Rob et al;
This user is flagged RADIO only in his config and should not be a listed "gateway" at all:
...
If this is causing an issue, let me know and I'll send him a note asking him what he's looking to do and point him to a few things that may help him out.
Well, the recurring issue is that users do not really understand the whole system and still are expected to manage it themselves via the portal. This does not work well. They experiment with entering some data, see it appear listed under their account, but do not understand what it is for. They leave it there and move on to another experiment.
I do not blame them, it is a complicated matter and there are many options of connecting to the network. On my own pages I strongly advise against using the portal and instead mail me with the request they have, usually they do not want to use IPIP anyway and registering on the portal does more harm than good.
Of course it could be improved in the portal user interface, but it has been claimed before that restricting people to making valid entries (i.e. the external gateway address is NOT in net-44 and the advertised subnets are owned by the gateway operator) causes issues in some niche situations. Hence those checks have been removed, and users are no longer guided towards what they should and should not (and probably don't want to) do.
Users get an address from me, and register a gateway in the portal with that address as external address (this is what caused the mishap this week!). Moreover, they have to add advertised networks and they do not understand that they first have to request a network to be assigned to them, and they pick a random network from the pulldown list (this happened with the same user).
So I am all for a change towards a system where people like coordinators or other experienced users have to validate the entered gateway configuration before it becomes active.
But recognizing that this would require more programming work in the portal (and thus in practice will not happen), I am for a reduction of the complexity and vulnerability of the system by removing dangerous capabilities that almost nobody uses, such as having the gateway address within net-44 and the advertisement of networks not owned by the user. They could still be allowed for existing users and could still be modified by administrators of the portal, but not by end-users.
Rob
Rob et al;
On Sun, 2019-04-07 at 11:56 +0200, Rob Janssen wrote:
Well, the recurring issue is that users do not really understand the whole system and still are expected to manage it themselves via the portal. This does not work well. They experiment with entering some data, see it appear listed under their account, but do not understand what it is for. They leave it there and move on to another experiment.
The portal has made it easier for those to request blocks and for routing to become a bit more efficient through RIP vs having to download the encap.txt file and having to reload it every so often so the automation is definitely welcomed in this regard. The whole concept of ip encapsulation under ip is what confuses most people. Take OpenVPN for example - people don't want to know it's using ip encapsulation, they just want to configure it and have it work. This has been a problem for decades in regard to 44/8. I'm not pointing fingers at anyone either it's just a nature of the beast and those who try to use it.
I do not blame them, it is a complicated matter and there are many options of connecting to the network. On my own pages I strongly advise against using the portal and instead mail me with the request they have, usually they do not want to use IPIP anyway and registering on the portal does more harm than good.
Whenever I cut blocks, I always invite them to contact me if there's any trouble. Those who appear serious will, most others won't.
So I am all for a change towards a system where people like coordinators or other experienced users have to validate the entered gateway configuration before it becomes active.
That could turn into something a bit too time consuming as well for those who would be in charge of taking responsibility for the functioning systems of others such as coordinators. I have tools and script that configure systems for you and white pages, etc. all on my website in about as simplest of terminologies as possible. I don't know how much easier we can make things for those who wish to remain ignorant as to how 44/8 works. You can only help those who wish to help themselves.
-
Brian -
Rob Janssen