On Mon, Jun 17, 2013 at 7:28 AM, Bryan Fields Bryan@bryanfields.net wrote:

I've been doing some work to get the IPIP tunnel information into a router on a daily basis, has anyone else automated this?

For "real" routers, I think a few people have tried this, with some difficulties.

If I remember right, IOS/Cisco would like you to configure a separate tunnel subinterface for each destination gateway, and with a large number of gateways (huge mesh network) at least the lower-end routers didn't quite appreciate the large amount of virtual interfaces.

On Linux we just use a single tunnel interface and a larger routing table which defines the tunnel endpoints using the next-hop attribute.

IOS or JunOS won't be able to decode the RIP updates sent by amprgw, since (1) the RIP packets simply contain destination prefixes (amprnet subnets) and the respective next-hop gateways on the other side of the internet and the routers would have to figure out somehow that those should be translated to tunnel configurations instead of simple routes in the main routing table, and (2) the RIP packets come in IPIP encapsulated and the routers are unlikely to parse them at all.

So, in any case, if tunnel configs would work, you'd need a separate unix/linux box to decode/download the amprnet tunnel routing table, convert it to your router's configuration, and push it in the router.

I was wondering how the reachability of this from the global routing table of the public internet works, if at all. Everything I've been reading says this is all separate, but we do interconnect at a couple locations. I must admit I'm new to this, but is 44/8 intended to be totally separate a la the GRX network?

It's intended to be totally separate, but there's a single gateway in the US announcing all of 44/8 and relaying packets from the Internet to amprnet hosts which have an ampr.org DNS entry in place. Also, a few local subnets are announced locally by the gateways using BGP, after signing the TOS (http://www.ampr.org/tos.txt) and obtaining permission documents from ARDC.

Upstream amprnet->internet packets should be routed, if possible, from the local gateway directly to the Internet, but ISP anti-spoofing filters / uRPF typically prohibit it these days (which is a very good thing in the botnet/DDOS respect). Unless, of course, you've arranged a BGP peering and announcing the subnet yourself, in which case you can send packets out from that subnet.

- Hessu, OH7LZB

Hi there Bryan F!

I would go with ipsec tunnels on the wire for peer authentication if you're going to be using cisco and juniper. Unless you consider linksys wrt54g units to be cisco, in which case I'd go with openvpn. From what I understand, openvpn works just fine on FreeBSD.

But you'll want to keep the crypto off your 10Mbit ham link of course. I haven't worked with much hardware in the 900MHz band, but I hear cisco makes some. Get those devices to bring up a point to point Ethernet bridge between the two of them and you should be golden.

I hear that Ubiquity makes some relatively inexpensive 900MHz equipment with a purdy web interface and tunable band sizes. No Java or Flash or Silverlight needed. But they run Linux.

Cheers,

C.J.

On Mon, 2013-06-17 at 00:28 -0400, Bryan Fields wrote:

(Please trim inclusions from previous messages) _______________________________________________ Greetings,

I've been doing some work to get the IPIP tunnel information into a router on a daily basis, has anyone else automated this?

I was wondering how the reachability of this from the global routing table of the public internet works, if at all. Everything I've been reading says this is all separate, but we do interconnect at a couple locations. I must admit I'm new to this, but is 44/8 intended to be totally separate a la the GRX network?

Granted my use of this space is for high speed wireless networks on the ham bands, I have little interest in the 9.6 kilobaud TCP/IP packet radio.

I've got some of the 900MHz FHSS gear hacked to run in a narrower channel, and I've been experimenting with running some of the 5ghz units in the ham band at 5cm (5mhz channel is able to do about 10mbit/s). My intention is to have it all work across hardware routers, ie cisco/ALU/juniper rather than maintain a bunch of linux boxes.

Thoughts?