What would this mean for the existing tunnel mesh?
Today, with the existing full mesh of tunnels, there is no single point of failure between any gateway and any other. Surely you're not suggesting the introduction of multiple, regional single points of failure. Or are you?
Michael
N6MEF
Sent from my Verizon Wireless 4G LTE smartphone
-------- Original message --------
From: K7VE - John <k7ve(a)k7ve.org>
Date:04/24/2014 11:07 PM (GMT-08:00)
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] What is 44net?
(Please trim inclusions from previous messages)
_______________________________________________
Don,
You are missing the whole point - Not everyone needs to run BGP, or
have a datacenter, they just need to find a border node who does and
VPN/Tunnel to it. It's called cooperation.
Those who can provide a BGP border node, can 'advertise' through this
list or portal.ampr.org that fact and how to get setup to tunnel/VPN
to them. Like I said some of these routers have 'unlimited' support
for VPN/Tunnel clients. You can also tier this architecture. A
single border router might be supporting 20 /16 VPNs/Tunnels to tier 2
routers, those routers might support 30 smaller subnets and so on ---
There are some peering points that are relatively inexpensive (or
free) and some individuals are in a position to be generous. This is
no different than the FM repeater operator who pays for a site,
equipment, and power costs to benefit a community of users, who may or
may not make donations to that cost.
Right now the total traffic on 44net could probably ride on a single
home broadband connection.
http://wiki.mikrotik.com/wiki/Manual:Interface/Gre
The VPNs can be full up using available protocols MikroTik runs a
variety of VPN protocols PPTP, L2TP, IPIP, ... Cisco has DMVPN -- you
just have to find a common one between two routers.
I run my personal /24 (non-44net) over a VPN 24x7 and have several
hosts, including D-STAR gateways running over it.
http://www.seattleix.net/rules.htm
________________________________
John D. Hays
K7VE
PO Box 1223, Edmonds, WA 98020-1223
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
Again, we are going into the weeds, and certainly beyond the intent of our
licenses, and the regulating agencies.
How do you know the identity of a ham on RF? When I make FM/SSB contact, I
have NO means to authenticate the other parties - nor do they have a means
to authenticate me. There is no rationale to apply authentication scrutiny
to one mode of ham radio communications, yet, entirely ignore it on another.
Assi kk7kx/4x1kx (<- does any of you know I am who I say I am???)
-----Original Message-----
From: 44net-bounces+assi=kiloxray.com(a)hamradio.ucsd.edu
[mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Tom
Hayward
Sent: Thursday, April 24, 2014 8:58 AM
To: AMPRNet working group
Subject: Re: [44net] What is 44net?
(Please trim inclusions from previous messages)
_______________________________________________
If Hans is operating a gateway on local RF, we need to know the identity of
the local ham on RF, not the gateway operator. There are various ways to
accomplish this, many of which have been discussed on the list. For example,
emails can be authenticated with a PGP digital signature. The equivalent
layer 3 technology is IPsec(AH).
Tom KD7LXL
On 4/24/14, 9:52 AM, lleachii(a)aol.com wrote:
> 44.0.0.0/8 is, in fact, one network, as specified in RFC1166.
This predates CIDR, and it's not valid for anything in today's internet other
than establishing the provenance of 44/8 ownership by ARDC.
> Many folk
> have noted that they don't wish to have their allocation connect to others
<snip>
> 44.0.0.0/8 is announced - your argument that 44/8 is not one network fails
> on that one notion.
44/8 is not one network, claiming so is like saying the Internet is one network.
> You mentioned spoofing. This is the reason the encap file and route table
> should be kept private. Only other amateurs would know the location of the
> other endpoints.
Wow, did you just make a security though obscurity argument? I don't trust
anything with a 44.x address, and you shouldn't either.
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] Running for ARDC director position
> From:
> Tom Hayward <esarfl(a)gmail.com>
> Date:
> 04/17/2014 08:23 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> I believe Bart got frustrated with the lack of change-management and
> specifications in AMPR. How your script is written depends on these
> things.
What we see every time again when those issues are discussed is that there are people
who approach AMPRnet not as a hobby amateur packet radio network, what it is, but as an
extension of their network at work, usually they work in a professional datacenter or at an ISP.
They want documentation and specifications because that is what they have at work.
But this is a hobby, and there are not going to be specifications and documentation until
someone who feels the need for them is going to write it. And they do not volunteer!
The usual way to gather information has been to ask here, and possibly to dig in the archives
of this list. That may be a frustrating endeavour for a professional network admin, but for the
average hobbyist it is a learning experience and a way to get things working by gradually
tweaking the configuration.
Please note that once you got everything working, it is pretty much useless. So we should
not take away the challenge of getting things working. When there is a clear recipe to get
everything working, or worse yet: automatic configuration, what reason would there be left
to start the experiment to begin with? A lot of AMPRnet is about learning, not about achieving
the end result: a perfectly working network. Because the fun ends once that goal is reached.
Another thing I want to note is that Bart and some of his peers like to use a lot of inside
terminology they speak with their colleagues at work. They disregard the fact that the
people on this list are radio amateurs, people with a technical interest but not experts in
internet technology as he is. Every couple of months the same discussion springs alive and
people start to pingpong technical terms between them and lose everyone else. And worst,
they don't hesitate to slash the existing system, claiming all the time that it is legacy
technology, that it is very unreliable, that it has to be replaced by the stuff they use at work
because at work everything is so much better, etc.
But remember: that is at work. And this is our hobby. We may have different objectives,
like being able to comprehend things. It may well be that the optimal solution for an amateur
packet network is not the one that is optimal for the large internet with the professional admins.
We also use NBFM to talk to our friends, a technology that is considered "legacy" by the
professionals as well. Some even use morse code. They are not going to abandon that
because all the professionals have switched.
>
> It seems that to be allowed/compliant in AMPR, it just has to work
> with the existing system. But what is the existing system? There are a
> lot of existing systems and most of them are not documented. For
> example, we learned via the mailing list that many AMPR gateways have
> a static route to 44/8. This isn't documented in the encap file, it's
> just added by their scripts. Where is the specification for this?
I don't think many gateways have a static route for 44/8. I certainly don't have one myself.
I could add such a route (as a null route), maybe that is a good idea. I'll think about it.
What I do have is a default route in table 44 that points to amprgw. But the purpose of that
is NOT to serve as a route for 44/8, its purpose is to route everything OUTSIDE 44/8 back
out via amprgw. I require that because my ISP acts responsibly and has BCP38 in place.
In the past, before I installed ampr-ripd, I manually ran a script that downloaded the encap
file and installed the routes. I never put that in a cron job because the server for that file
failed so often and I felt it was better to monitor the process and fall back to the previous
encap file when things went wrong.
As a result, my routes were often not completely uptodate and it was a good idea to route
traffic for which I had no correct tunnel route back to amprgw. In those days that still worked,
amprgw (mirrorshades in those days) would forward that traffic to the actual gateway.
Nowadays amprgw does not perform that function anymore, so indeed it good be a good idea
to add a 44/8 null route.
But I don't think small issues like this warrant all the uproar, and I think it is much more fun
to discuss pro's and con's of a certain configuration on the list than to throw stones at the
existing system and demand everything to be overturned to look like an enterprise network.
Rob
There is no unified policy governing non-ham traffic on 44 networks. Each
of us is bound to the terms and conditions of the respective national agency
that issued our ham radio licenses. This is somewhat consistent with the
mishmash of national regulations governing the global internet traffic.
Also, most (if not all) amateur radio licenses weren't crafted with the
internet in mind, and hence they don't provide clear cut guidance.
Therefore, it is our responsibility as gateway operatorw to balance
advancing the state of the art while maintaining compliance with our
licenses.
Assi kk7kx/4x1kx
-----Original Message-----
From: 44net-bounces+assi=kiloxray.com(a)hamradio.ucsd.edu
[mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Paul
Lewis
Sent: Wednesday, April 23, 2014 2:16 PM
To: AMPRNet working group
Subject: Re: [44net] routable or private?
(Please trim inclusions from previous messages)
_______________________________________________
>
>Personally I block all traffic with a non-44/8 source or destination,
>but I was never sure if that is the "correct" policy?.
>
>73, Paula G8PZT
>
--
paul(a)skywaves.demon.co.uk
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
> If this is, " a hack to backbone a semi-private network on top of the
> public internet" then why do we need 44/8? Please explain why 10/8 would
> not work just as well?
>
>[....] if it's not going to be routable then why do we need 44/8? use
> RFC1918 space and give 44/8 back. [...] We could attract many
> into this hobby if we'd simply offer to be the teachers of the IP
> networking craft using standards based methods used by everyone else
across
> the internet.
>
PRECISELY.
Can we please make a decision on this and move ahead?
I'd like to know, one way or the other, because I sure aint interested in
all this private 44net stuff..
Is 44net routable or private?
Steve
> http://www.ampr.org/pubs.html
>
> http://www.ampr.org/faq.html
>
> I don't see what's missing. Build a Ham RF IP network. Hook if up
> to the 44net community if desired. A very select few would need to
> go the next step and get their own BGP ISP setup. If anything, that's
> mentioned too much on the website and should be de-emphasized.
>
What's missing is, it's not in the wiki so people can find it.
Edit, annotate, and add it to the wiki please.
Thank you.
Steve
Wow a big flow of good information, and instant updates to the wiki!
Well this is the problem isn't - noobs causing problems broadcasting the
wrong information on the Internet and getting blocked by their ISP.
We seriously need a properly written checklist, so that ordinary ham radio
'engineers' can actually build this stuff themselves. Approaching my ISP
with some half-baked idea would be a quick way to get permanently ignored.
--
Meshnetworks - Rangitaiki Plains Rural Broadband Internet Providers
+64 21 040 5067
> my thought is we need
> more people working on finishing the portal first.
What exactly is that going to DO?
Here I am sitting on my hands trying to figure out how to get my (already
allocated MONTHS AGO) /24 connected to the flamin internet. No one seems
focussed on making a wiki entry about THAT. Rather, they'd be happier
tunneling their little private network to someone elses'. It seems that
many other groups have been waiting YEARS for this assistance or
documentation, and MANY other groups who have just given up in disgust.
Would the people who ACTUALLY HAVE a properly connected (live to the
internet) 44 subnet that they openly brag about, kindly document the bloody
thing in the wiki so I can do it as well? This isn't a dick measuring
group, its a networking group. You know what you're doing, so write it up
so mere mortals can achieve a positive result as well.
There needs to be a sample equipment list with DIY workarounds for those
with time but not money, and there needs to be a VERY well written
document-set to hand to my ISP so I don't scare them into just plain
refusing my request, or unduly taxing their tech team.
Thank you.
