Robbie,
Your trace route looks good. Are these all wireless links?
WC3XS-CME#traceroute ip 44.144.144.144 source lo0 (44.64.193.1)
Type escape sequence to abort. Tracing the route to 44.144.144.144
1 44.130.60.100 132 msec 132 msec 132 msec 2 44.130.60.101 132 msec 132 msec 140 msec 3 44.224.12.238 148 msec 148 msec 144 msec 4 44.144.208.38 148 msec 148 msec 148 msec 5 44.144.208.10 152 msec 160 msec 144 msec 6 44.144.208.26 148 msec 148 msec 152 msec 7 44.144.208.97 152 msec 152 msec 152 msec 8 44.144.208.93 156 msec 156 msec 160 msec 9 44.144.208.89 176 msec 160 msec 184 msec 10 44.144.208.85 164 msec 188 msec 172 msec 11 44.144.208.81 188 msec 208 msec 196 msec 12 44.144.208.49 172 msec 216 msec 180 msec 13 44.144.144.144 172 msec 172 msec 172 msec
Thanks Jesse - WC3XS
On Mar 24, 2014, at 7:38 AM, Robbie De Lise robbie.delise@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ We announce 44.144.0.0/16 over BGP to the public internet (in Belgium) This ip space is then run on our local variant of "hamwan/hamnet" in Belgium on 2.4ghz accesspoints and 5ghz and recently 24ghz backbone links.
We already used 3 ISP's in 2 datacenters (free/sponsored) and our entire network was running on 10.x.x.x addresses before we started using the 44.144.0.0/16. (The network started in 2003 and we have started using 44.144 in 2013). We were using a public /23, and several /27's from the ISPs to get certain services and repeaters on the internet. For echolink e.g. you need a unique ip per repeater since you can only use the ports once. The same goes for d-star.
So when we told our ISPs we wanted to announce our own subnet, via BGP, their main incentive was the fact that we would be giving back the ip space we were using and they could use them for other clients, since well, ipv4 space is sparse.
In terms of traffic nothing has changed since we still use the same amount of traffic, the only difference is that we now have BGP sessions to our ISPs and use our own IPs. All of our traffic is sponsored by our ISPs (+- 70mbit avg over all 3 ISPs)
Furthermore we are now able to use public adresses directly on devices like repeater or routers where before we had to nat everything and sometimes things were getting double-natted since some HAMs put another nat router in between their network and our "hamnet" network.
The routers in the datacenter are "The Big Firewall" and disallow any incoming traffic to 44.144 from the internet by default, and get opened up for certain ports, ip's or subnets when the ham using them requests to do so or is using his own firewall. There is also a lot of internet storm on the 44.144 (and I suspect the entire 44) network.
For the moment we are still announcing this subnet from the ASN of our main ISP. However, we are looking into announcing this subnet through the multiple ISPs we use and have recently aquired our own ASN number.
The ASN number has been sponsored by one of the ISPs, since they virtually don't have to pay for them, they only cost RIPE-points. The ISP that provided us with this ASN also loved the fact that it was a challenge to get it approved by RIPE since 44.0.0.0/8 is essentially a legacy subnet in ARIN and is nowhere to be found in RIPE.
Since then, RIPE has added a route object for our network; https://apps.db.ripe.net/search/lookup.html?source=ripe&key=44.144.0.0/1...
It took almost 2 years to get all of this done, and this was mostly due to RIPE being stubborn. However, CisarNet in Italy (44.208.0.0/16) already had a route object in RIPE which in the end was a precedent that convinced RIPE to do the same for us. So thanks to the Italian network :)
I have since seen that the Swedish network (44.140.0.0/16) has also gotten a route object in RIPE.
So there are already several networks on the 44 address space that are doing BGP announcements directly. If it is smart to use these ip address on the internet ?
My personal vision is that HAMRadio has also evolved to the Internet. Echolink, D-Star, DMR, DXClusters, APRS, etc. all use the internet as a backbone. So why not use our IP space as part of the Internet ? Ofcourse, the use of firewalls is strongly advised! Our firewalls allow all 44 to 44 traffic but block any other public inbound traffic unless exceptions have been allowed (eg echolink ports)
The biggest problem we are seeing by connecting 44 addresses to the internet, is when a ham comes to a hamclub and brings their own laptop. They connect to the local wifi and get a 44.144 ip adress from the local DHCP server. However, this ham's laptop is either infected with a virus, or the ham is knowingly downloading copyrighted files via torrents. You can already guess what is going on here. The illigal download continues over the 44.144 address and we get abuse complaints through Brian.
It has been an ongoing battle to block these practices on the network and to educate hams to not use the 44 network for these kinds of practices, or to at least turn of their torrent software when they connect to the 44.144 network. We are currently "natting" some of the 44.144 subnets outbound internet traffic to other commercial public ip's to prevent the abuse complaints until we can find a better solution.
As for the IPIP AMPR network, We ourselves have no link with the IPIP network to the rest of AMPR since we never got around to finding out how to set it all up. However we peer with the German hamnet and they also gate our subnet to the AMPR IPIP network. At the moment this peering is done though a tunnel over the internet, but we are currently working on doing this over RF on 5Ghz. Though the German HAMNET we also are connected to the austria and the other networks they are peering with. All of this using native internet routing protocols (BGP) and no AMPR IPIP.
We use OpenVPN to connect users who are not able to link to our network over RF (eg, no LOS to an accesspoint or none around to start with) so everything goes through our BGP session and peerings and IPIP. There are some users who are doing AMPR IPIP themselves and might receive traffic from the internet through us over AMPR IPIP. However, most of these users subnet's have never been opened up in the firewalls so there is probably no internet traffic at all.
So, try it yourself and do a traceroute to 44.144.144.144 over AMPR and over the public internet :)
73s Robbie ON4SAX
On Sat, Mar 22, 2014 at 11:10 PM, Neil Johnson neil.johnson@erudicon.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ I keep hearing complaints that we should "get away from using IP-IP tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to
understand why your local ISP won't (and shouldn't) let you source traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and
keep) an ASN for the 44-net address space ($500 initial, $100/yr maintenance from ARIN). An ASN is necessary for multi-homing and BGP routing.
- Explain to me what financial incentive a commercial ISP has to
routing (or peering with) 44-net address space for a small number of customers.
- As for using VPN's, explain how to pay for and maintain the
appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE) end-points.
After understanding all the nuances of 44-net, I find that the mesh of IP-IP tunnels and the rip44d daemon are actually quite an elegant solution to the limitations and constraints we have to work with.
-Neil
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net