The IPIP mesh may be non-standard, but it is distributed, without any
single point of failure.
To get between two points, the two gateways have to have IP connectivity
to each other.
That's it. The two end-points can troubleshoot directly.
But every proposal I've seen on this list involves adding at least two
other ham points
of failure. For example, I would presumably connect to some other ham's
BGP node and
the other end of the connection would do the same. Why?
Mainly because it makes it an "outgoing" connection for most people.
... clipped ...
By putting VPN servers in datacenters and having the users connect to them,
you avoid those problems.
Yes. But you keep ignoring the problems it creates. You're simply trading one set of problems for another.
Also, there is no requirement that there only be a single connection! You
can setup crosslinks
to wherever you like.
But you also say "There is no need for a portal that registers the subnets, they only need to be configured in the gateway routers."
I haven't seen a technical write-up of what you propose. But the statement above tells me that those who aren't interested in the putting up with the new problems the overlay hubs would create have lost the simplicity we have now.
It's easy enough to say things like "you can set up crosslinks to wherever you like". But without the central registry, we lose the simplicity we have today. Today, we download a file and run a script. Done. Direct connections to everyone else. No middle men. No added latency. No added complexity. No added troubleshooting difficulty. No added dependence on some volunteer at the hub who may or may not be available when needed.
Now if your proposal included the following, it would truly be solving a problem for some people with causing a problem for others:
1) For folks who can't support direct connections, let them use a VPN connection to a hub of their choosing (as you appear to be proposing)
2) *** BUT *** leave the central registry in place, and augment it so that when you sign up for a hub, your subnets are still published to all other gateways as reachable through the hub.
3) Therefore, those who can support direct connects but are not a hub can still see a full registry and automatically create direct links/tunnels to all other gateways (whether they are individual gateways or hub gateways) and routes to all subnets behind all other gateways.
Michael, N6MEF