6 Feb
2021
6 Feb
'21
8:47 a.m.
On 2/6/21 2:27 PM, M Langelaar via 44Net wrote:
When you offer VPS for $3/month of course you need something to automate the
deployment. Of course we are running VMware ESXi hosts in our network (in fact
our gateway system for the Netherlands is a VM running on that), but for those
commercial VPS systems it works a bit differently. You can go to a web interface,
select a place to deploy a VPS, an initial image (e.g. Debian, CentOS), a host
name and click "deploy" and it is running. The VPSes are deployed from
standard
images and there is a small agent that allows the management system (Aurora)
to set things like a hostname and a root password inside the VPS on its first boot.
The actual VPS you get still is a virtual Linux system where you get the root
password and you can install and manage everything, it even has a public
IPv4 and IPv6 address, but it is behind a firewall.
There is a control panel where you can make some additional settings and one
of them is a firewall setup. There is no "allow everything" setting.
I can understand that, when you give out VPSes to lots of people you don't know,
there will be lots of inexperienced people who only want the VPS to setup a
website and that do not know about security, and you will be handling abuse
reports (about hijacked systems) all the time.
So a bit of protection helps, although probably not much these days.
*I* am talking
about *what we have now*. And about how it can be improved.
Please do not confuse those things.
We keep stuck in the past because we won't deploy realistic things but keep
discussing about how it could work in an ideal situation and with infinite human
resources (financial resources as well in the past, but that is less of a problem now).
The current discussion quickly moved on from creating a new more usable
backbone network into enterprise-grade systems, worldwide announcement
of the entire address space, use of hardware routes rather than VMs, etc etc.
Yes I mean this is the current situation when you are in some place in the world
where there is no existing deployment of such a system. You need to do it yourself
and you need to be on IPIP. Or BGP-announce your subnet. Those are quite
complicated things, and this thread started because someone did not understand
how to do it exactly.
Had the new backbone network been in place, this would not be an issue because
he could just connect to that.
Rob
Rob,
That would be possible, but we largely have the proposed network already running
for 6.5 years now and it is not necessary to prove that it works.
Others have the same or similar setups.
That was in fact my proposal. Have ARDC setup a
mesh of routers over the world ...
Okay, so what's stopping 'us' from setting up a pilot ? If anyone at ARDC is
listening,
how about you assign a small pilot 44 subnet to our project, get us a linode account,
make one of us administrators, and we setup an openVPN server. Have the routing to
our small pilot 44 subnet put into place once we get the linode account setup. commonly known VPSes run under Apache Aurora and
similar.
I must be behind the times then. Never heard of it, so I just looked it up, for example
:
Kubernetes is an open source orchestration system for Docker containers,
Apache Aurora is a Mesos framework for long-running services and cron jobs.
Good god, what happened to just a plain old *nix system running on a VM ?
(no, that's not a ludite comment, for anyone who wants to throw that at me) Those cannot do IPIP [snip] People getting a
$3/mon VPS often find this out
once they get it deployed. When you have a more directly managable VPS it
will not have this problem.
Why do they have to use IPIP ? with the openVPN system 'we are proposing',
you are immediately on 44 net, perhaps I am missing something here. stuck in the past
Remaining stuck in the past VS the KISS principle are two different things. But I do not want to force everyone with an
unsuitable home internet connection
to get a suitable VPS, run IPIP from there, and then setup a VPN to that VPS,
all because we have done IPIP for 25+ years and now want to continue it
indefinitely.
I don't understand the point to this last comment, why do we need IPIP here, and
why would we need to run a VPN to our VPS ? Oh you mean because there is no
existing solution which I think should be provided by ARDC. I think we're on the
same page on that one (I hope so anyways).