On Thu, Apr 24, 2014 at 8:02 PM, K7VE - John k7ve@k7ve.org wrote:
No, I mean BGP out to the Internet, not to private peer relationships. Once a 44.x.x.x subnet is routable to the Internet, it is routable to all other 44.x.x.x subnets that also have access to the Internet.
Most people wouldn't be able to take advantage of this sort of connection because most people aren't running datacenters in their houses or have that level of connectivity at their fingertips.
There really would only need to be a few BGP (border) nodes and they would most likely be routers, like CIscos or Mikrotiks (higher end units). Those routers would provide tunnels whether IPIP or VPN out to subnets in the 44.x.x.x space and route traffic for those subnets both to other 44.x.x.x subnets or the Internet in general.
In this configuration, all these BGP routers would not only have to take in the load for the entire network and figure out between them where the traffic goes, but also pump out the traffic. Since many places charge for bandwidth, it becomes a network system running at a financial loss to those operators instead of a cost neutral basis which it is now. I'm willing to bet that the FCC is going to walk away from net neutrality therefore it's only a matter of time before traffic is metered on both ends.
Additionally, this configuration would also have no mitigation against DoS attacks as likely the target is within the network so should you try and blacklist the target or shun at a peer upstream, the DoS traffic will just redirect to one of the BGP routers that states it is accepting traffic for it that you don't control and the same thing happens. Larger groups of people are affected instead of smaller islands.
But if you're saying we should just consolidate 44net into a bank of geographically located routers owned and managed and billed by ARDC, then maybe it should be brought up to the directors as discussed in last week's thread. Personally, this may be the better way of going as getting more than two people to agree on here seems almost impossible...
For example this router http://routerboard.com/CCR1009-8G-1S has a level 6 license, which means it has no license limit on the number of VPNs/Tunnels it supports. Depending on traffic and ingress/egress bandwidth it could probably support many /16 vpns. In turn, a local network would be able to run a modest router, e.g. http://routerboard.com/RB750GL and in turn route to upto 200 smaller VPNs/Tunnels. For reliability the border nodes might multi-home their subnets at 2 or more data centers.
In a DMVPN configuration, you can get away with having smaller numbers of VPN's as they're dynamically built and disconnected. But these routers don't support DMVPN or GRE. One would be better off with a RaspberryPi and a custom linux build vs buying one of these devices.
We should always keep in mind that there are many of us that aren't as well connected as others and may not have access to data centers.
Having a simpler network lowers the bar of entry so that everyone who doesn't have access to a colocation or a willing ISP that can broadcast BGP announcements can at least participate at a peer level without someone getting stuck for the check at the end of the day or being subject to gatekeepers.
44.x.x.x is part of the Internet's addressable space. If we don't use
it in that way, we may as well turn it back and just use 10.x.x.x
Except for when you are already using 10/8 as it's private non-routable space. The whole point is that it should be routable to all. Not just select network segments who can afford it.