20 Apr
2018
20 Apr
'18
4:57 a.m.
One of the main purpose of amateur radio is to
experiment new things.
Then, I think it's globally a good idea to experiment new routing
variants, that are more suitable with today and tomorrow usages. Of
course, this will raise compatibility issues and routing problems. But
that's our job to find solutions :-)
In general I think that is true. But in this particular case, that experiment is just
there
to work around unfortunate decisions made in the past. I can understand that it is now a
lot
of work to re-work the German HAMNET to make it compatible with a plain routed address
space,
but I do not see it as my responsibility to jump through hoops instead.
When it would be a simple change, I would not have a problem. But as it is now, it is
just as
much work for us to cover their irregularities than it is for them to adapt their
network.
In that case I favor the "clean solution".
Here, in Corsica, we'll try to adapt our home-made
system (OpenVPN
tunnels to two central gateways, and OSPF routing through 10.0.0.0/8
private addressing) to AMPR addressing. One of the main advantages is
that user connection is very easy (we developed a Plug and Play system
called "TKBox" : an OpenWRT router, which opens VPN tunnels to our two
data centers, in VPN pass-through mode). It's suitable for a remote
location such as our island, because our two data centers will be the
only points of connection with the outside world. All the specific
routing and firewalling has to be tone only there.
That is very similar to what we do here on the 44.137.0.0/16 network and you will not
encounter
the difficulties of NAT when you do it that way. All traffic internal and outside of your
network
is just plain routed. We use OpenVPN only for end-users that connect to our gateway and
get
44Net space but only over the tunnels. However, that is the "novice class" of
AMPRnet, we really
do not want users to connect that way forever. They should use radio links, and when no
access
point is available they should get together and establish one. And that is developing
rapidly.
Of course access points would ideally be linked to other access points via radio, but
until their
density is sufficient to make that possible we also allow a VPN connection to a central
router
located in the datacenter, either GRE or L2TP/IPsec, and we run BGP over that connection
so it
can be used for the connectivity to AMPRnet or as a backup in case their are problems with
the
radio link. Radio links have preference in the recommended BGP setup.
In this network we have untranslated internet access for every station because we do not
directly
send traffic on a user's internet connection (only the tunneled traffic to the central
router that
forwards the encapsulated 44Net packets to internet).
In my opinion that is the correct way to do it.
Of course if you want to setup many gateways like that across a larger country, the
practical
difficulty is that you need to negotiate BGP routing in many places. It is so much easier
to just
give in on that and go out via NAT over some local amateur's internet connection.
But it causes the problems that Jann is now facing.
Rob