17 Jun
2013
17 Jun
'13
5:28 a.m.
Greetings,
I've been doing some work to get the IPIP tunnel information into a router on
a daily basis, has anyone else automated this?
I was wondering how the reachability of this from the global routing table of
the public internet works, if at all. Everything I've been reading says this
is all separate, but we do interconnect at a couple locations. I must admit
I'm new to this, but is 44/8 intended to be totally separate a la the GRX
network?
Granted my use of this space is for high speed wireless networks on the ham
bands, I have little interest in the 9.6 kilobaud TCP/IP packet radio.
I've got some of the 900MHz FHSS gear hacked to run in a narrower channel, and
I've been experimenting with running some of the 5ghz units in the ham band at
5cm (5mhz channel is able to do about 10mbit/s). My intention is to have it
all work across hardware routers, ie cisco/ALU/juniper rather than maintain a
bunch of linux boxes.
Thoughts?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
17 Jun
17 Jun
6:05 a.m.
Hi Bryan,
You could use a single gateway machine runing linux to provide the tunnel
endpoints (with all the proper automated routes via Hessus's script).
From this point on, you can use whatever routes/routing
protocol you want to
forward the generic 44.0.0.0/8 traffic, the gateway doing the
split at the
tunnel endpoint side.
More complicated, I modified Hessu's script to forward these RIPv2 routes to
a Mikrotik router (this probably works on a cisco/juniper also) which I can
of course provide. So I got all tunnel rules into this gateway router
connected to a single linux machine acting as encapsulation server, the rest
being routed internally using OSPF and BGP with private AS (Yes, I just want
to play...).
73s de Marius, YO2LOJ
-----Original Message-----
From: 44net-bounces+marius=yo2loj.ro(a)hamradio.ucsd.edu
[mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Bryan
Fields
Sent: Monday, June 17, 2013 07:29
To: AMPRNet working group
Subject: [44net] Cisco/juniper configs?
(Please trim inclusions from previous messages)
_______________________________________________
Greetings,
I've been doing some work to get the IPIP tunnel information into a router
on a daily basis, has anyone else automated this?
I was wondering how the reachability of this from the global routing table
of the public internet works, if at all. Everything I've been reading says
this is all separate, but we do interconnect at a couple locations. I must
admit I'm new to this, but is 44/8 intended to be totally separate a la the
GRX network?
Granted my use of this space is for high speed wireless networks on the ham
bands, I have little interest in the 9.6 kilobaud TCP/IP packet radio.
I've got some of the 900MHz FHSS gear hacked to run in a narrower channel,
and I've been experimenting with running some of the 5ghz units in the ham
band at 5cm (5mhz channel is able to do about 10mbit/s). My intention is to
have it all work across hardware routers, ie cisco/ALU/juniper rather than
maintain a bunch of linux boxes.
Thoughts?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html
6:25 a.m.
On Mon, Jun 17, 2013 at 7:28 AM, Bryan Fields <Bryan(a)bryanfields.net> wrote:
I've been doing some work to get the IPIP tunnel
information into a router on
a daily basis, has anyone else automated this?
For "real" routers, I think a few people have tried this, with some
difficulties.
If I remember right, IOS/Cisco would like you to configure a separate
tunnel subinterface for each destination gateway, and with a large
number of gateways (huge mesh network) at least the lower-end routers
didn't quite appreciate the large amount of virtual interfaces.
On Linux we just use a single tunnel interface and a larger routing
table which defines the tunnel endpoints using the next-hop attribute.
IOS or JunOS won't be able to decode the RIP updates sent by amprgw,
since (1) the RIP packets simply contain destination prefixes (amprnet
subnets) and the respective next-hop gateways on the other side of the
internet and the routers would have to figure out somehow that those
should be translated to tunnel configurations instead of simple routes
in the main routing table, and (2) the RIP packets come in IPIP
encapsulated and the routers are unlikely to parse them at all.
So, in any case, if tunnel configs would work, you'd need a separate
unix/linux box to decode/download the amprnet tunnel routing table,
convert it to your router's configuration, and push it in the router.
I was wondering how the reachability of this from the
global routing table of
the public internet works, if at all. Everything I've been reading says this
is all separate, but we do interconnect at a couple locations. I must admit
I'm new to this, but is 44/8 intended to be totally separate a la the GRX
network?
It's intended to be totally separate, but there's a single gateway in
the US announcing all of 44/8 and relaying packets from the Internet
to amprnet hosts which have an ampr.org DNS entry in place. Also, a
few local subnets are announced locally by the gateways using BGP,
after signing the TOS (http://www.ampr.org/tos.txt) and obtaining
permission documents from ARDC.
Upstream amprnet->internet packets should be routed, if possible, from
the local gateway directly to the Internet, but ISP anti-spoofing
filters / uRPF typically prohibit it these days (which is a very good
thing in the botnet/DDOS respect). Unless, of course, you've arranged
a BGP peering and announcing the subnet yourself, in which case you
can send packets out from that subnet.
- Hessu, OH7LZB
6:53 a.m.
On Mon, 2013-06-17 at 08:25 +0300, Heikki Hannikainen wrote:
So, in any case, if tunnel configs would work,
you'd need a separate
unix/linux box to decode/download the amprnet tunnel routing table,
convert it to your router's configuration, and push it in the router.
If you decided to go this way, you could use a perl script with Net::SSH
to update the router's config. At least with IOS. I'm not familiar
with JunOS.
6:51 a.m.
Hi there Bryan F!
I would go with ipsec tunnels on the wire for peer authentication if
you're going to be using cisco and juniper. Unless you consider linksys
wrt54g units to be cisco, in which case I'd go with openvpn. From what
I understand, openvpn works just fine on FreeBSD.
But you'll want to keep the crypto off your 10Mbit ham link of course.
I haven't worked with much hardware in the 900MHz band, but I hear cisco
makes some. Get those devices to bring up a point to point Ethernet
bridge between the two of them and you should be golden.
I hear that Ubiquity makes some relatively inexpensive 900MHz equipment
with a purdy web interface and tunable band sizes. No Java or Flash or
Silverlight needed. But they run Linux.
Cheers,
C.J.
On Mon, 2013-06-17 at 00:28 -0400, Bryan Fields wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Greetings,
I've been doing some work to get the IPIP tunnel information into a router on
a daily basis, has anyone else automated this?
I was wondering how the reachability of this from the global routing table of
the public internet works, if at all. Everything I've been reading says this
is all separate, but we do interconnect at a couple locations. I must admit
I'm new to this, but is 44/8 intended to be totally separate a la the GRX
network?
Granted my use of this space is for high speed wireless networks on the ham
bands, I have little interest in the 9.6 kilobaud TCP/IP packet radio.
I've got some of the 900MHz FHSS gear hacked to run in a narrower channel, and
I've been experimenting with running some of the 5ghz units in the ham band at
5cm (5mhz channel is able to do about 10mbit/s). My intention is to have it
all work across hardware routers, ie cisco/ALU/juniper rather than maintain a
bunch of linux boxes.
Thoughts?
13 Aug
13 Aug
4:29 a.m.
Would a 3Com 5682 router be sufficiently compatible with Cisco to run the
same route scripts for BGP on the internet and make a colo owner happy?
Jim A , KB3TBX Central Pennsylania
3916
days inactive
3973
days old
5 comments
5 participants
participants (5)
-
Bryan Fields -
C.J. Adams-Collier KF7BMP -
Heikki Hannikainen -
Jim Alles -
Marius Petrescu