Hello everyone,
I’ve stumbled on a problem with my 44net connection and I’m hoping someone can shed light on what’s going on.
I’m connected using IPIP, and I can exchange traffic with other hosts that are also using IPIP (and hence appear in the RIP broadcasts).
Where I’m struggling is with a couple of subnets which perform their own BGP advertisements. I can reach them over the internet, but can’t from my 44net-connected system.
I can see traffic leaving my network for the hosts in question, encapsulated with a destination address of 169.228.34.84 (amprgw.ucsd.edu http://amprgw.ucsd.edu/), but my packets never reach the remote systems.
Any clues?
Mike Quin
Mike,
Hey, what's your callsign?
Your routing instance should configure those nodes to use your own WAN connection. If NAT/Masquerade is needed for that purpose, you should do so. But, I notice now that I don't see such routes on my routing table anymore(?). You may be merely observing your configured default route for subnets not in your table (I see the same behavior). I run ampr-ripd version 2.4.1 on OpenWrt 23.05.2 - what are you running?
Since they do not run a tunnel (which they should if we need to reach them, otherwise they'd be in the route table) - we would need to understand how they'd handle the connection nonetheless.
Basically, the BGP IPs are on the Public Internet, hence should connect with a Public IP.
73,
- Lynwood KB3VWG
Not every BGP announced subnet is in the IPIP list, so route the rest of amprnet just directly to Internet. That is what I do here.
Bob VE3TOK
On 2023-12-19 17:29, Mike Quin via 44net wrote:
Hello everyone,
I’ve stumbled on a problem with my 44net connection and I’m hoping someone can shed light on what’s going on.
I’m connected using IPIP, and I can exchange traffic with other hosts that are also using IPIP (and hence appear in the RIP broadcasts).
Where I’m struggling is with a couple of subnets which perform their own BGP advertisements. I can reach them over the internet, but can’t from my 44net-connected system.
I can see traffic leaving my network for the hosts in question, encapsulated with a destination address of 169.228.34.84 (amprgw.ucsd.edu http://amprgw.ucsd.edu), but my packets never reach the remote systems.
Any clues?
Mike Quin
44net mailing list --44net@mailman.ampr.org To unsubscribe send an email to44net-leave@mailman.ampr.org
Thank you Bob and Lynwood
I’m running ampr-ripd 2.4-1 on a Raspberry Pi (Raspbian 11).
I understand the suggestion to just route traffic to these systems via the internet, but that feels like it contradicts how the FAQ describes AmprGW’s features:
"It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts” (https://wiki.ampr.org/wiki/FAQ).
I’m aware that connections between IPIP hosts and the general Internet need to be authorized (by having an DNS A record) does that restriction also apply to BGP-routed parts of 44net?
Mike 2M0MQN
Mike, you should take that as an option, not as a "must". Otherwise why would it make sense to BGP announce a subnet on the global internet, if using the ampr gateway would be mandatory? In such a case, the tunnel mesh would do just fine. Let's take an example: Me, at 44.182.21.1 want to reach 44.182.10.1 which is BGP announced. Using my own public IP this would be: 44.182.21.1->(nat)89.33.44.100->[about 5 hops]->44.182.10.1 (src 89.33.44.100, RTT 4 msec, some 300km apart). Using the ampr-gw this becomes: 44.182.21.1->[tunneling, about 15 hops]->ampr-gw-> [abt. 15 hops]->44.182.10.1 (src 44.182.21.1, RTT 450 msec, crossing the ocean twice). The idea is to connect directly via your internet provider, so that you get there more efficient and offload the forwarding through ampr-gw. The only draw-back is that you would reach the destination with your public IP as source instead of your 44 address.
Marius, YO2LOJ
On 20/12/2023 10:55, Mike Quin via 44net wrote:
Thank you Bob and Lynwood
I’m running ampr-ripd 2.4-1 on a Raspberry Pi (Raspbian 11).
I understand the suggestion to just route traffic to these systems via the internet, but that feels like it contradicts how the FAQ describes AmprGW’s features:
"It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts” (https://wiki.ampr.org/wiki/FAQ).
I’m aware that connections between IPIP hosts and the general Internet need to be authorized (by having an DNS A record) does that restriction also apply to BGP-routed parts of 44net?
Mike 2M0MQN
44net mailing list --44net@mailman.ampr.org To unsubscribe send an email to44net-leave@mailman.ampr.org
Hi to the group.
One of the project of the TAC this year was to work on a way to links all of the 44net network legs in a better and more effective way. It is a project to add point of presence around the globe to help route between each of them with better route. And at the same time, helping people to connect to the 44net than using the ipip network. ( we are not talking about removing the ipip mesh, just adding way's to connect to the 44 net ip realm )
I cant wait to see the result of that work done by a real good group of people.
I was in good health most of the year and was not able to follow the progress of the project. (Still I dont have more than a few good days a week.) So I did not do much in the whole story.
So the the TAC keep going strong. Also Chris also worked on another project. When it will come online people will like it a lot!
Pierre VE2PF
________________________________________ De : Mike Quin via 44net 44net@mailman.ampr.org Envoyé : 20 décembre 2023 03:55 À : 44net@mailman.ampr.org Objet : [44net] Re: Reaching BGP subnets through AmprGW
Thank you Bob and Lynwood
I’m running ampr-ripd 2.4-1 on a Raspberry Pi (Raspbian 11).
I understand the suggestion to just route traffic to these systems via the internet, but that feels like it contradicts how the FAQ describes AmprGW’s features:
"It forwards traffic between Internet hosts (including those AMPRNet that are directly connected to the Internet [BGP-routed]) and IPIP tunneled AMPRNet hosts” (https://wiki.ampr.org/wiki/FAQhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.ampr.org%2Fwiki%2FFAQ&data=05%7C02%7C%7C35548c56bcb648e6e06708dc01397aaf%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638386593653133577%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=D82Ma2mIlFBSMNK3b1TaOGcf4wNSx4NqsYe0xwB4KNA%3D&reserved=0).
I’m aware that connections between IPIP hosts and the general Internet need to be authorized (by having an DNS A record) does that restriction also apply to BGP-routed parts of 44net?
Mike 2M0MQN
-
Boudewijn (Bob) Tenty -
lleachii@aol.com -
Marius Petrescu -
Mike Quin -
pete M