28 Jul
2021
28 Jul
'21
12:19 p.m.
You keep mentioning “ We have a large number of users that agree with this statement and
they want this private use case supported.” but no one was asked, there was no poll, no
onquiry,.. so how did you get the information that a large portion of users only want an
intranet?
Everyone I talk to, everyone that wants an allocation here in Belgium wants it to be
publicly routable. Because that is what public ip space is designed for.
Intranets should stick to rfc1918 adresses. There is no need for an overlap, an isp will
most likely give out ip’s in the 192.168 range. I know of no ISP that gives out ip’s in
the 10 range (agreed, I don’t know every isp) but even if they used those ip’s on their
wan side that would not conflict as the ham intranet would be routed over a different or
tunnel interface and should - never ever - be routed through or by an isp router.
But still, what services do the current intranets offer that should be kept offline from
the public internet? And even then, it is easy to filter those ranges at the border.
Ruben - ON3RVH
On 28 Jul 2021, at 17:39, Antonios Chariton (daknob)
via 44Net <44net(a)mailman.ampr.org> wrote:
Thanks for the response Ruben, please find my answer below:
On 28 Jul 2021, at 13:31, Ruben ON3RVH via 44Net
<44net(a)mailman.ampr.org> wrote:
Antonios,
I don't see this as an improvement on the current network. I see it as a complete
useless redesign of the network that will make it harder on the average ham to get onto
the network.
How does he decide if he want to connect to the (useless) intranet? Why would he want to
connect to an intranet, what solutions does it solve and what information can be found on
that intranet that should not be publicly available? Keeping in mind that we are amateur
radio operators, bound by license and that we should not have any secrets seems
contradictory to having a private intranet that can only be reached by radio. Also keeping
in mind that radio is not an option for everyone. For example, Belgium has no connectivity
to HAMNET and is completely separate and only routable from the internet. We do not have
"secret" parts.
If he then also want a range to be publicly routable, then he has to request an extra (!)
subnet and be smart enough to configure his router with policy based routing so that the
public part goes to his allocation and his other allocation is not routed to the internet
nor reachable from the other network? This will cause more problems and standard routers
cannot do this kind of policy based routing. Thus creating more issues..
To begin with, the TAC sees value in the Intranet and we do not consider it useless. We
have a large number of users that agree with this statement and they want this private use
case supported. We also believe and try to make connecting to the Internet much easier
than it is today. Hopefully we will achieve it with one of the available methods, the
Global Backbone / Connectivity Platform. Through this, all private networks like the
HAMNET or the Belgium part will be able to connect to each other. But they can do so
today, using tunnels and VPNs.
The proof that this Intranet is valuable is already here today: most of the 44net users
are only on the Intranet. After talking to many users in Germany, which is by far the
largest user of IPv4 space today, we always hear that they’re not interested in using
these addresses to connect to the Internet, they only want them for the HAMNET-type
network they have.
We hope that these changes will make it easier for existing and for new users to connect,
and it will allow more people to participate. We always have to keep in mind that not
everyone wants to do the same we want, and not everyone finds use in the same things that
we do. The address space is reserved to *all* radio amateurs and not to some people or use
cases. Our mission is to make it available to all of them, without forcing them to use it
in a mandated way. And if we all want to co-exist together, we have to play by some rules,
and we have to make some sacrifices so access is fair and equal to all.
This was the most difficult thing the TAC had to solve: create a network where people can
do what they like, and not what *we* like, and if they play by a few very basic rules,
then we can all coexist and talk to each other gracefully.
I agree with the others that using a publicly
routable ip space, especially a /10 is a waste of ip and resources for an intranet. What
is the basis of the TAC to consider that a non-issue? It is not because we have large
parts of space unused that we should squander it
As I mentioned in previous e-mails, we want a globally unique IPv4 space that is
guaranteed to not overlap with any current or future system that may exist out there. The
only type of IPv4 space currently in existence that can guarantee this is Global Unicast.
Everything else simply cannot meet this one and very simple requirement.
We are not using these addresses because we personally enjoy wasting them, or because we
have so many that we may as well waste some of them, but we see their usage as *required*
to address the above. We only mention that by using these addresses, we do not bring ARDC
into a shortage situation where you won’t be able to receive an allocation because they’re
all exhausted. By our estimations we will have way more than enough IPv4 addresses for the
future, even if we provide everyone with two allocations in the two use cases.
AGAIN: We don’t want to waste them, they’re the only IPv4 addresses that can guarantee no
overlapping globally, today and in the future.
Also, did you take into account during your tests
that not everything responds to icmp ping packets? There are large parts that filter icmp
packets at the border.
As I said in a previous e-mail, we know that the methodology is not perfect. We are aware
of this, and we tried to take into account. But we believe that it is good enough. We
cannot afford to spend 3 years designing the perfect experiment or talk to each and every
current and future user individually and ask them about how their network works and how
many devices they have. Before we reach the last person, we’d have all the data changed
and we’d have more users. Personally I believe that all measurements we used for this
decision are accurate to an order of magnitude. I would be very surprised if there are
tens of thousands of hosts that block ICMP packets and nobody has heard about them or
knows that they exist.
And for last, please do not rely on static
routing! As this is a redesign, at least use dynamic routing protocols.
Our idea is to not rely on anything. The TAC does not recommend that people use static
routes, or BGP, or Windows Servers, or Juniper routers, or anything. We propose this
policy to *allow* the people that *want* or *have* to use a static route to be able to
join the network. That’s all we want. To enable people to join and enjoy the 44 net,
however they like.
73
Ruben ON3RVH
Thanks,
Antonis
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net