On 7/25/13 1:40 PM, Marc, LX1DUC wrote:
However I'm not sure I'm able to provide an IS-IS capable router for the trial...
A Juniper O-series might work ;)
I think the 2811s from cisco are cheap enough now (under 400 on ebay). The issue with cisco is you need some one to get the code for you now that they've locked down the CCO site.
I'd love to use ALU gear, but it's just to expensive on the used market.
But this is all just discussion on how we wan to do it at this point.
We'll need some detailed proposals and come to a conciseness on it.
Yeah, I will need a detailed concrete plan to go to our routing guru and manager for approval. I doubt they will allow it to run on production routers, but we have some older gear in our lab I might be able to re-purpose.
On thing I'm not clear on. As a potential admin of a AMPR POP would I have to manually configure GRE tunnels for every local gateway that wants to connect ? That could be headache.
-Neil
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A Juniper O-series might work ;)
I think the 2811s from cisco are cheap enough now (under 400 on ebay). The issue with cisco is you need some one to get the code for you now that they've locked down the CCO site.
I'd love to use ALU gear, but it's just to expensive on the used market.
But this is all just discussion on how we wan to do it at this point.
We'll need some detailed proposals and come to a conciseness on it.
Well I think in HAM-Radio we should be vendor agnostic and things should be compatible with OSS, DIY and homebrew system.
73 de Marc, LX1DUC
On Thu, Jul 25, 2013 at 1:51 PM, Marc, LX1DUC lx1duc@rlx.lu wrote:
(Please trim inclusions from previous messages) Well I think in HAM-Radio we should be vendor agnostic and things should be compatible with OSS, DIY and homebrew system.
Protocol and Vendor agnostic yes , but people running production networks get nervous around "unsupported" (i.e. they can't call a number and get help right away). devices tied into their nets. Not saying it can't be done, but a lot of effort must be put in place to protect the Net from trouble.
What I'm saying is that the POPs would need to be run by truly competent personnel and configured to protect the Net from accidental or malicious configurations at the local gateway level.
When you start messing with routing on the Internet you HAVE to know what you are doing and trust your device not to do something stupid.
-Neil
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Protocol and Vendor agnostic yes , but people running production networks get nervous around "unsupported" (i.e. they can't call a number and get help right away). devices tied into their nets. Not saying it can't be done, but a lot of effort must be put in place to protect the Net from trouble.
What I'm saying is that the POPs would need to be run by truly competent personnel and configured to protect the Net from accidental or malicious configurations at the local gateway level.
When you start messing with routing on the Internet you HAVE to know what you are doing and trust your device not to do something stupid.
Agreed, so we need skilled operators for the regional internet gateways (RIGs) and they should be working close with or even within the organization hosting the RIGs. The hoster is also free to take any actions necessary to protect it's network by filtering and limiting the announcements from the RIG or even shutdown the BGP session completely.
All this however doesn't change the fact that the setup does not require hardware from big C or big J or whomever, a carefully selected Linux Box running some kind of routing daemons (e.g. Quagga, Bird, ExaBGP) can suffice to cope with all the tasks. Alot of projects have proven that a stable service using Linux based BGP speakers (AS112, a.ntpns.org (aka AS6647), etc) is possible.
73 de Marc, LX1DUC
Interesting, I had asked the question earlier how much administrative work would be required by the AMPR POP's admin(s) to configure the GRE/IP-IP tunnels from the local gateways. I didn't get a response.
I agree that using a Linux/BSD box could allow users to provision their own tunnels via a carefully written script.
-Neil
On Thu, Jul 25, 2013 at 5:05 PM, Marc, LX1DUC lx1duc@rlx.lu wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Protocol and Vendor agnostic yes , but people running production networks get nervous around "unsupported" (i.e. they can't call a number and get help right away). devices tied into their nets. Not saying it can't be done, but a lot of effort must be put in place to protect the Net from trouble.
What I'm saying is that the POPs would need to be run by truly competent personnel and configured to protect the Net from accidental or malicious configurations at the local gateway level.
When you start messing with routing on the Internet you HAVE to know what you are doing and trust your device not to do something stupid.
Agreed, so we need skilled operators for the regional internet gateways (RIGs) and they should be working close with or even within the organization hosting the RIGs. The hoster is also free to take any actions necessary to protect it's network by filtering and limiting the announcements from the RIG or even shutdown the BGP session completely.
All this however doesn't change the fact that the setup does not require hardware from big C or big J or whomever, a carefully selected Linux Box running some kind of routing daemons (e.g. Quagga, Bird, ExaBGP) can suffice to cope with all the tasks. Alot of projects have proven that a stable service using Linux based BGP speakers (AS112, a.ntpns.org (aka AS6647), etc) is possible.
73 de Marc, LX1DUC -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJR8aEcAAoJEHFIN1T8ZA8vQDAQAIdHlreR64mBNBQpdPbSKGw8 KYpMfxjp8OLRHozDxRcAhbW8zgru31CrCfErBsqjpoSWkocTwklMW8PWvQZ7ATBW wPFugqxgGtKPD9BX32tp0REWc5+q4mNiZpChw4N5+MPqVjEGEkChbjxB2dLYUfvu ncussosXTlyBePvOO5/hN5l+j917ajAng2P6QMWPNT+HNU9kyps5rSnPh960HGBD BGKlw12RuJ4KBWvSlDBRkkqTMm1teXqNYVPMh8s1TPjL41LEYMt7CBXDjlKZlFZB vLvBVijo4HIekgcc50Ao8Lz0vZmQ5GbvAB9R0qGZyyguTxLB0P5qGylfltP8MsVS WhVfihaI1f0wn5HnCoQMyaxnmYtqAg7Dr+cpc0sUAXjz6wiwUHZw+gmhucXGW9Ug gIJ9J4QCPLWDSfNo/l52hYHBneoy3zThcjx9pmRVDvolQpGeVQNvSFd1jZFZFSPn c8NDXCXvtv1cikOmfEfxyRWnbm9gbIJ3uuS3zf4h+Qq8n4qZjQcULI1hDZAlCtqs OczFFtgmaEhnOtyEpKJrN99NTQPqpxGAk5Nfu+pl0Piz2MjFLh67yuYwLbWkaols TCOgWwoE3n8fmIxXGqDKaiL0ifY7mnfDyo2f3pp2Pahi57BffNavIuvQWtno2n4u nmP9hSpNPhH9lx9nwgl+ =6vpz -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 26/07/2013 18:57, Neil Johnson wrote:
Interesting, I had asked the question earlier how much administrative work would be required by the AMPR POP's admin(s) to configure the GRE/IP-IP tunnels from the local gateways. I didn't get a response.
I agree that using a Linux/BSD box could allow users to provision their own tunnels via a carefully written script.
I think one goal of this discussion should be to make the basic setup of Local Gateway a task of a few minutes.
The setup and operation of a Regional Internet Gateway is a different chapter however :-)
73 de Marc, LX1DUC
-
Bryan Fields -
Marc, LX1DUC -
Neil Johnson