15 Mar
2019
15 Mar
'19
6:03 p.m.
And then you'll have issues in at least parts of
the German networks.
You will have issues with them no matter what. Their network design just isn't
suitable
for connection to internet. No matter if you do or don't use tunnels, you will always
have
issues in some way.
Rob
16 Mar
16 Mar
6:09 a.m.
New subject: BGP routes in RIP transmissions - Using ampr-ripd in parallel with BGP ?
On 16/03/19 05:03, Rob Janssen wrote:
Which leaves us with a bit of Shakespeare: "To tunnel or
not to
tunnel? That is the question.". Adding IPIP tunneling would make my
life easier, because I'd then have a direct path to my BGP subnet.
Although its purpose is to provide Internet facing services (currently
Echolink proxies and conferences, IRLP reflector and D-STAR), I have at
least one host that will use them - Echolink on my desktop needs proxy
access, which is now on 44.x addresses. By default it will attempt to
do those using its own 44.x address.
Other options are to setup a net route via the main NAT router (quick
and easy, and probably the best short term option) or setup a VPN, which
would at least ensure full access between my subnets.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
And then
you'll have issues in at least parts of the German networks.
You will have issues with them no matter what. Their network design
just isn't suitable
for connection to internet. No matter if you do or don't use tunnels,
you will always have
issues in some way. 
18 Mar
18 Mar
1:38 p.m.
New subject: BGP routes in RIP transmissions - Using ampr-ripd in parallel with BGP ?
Hi,
Le 15/03/2019 à 19:03, Rob Janssen a écrit :
You will have issues with them no matter what. Their
network design
just isn't suitable
for connection to internet. No matter if you do or don't use tunnels,
you will always have
issues in some way.
Our future design should be able to take care of that. It's a
mix-and-match between our old custom design (using private addressing)
and AMPRNet IP addressing :
- We are an island, so our network will be managed as a "closed"
network, with only two gateways to "the rest of the world", in two data
centers located in the two the main cities.
- Our "internal" network will use radio links when possible, and VPN
links when not. Our VPNs are made with OpenVPN running on OpenWRT boxes
(called TKBoxes). This makes them 100% Plug-and-Play, which has shown to
be very useful and reliable over the years in various situations where
IP-IP would have been unusable (end-users with poor network skills, low
points hosted by third-party partners over which we have no control, ISP
resetting their boxes thus loosing port openings, specific business ISPs
where all outgoing traffic except 80 and 443 is closed, etc...)
- Our "internal" net will use OSPF where redundant or meshed links are
available
- We'll use 44.190 addressing for all things that need to be reachable
from Internet (Web servers, VoIP, Echolink, XLX, DMR, OpenBridge,
etc...). This subnet is already announced in BGP.
- We'll use 44.168 addressing for all "internal" addresses (machines
that are purely HAM, that won't have to be reachable from Internet, but
that should be reachable from AMPRNets/HamNets). We planned to announce
them in BGP, too. At this point, it's still unclear whether we'll need a
specific VPN tunnel with iBGP to reach German networks or not.
In fact, our design is just like a tiny German network, but in a closed
area(an island), and with Internet routing in mind (each site can have
both 44.190 "public" addresses, and 44.168 "private" adresses). We
then
split the problem in two parts :
- "internal" things (fully handled by us, whatever the rest of the world
does)
- "gateways" managing connections to the rest of the world. All
routing/firewalling/tunelling problems will have to be handled there
(and only there)
As we'll have only two gateways, this should make things easier (I hope !)
--
Most of the things involved in this topology have been tested
individually, but we still need to glue them all together, and migrate
our old 10.44 addressing scheme to this new one. If someone sees any
inconsistency or discrepancy in this design, please tell, before it's
too late, HI :-) We'd like to start migration ASAP...
73 de TK1BI
2088
days inactive
2091
days old
2 comments
3 participants
participants (3)
-
Rob Janssen -
Tony Langdon -
Toussaint OTTAVI