7 Oct
2020
7 Oct
'20
8:51 a.m.
Le 05/10/2020 à 10:40, Rob Janssen via 44Net a écrit :
Please understand that in the topology I am proposing (and have
proposed several times in the past) you don't need to do that as an
individual, it is left to local groups or ARDC to do that.
+1
We are using a similar topology here.
Anyway, the details of our implementation differ :
- We are currently testing Wireguard as a replacement for OpenVPN (too
much odd behaviors with OpenVPN)
- Our endpoints are $20-$50 OpenWRT routers. We configure them, and send
them to the local users / sites.
- On any site, we typically route /29 (5 usable IPs) on small sites and
/28 (13 usable IPs) on more important sites
- We typically route a 44.190 subnet for things that requite public
Internet addressing (D-Star, DMR, XLX) (as defined by DG8NGN), and a
44.168 subnet for all ham-related machines.
- Any site can have a 44.190 subnet, a 44.168 subnet, or both.
- There's no more dual adressing. All machines only have a 44.168 or
44.190 IP. Except for the central gateway, no machine / no server is
using public Internet IP anymore.
- Due to the highly experimental nature of the network and the tiny
size, we do not have full internal dynamic routing yet, and we use
static routing for now. Our dynamic experiments on some sites are using
OSPF.
- 44.190 subnet is routed on Internet with BGP via a Vultr VPS (which
costs $5/month, is easy to implement, and is independent of local ISP
BGP capabilities)
- 44.168 subnet is currently not routed on Internet via BGP, because
this does not have much sense. For now, it's not routed outside of our
island. But we plan to implement IP-IP routing on the central gateway
(as we had in our previous iteration)
Maybe we should try to identify all people using this kind of topology
all over the world (what I called a "Regional" or "local" gateways) ?
Then, we may try to "normalize" our implementations :
- Adoption of dual-addressing : 44.190 for things that require Internet
access, and 44.<country> for other things
- Choice of internal VPN tunneling protocol(s)
- Choice of internal routing protocol
- Choice of external routing method (tunnels and routing between gateways)
73 de TK1BI