Tom,
If I understand you correctly, even if the portal allowed you to enter a 44 address as an IPIP endpoint, my 44GW (and many others) would be able to send traffic to it.
Since I wrote a script that quite a few people with Ubuntu Linux Gateways use (which was designed to closely mimic AMPRGW's behavior), here is what would occur (I cannot confirm this for other gateways using different OSes or scripts):
see:
http://kb3vwg-013.ampr.org/startampr
- the gateways using the KB3VWG Linux script are set to use a custom routing table if the SRC or DST address is 44.0.0.0/8
- the rip44 then adds all 44 routes to the 44 routing table
- so, as you wish
a.) rip44 would add your tunneled subnet (44.24.240.0/20) to routing table 44 with an endpoint address as 44.24.221.1
b.) a host in my subnet sends your subnet a packet and is received by my router
c.) it looks up the endpoint destination on table 44 and finds that it's 44.24.221.1
d.) my router will look in the routing table for 44.24.221.1 finds
**44.24.221.1 via 169.228.66.251 dev tunl0**
*****which would be **INVALID*****
e.) **INVALID***My GW sends an encapsulated packet to AMPRGW, and it's received on it's WAN interface. ***AMPRGW should not receive encapsulated packets from 44 hosts destined to 44 hosts*** Routing loops can occur.
- there have been IPIP tunnels in the past with 44 addresses, they were considered invalid configurations. To the Internet, 44 net is a flat /8 network and all subnets must be reachable at a non-44 address; which leads me to my last point
- I'm not sure why you keep insisting that AMPR routing is "broken" or has "funky 44net issues," you are requesting something that was not intended in the design, as was mentioned before tunnels msut be reachable with non-44 address, BGP routed subnets must still maintain a IPIP GW.
- This same topic was presented in April 2012, check the archive "
***"This will also means that any Operator that wishes to BGP should also consider also running the AMPR standard rip44d on the same device, if the intention is to make all 44/8 addresses equally reachable from any PoP, eventually, as is the intend purpose of BGP."***
- it was my intention update the script to include a block of IPENCAP from 44.0.0.0/8 SRC addresses...until I read your posts today
73,
Lynwood
KB3VWG
Tom wrote:
>Forget AMPRGW. I understand there is a routing issue at UCSD that
>breaks 44net routing for AMPRGW. But I'm not asking about AMPRGW! I'm
>asking about routing from all the IPIP gateways, none of which have
>44net endpoints at the moment.
>
>Since none of the current IPIP gateways have 44net endpoints, you
>cannot say with certainty that it won't work until the portal lets us
>try it.
>
>Tom KD7LXL
Charles
There's a deeper issue than just signing the RSA. At this point, it's a big legal conundrum if the RIRs have control over those who've never signed an RSA. For all intents...some legacy IP networks "OWN" their allocation. No court has ever decided (or been asked to decide) that question.
AMPR obtained their allocation from IANA before ARIN or the other RIRs even existed. The allocation was issued in an RFC named Assigned Numbers in 1991.
-KB3VWG
"." <lleachii(a)aol.com> wrote:
>Should be:
>
>http://wiki.ampr.org
The website names 3 people that are Boardmembers of ARDC. They are also the only 3 officers. According to the Bylaws these 3 control everything. No one else has any say in the control of the ARDC. There are no members. Just them. They can allow 2 more people on the Board, however, since they could remove the new Board members anytime they didn't like a vote or discussion, it's all illusory anyway. Until the Bylaws are modified to allow the voice of the users to be heard(via a right to vote) ARDC is just a closed 3 person entity. I too would like to see Bart on the Board. I lean towards his view of things. Id rather have 4 or 5 dictators than 3(sorry I think I meant 'Directors').
The current Bylaws give 100% of the control of the ARDC to the 3 Directors. I don't know the history behind it. It is a good way to get things done in a timely manner, but to have the wishes of the users heard----changes would be needed. The current Bylaws were written to concentrate power.
Also, Bart, as a Board Member if you wanted to vote at a Regular Board Meeting they would have to make a Bylaw change so you could attend and vote via electronic communications. Right now to have your vote counted at a Regular Board Meeting you have to actually be there or proxy it; but not for Annual or Special Meetings.
An income and expense statement, and a list of transactions would help with transparency. An Asset Statement only shows so much. My guess is that the existing Board has been carrying the group financially. The loan on the books suggests that. I thank them for doing so. Without clear information it's hard to know the needs of the organization. Publishing the Board minutes and a Budget might open our eyes to the workings of the group and make more people inclined to donate. We are a large diverse group. There are many views and ideas amongst us. I'm sure there are some people with deep pockets amongst us too, if needed.
Hopefully, with more openness, more people will feel inclined to help financially and with their ideas.
I thank the existing Board members for your dedicated service. You have done a lot.
I hope I haven't offended you. It's just that I have created many nonprofits in my legal career;but not once have I made one with such a tight concentration of power. Maybe that's needed with an asset as valuable as the 44 Net, I don't know. It just seems odd in Amateur Radio.
Anyway, I encourage you to put Bart and another interested person on the Board ASAP. Sharing the load should make things easier. And you can do it without even having to have an election;just appoint him/them.
And then just before or at the next Annual Meeting change the Bylaws to allow users to have a vote in matters via proxy, electronic, or other methods. Heck, a new set of Bylaws would be good too.
73
Ken
K7ICY
ps I am new to the 44 Net. I don't know your past history. And you might have full minutes and financials posted somewhere. It's just real late and I'm too lazy to search them out. Sorry if I'm all wet. Feel free to Flame. All attorneys have thick skin and the Heat might help get me ready for the Hereafter.
Sent from Samsung tablet
Time and again there appear suggestions for using that LOTW certificate for other things then LOTW.
I don't know if you are aware, but not everyone is an ARRL member or uses LOTW.
So, as long as things like APRS have absolutely nothing to do with ARRL, please keep them apart.
Marius, YO2LOJ
I agree with N6MEF. When I first requested an allocation and how to stand up a 44GW, I was simply told I had the /24. I was stuck building a GW with only the mailing list, knowledge of networking and the Linux manual as my guide.
I had to learn about the AMPR DNS zone, *NOS, how the network works, etc. Brian was a huge help. And he told me to document how I got my 44GW working...alot of that has been incorporated into the rip44d page and setting up a Linux machine in the Wiki, not just directly by me, but through others and from this email thread, etc.
We all have been doing a good job recently by way of creating documentation by posting to to the Wiki; but it would be easier if those who have the particular experience (e.g. setting up a TNOS/JNOS node or compiling the new C++ based rip44) take time to record their steps. Perhaps even write a history of 44net...I keep a little copy/paste history and info at http://kb3vwg-010.ampr.org but I'm definitely not the AMPR historian, by experience.
I'm willing to take time to draft some things (such as the AMPR DNS and start a page listing all services I'm aware of on AMPRNet, since I maintain some services such as a non-authorative DNS slave at 44.60.44.3)...but it would be better if those with direct knowledge (e.g. the DNS admin or an owner of one of the authorative slaves) draft it (i.e. I have no clue who to talk to about considering making my server authorative).
-KB3VWG
On 4/17/14, 5:20 PM, Neil Johnson wrote:
> As for not being official "Legacy" address space, signing an LRSA with
> ARIN is problematic for many legacy address holders because it is not
> clear wether the rights one gets and gives up is worth it. Plus it
> can incur paying enormous annual fees (in the tens of thousands of
> dollars range) to ARIN.
Actually, ARIN has no jurisdiction over the legacy space. The NSF has ruled
that this (Postel) space is property of the legacy holders.
*ARDC owns 44/8. *
ARIN is required to manage the minimum of the database entries needed to make
this space work at no cost to.
Signing a legacy RSA would be a bad idea as ARDC would give up ownership of
44/8 which is worth in excess of $100M USD!
We need to stay away from ARIN as much as we can, ie do everything via rwhois
and DNS via AMPRnet servers, not ARIN. I'd even go so far to say that ARDC is
basically it's own RIR not bound by *ANY *ARIN policy.
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
An open question on ampr.org hostnames (see my response below):
On 2014-04-08 15:32, Brian Kantor wrote:
> Dean, I feel it would be a bad idea to delegate the forward lookup to your nameserver without also delegating the reverse lookup, which would be difficult and we do not do. You can continue to have as many names in the ampr.org dns like ns1.ae7q as you like by having John set them up for you, which will automatically set up the appropriate PTR record as well. I'd much rather you did it this way.
>
> Best wishes. - Brian
>
> On 2014-04-04 17:47, Dean Gibson wrote (to<bkantor(a)ucsd.ude>):
>>> I have IP address 44.24.240.173 in Bart Kus’s 44.24.240.0/20 block. I sent a request to John Hays, the admin for the 44.24.0.0/16 block to add the following records to the ampr.org domain:
>>> ns1.ae7q IN A 44.24.240.173
>>> ae7q IN NS ns1.ae7q
>>> This would allow me to create additional hostnames in the ae7q.ampr.org sub-domain, in my own DNS server. I’ve run BIND for 15 years, and this is a nice way to delegate a sub-domain; the ampr.org domain remains protected.
>>> John was able to add the first line to the domain, but not the second line, and he suggested that I contact you. I see other NS records in the ampr.org domain; is this something that you can do?
>>> Sincerely, Dean AE7Q
>>>
I understand the difficulty with delegating the reverse lookup in
general, which I was not requesting and don't need. It's often not done
on the Internet anyway for small (eg, hobby) servers, except for mail
servers, where it is a means of spam server detection. I've run multiple
sites with various functions (DNS, mail, web) on one box on the Internet
for 15+ years, and the only reverse DNS I've ever needed was for mail
servers.
Usually, a hobby machine serves several functions within the same box,
and multiple hostnames are mapped to the same IP address. In fact, for
ae7q.com (and my other domains), due to DNS requirements, I can't use
CNAMEs for the domain hostname (for those that leave off www.), the
nameserver hostname, or the mail server hostname (NS and MX records
can't reference a CNAME -- RFC 2181
<https://tools.ietf.org/html/rfc2181> section 10.3). These all use an
"A" record to assign the *same IP address* as the mail server (which
also can't use a CNAME, due to spam detection). That's three "A"
records to one IP address (and that's just in one domain), and it is a
very common practice. I do use CNAMEs other places.
I understand that you would like a PTR record for every hostname, but
that has the following negative consequences that I can see:
1. It encourages people to request a larger IP address block than they
need, and then create a multi-homed machine for the various
functions. I think it's a really bad idea to consume unnecessary IP
addresses, and I think it's already happening in the 44.x.x.x network.
2. For frequent changes, it unfairly and unduly burdens those
volunteers who have to respond to requests. I make *very* frequent
changes to my Internet and LAN domain records. I have over 50
network devices on my LAN at home on five subdomains, and I use DDNS
(both manually and via DHCP) for most of them (it's just easier than
changing a zone file and restarting BIND). Granted, most of those
won't be on the 44.x.x.x network, but the present scheme discourages
experimenting with configurations by amateurs who don't want to
burden the volunteers who make the ampr.org changes.
I would suggest that you reconsider your position of requiring a PTR
record for each hostname.
Much better to have a policy of encouraging *user-managed* subdomains,
in my opinion; that would help lead to a consistency in hostnames in
ampr.org (eg, all of the form <whatever>.<callsign>.ampr.org). A much
poorer alternative (also my opinion) is the present practice of having
end users to *submit to coordinators* CNAME records for subdomains of
any "A" records that are allocated to them.
Frankly, the former suggestion (user-managed subdomains where an
ampr.org coordinator adds the "NS" record *once*), is a lot less work,
in my opinion. Or is there a risk I'm not aware of? Remember, the
subdomains are served off of the user's DNS server(s), not the ampr.org
DNS servers.
Sincerely, Dean Gibson AE7Q
