Re: [44net] A new era of IPv4 Allocations : Agree

11 Aug 2021

You are again over simplyfing the situation to squeeze your solution  as possible. 

For your solution to work we need a setup a list of net that are either ham only, ham and
internet, internet only. 
Imagine that a ham with a /20 and he use them to supply ip to a few service for ham only,
some are for service for both internet and ham only, and some service just for the
internet for club server that have publicity running on it, so it should not be over the
air waves at all. and he supply a way to connect to ampr by a an rf network and each
endpoint can deceide to be A or B. the IP are all scattered between al the use case. Just
imagine the needed list to have that network running as it should by the pop. Now, we
continu with 500 new allocation that do the same, add a few thousand new user asking for a
/28 with each ip that can be used as any of the 3 possibility and put that in the routing
and or firewalling of the pop. 

Now imagine that the list get corrupted, go find the problematic data! What you are
porposing is a very good way of destabilize our whole address space. 
There are ways of doing things with networks, those method have been proven to be stable,
easily reproductible, have human readable config files and they plain works. 

I sure hope this will be taken in consideration

________________________________________
De : 44Net &lt;44net-bounces+petem001=hotmail.com(a)mailman.ampr.org&gt; de la part de Ruben
ON3RVH via 44Net &lt;44net(a)mailman.ampr.org&gt;
Envoyé : 11 août 2021 03:29
À : 44Net general discussion
Cc : Ruben ON3RVH
Objet : Re: [44net] A new era of IPv4 Allocations : Agree

This is easily fixable at the pop level. Still no need for complicated setups.
Since every subnet has to he known in the portal, a script could parse the portal for all
known subnets and only allow those in and block the unknown subnets.

Again, no need for complicated routers/routing.
At the edge level you allow 44/9 & 44.128/10 and the pop filters the rest so that bgp
hijacked subnets cannot even get to the network, let alone your edge

There’s a simple answer to all cases that does not need renumbering.

We also cannot have a part of the network not reachable for other hams and cannot ask
every ham to have 2 subnets and do complex routing themselves.
Amprnet is an open network for hams and everything should be easily reachable to all hams
that connect to amprnet.

Ruben - ON3RVH

...
  On 11 Aug 2021, at 00:51, pete M via 44Net
&lt;44net(a)mailman.ampr.org&gt; wrote:

 Well as I said to Ruben this is wrong.

 You may think you will fix the problem with such simple fix.
 The networking world is not as "clean" as you think. Once someone advertise a
subnet in the 44.0/09 or 44.128/10 they would have access to your network. The thing is
that it is already happening and AMPR/ARDC are already monitoring such event but it take
times to find those rogue people, then AMPR need to contact the owner of the network that
provide the bgp route top the rogue guys. Those could be legit guys but are with the rogue
group and they could delay for days if not weeks the action needed to secure back YOUR
network. Do you want to leave the front door of your house to the public if you were made
promises that no one but the legit owner of the neighbourhood would have access to the
road in front of your house? Not the same security risk I think.

 Pierre
 VE2PF

 ________________________________________
 De : 44Net &lt;44net-bounces+petem001=hotmail.com(a)mailman.ampr.org&gt; de la part de Rob
PE1CHL via 44Net &lt;44net(a)mailman.ampr.org&gt;
 Envoyé : 10 août 2021 17:57
 À : 44net(a)mailman.ampr.org
 Cc : Rob PE1CHL
 Objet : Re: [44net] A new era of IPv4 Allocations : Agree

 I agree!  That motivation to split the network is totally bogus.
 Everyone in 44.0.0.0/9 and 44.128.0.0/10 can be "trusted" to be radio amateurs,
it does not matter if they
 are on an isolated network or on a network connected to the internet.
 How it is routed (over radio or over internet tunnels, using what routing protocol, and
what policy,
 does not matter at all.

 Of course on an isolated network you can have bad guys as well, so you will always have
to be
 careful what you open up to others.

 Rob

  On 8/10/21 11:40 PM, Ruben ON3RVH via 44Net
wrote:
 Dual addressing means complicated policy based routing.

 The remaining 44net that we have today is ham only. Thus if one does not the internet to
reach his/her subnet, all they have to do is add a simple firewall rule allowing 44/8 and
44.128/10 and denying the rest. That is a lot easier than policy based routing or dual
addressing. That would allow fellow hams to reach the subnet, but not the rest of “the big
bad internet”

 Ruben - ON3RVH

 _________________________________________
 44Net mailing list
 44Net(a)mailman.ampr.org
 https://mailman.ampr.org/mailman/listinfo/44net

 _________________________________________
 44Net mailing list
 44Net(a)mailman.ampr.org
 https://mailman.ampr.org/mailman/listinfo/44net 
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [44net] A new era of IPv4 Allocations : Agree