25 Apr
2014
25 Apr
'14
6:37 a.m.
On Thu, Apr 24, 2014 at 8:02 PM, K7VE - John <k7ve(a)k7ve.org> wrote:
No, I mean BGP out to the Internet, not to private
peer relationships.
Once a 44.x.x.x subnet is routable to the Internet, it is routable to
all other 44.x.x.x subnets that also have access to the Internet.
Most people wouldn't be able to take advantage of this sort of connection
because most people aren't running datacenters in their houses or have that
level of connectivity at their fingertips.
There really would only need to be a few BGP (border)
nodes and they
would most likely be routers, like CIscos or Mikrotiks (higher end
units). Those routers would provide tunnels whether IPIP or VPN out
to subnets in the 44.x.x.x space and route traffic for those subnets
both to other 44.x.x.x subnets or the Internet in general.
In this configuration, all these BGP routers would not only have to take in
the load for the entire network and figure out between them where the
traffic goes, but also pump out the traffic. Since many places charge for
bandwidth, it becomes a network system running at a financial loss to those
operators instead of a cost neutral basis which it is now. I'm willing to
bet that the FCC is going to walk away from net neutrality therefore it's
only a matter of time before traffic is metered on both ends.
Additionally, this configuration would also have no mitigation against DoS
attacks as likely the target is within the network so should you try and
blacklist the target or shun at a peer upstream, the DoS traffic will just
redirect to one of the BGP routers that states it is accepting traffic for
it that you don't control and the same thing happens. Larger groups of
people are affected instead of smaller islands.
But if you're saying we should just consolidate 44net into a bank of
geographically located routers owned and managed and billed by ARDC, then
maybe it should be brought up to the directors as discussed in last week's
thread. Personally, this may be the better way of going as getting more
than two people to agree on here seems almost impossible...
For example this router
http://routerboard.com/CCR1009-8G-1S has a
level 6 license, which means it has no license limit on the number of
VPNs/Tunnels it supports. Depending on traffic and ingress/egress
bandwidth it could probably support many /16 vpns. In turn, a local
network would be able to run a modest router, e.g.
http://routerboard.com/RB750GL and in turn route to upto 200 smaller
VPNs/Tunnels. For reliability the border nodes might multi-home their
subnets at 2 or more data centers.
In a DMVPN configuration, you can get away with having smaller numbers of
VPN's as they're dynamically built and disconnected. But these routers
don't support DMVPN or GRE. One would be better off with a RaspberryPi and
a custom linux build vs buying one of these devices.
We should always keep in mind that there are many of us that aren't as well
connected as others and may not have access to data centers.
Having a simpler network lowers the bar of entry so that everyone who
doesn't have access to a colocation or a willing ISP that can broadcast BGP
announcements can at least participate at a peer level without someone
getting stuck for the check at the end of the day or being subject to
gatekeepers.
44.x.x.x is part of the Internet's addressable space. If we don't use
it in that way, we may as well turn it back and just
use 10.x.x.x
Except for when you are already using 10/8 as it's private non-routable
space. The whole point is that it should be routable to all. Not just
select network segments who can afford it.