Re: [44net] A new era of IPv4 Allocations : Agree

Rob you say, Totally true! the /24 minimal size is for get smaller routing table on the internet routers. It is good practice on networking to inplement such solution. And the TAC proposal is exactly that. splitting 2 /10 blocks (4,194,304 possible host for each /10 ) to have 2 simple network that are easy to maintain. You probably know that already. Now lets think about the future and not the past. We want more use of the 44 net. We want entry level to be easier, we want people to learn networking, we want them to do it in a safe manner and we want them to be able to interect just between them or between them and the rest of the world. Now imagine a new user that receive a /28 from one of our pop. He need a router to manage his allocation and advertise it on the metwork he will do it by iBGP and he will need to route the /28 on his side. He will also need to know to who he want to connect and not. If he want to connect to the whole routable internet there is no problem. He route everything to the AMPR and all is good. But what if he want ham only on his network. He make routing tables to the 12 millions possible 44 IP adress we still have? How will he know that some of those IP are not real ham or those address can have some endrypted packet and those will end on the airwaves on his RF networks and put him in a very bad situation toward his governing regulator. Exactly people wont want to split route and program certain subnet and do all that maintenance that need to be done if a new allocation is given or other not fun task. They will want simple things to do and they will want to have fun while learning. You also say: Yes we are miniscule compared to the internet, and even less then a speck of dust compared to the IPV6 address space. This does not mean that we should not care about building a simple and stable network where simpler user wont have to care about routing and checking their config every few weeks to make sure they have all the lastest desirable to them subnet as they will addon with time. Remember that there are people thet DONT want to have route to and from the internet. How will you provide them with a /28 and a stable and simple configuration if they connect to your RF network that have route that goes and come from everywhere? Firewall? Will the sysop of all the rf network will love to have to deal with specific configuration on some of their node for user X? and then he decide that another node will work better for him, he turn his antenna and everything need to be reconfigured. Dual addressing of both the 44.0/10 and 44.128/10 on RF backbone and the pop's will fix all this type of maintenance. Yes it will be a assle to add the second route to your existing setup as a sysop. But as a sysop you will not have to fiddle with every change users will want to do. your config will be a little more complicated. But the whole network will be a lot less difficult to manage. Technically if the proposition would been accpeted you would not even neet to renumber. You would need to dual route 2 subnet. The one you already have that would become the intranet for ham only and a new subnet that is open to the whole worls. You could have all the configuration /ssh port of your deveice facing the hamonly portion of the network and have no more russian/china/kiddy scanner harmering your router for brut force access. Then your user could choose to joint either of the 2 possibility or even better both but in a very controled fashion and with a sens of securit for the ham only side cause none of the non ham world would have access. It is not a perfect system, but when you can remove 99% of risk from a system it is a huge improvement. I do not say it will be perfect and good security practice wont be needed. But we will start with a very large leap. I understand that you are not happy to have to change stuff in your network. But can you be a little bit more open to change? ________________________________________ De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de la part de Rob PE1CHL via 44Net <44net(a)mailman.ampr.org> Envoyé : 11 août 2021 10:54 À : 44net(a)mailman.ampr.org Cc : Rob PE1CHL Objet : Re: [44net] A new era of IPv4 Allocations : Agree On 8/11/21 4:37 PM, Toussaint OTTAVI via 44Net wrote: When you have a system that you want to be capable of doing such special routing, you need to have a BGP session with the backbone. Over that BGP session you can send or receive those routes. There is NO minimal subnet size on BGP! We use BGP to route single addresses (/32). The "minimal /24" restriction is only a policy on Internet BGP, because there already are so many routes in the table and they do not want to have even more. However, on our own backbone network (which runs BGP on private AS numbers and is in no way exchanging BGP information with the internet, only with other AMPRnet routers over tunnels) we do not have to implement that restriction and we can route everything. And still, people can filter by subnet size on their own routers when they want a smaller table and are not interested in all those detailed routes. In our network it already works. Whenever a user connects e.g. to OpenVPN, the route to their address is distributed using BGP. So you can be on radio in network 44.137.40.0/22 (on a WiFi access point), then switch off your radio and connect to OpenVPN using a certificate that issues you address 44.137.40.2, and you still get the correct routing. All routers in the Dutch network route that single address to the OpenVPN server instead of to the router serving 44.137.40.0/22. For this to work also for the other users on that WiFi access point, proxy-arp has to be enabled on those accesspoint networks. Then, when another user ARPs for 44.137.40.2 the router will answer with its own MAC address and route the traffic using that single-address route. Works just fine! We also have this for IPIP and IPsec tunnels, routes obtained from ampr-ripd are automatically redistributed in our radionetwork using BGP. Given the current scale of the AMPRnet network we should not worry about the number of routes. When compared to internet, we are miniscule. We have 700 routes in the IPIP mesh, currently about 230 routes in the Dutch network, I think about 2500 in the HAMNET network, etc. All in all probably less than 10000. And you can always filter some detailed routes when you are not handling specific cases like the above. (e.g. the whole world would not be interested in all our /32 routes unless they want to handle /32 addresses connected to a PoP in TK) For users that connect and setup a BGP session, there is no need to configure what network they have. But there may be a need to configure a BGP peer. Current RouterOS requires that, the next version does not (so you can accept any incoming BGP session using a single config item). With the current software it would be required to configure somewhere (portal.ampr.org of course!) on which PoP you want to connect, and you would get some info in return (like the BGP AS# and the IP address of the BGP software). Rob _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net