cc: 44ngn
Greetings 44net,
KF6DMA checking in. Thank you for letting me join the group.
I’ve been licensed since 1996 or so, but I’ve rarely spent time on the air talking. Instead, the internet seemed much more my speed at 2400 baud at the time. There seemed to be a rather insurmountable generational gap when I started, but that has become narrower as the years progressed. I now have my own health ailments I can talk about in detail. :)
I’ve been into packet radio and played with radio meshes, but a majority of my time was spent on the internet. My assortment of jobs I’ve held since high school have all prepared me for the job I have today working as a systems engineer for a large company, and I love it.
I bring this up, as I was reading the archives to see the challenges with AMPRnet and ARDC in general, and thought I’d throw in my 2c from an outsiders systems engineering view (although hopefully not an outsider for too long).
From the surface, it seems like AMPRnet needs a ‘one country, two systems’
approach. An external system that interfaces with the public internet and deals with the trends there (RPKI, Domain keys, firewalls, etc.) and another that the ham community prefers (open, encryption-free communication). The two are pretty much at odds with each other, especially now ‘ssl everywhere’ has become a thing on the internet. Bridging both systems becomes difficult, but not impossible.
What I propose is getting the internet-side figured out first. Initially I would see what it would take to get a .ham TLD. With that, we can run our own DNS registry, free to anybody licensed. It could include DNSSEC, and possibly our own internal trust registry, maybe working with LOTW to expand how they use PKI and certificate management.
Next I’d look to see how we can give address space to communities that need it without requiring BGP. It seems people fall into various buckets when it comes to requesting address space here. Some use cases that I can think of:
• Static IPs for services accessed via the internet like echolink, IRLP, etc. • Provide amateur services with multiple ISPs address space to announce • Bridge unencrypted services between the internet and something like broadband hamnet, etc.
One challenge is announcing 44net space on the internet when filtering becomes more common and LoAs aren’t enough anymore. The use of tunnels today bridges this gap, but it doesn’t scale very well.
My proposal is to look into datacenter space in some of the major IXs (not just UCSD) today and announce large chunks of 44net far and wide. The anticipation is to get grandfathered to avoid filtering that is likely to happen increasingly in the coming years. Hopefully the nonprofit status of ARDC can get us some goodwill/discounts with network operators and datacenters, but it’s like finding the perfect repeater location… it will still cost money for hardware and rent, even with the most generous landlord.
For those who wish to use BGP, that’s still an option. I would recommend most people join an overlay network (sd-wan) solution that can provide the same benefits of BGP (multiple paths, static IPs, etc) but is easy enough to assign IP blocks and route IPs without BGP. Some solutions today that are open source and create a managed VPN mesh that can be managed from a centralized location. It’s like IP-IP tunneling used today, except it abstracts away the need for a static IP tunnel endpoint, and auto-routes away from links that have bad connectivity.
Using an SD-WAN also provides the ability to do malware checking, firewalling, and other features that would be normal in a network like this. People can choose if nodes can only talk to other 44net nodes or expand access to the internet as a whole.
Once the internet side is sorted out, the “internal” side of 44net could implement open services for everyone, including packet gateways, DNS, etc. The anticipation is to be able to access these services without needing to leave 44net. This affords us a few things.
For example, replication of the .ham TLD I mentioned above can potentially be updated over RF, so everyone can have a copy of the complete DNS zone. The idea here is while we do invest heavily on the internet side, we also invest in the ability to run 44net without the internet. By using inherent multicast abilities of RF, plus anycast, we have our own replicated decentralized internet-free DNS infrastructure.
For things like mail, winlink has had a head start here. We may need to borrow a lot of technology used here or invent our own. Satellites are getting cheaper to provide IP-based communication and they have potential to avoid terrestrial internet. Could we partner with Space-X Starlink? With an overlay network, packets can go satellite, internet, cellular, or all three.
From there, the rest of services can fall in line as needed. Need a
replicated wiki knowledgebase? Done. Near-time speed chat? Sure. APRS gateway without the internet? Yup. Partner with AREDN to mesh the meshes more securely and redundantly? It's possible.
We can become the ISP for amateur radio and create our own walled garden while also interfacing with the wild west of the internet to protect our interests there.
-Clive KF6DMA