13 Aug
2021
13 Aug
'21
8:18 a.m.
Bill ,
As the TAC was discussing the proposal we all came to the conclusion that someone would
come with the fear that ARDC/AMPR would prepare for the selling of some of the address
space.
First this is a valid fear and it is totally understandable. But what you may not know is
that by selling some space again ARDC would loose it's 501c status and would have to
pay a huge taxe amount on the selling of the new block and the same on the first block as
this would be seen by the IRS as its core business and not seen as a charity entity. This
would totally defeat the goal of selling another block.
Télécharger Outlook pour Android<https://aka.ms/AAb9ysg>
________________________________
From: 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> on behalf of Andy
Brezinsky via 44Net <44net(a)mailman.ampr.org>
Sent: Friday, August 13, 2021 12:30:34 AM
To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org>
Cc: Andy Brezinsky <andy(a)mbrez.com>
Subject: Re: [44net] A new era of IPv4 Allocations : Agree - No I don't
+1 Bill. I was meaning to respond with something similar so thank you
for saying it so eloquently.
Don't try to get cute with encoding special information into the
addressing scheme. Things can change and re-numbering to adhere to
looks like a CCNA exercise of IP allocation is a waste of time. In the
future, maybe private networks take off and that subnet starts getting
too small. Maybe the FCC relaxes rules around encryption and we want to
give internet access to things that were previously private. Is
everyone expected to re-number /again/?
Publish a BGP (or HTTP) feed of bogons (IPs that should never, ever be
public) and let people consume that for automatic rules creation if they
want it.
On 8/12/21 11:08 PM, Bill Buhler via 44Net wrote:
OK, I've been watching this fire for a couple of
weeks alternating
between initial shock, outrage, disbelief. Now I'm going to go into
denial, I'll probably skip bargaining since I don't have anything
worth bargaining with.
I manage one of the /23's that is hosted by Vultr (I used to self
host, but I sold the business that provided those links and migrated
to Vultr). From my perspective the 44net's existence showed with
foresight of hams in the early 80's and it needs to be carefully
managed and preserved.
I was shocked a couple of years ago when comments on the list about
funny things with listing turned into announcement that Amazon was now
the proud owner of a large portion of the heritage of all hams. This
had been done with no discussion or debate and was merely presented as
a fait accompli. I don't want to open up that can of worms exactly,
but I find myself questioning if we aren't looking at preparation for
another round of this.
You see the IETF already stared out the problem of internet connected
/ reachable hosts and non internet reachable hosts and gave us three
allocations in RFC 1918 that anyone anywhere in the world can use. I
saw reference to the 10.44.0.0/16 as a idea, but we could go far
beyond that if we wanted to run a private routing registry for hosts
that are intranet based and want routing to 44net systems. Could there
be addressing overlap and challenges, yes their could, most people use
the 192.168.0.0/16 subnets at home, and could be instructed to do so.
So to me that looks viable (and I run a international corporate
network that uses a lot of RFC 1918 space, I've dealt with a lot of
variables, but it can use BGP to pass its routes just like the rest of
the IPv4 space.
So I find myself wondering what is really going on here and I start to
wonder if this is preparation for another selloff of our space? You
see, if the systems on a intranet are guaranteed not to talk with the
internet, it doesn't matter if they use internet addresses because
their speaking with any internet system is by definition invalid. So
move all of the Intranet to one slice, and once everyone has moved.
Sell it! They won't be affected because they can't talk to the
Internet. The other side might have occasional connectivity problems,
but they will be rare... I'm probably way off the deep end with this
suggestion. But I really can't understand why forcing a substantial
portion of our address space to be intranet only is a good solution.
All I know for sure is I Hate complicated rules being pushed into the
address space about who can talk to who. I use firewalls on my
borders, I expect anyone peered with me to do the same. I believe we
tend to be law abiding, rule following folk, but there are many
examples of amateur radio operators who aren't, and individuals who
pretend to be licensed who aren't.
I do understand consternation about people injecting routes for the 44
net and stealing our addresses temporarily. This can be a problem for
every system. CYMRU publishes a list of Bogon's via BGP and HTTP, what
if we just host on the portal lists of subnets that we have not
allocated, or allocated for Intranet only usage. Those that care can
download it into their firewall filter rules and if those appear on
our Internet feeds they will be dropped (it would also help us detect
such usage).
I'm sure we all want we each think is best for AMPR, and I love that
we are all so passionate about it.
73
Bill
AF7SJ
On 8/10/2021 4:43 PM, pete M wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
I hate to be the bearer of bad news, but that is
it not true.
We have seen group of people getting some BGP announce of parts of
the 44net with out being autorized to do so and they did this by
having access to a bgp server and making the route seem legaly done.
And those hacker could have had access to the whole 44 net ham space
with your solution. Ok, the people that want that the whole internet
can reach them are not bothered at all by that situation, after all
they already are dealing with such rogue situation. But the one that
DONT want anything but ham traffic either be by choice or by laws are
really bothered by such situation.So, no that easy solution is just a
small bandage over la large bleading wound and it can lead to some
ham to loose their licence if the data sent by the rogue reach the
airwaves.
Pierre
VE2PF
________________________________________
De : 44Net <44net-bounces+petem001=hotmail.com(a)mailman.ampr.org> de
la part de Ruben ON3RVH via 44Net <44net(a)mailman.ampr.org>
Envoyé : 10 août 2021 17:40
À : 44Net general discussion
Cc : Ruben ON3RVH
Objet : Re: [44net] A new era of IPv4 Allocations : Agree
Dual addressing means complicated policy based routing.
The remaining 44net that we have today is ham only. Thus if one does
not the internet to reach his/her subnet, all they have to do is add
a simple firewall rule allowing 44/8 and 44.128/10 and denying the
rest. That is a lot easier than policy based routing or dual
addressing. That would allow fellow hams to reach the subnet, but not
the rest of “the big bad internet”
Ruben - ON3RVH
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
On 10 Aug 2021, at 23:30, Toussaint OTTAVI via
44Net
<44net(a)mailman.ampr.org> wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
Le 10/08/2021 à 20:26, R P via 44Net a écrit :
Why should we separate networks ?
Every simple firewall can block traffic with simple rule
The purpose is not only to allow/block traffic. The TAC proposal
describes two different user cases (called "Internet" and
"Intranet") that suit different needs all over the world. Some of us
are already using some similar schemes, but with different
implementations all over the world. This makes routing a headache,
and there are many situations where sysops don't know how to route
traffic correctly. F/ex, in France, most of D-Star or DMR stuff
which have 44et addressing are in fact using dual addressing, and
have also a classic Internet IP, so that they can be reached from
Internet.
The separation into two subnets proposed by the TAC solves that, by
defining clear routing policy for each subnet :
- The "Internet" subnet is routed on public Internet via eBGP, and
packets are carried via Internet
- The "Intranet" subnet is not announced on Internet, but is only
routed internally (as European HamNet does with iBGP)
In your situation :
- If you want to be reachable from public Internet, you can choose
the "Internet" subnet, and set up your firewall rules according to
your needs
- If you want to be on a completely closed network not reachable
from public Internet (such as Hamnet), then you can choose the
"Intranet" subnet.
Here, we decided to use the best of both modes. We're using dual
addressing, and each site can have both Internet and Intranet
addresses. Any device just needs to be connected to the right
Ethernet interface, and it automatically gets the right IP, and the
right routing / firewalling policy.
The TAC proposal is a normalization of what some of us are already
doing, with 44.190 "Internet / no country", or with BGP announcement
of 44.x subnet. It offers clear segmentation about the two modes,
and should help setting up routing policies by just having two big
subnets.
Le 10/08/2021 à 20:26, R P via 44Net a écrit :
I (and all my country) sit on 44.138 which according to the
proposal would be not connected to the Internet
With the current proposal, and if you need your full IP range to be
reachable directly from public Internet, then yes, I think you'll
have to renumber to something in in 44.0. Anyway, I would answer to
your question by another question : Even with a good firewalling, do
you really need and/or want all your IP range, all your endpoints,
all your users to be exposed to public Internet ?
As said before, we choose to use both addressing, and we decide
individually for every application or device device. F/ex :
- D-Star, DMR, XLX -> Internet subnet
- Remote control of HF radio-club station -> Intranet subnet
Then, another option for you would be :
- Keep your current network in 44.138, but consider it as
"Intranet", "HamNet clone", and stop announcing it via BGP
- Get another subnet in 44.0 for "Internet" and announce it via BGP
- Choose individually what devices need to be reachable from public
Internet (they should not be the majority), and just
migrate/renumber those to 44.0
Or better suggestion :
Do dual addressing everywhere like we do :-) If things work well, we
(the TAC and all the sysops here) should be able to define clear
routing policies, build a backbone, define a common POP policy, and
define standard configuration for "Access" routers or endpoints to
be implemented on a wide range of low-cost platforms :-) Of course,
this would involve some work for everybody. But if we want to make
44net access easier and gain users, it seems obvious we'll have to
migrate the current mess (there are not two user groups that do
exactly the same thing) to something a little bit more normalized
and harmonized ofer the world. Then, we all will have to change some
things, HI :-)
73 de TK1BI
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net