Re: [44net] Security/Wiki Question - Requesting a Block

That "Requesting a Block" page has a lot of personal opinion it and also contains directives that may be valid for some regions but not for others. This already starts with the first line. Here in the Netherlands we don't use the portal for requesting blocks, only for registering blocks that are to be used for IPIP tunnels. So requesting a block does not start with the portal, but with mailing a request for a block to me and allocation of the block in the hostsfile for 44.137.0.0/16 followed by updating the DNS via the robot. Once that is done, it can optionally be registered in the portal. I recommend users not to do this unless they want to setup a gateway, because registered subnets that are not claimed by a gateway are up for grabs by other gateway operators, and given that we have widely varying skills among out users it has repeatedly happened that users (who often not even understand what it means and requires to run an IPIP gateway) create a gateway entry and add someone else's subnet to it by mistake. This then cannot be corrected by either the owner of the subnet or the coordinator of the IP space. It requires a "contact the portal admin" form entry to correct it and that may take a long time to be acted upon. (I still have two open requests of that type) I also don't agree with the "don't waste space" adagium. I allocate whatever is required for the experiment, and now that we are using BGP internally on the radio network, that also includes /30 and /29 networks for point-to-point links (/30 for links with only a router at each end, /29 when it is desired to have AP managment addresses). Unlike on the internet, we have no lack of IPv4 space on AMPRnet! There is no point in using RFC1918 addresses for this, and it causes problems with ICMP messages returned from those routers, e.g. when using traceroute. I also don't agree with "an ISP uses unroutable addresses for routers". Maybe some ISPs do that, but probably most do not. About RFC1918 filtering: YES, everyone should filter RFC1918 addresses at every entry and exit into the network. There are many configuration mistakes in ham networks, and I often see log results on those filters (which I have configured with logging on our gateway). RFC1918 addresses come in via IPIP tunnels from all over the world and also from radio. Of course it requires detailed knowledge of networking, policy routing, and NAT rules to get a mixed net44/rfc1918 LAN correctly connected to AMPRnet (with NAT or blocking for the RFC1918 systems) and let's face it: many users simply don't have that knowledge and are just trying. So, everyone else should filter that traffic so that at least it does not get propagated far. I sometimes send mail to repeat offenders and they often promise me that they will look at it, but it rarely stops completely. Rob