25 Apr
2014
25 Apr
'14
9:55 p.m.
On Fri, Apr 25, 2014 at 1:14 PM, K7VE - John <k7ve(a)k7ve.org> wrote:
traffic.
IPIP is encapsulation - VPN implies privacy. Big difference.
As already stated there are such routers already in place in Sweden,
Belgium, Germany, US, Canada, and other locations. The people that
run them have arrangements to do so, and the "masses" don't have to
worry about that.
Have you asked them if they're willing to take on the extra traffic or are
willing to let you make routing changes to their routers?
What if your Ukranian and you're being told that you're forced to use a
gateway run by Russians for whom you may have issues with? What if you're
in China and you're unable to VPN out due to country firewalls? Or Turkey?
Or Saudi Arabia? At least IPIP doesn't immediately say "tunneled private
traffic". And my DoS example still stands because now you have individual
groups advertising routes for the entire /8 for which are not under a
singular control or a singular Point of Contact for mitigating the network.
Again, by keeping it simple for basic connectivity allows everyone to
participate at a common level instead of the network becoming a place where
you're either a rich system operator or poor end user.
willing
Until you ask a EMCOMM person. Then it's the only thing that matters.
> A few, maybe as little as 10, border nodes
might run BGP and *provide
> VPN/Tunnel services to everyone else* and not everyone needs to run the
> same VPN/Tunnel protocol. Routing takes care of getting from point A
to
point B.
As others have already mentioned, some ISP's charge extra for VPN And again, you create bottlenecks placing all
your eggs into one basket.
This is getting circular.
So how do you do it now? You use an IPIP tunnel (another type of
VPN), nothing changes for the end user except, his tables
get much
smaller, she routes local 44.x.x.x traffic locally and uses an IPIP
tunnel to a tier or border router.
Everything changes as now all my traffic to 44/8 end up going through your
gateway instead of individual p-t-p links.
I'm not talking about one basket, but even if I
was, it probably would
have greater overall reliability than the 386 JNOS machine with
hundreds of IPIP rules.
All you are doing is taking the "hundreds" of rules and bringing them up
one level. The complexity still exists, except that now if you fat finger
a change, it impacts everyone until enough people complain to you about
your mistake. Until then, everyone is affected instead of individual nodes.
What you're asking is for people around the world to connect to your
group
of routers (which will likely be US based -
increasing latency for those
outside of north america) just so that they can talk to one another or
receive public traffic if they're not able to afford the $1000 or more
for
AS registration + RIR membership + ISP
announcement costs + maintenance
costs. Again, I think you are proposing a big mistake and a class
system.
> Encap/IPIP and RIP tables could theoretically have 16 million entries
for
Net-44,
why not use aggregation and a tiered network instead?
Because it causes bottlenecks and SPOF's. Unless you can contractually
provide me a TOS with 5 9's of reliability under heavy penalties, people
are better off being responsible for their own traffic. If you are to offer that, then I'll be glad to sign up.
If you want a TOS of 5 9's you aren't talking amateur radio. Don't
overlay business/government network requirements to what is
essentially an experimenter's network,
Overgeneralization and inaccurate but ok.
that may have some need for
reliable services which can be addressed in data centers and by
replication and other methods.
It's IP addressing and routing... not colocation. You keep trying to make
44net an ISP when it's not.