15

07 Jan '15

> Subject: > Re: [44net] Tunnel mesh is (mostly) down > From: > "John Wiseman" <john.wiseman(a)cantab.net> > Date: > 01/04/2015 10:09 AM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > Wouldn't the simplest solution be to modify the rip44 process so it doesn't > delete routes that haven't been announced for a while, or at least for a > much longer period? > > IPIP tunnels and RIP have the major advantage that they allow those who have > a dynamic IP address to participate in net44. I feel it is important that we > remember that we are radio hams first, and should use solutions that can be > used by the majority of hams, not just those network professionals who want > to play a being an ISP. > > 73, > John G8BPQ That sounds like a good idea, John. The ampr-ripd has a route lifetime of only 600 seconds. Routes are announced every 300 seconds, so when two subsequent announces are incomplete we lose the route. It happened again this morning at 08:05 local (07:05 UTC). My route again was lost, and recovered at 08:10. I think I'll recompile ampr-ripd with a bit larger timeout. Marius, what do you think? Does this have any negative consequences? (e.g. to change EXPTIME from 600 to 3600 or even 7200) However, aside from that, the source of the problem should be located, or it will bite us again in the future. There could be big packet loss on the link from UCSD, or maybe some buffer overflow internal to the RIP server (I think it sends big bursts of data rather than slowly throttled streams), or it could be the RIP server somehow sends shortened information because it temporarily does not have the full route list, e.g. because the portal sends an incomplete list. This has to be investigated or else it will come back. I predict. (I mention this because I recently had a long discussion with someone who thinks that we can live with malfunctioning solutions because we are amateurs. I think we should strive for correctly working systems anyway. And that a system that works well in practice is always better than a system that works well in theory but does not work in real life) Rob

6 10

Re: [44net] Tunnel mesh is (mostly) down
by Rob Janssen 06 Jan '15

06 Jan '15

> Subject: > Re: [44net] Tunnel mesh is (mostly) down > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 01/05/2015 10:54 PM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > Yes, the latest version drops subnets for which the gateway is set inside > their own subnet, sice this breaks routing. > > Marius > > -----Original Message----- > From:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu > [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Rob > Janssen > Sent: Monday, January 05, 2015 22:28 > To:44net@hamradio.ucsd.edu > Subject: Re: [44net] Tunnel mesh is (mostly) down > > ... > It could be that the latest version that I now downloaded hides that problem > with 44.140.0.1 > but I can easily see if other routes are appearing/disappearing regularly. > ... > > Rob There is still something wrong with that network. Now that the 44.140.0.1 gateway is rejected, a gateway 192.16.126.18 inconsistently appears in the route table (sometimes it is there, sometimes it isn't). But that gateway is not listed at all in the portal! In the portal there is a gateway at 44.140.0.1 that advertises to be the gateway for subnet 44.140.0.0/16, of course wrong. The 192.16.126.18 would be fine, but it does not appear in the gateway listing at portal.ampr.org. But it is broadcast (occasionally) in the RIP broadcast. Difficult to follow what is going on here, I would say there is insufficient error checking somewhere. Rob

1 0

Re: [44net] Tunnel mesh is (mostly) down
by Rob Janssen 06 Jan '15

06 Jan '15

> Subject: > Re: [44net] Tunnel mesh is (mostly) down > From: > "Michael E Fox - N6MEF" <n6mef(a)mefox.org> > Date: > 01/06/2015 12:32 AM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > Hmmm. Given a 1 hour timeout, then any error would need to be detected and > corrected within that hour, or else routes will still be lost. Correct? > > It would seem that a timeout of something more like 24 hours would be more > practical. The rationale behind the 1 hour timeout is not to cover errors and outages, although it could cover cases where e.g. the server has to be relocated within the same room, or network maintenance occurs. The reason is that one of the hypotheses is that there is packet loss that drops the RIP packets, and when two subsequent RIP bursts would each loss the last (or n'th) packet e.g. because of a queue overflow somewhere the route would be already lost. The chance of this happening to 12 subsequent broadcasts (1 hour) is smaller. Further increasing the timeout would mean that a route that is no longer present would take much longer to disappear, unless a mechanism as described by Marius is added. (where a deleted route is announced in a special way) With that modification, the timeout could be safely set to something like 1 week. Rob

1 0

Re: [44net] Tunnel mesh is (mostly) down
by Rob Janssen 05 Jan '15

05 Jan '15

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Tunnel mesh is (mostly) down > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 01/05/2015 07:30 AM > > To: > "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu> > > > Hello, > > I don't think that increasing the route timeout the would have any bad side > effects (I think 7200 would be a good value). I have recompiled with 3600 before I read that. However, I'll keep a watch on it for some time to see if strange things still happen. It could be that the latest version that I now downloaded hides that problem with 44.140.0.1 but I can easily see if other routes are appearing/disappearing regularly. > > But maybe there is another mechanism that could be added to the ampr gateway > (And which is already implemented in ampr-ripd): > The daemon is capable of force exipring routes if they are received with > metric 15. > So adding the sending of deleted subnets with metric 15 fore a given time > AND increasing normal expire time to higher values (e.g. 10800 - 3 hours, or > even more) would make the system more stable. > > Marius, YO2LOJ > > That sounds like a good idea, in that case there could be a much longer timeout, but maybe it should then (as Brian suggested) log when it receives less packets than normal. E.g. count the received packets in a single burst and syslog a message when it is 2-3 less than in the previous burst. When we fix the problem that routes disappear too soon, but then nobody notices anything and 24 hours later we still have a problem because the routes are suddenly deleted, not much has improved. When there is some alert I can watch it in our nagios monitoring. Rob

2 1

PP5ES
by Brian Kantor 05 Jan '15

05 Jan '15

Is PP5ES on this mailing list? If so, please contact me off-list. Thank you. - Brian

1 0

Re: [44net] Tunnel mesh is (mostly) down
by Rob Janssen 05 Jan '15

05 Jan '15

> Subject: > Re: [44net] Tunnel mesh is (mostly) down > From: > Brian Kantor <Brian(a)UCSD.Edu> > Date: > 01/05/2015 07:26 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > On Mon, Jan 05, 2015 at 02:27:18PM +0200, Marius Petrescu wrote: >> >Let me get this right... You are talking about the encapsulated RIP >> >transmissions originating from 169.228.66.251 to each public gateway IP? >> > >> >-----Original Message----- >> >On Behalf Of Rob Janssen >> >Sent: Monday, January 05, 2015 11:11 >> >To: Brian Kantor >> >Cc:44net@hamradio.ucsd.edu >> >Subject: Re: [44net] Tunnel mesh is (mostly) down >> > >> >Maybe something else you can do is drop the extra transmission of RIP >> >packets from the public IP >> >address. I think nobody is really using those (if not because of the funny >> >destination port number), and >> >they only add to this problem by putting even more data in the queue. > Up until a few minutes ago, the amprgw system was sending the RIP data > twice - once UNencapsulated to the public gateway IP, once encapsulated. > > Since to the best of my knowledge, no one was using the UNencapsulated RIP > for anything, I've discontinued sending it. > > If I'm wrong and someone is using it for something, I'll turn it back on. > - Brian > > > Note that those transmissions were sent to a seemingly random destination port number, which made them kind of hard to use. The source port number was always 520. I don't know if that was a bug or a feature, but it puzzled me when I was trying to receive them and could not get the encapsulated transmission working in ampr-ripd. (an issue that I later located and Marius made a change that fixed that) Rob

1 0

AMPR Portal Error for Coordinator
by William Lewis 05 Jan '15

05 Jan '15

Chris / Brian. I had a new request for an AMPR addresses allocation from the portal, but there seems to be a couple of issues. First, I never received the new request via email as I usually do. Not sure why I didn't get this request. Second, the user that submitted the request accidentally select my network of 44.002/16 when he should have selected Daniel Curry's network of 44.004/16. In the coordinators section of the portal, when I tried to DENY the request, the page refreshes and I get an error in red stating : "There are children but selected owner is not a coordinator." and I can not deny the request. I have contacted the user who submitted the request and informed him to make another request on the correct network. But, it appears there is a bug on the portal that is not sending me email notifications and not letting me deny requests. Thanks for looking into this. ---------- Wm Lewis (KG6BAJ) AMPR Net IP Address Coordinator - Northern and Central California Regions (A 100% Volunteer Group) (530) 263-1595 (Home/Office) ______________________________________________ ---------- This message is for the designated recipient only and MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this E-mail is prohibited.

1 0

Linux policy routing explained briefly
by Brian 04 Jan '15

04 Jan '15

There seems to be a bit of confusion as to how linux routes via policy routing. The tool which appears to be the most flexible is "ip" found in the iproute2 package. The two key switches are "route" and "rule", and they do exactly what they sound like; one manages routes and route-tables, while the other manages the ruleset in which these routes/tables are called upon. Linux begins with a main route table and a default ruleset in which that table is used. Typically you don't even notice this as it's created with the configuration of the standard network devices upon boot. Two rules will be applied for this main route table: 1) main 2) default The rules are such that the priority to these tables is so low almost any other rule will take priority over it. That's what makes amprnet routing for linux quite simple. The rule you want to make for amprnet is such that any inbound OR outbound routing sourced as 44-net uses it's own route table, with a priority higher than the main table rule. As long as the routes are in this matched table, the kernel will act as an amprnet router just fine even to entities such as xNOS, Xnet, etc. So if you want proper packet flow make sure all paths and rules match for the source you wish to route - in our case it's 44/8: A sample standard path would look like: commercial to commercial/nat inet/0 <----> linux-nat or com IP table main commercial to your ampr inet/0 <----> ucsd/bgp host ucsd/bgp host <---> linux 44-tunl0 via rule 1/table 1 <---> node/bbs/dxc ampr to ampr (tunnel only shown) 44/8-tunl0 <---> linux tunl0/rule 1/table 1 <---> node/bbs/dxc ampr to ampr to xNOS/Xnet (tunnel only shown) 44/8-tunl0 <---> linux tunl0/rule 1/table 1 <---> tun0/tap0-xNOS/Xnet This shows that the Xnet or xNOS tun/tap interfaces need to be included within the ruleset that matches table 1 or else it will become unroutable. Also you need to insure ip_forwarding is enabled, and your firewalling permits ip protocol 4 (ipencap), and ip protocol 93 (AX.25) A simple script which can do this for you is found at http://n1uro.ampr.org/linuxconf/dotun.html # --- dotun.sh --- #! /bin/bash # dotun.sh script written by N1URO # June, 2013 # enter in your information below, these are used for creating a # gateway and linking to the amprnet: AMPRIP='x.x.x.x' IPMASK='x.x.x.x' COMMIP='x.x.x.x' NOSIP='x.x.x.x' case "$1" in start) # Load your ipencap module in the kernel: modprobe ipip # Allow ip forwarding from amprnet to your ethernet interface echo "1" > /proc/sys/net/ipv4/ip_forward # load RIPv2 routing using the ampr-ripd daemon /usr/local/sbin/ampr-ripd -t 1 -a $COMMIP -p <password> -i tunl0 -v -s -r # Configure your ipencap tunnel interface - required for the amprnet ifconfig tunl0 $AMPRIP netmask $IPMASK up # Allow traceroutes to work on the amprnet: ip tunnel change tunl0 mode ipip ttl 64 tunl0 pmtudisc # If you run xNOS, configure a tun/tap interface: ifconfig tun0 $AMPRIP pointopoint $NOSIP up # configure your rointing accordingly: ip route add $NOSIP dev tun0 onlink table 1 src $AMPRIP ip route add default via 169.228.66.251 dev tunl0 src $AMPRIP onlink table 1 # configure policy routing so that frames from/to your 44-net IP # know how to route accordingly: ip rule add from 44/8 pref 1 table 1 ip rule add to 44/8 pref 1 table 1 # script is done, exit as a clean flush. exit 0 ;; stop) # Unload what we loaded above: ip rule del to 44/8 pref 1 table 1 ip rule del from 44/8 pref 1 table 1 ifconfig tunl0 down ifconfig tun0 down killall -TERM ampr-ripd modprobe -r ipip exit 0 ;; restart) dotun stop sleep 3 dotun start exit 0 ;; *) echo "Usage: dotun {start|stop|restart}" exit 0 ;; esac exit 0 --- EOF --- -- If Microsoft intended Windows to be for ham usage, they would have incorporated our protocols into their kernel. 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

5 6

Tunnel mesh is (mostly) down
by Rob Janssen 04 Jan '15

04 Jan '15

The tunnel mesh went down today at about 08:20 UTC. Most of our routes have disappeared, are no longer being advertised on RIP. The portal.ampr.org site is not responding anymore. It looks like the portal is no longer distributing correct information to the RIP server and so the RIP server sends incomplete broadcasts and the ampr-ripd deletes the routes. Is there some fallback scenario, e.g. loading a last correct list of routes by the RIP server to make the network come back up in the state it was just before the mishap? Rob

12 15

Re: [44net] Tunnel mesh is (mostly) down
by Rob Janssen 03 Jan '15

03 Jan '15

> Subject: > Re: [44net] Tunnel mesh is (mostly) down > From: > Eric Fort <eric.fort(a)gmail.com> > Date: > 01/03/2015 05:35 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > how about eliminating this issue perminantly from ever happening and > moving to voluntary peering between gateways. Know thy neighbor and > be responsible foryourpeers androutesseems to work really well for > everyone else yet amprnet still relies upon route distribution from a > single source. > > Eric > AF6EP It is still not clear to me what exactly happened, and how it was resolved, but what I saw here is that the number of tunnel routes decreased dramatically and this disconnected the stations on IPIP including myself. We already are BGP announced. That is not the problem. But as a properly setup gateway, we are both on BGP and the IPIP tunnel mesh, and the latter we configured using RIP (ampr-ripd). What apparently happened is that we received RIP broadcasts with only a very small subset of the active routes, and over time most routes got deleted. So we still had full connectivity to internet for net 44.137.0.0/16 and our statically connected subnets, but the tunnel routes inside the country and to the rest of the world mostly vanished. We don't really need those tunnels to everywhere over the world, but we run them to remain compatible with the rest of the system. It would be sufficient for us to have only tunnels to our local users, and have the remainder of the traffic routed over plain internet. However: - there is no way in the portal to specify that you want to use tunnel routes only for your own subnets - there are access lists in use at other stations that would block traffic going outside the tunnel system, because they want to limit traffic to only net-44, so we would get obscure routing problems So for now we will keep running a tunnel mesh system, and I hope that everyone else who prefers functionality over other reasons will do the same. (I fail to see how a single-point-of-failure solution can be a worse choice than a configuration that does not work *at all* even when everything is up and running) In the meantime, I hope some people can find some time to debug what was going on here. I have seen a similar problem in the RIP broadcasts before, a set of routes that appears and disappears at random. They appear in some RIP broadcast sets, then do not appear in some, then re-appear, etc. There must be a problem somewhere, but it is unclear if it is in the RIP server or in the code that delivers info to it. Maybe the problem of this morning is caused by the same bug, as it appears to have affected only a subset of all routes. Rob

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net