Le 07/10/2020 à 22:43, Tony Langdon via 44Net a écrit :
Must have a datacentre in Australia (latency, you know) Offer BGP routing (obviously!) Be in a reasonable price range for a small-mid sized VPS.
I'm also living on an island, even if it's a bit smaller and closer from the continent than yours, HI :-)
Here's the setup here : - A VPS server at Vultr for $5/month (but I think the $2.5/month instance would do the job, too). The VPS is located in Paris. It does the BGP announcement, and tunnels all our public subnets (currently, 44.190.11.0/24) to our local data center on the island. - The local TKNet data center is composed of a dozen of VMs (VPN gateway, WWW, XLX, Asterisk, Nagios, Netbox, ADSB, etc...) and physical machines (NAS, AMBE servers for XLX and Asterisk gateway). It's currently hosted in my business space in the data center of Ajaccio (on the island). I can afford hosting it for free in my business DC, but any second-hand physical server, with Open-Source virtualization distribution, and a fiber connection to Internet with just one fixed IP would do the job. - In the DC, the main virtual machine is a gateway router : it gets traffic from the tunnel from Paris, it has two local VLANs on 44.168 and 44.190 for local machines, it handles OpenVPN/Wireguard tunnels to remote sites, and does all the routing and firewalling. - As all is virtual, we can host as many VMs as we need at no additional cost. This allows for better separation of functions, and allow great experiments (just pop a new VM, then install and test whatever you want on it)
Assuming quite any sysop / sysadmin team can get a second-hand server, install ProxMox virtualization on it, then host it in any location with a fiber and a single fixed IP, the only cost for that infrastructure is $5/month for the Vultr VPS, for an unlimited number of VMs and remote sites (all deserved with 44net addresses). For non-profit associations, I think this is better than all-VPS (because even if Linux is a fantastic army knife, it's difficult to put too much functions on a single machine, and adding any additional VPS costs some $$$)
The main idea there is that there are two separated functions, at different layers of the network ISO model, that can (and probably must) be handled separately, in different locations and/or by different people : - Routing (eBGP announcement for public subnets, IP-IP tunelling or iBGP routing for HamNet, VPNs to remote locations, ...) - Applications / services (XLX, IRLP, Echolink, digital and analog repeaters, etc...)
For the system to be really easy to deploy and use for everybody, sysops/sysadmins who deploy applications (a repeater, a reflector, a server) would not have to bother too much with complex routing. They just would have to configure a 44.x IP on their LAN interface, and connect it to a "router" (a Linux or OpenWRT system, running on a VM or a $20 appliance, with a pre-defined configuration). At home, a Raspberry Pi or equivalent, with two network adapters, would allow everybody to have 5 real fixed public IPs in 44.x range, that are independent from their current ISP. No need for a fixed ISP IP. No more "port openings" on tricky Internet boxes. And no more headaches when moving from an ISP to another.
73 de TK1BI