Re: [44net] RIP problems?

6 Apr 2019


      Hey Rob,
Impressive troubleshooting and I'm glad to see you figured it out.  
Until a decision is made about what to do long term here, maybe the AMPR 
Portal web interface can change this name from "gateway" to "public 
Internet IP (gateway)".  I think that would help some people avoid this 
issue.
--David
KI6ZHD
On 04/06/2019 09:45 AM, Rob Janssen wrote:
...
Well, after a week of frantic searching how this problem came about, 
it has finally been pinpointed.
It turned out to be an unfortunate consequence of someone setting up a 
bad gateway entry with
the external IP within out 44.137.0.0/16 network, combined with strict 
firewalling that returns ICMP
messages on bad traffic, a bug in the handling of those messages, and 
the way ampr-ripd handles
the above type of gateways.
Finally when Marius discovered that ICMP messages were going back to 
the gateway in his test
setup, and when this happened amprgw abruptly ended the sequence of 
RIP packets, combined
with the observation that putting delay between the packets actually 
made things worse, and
removing of the bad gateway fixed it, finally lead to resolution of 
the problem.
Now there are some bugs to fix, but also I looked in the gateway list 
and I found several more of
those bad gateways!
It looks like the gateway concept is difficult enough for people to 
understand as it originally was,
and adding the possibility to have a gateway address inside net-44 
really pushes complexity beyond
what can be handled.
And because it is (under strict conditions) allowed, the check in the 
gateway that simply rejects
such entries has been removed.  Look at what we have now:
44.2.11.1     2018-01-17 20:55:30     KK6NHN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1555
44.2.11.2     2018-01-17 20:56:07     KK6NHN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1556
44.24.172.41     2018-01-04 23:09:44     KG7PNQ     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1546
44.24.241.98     2017-04-26 06:31:05     KD7LXL     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1378
44.94.17.129     2018-09-04 05:12:02     N0NCE     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1695
44.102.222.16     2019-03-24 22:27:29     W8HRV     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1760
44.118.1.1     2018-03-01 18:16:04     N1QX     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1403
44.118.1.2     2018-03-01 18:16:12     N1QX     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1404
44.118.1.3     2018-03-01 18:16:19     N1QX     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1405
44.130.104.1     2017-10-02 18:34:13     DG8NGN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1481
44.130.104.2     2018-04-15 16:36:26     DL2QT     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1613
44.130.105.1     2017-10-02 18:35:03     DG8NGN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1482
44.130.106.1     2017-10-02 18:35:32     DG8NGN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1483
44.130.107.1     2017-10-02 18:35:55     DG8NGN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1484
44.131.14.253     2017-05-06 07:29:35     M6XCV     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1382
44.136.150.2     2019-03-11 01:55:46     VK4AA     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1386
44.137.8.1     2018-10-01 09:41:51     PA0HWB     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1707
44.137.44.118     2018-01-14 23:25:39     PD2LED     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1551
44.137.48.78     2019-03-01 09:26:45     PE1OWG     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1806
44.144.46.240     2017-11-07 13:21:48     ON7AVC     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1505
44.151.38.60     2018-05-13 11:24:03     F4FLQ     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1631
44.151.38.61     2018-05-13 11:25:42     F4FLQ     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1632
44.151.38.62     2018-05-13 11:26:32     F4FLQ     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1633
44.159.112.16     2018-08-17 19:28:16     9V1AN     View 
https://portal.ampr.org/gateways_list.php?a=view&id=1683
Most of them have "no subnets" and I think they were only created by 
experimenting people who tried
some options in the gateway and finally gave up for the day.
Only these actually have subnets routed:
44.24.172.41
44.94.17.129
44.130.104.1
44.130.105.1
44.130.106.1
44.130.107.1
44.131.14.253
44.136.150.2
Several of those route a subnet that contains the actual gateway... 
often subnets so small that they cannot
be BGP-routed on internet, so likely invalid as well.
This whole thing causes quite some risk of malfunction, loops, etc. as 
was demonstrated this week.
I propose that the existing gateways in the above list with no 
gateways (those not in the second list) to
be removed, and the portal changed to again disallow the creation of 
new gateways within net-44.
Then, the valid users should be encouraged to find a gateway IP 
outside of net-44 and this whole thing be phased out.
Too much time has been wasted on debugging this problem already, and 
what advantage does it really bring?
Rob

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [44net] RIP problems?