13 Aug
2021
13 Aug
'21
11:17 p.m.
On Wed, 11 Aug 2021, Mark Van Daele via 44Net wrote:
Date: Wed, 11 Aug 2021 19:00:20 -0500
From: Mark Van Daele via 44Net <44net(a)mailman.ampr.org>
To: 44Net general discussion <44net(a)mailman.ampr.org>
Cc: Mark Van Daele <markvd(a)markvd.net>
Subject: Re: [44net] A new era of IPv4 Allocations
tl;dr: I agree with Mark's points, and I disagree with the plan
previously put forward in the presentation.
IMHO the TAC plan as presented is a non-starter.
Anything that involves
significant re-ip is overly burdensome even with funding. Usually $$
re-iping should be avoided at almost all costs.
I also fail to see the justification of reserving
44.64/10 with no
future purpose when it is already in use. I currently have space in this
range that would be orphaned. While it wouldn't be a significant deal
for me to re-ip, as you've seen from other posters it will be for some
and I fail to see the well defined purpose to sequester such a large space.
Withholding address space for such an option is not promotive of the
whole. We already have groups setting aside address space for RF mesh
networks.
Re selling space, there is no reason to sell more
space. ARDC has plenty
of funding assuming it is appropriately managed going forward. If
anything they have the opposite problem, make sure funding is
appropriately allocated and well spent.
We don't need more fund-raising at the moment.
Back to the proposal, do we really need to allocate a
dedicated /10 for
unconnected purposes? How about finding a /16 or /15 not in use or with
limited use? Is there really that large of a defined need to have 4
million IPs reserved as unconnected?
Unconnected connected IPs? That's what RFC1918 is for, and destination
NAT along with source NAT.
For me, I appreciate the opportunity to provide
feedback and this seems
to be a solution in need of a problem. I might be missing something but
I fail to see the justification for this radical of a change in your paper.
I agree.
Re the future, from my perspective I am very
interested in the new
TAC-proposed Global PoP infrastructure and portal that has been
proposed. I'd love to see more/better gateway options, different options
for connecting (including easy to use methods for "newbies", options for
those stuck behind carrier NAT aside from running their own BGP/POP, and
a better portal to manage the space and connection options. This is
where I?d be focusing a lot of my time.
I'd like to see more than just the one gw.ampr.org, potentially one on
the East coast of the USA, and another in the middle for those users who
are in those locations. A European POP makes sense as well, but this a
problem bigger than the USA.
IMHO the TAC should be focused on network stewardship,
architecture,
policy, and community need. I may have missed it, but does the TAC have
a defined charter? It might make sense to get community feedback and
prioritization on the problems we are trying to solve.
I agree with the above comments.
I'd also like to see ARDC have a better focus on
providing network POP
and hosting infrastructure that supports the amateur community. While
giving out grants is great, I could see growth on the operations side as
well to support better infrastructure. Especially with funding there is
no reason you couldn't staff a small infrastructure department to
support this.
SeattleIX https://www.seattleix.net/ has a single employee, and a board
that oversees the operations of that employee while operating in a
transparent nature. This is a good model to follow.
Re the endpoint and connection discussion, I do use a
Pi3 as my IPIP
gateway using one interface and 802.1Q VLANs. I have it behind my
primary pfsense firewall and forward ipencap from external to it. My
notes on how I set up the pi are here:
http://k9mev.ampr.org/piconfig.txt
IPIP IMO isn't the best solution, but it is one that is in place. VPN
and GRE make a lot more sense today as IPIP is deprecated in almost all
but this space.
Having a single route for 44.0.0.0/10 in one location isn't the worse
idea for some basic form of connectivity, but for VoIP and disaster
applications, having local connectivity is better. For a state like
Alabama, that often means Atlanta is the closest point for connectivity,
but most connectivity in general flows to Atlanta from Alabama.
I think the Pi solution or a cheap Mikrotik are both
valid solutions.
I did at one time discover a configuration on the Ubiquiti EdgeRouter
that could use the VPN implementation without any cryptographic
functions at all, but when they updated to EdgeOS Version 2.0, they
removed the functionality I had apparently used to "misconfigure"
OpenVPN. This is of limited functionality other than crossing artificial
barriers like links where encryption is not allowed, or trying to
connect networks through a single port forward. Hashing, e.g.: MD5 or
SHA, are not encryption.
--
Kris Kirby, KE4AHR
Disinformation Architect, Systems Mangler, & Network Mismanager