13 Jun
2015
13 Jun
'15
3:40 a.m.
On 6/12/15 12:20 PM, Marc, LX1DUC wrote:
Granted. But saying the only other solution is via a single world wide
gateway is down right silly in 2015. I'm actually providing redundant
connections to my users via BGP, matter of fact we just turned up another
subnet for another AMPRnet /24 this week via BGP.
I announce
subnets via BGP, that should be enough. I maintain the
> single end
> point for the 44 network (UCSD gw) is a bad idea, and it's not my fault
> it has
> broken routing for more specific networks.
There are several reasons,
I'll just provide 3+1, but there are probably
many many more:
- not everybody can do BGP - accessing your network will require NAT on the
remote end (unless the
YLs/OMs ISP allows her/him to originate IP packets with 44net
addresses), NAT breaks end-to-end communications
I don't understand what part NAT plays in this.
- you won't be able to differentiate between
commercial access to your
44net and 44net traffic NATed to commercial IP
Again, I don't understand where NAT fits in this discussion/model. I don't
differentiate between a 44/8 sourced IP and another. It's all internet
traffic, there is no inherent security/authentication of 44/8 addresses.
I advocate for an united 44net where each participant
shall be able to
reach any other participant from a routing perspective (there could
still be firewalls).
I agree, however the configuration of a single gateway announcing 44/8 without
the ability to reach more specific networks is _broken_ routing. Let me say
this again:
_The UCSD Gateway has BROKEN ROUTING affecting the REACHABILITY of IPIP users._
If BGP users announce a subnet that 99.99999% of the internet can see, but
IPIP users behind the UCSD gateway can't reach it, it's not BGP users that
have broken routing, it's the silly UCSD gateway.
I've advocated fixing the broken routing at UCSD, but the has been no positive
movement in 3+ years to fix this.
I'm not going to touch this bone-headed idea of having a single gateway world
wide for the IPIP traffic, other than to say it's bad and broken more than
it's working.
I don't think that HamRadio (and I include 44net)
is about islands that cannot communicate with each other. But those are
just my thoughts. Your opinion my be different.
Well that's the thing, as the UCSD gateway is implemented now, it enforces
islands of routing; the IPIP users are basically their own VPN on top of the
internet with special addresses. It's a quasi-private GRX like network.
The way to fix this so it works for the legacy IPIP users and standards
compliant BGP users of the AMPRNET space is to fix the routing at the gateway.
This is simple conceptually and in practice, but as ARDC is not a members
organization there is little that can be done other than bitch about it on the
list.
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net