This was accidentally only sent to Mario.
Begin forwarded message:
From: "Antonios Chariton (daknob)" <daknob(a)daknob.net>
Subject: Re: [44net] A new era of IPv4 Allocations
Date: 30 July 2021 at 15:32:26 CEST
To: Mario Lorenz <ml(a)vdazone.org>
On 30 Jul 2021, at 14:08, Mario Lorenz
<ml(a)vdazone.org> wrote:
Dear Antonios,
Am 30. Jul 2021, um 03:18:53 schrieb Antonios Chariton (daknob) via 44Net:
Hello Mario, please find my answers below:
Thank you very much for those insights. Although the image this paints
is very bleak indeed.
We do not want to limit the hardware, but we
would like to have an IP version of the frequency plan: 44.128/10, however you connect to
it, is the radio amateur band, and 44.0/10 is the commercial 5G band or the ISM band of
WiFi. One is for people that are licensed, and the other is simply the Internet that
anyone can use.
Thats unbelivable, I can but hope that something is lost in translation.
Let me rephrase that:
The proposal is nothing short of ripping out 44.0/10 from the diverse
cloud of radio amateurs that AMPRnet stands for, and making it part of
the regular internet, available to anyone without a license and removing
traffic exchange with the remainder (44.128) of the AMPRnet. This
proposal is, in your spectrum analogy, taking away valuable ham radio
spectrum and dedicating it to general internet usage.
That’s what people want to do though. They want to use an amateur radio resource
(44.0/10) to talk to people on the Internet that are not licensed. Normally in RF you use
a ham radio frequency to only talk to radio amateurs. In the IP world, the src and dst can
be different. People want to use an amateur radio resource to talk to a commercial
resource, and a commercial resource to talk to a ham radio resource.
These two networks can interconnect. EchoLink now bridges the Internet with the amateur
radio spectrum. But we don’t use IP addresses on EchoLink, we use our callsigns,
transmitted over IP packets. And similarly, when we do IP / Internet connectivity over
amateur radio spectrum, we use IP addresses on top of callsigns.
I call on the ARDC board to disapprove this
plan.
Then again, this is the opposite of the language in the
official proposal (last page), making me wonder whether
this is truly what the TAC actually discussed and decided.
Are there any public TAC meeting minutes or the like by chance ?
We have collected minutes of meetings that we did as the TAC, and they capture a part of
the total work that has been put through this. However, at this time, they are not public.
Is there something specific that you’re looking for? I could help provide more information
on that.
The TAC discussed and proposed the PDF document you see, and more importantly the
resolution at the end of it. Everything else is me trying to answer questions, provide
reasoning and context, and try to address things not covered in the document.
The reason we decided on me for this role (but still representing the TAC’s opinion, not
giving my own) is that if we had to find a time to meet and discuss every single e-mail
that we receive here and jointly write a response to that would massively increase the
latency of answers you receive from minutes or hours to days or weeks.
In order to make sure that I can still represent the opinion of the TAC, we discuss all
e-mail asynchronously and a corrective statement needs to be issued, we will do so
promptly, with a text that has been approved from all of us.
So far, we are not working on any such response, and all TAC members agree with the
responses provided by me.
The former could also be read as a policy/guarantee
that no
non-amateur-radio based means of communication are involved.
Is that intended ?
Yes, correct. One of the things that this proposal can bring is that a part of the
network is reserved for radio amateur to radio amateur communication.
I note that you also use the term
"radio-only network" on page 3.
Since 44.0/9 according to your proposal is not "radio-only", this
would mean that 44.128/12 should not be accessible from 44.0/9, which
is the opposite to your proposed resolution.
This is actually (part of) the proposal. That we guarantee that people in 44.128/10 can
only be reached by other people there, and people in 44.0/10 (technically /9) can be
reached from the entire Internet, except 44.128/10 (natively). This is similar to how only
radio amateurs can transmit in a ham band, but everyone can transmit to an ISM band
(including hams).
Your two statements are again contradictory.
One point of view, taken by some amateurs back in the 90s was that
the communication between two Amateurs should ONLY occur via radio
waves. In other words, a "radio only" network should, as the name
implies, not be using any other mode of communication, for example
an IP tunnel THROUGH the Internet. That is a different, much more
extreme position than defining some sort of an "Intranet" for amateur
radio usage, which could include internet links, tunneled or not,
as long as both end users are licensed amateurs. This is another
example why TAC should be very careful with wordings, and maybe provide
stringent definitions of some key terms.
We only want to preserve some IP space that can be used for ham-to-ham communication. How
they communicate is up to them. If they want to use radio-only, they can get an allocation
off this space and build a radio-only network. If they want to communicate with carrier
pigeons only, they can get an allocation and build a carrier-pigeon-only network. If they
are okay with using tunnels *through* the Internet, then they can do that.
We just want to make sure that we have some space reserved for this type of
communication. Going back to the RF analogy, ALL amateur radio space is for ham-to-ham
only. In our proposal SOME of the space is for ham-to-ham, and the rest is for
ham-to-Internet-and-possibly-hopefully-some-hams-too. If anything, and we go by RF
standards, advertisement of 44/8 should be prohibited on the Internet as non-hams can
reach you.
b) Which route do I need to put into my router to
address the radio
network ? In particular, how can you answer this question without
considering the specifics of each individual case ? Why would there
be only one route?
You can address the “radio network” with a single route: 44.128/10. This proposal
guarantees that everyone there will be on the radio-only network, the same way
transmitting to 144-146 MHz in the EU is to reach hams only. Any traffic you receive is
(should be) from a ham, and you should only send anything if you are a ham, and you intend
to reach other hams. Transmitting to 2.4 GHz in the ISM band allows you to talk to more
people (anyone), but also anyone can talk to you.
That is simply not true, since there is no homogenous radio network.
This is partly true: there is not a “single 44.128/10” but anyone can create their own
network within this space. However, if some of these networks don’t want to talk to
everything else, then this is working as intended, and they are by design not reachable.
We hope that most of the networks there would want to be interconnected and they can do so
through radio links, VPNs, Internet tunnels, satellites, or any other technology they see
fit. One of them (but not a mandatory or the only one) will be the ARDC-provided PoPs.
They will act as one of the many methods people could use to make sure that these networks
talk to each other.
The only exception that would make the single static route argument not true is that if a
single user wants to participate in more than one of those networks, and none of them, by
design and choice, want to be interconnected with anything else. In this extreme case this
person would need to use one static route per such network. This is still far less and
changes much less frequently than if it’s a free-for-all where everyone can do whatever
they want in any part of the IPv4 space.
c) Can you back up the "originally
intended"
claim somehow ? I note that net-44 originated in the USA, which
historically has rather liberal third-party traffic rules compared
to other countries,
We probably have a lot of people in this mailing list that were even a part of this and
can speak up, but this happened before the Internet was (broadly) adopted and the 44/8 was
a way for this “Internet” project some people were working on to talk to this network of
these “radio amateurs” that they set up in the USA or Europe, etc.
You (the TAC), made the claim and used it as a foundation
of your proposal. It is your onus to prove it or at least to plausibly
support it.
I thought that people that actually set it up themselves would speak up, instead of me,
where I just got to read and hear about it, but if nobody did it, I will come back to you
with a proper statement. I just felt that it would be better to hear this from the people
that were there for it.
d) You propose a policy of not announcing the prefix
on the internet.
"the prefix" is presumably 44.128/10. Do I have to understand this as
going back to pre-2012 (no direct BGP) or pre, uh, 1990 (someone
remind me please when mirrorshades started providing encap tunnels and
announcing 44/8).
Yes, correct. This proposal wants 44.128/10 to not have any direct BGP allocations that
appear on the Internet. Connectivity of these networks should happen between themselves
(network to network VPN, radio links, …), the ARDC (or anyone else’s) PoPs, etc. and they
will not communicate through the open Internet.
Sigh. This was not a yes/no question, but rather a question how far you
want to turn back the wheels of time for 44.128. Pre-2012, individual
networks did not have direct BGP announcements, but had connectivity
(or lets say the option to connect) through mirrorshades(.ucsd.edu)
which announced 44/8. I can bear witness that this worked that way at
least from 1995, but likely much longer.
Radio network access has at all times been set according to the
gateway's jurisdiction and ham radio regulations, namely
third party traffic. In most of Europe, any non-44 IP frame over an
amateur radio link was (and likely still is) illegal. Not so in
the US under third party traffic rules, albeit the situation has
become considerably murkier with the advent of encryption (HTTPS, SSH).
Again, please observe the careful distinction of "communicating
with the open internet" vs. "communicating through the internet"
This is an important distinction and something we still allow: the ONLY thing we say is
that 44.128/10 MUST NOT be reachable from a non-44.128/10 address. By definition, that
means that no part of this space may appear on the Internet. Of course, the exception here
is that ARDC will still advertise it to combat hijacking, etc. but will DROP ALL traffic
sent to it. It will be dropped at the edge and not forwarded anywhere.
With this definition you can then create any type of construct you want on top of that.
We only want to provide this guarantee to you. Depending on local or national or
international laws you may have to do different things, but we only want to provide this
very simple guarantee. Nothing more, nothing else. If it’s illegal to use 44.128/10 in
some countries based on this guarantee, then you can always use 44.0/10. If it’s illegal
for a country to use 44.0/10 and can only use 44.128/10, then they have to move to this
part by law.
e) Is there a rationale why existing regional networks
cannot decide
themselves what level of internet connectivity they desire,
considering e.g. the local ham radio regulations
and keeping their numbering and infrastructure which have been
assigned to them long before ARDC existed as an entity. Is there
a particular reason for not grandfathering them ?
Unfortunately this would be difficult to accommodate as the guarantees cannot be offered
then. If radio amateurs don’t have a dedicated band to talk to each other, and they have
to use the ISM bands, there’s no way to distinguish between normal people and licensed
hams. You can’t tell and there’s no guarantee that the person you’re speaking with is a
ham or anyone else.
You *never* can be certain. How many QSOs have you made where you
asked first for a copy of your partners license to be faxed ?
The problem is the problem of those allowing the traffic to cross
to a radio operated under amateur radio regulations, i.e. the operators
of that radio. Pre-2019, most of them would in the past have accepted
access to a sufficiently routed 44/8 IP as sufficient authentication,
although of course it is not perfect. Others required authentication
though a login on the gateway.
We can’t be certain, I agree with what you say. What we can do is make it much better
than it is right now. We think that even if we can’t provide a perfect solution, we should
still make steps to improve the situation.
If you are in this 44.128/10 network, it’s extremely less likely for non-hams to reach
you. If you are connected to the Internet, and you advertise your space with BGP, it is in
fact *guaranteed* for non-ham traffic to reach you.
You could argue that you could deploy ACLs or Firewalls, or any measure like that, and
this would help you only accept 44/8 traffic. But this is still worse: packets on the
Internet today can be spoofed. A non radio amateur could send a spoofed packet appearing
from 44/8 from a commercial ISP, and it would get through your firewall and possibly over
your RF links just fine. Moreover, if two 44/8 networks connect with intermediate hops
over the Internet, e.g.:
1. 44.1.2.3
2. 44.3.2.1
3. 192.0.2.15
4. 193.5.16.50
5. 44.4.6.7
6. 44.7.6.5
(Which I assume is what you want to do if you want to be on the Internet BGP and block
all incoming traffic from non-44/8 hosts)
Then hosts #3 and #4 that are non-hams can easily modify any and all traffic and cause a
transmission in a ham band of packets that are not from a ham. This is much more common
than you can imagine, and not always done maliciously. If I am node #1 and I do a
traceroute to node #6, due to the way the traceroute utility works, nodes #3 and #4 will
generate a new packet themselves (TTL Exceeded) and send it back to #2, who will forward
it over a ham link to #1. Node #2 probably did something illegal, as they transmitted a
packet that was not generated by a radio amateur (it’s a non-manned station / router of
Cogent / Telia / Hurricane Electric, …) over a ham band.
If you have the knowledge that any host you traceroute within 44.128/10 is (to the best
of your knowledge and ability to tell) a radio amateur, and that these packets will not
travel raw over the Internet, and no packets from the Internet can be introduced into this
connection (because it’s inside a VPN for example), then you can be sure that running the
traceroute command will not cause a number of people to break the law along the way.
Now for the use case where you want to be on the Internet with 44.0/10 addresses, but
don’t want to drop all incoming traffic that is not sourced from 44/8, then it is normal
to expect that all these port scans that people do will reach all IPv4 addresses in your
network. Since you know this is going to happen, you cannot use any radio link in a
non-ham band, as it is guaranteed that these stations will transmit a message over an
amateur radio band that is not from a licensed user. Even with a stateful firewall that
only allows outgoing connections, all responses you get from Facebook, Netflix, Altavista,
etc. will be from a non-radio-amateur and you will be transmitting them over a band
illegally.
If this law applies to you, then you cannot use the ham bands to “communicate with the
open Internet”. I think that we both agree on that. Now moving to the case of
“communicating through the Internet”. Let’s examine that.
If the network does not appear via BGP on the Internet, then everyone has to set up
tunnels to interconnect everything. You can’t just send traffic to a commercial ISP and
have it delivered. It will be dropped by ARDC. This guarantees that the traceroute problem
I described earlier (and any other similar case) won’t happen. The only routers and
equipment that participates in this network is (or must be) owned and operated legally by
hams. You don’t rely on Internet infra and expect any guaranteed. This means that it is
almost guaranteed to not break the law or at least it is much much much much much much
more certain that such a system would not break the law than talking transparently
“through the Internet”.
Similarly
to the RF world, in IP there’s this kind of problem as well. If you have IP addresses on
the Internet, you could receive traffic from anyone. Sure, you can use an ACL or a
firewall, but that’s not guaranteed. Packets could be spoofed for example. If you have a
special network where you know that all senders and recipients are hams, then you can
build things with different assumptions. You can build internal tools or apps, websites,
etc. It’s up to you. It’s a band where you will only find people of the same hobby as you,
that are licensed.
This used to be the description of 44/8 (now, sans the AMAZN part). To
my knowledge, this never changed (see ARDC's AUP). If it did, I would
support a reversion of that change.
The other part is like an ISM band. Sure, you can
use this to talk to other hams, and you can use it to talk to non-hams, and non-hams can
use it to talk to you, and you have to establish by your own means who is who, and ensure
that they can’t trick you.
What our proposal aims to do is to create a separate “Ham Band” / Intranet / 44.128/10
and a separate "ISM band” / Internet / 44.0/9. By using simple RF or IP you can’t
have them collocated into the same space.
This is the reason why we cannot have scattered space and we want to have it aggregated
and easy to address. Instead of our “band plan” being hundreds of lines and have it change
daily, and move band from “ISM” to “Amateur Radio” and vice versa, we want to create a
very simple band plan of 2 entries that don’t change. One is, and will remain to be “ISM”
(44.0/9) and one is, and will remain to be “Radio Amateur” (44.128/10).
Having a more stable and simple band plan is easier for everyone. They can make more
informed decisions for the future, they can choose who they want to talk to, and they can
even decide to use both bands: use a handheld radio (Radio Amateur) and a phone with WiFi
(ISM). This is what we try to do on a technical level. Clearly define the two bands, and
make sure that they are very few, and very stable.
People *DID* that, based on the current policy that each subnet can
decide if it wants internet connectivity. This was the policy that
governed AMPRNet for at least since the mid-nineties.
People built their network around that policy (and the legal
requirements). Later they *DID* opt for BGP or not.
It is the TAC with this proposal that is flipping over the apple-cart.
For such a proposal, in addition to the potential benefits that such
a plan may bring, TAC MUST also address the cost epecially the work you force
uppon the affected users.
I agree that we must address this work, and it could be a lot of it. Unfortunately the
best the TAC can do is to include these resolutions for the board to vote on (give enough
help, time, …). Anything else will have to come from the Board as we do not have any
authority to help in any other way.
There are a lot of people that would have to renumber e.g. 200 hosts that we saw earlier,
or possibly more. But I think this is a testament that the current network is not easy to
use: you may have 20 users, but a single person was managing it and has to renumber
everyone. If anyone participating was an expect, they would simply have to renumber their
own hosts, that would be less than 200 for a typical setup.
In the IP
world this translates to easier routing (each “band plan” entry is a route, and if it’s
just one, it could even be a static one), and less frequent changes. I don’t have to
consult today’s band plan to know why 44.5.5.5 does not respond from 44.128.128.128, if
the reason is that 44.5.5.5 decided to be Internet-only today or Intranet-only tomorrow.
We could have made use of complex routing protocols and policies that would dynamically
try to discover what each address or subnet is (because it’s not always clear and we can’t
always tell what each address wants to do, even if we forced everyone to connect to an
ARDC PoP) and then continually adjust this and maintain a complex state. This is something
that a lot of people would also have to do, or they would have to find someone to do it
for them (e.g. the ARDC PoPs). Going towards our value of being as inclusive as possible,
we did not want to force people that don’t want to to have to do this or to have to
connect via an entity that can do this. By having a 2-line band plan that doesn’t change
over time people can even hard-code it if they don’t want to deal with all of this
complexity or necessarily rely on someone to do it for them and then form a dependency to
them.
You are forcing your world-view uppon all existing users of 44.128/0
and require those that disagree to leave and expend effort to renumber.
I do not think that "inclusive" is quite the correct word for that.
And the current users force their world view upon future users and also a large part of
this network. I don’t think that it’s about who wins and who gets forced to submission.
The TAC tries to create space for both use cases so we all win, and we are all happy. Like
any rule in any civilized society, some people will have to make some sacrifices to
co-exist. They will have to understand why they need to do this, and then they will have
to give the others space to grow and have fun as well.
Under no circumstances do we want a minority of very vocal people that shout to bend the
majority to their will, simply because they can’t shout loud enough. And it seems that
this happens frequently on the modern world. We have to understand that by forcing people
to do anything, we only drive them away. I would consider it a failure if people gave up
on a project or hobby or resource just because the environment there does allow room for
them to grow, and I did not do my best to speak up for them.
We have to understand that not everyone can shout. We are all different, and we all want
different things, and we all have different needs. Some people are too shy to shout. Some
people have weak vocal cords. Some people don’t speak the language we shout in.
If we let these people be ignored, and we only do what these few vocal people say, then
we will create something that is only inclusive and welcome to people that can and want to
shout. This almost certainly guarantees a toxic environment that people will slowly start
to abandon and leave it be, simply because it’s not what they want to do.
If someone creates their own “People that shout” club, then that’s fine. They can all
gather every week and shout to each other. I personally don’t want to join this club, I
find no value in it. But we should collectively never allow these people to take over a
public resource for all of us, that can benefit all of us, as this is dangerous. Just
because they have the privilege to shout does not mean that other voices should not be
heard. And not only that, but we should make all these decisions proportionately. Because
this is a common resource, for all of us. Not only for some of us.
Speaking personally, I will continue to be an ally and use my privilege of being able to
shout to defend all these users and protect them and make sure that their voices are
heard.
There are people that are fine with having the
world communicate with
their 44. IPs. Nothing in your ham radio license forbids you talking
to other people, as long as you dont do it over a (amateur-) radio.
You proudly wear baseball caps with your callsign on it. Why can't
you wear your 44 IP?
We want people to use their 44 IPs on the Internet! We are happy to see them do it, and
we are really looking forward to all the nice things they can achieve by doing so. We just
want to make sure that they’re not the only ones, and we leave some room for people that
like something different. The current proposal gives enough space for now and in the
future for people to do any of the two, or both things, as they wish. It’s about choice.
That said, removing the currently existing option
to connect to the
internet by central gateway or direct BGP is a major, destructive
change of current policy. Sometimes, such destruction is requisite for
progress. It is the duty of the TAC to review such a change.
Such a review must be balanced, and necessarily must include a detailed
discussion of opposing views, a discussion why there is no
simple technical solution to the problem, and a discussion of those
negatively affected by this change. This all should be documented
for the record. Meaningful review would probably have also included a
documented poll of the affected network's coordinators.
First of all, we do not remove the option for Direct BGP, and we won’t force anyone to
use ARDC’s PoPs. That’s our goal. We reserve just as much space for Direct BGP as we
reserve for non-Internet communication. Each user can decide which part of the network
they want to be in, and they also have the option of picking both.
Destruction is indeed sometimes necessary, but of course I think that we all agree that
we should try to limit it. We don’t want to destroy anything. We just want to make a
change over the next year so that it’s easier for everyone to move on in the future. We
want to look at the long-term benefit of the network over the short-term trouble of
renumbering a part of it.
We are interested in the opposing views, the voices of the people that want to renumber,
and we want to hear from all of you. This is why we started this thread a few days ago so
we can get to hear all of you, and discuss with you. The PDF does not include a proposal
that is final and that we have sent to the Board for a vote. It only includes *what we
want to propose* and why we arrived at it after 4 months of work.
If we get a good recommendation and we see the value in that, we would be happy to change
it. It has not reached the Board and the Board is not going to vote on it if we don’t tell
them we want them to.
At this time, I therefore believe the current
TAC's proposal is
deficient and thus should be rejected (albeit without prejudice)
As I said earlier, there’s nothing yet to reject. There’s no official motion made to the
Board, and we will only send one after we get to hear you.
Furthering the analogy, a handheld VHF manufacturer relies on a constant band plan to
allow TX to 144-146 MHz and doesn’t have to build a system for their product to download
this hour’s or this day’s Amateur Radio allocation and change the functionality based on
that. You can also be sure that your local amateur radio repeater won’t be today at 89.7
MHz and your favorite radio station won’t transmit to 145.500 MHz this afternoon.
This analogy is not suitable. For starters, the 2m band extends up
to 148 MHz in IARU Regions 2 and 3, which should give you pause to
consider the difference of what you are used to, what is legal in your
country, and what may be so in the rest of the world.
I am aware that the bands are different for different regions of the world, but I do not
want to make the example complicated. I thought that it was enough for people to
understand my point, even if it’s region-specific, and that you can easily replace those
numbers with your local ones. I did not see a benefit in being extremely precise in
something that is not related to the point I try to make when the audience can probably
understand it.
If you did not get my point because of the fact that two digits are off, then I can
rephrase the sentence with these digits as they stand around the world.
Secondly, why would I not be allowed to listen to
that amateur radio
repeater using my commercial all-band radio receiver?
First of all, it may be illegal in some areas of the world, e.g. I think the U.K. or
Greece. But I think that’s not your point ;)
If your radio supports both bands and you’re licensed for both, then you can talk to both
using the same radio. If you’re not licensed for one of them, but a friend is, and you
want to talk over it, you can set up a cross-band repeater (netmap, …) to allow you to do
this.
Antonis