Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
Will Chris be named as a POC in ARIN to be able to provide LOA to upstreams for BGP announcement?
On Mon, Dec 30, 2019 at 12:39 PM Phil Karn via 44Net 44net@mailman.ampr.org wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
1. Has all previous assignment by WB6CYT been overruled? Or am I singled out?
2. What are the current rules on allocation now? A snapshot of the latest version of ToS is at: https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser... It does not requires personal information beyond ASN addresses.
3. What is G1FEF's role in the allocation, which are the rights that ARDC holds has been delegated to this guy along.
4. The holding-the-ID-in-a-photo-of-you practice is pretty common when dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
5. Is Chris Smith, G1FEF capable of handling sensitive personal data? He's handling data as natural person, or an legal entity that ARDC approves?
6. If there's another change, do anyone with a allocation has to go through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi Quan,
Chris is indeed the person responsible for the BGP allocations after Brian's passing as was mailed by Phil Karn on Dec 30 2019. --
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
--
However, the allocation should always be in the portal and approved by your countries coordinator. Afaik an allocation that is not in the portal is technically not valid.
I won't speak about the personal details which may or may not need to be shared. That is a discussion to be held with the responsibles from AMPR
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Quan Zhou via 44Net Sent: Thursday, February 20, 2020 06:19 To: 44net@mailman.ampr.org Cc: Quan Zhou quan@posteo.net Subject: [44net] A few more questions Re: BGP portal management after WB6CYT's passing
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
1. Has all previous assignment by WB6CYT been overruled? Or am I singled out?
2. What are the current rules on allocation now? A snapshot of the latest version of ToS is at: https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser... It does not requires personal information beyond ASN addresses.
3. What is G1FEF's role in the allocation, which are the rights that ARDC holds has been delegated to this guy along.
4. The holding-the-ID-in-a-photo-of-you practice is pretty common when dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
5. Is Chris Smith, G1FEF capable of handling sensitive personal data? He's handling data as natural person, or an legal entity that ARDC approves?
6. If there's another change, do anyone with a allocation has to go through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi all,
Le 20/02/2020 à 08:37, Ruben ON3RVH via 44Net a écrit :
However, the allocation should always be in the portal and approved by your countries coordinator. Afaik an allocation that is not in the portal is technically not valid.
I also have a subnet that is not in the portal... Here are the details :
As we are an island, we developed a specific network topology, which uses two central gateways in data centers, and what we call "TKBoxes" (formally, OpenWRT/OpenVPN boxes which establish communications with the two data centers in a Plug-and-play manner over any Internet provider). Our initial routing scheme was using private addressing (10.44.0.0/16) and we are gradually migrating to AMPRNet / HamNet addressing.
My current subnets are : - 44.190.11.0/24 : Declared in the portal, currently announced via BGP on Internet, and hosting production services facing public Internet (WEB, XLX, VoIP, etc...) - 44.168.80.0/23 : Allocated directly with the 44.168.0.0/16 French coordinator, but *not* declared in the portal yet. It's currently in use (80% of our old 10.44.0.0 net has been migrated to it). But it's currently not routed outside of the island. It's still unclear if I should route it via eBGP over Internet (and probably having trouble with the rest of the European HamNet), if I should route it only with HamNet schemes (IP-IP tunnels and iBGP with EU neighbors), or both. After several discussions here and in private mail with the involved people, I think the best solution would be to follow DG8NGN's advice, and keep separate routing schemes : - 44.190.11.0/24 is an Internet subnet and should be routed on Internet via BGP - 44.168.80.0/23 is a Hamnet subnet, with absolutely no need to be routed on public Internet, and should be routed only with Hamnet techniques
Anyway, as everybody knows ;-) this is done only on our free time. No formal decision has been taken yet about the routing technique to be used for 44.168.80.0/23, and no routing of that subnet exists for now outside of our island. It's in the TODO list, but not done yet ;-)
Then, I agree with you : in an ideal world, all subnets should be registered in the portal. Anyway, I don't think removing all what is not in the portal (yet) without any discussion would be a brilliant idea...
73 de TK1BI
Hello Quan,
I can give you my perspective as an AMPR coordinator on how BGP allocations usually get processed. When I receive a request from a user requesting a BGP prefix, I ask a bunch of questions to ensure the person understands the minimum requirements. My questions include:
- Your callsign (is it valid with your government's amateur radio licensing body)
- Your current home address (to know if you're in my AMPR coordination territory or not). The use of PO boxes or otherwise greatly complicate this Q&A discussion
- I have never requested nor am I aware of Brian Kantor previously requesting copies of a person's photo-id to prove identity. This does NOT mean it's never been requested in the past
- Would your use of address space be for primarily Internet-only focus traffic or RF-servicing traffic?
- Your intended purpose for the address space (to ensure it meets the guidelines of AMPR's charter)
- Your Justification for any requests larger than a /24 as our address space isn't unlimited
- Your allocated ARIN ASN number ( associated to your name or to a company you directly control)
Once I receive appropriate answers for all of the items above, I would either approve the AMPR subnet in the AMPR Portal or if more Internet-only facing traffic, have the user to close out the current AMPR request and create a new request in the 44.190/16 prefix managed by Jan DG8NGN for an allocation. At that point, Brian Kantor would then review the allocation with all the above Q&A answers. If Brian was satisfied with the details, he would begin the LOA process and ultimately send you an official approval email. At that point, some hosting ISPs would then send Brian Kantor a "consent letter" request that he would need to respond to. This response sometimes would require that it be from the ARDC on ARDC letterhead with Brian's hand signature. With all the paperwork completed, you or your hosting provided would then be able to start announcing your allocated prefix.
I know this process can be invasive but you would be surprised how many bogus requests I've received over the years. I have to assume this is because of the scarcity of IPv4 addresses and/or people trying to do bad things over the Internet hoping that AMPR address space would shield them somehow. I would assume that if you followed a similar process for your BGP prefixes and can provide all the previous email exchanges with you, your local AMPR coordinator and Brian Kantor and most importantly his approval email, I would assume that Chris G1FEF would accept all that as a valid allocation.
Beyond that, you can consider taking this discussion up with the ARDC board:
https://www.ampr.org/about/who-we-are/ -- President/CEO: Phil Karn — KA9Q
Treasurer: Bdale Garbee — KB0G John Gilmore — W0GNU K. C. Claffy — KC6KCC
Technical Advisory Committee John Hays — K7VE Heikki Hannikainen — OH7LZB Tim Osburn — W7RSZ Tim Pozar — KC6GNJ
Hope this helps.
--David KI6ZHD Silicon Valley 44.4.x.x/16 AMPR Coordinator
On 02/19/2020 09:18 PM, Quan Zhou via 44Net wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I
singled out?
- What are the current rules on allocation now? A snapshot of the
latest version of ToS is at: https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser...
It does not requires personal information beyond ASN addresses.
- What is G1FEF's role in the allocation, which are the rights that
ARDC holds has been delegated to this guy along.
- The holding-the-ID-in-a-photo-of-you practice is pretty common when
dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
- If there's another change, do anyone with a allocation has to go
through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Quan brings up a very good point. If AMPR is requiring and retaining photo identification and home address on the ham radio licence is the intention to be in compliance with Personal Data Privacy Laws for every country in the world? Note that as an example Russia does not allow this sort of PII (Personally Identifiable Information) to be stored any place besides inside the boarders of Russia. In the professional opinion of my wife W4FHL who is an SPHR (Senior Professional of HR think CPA of HR) who is a director of HR for a global shipping company this is a very, risk to AMPR. Basically AMPR would need to retain a lawyer and hire a copanice manage ensures personal data is protected properly for every country.
AMPR should require only a copy of the licence with the home address blacked out. Anything else is a violation of PII (personal identifiable Information) regulations in almost any country in the world. Our suggestion is conduct an electronic shred what of what AMPR has currently and remove this requirement ASAP. As AMPR has significant funds on hand this make a very large target for both regulatory agencies as well as persons if their data is breached.
Lin and Adrienne Holcomb NI4Y and W4FHL
On Thu, Feb 20, 2020 at 11:42 AM David Ranch via 44Net < 44net@mailman.ampr.org> wrote:
Hello Quan,
I can give you my perspective as an AMPR coordinator on how BGP allocations usually get processed. When I receive a request from a user requesting a BGP prefix, I ask a bunch of questions to ensure the person understands the minimum requirements. My questions include:
- Your callsign (is it valid with your government's amateur radiolicensing body)
- Your current home address (to know if you're in my AMPRcoordination territory or not). The use of PO boxes or otherwise greatly complicate this Q&A discussion
- I have never requested nor am I aware of Brian Kantor previouslyrequesting copies of a person's photo-id to prove identity. This does NOT mean it's never been requested in the past
- Would your use of address space be for primarily Internet-onlyfocus traffic or RF-servicing traffic?
- Your intended purpose for the address space (to ensure it meetsthe guidelines of AMPR's charter)
- Your Justification for any requests larger than a /24 as ouraddress space isn't unlimited
- Your allocated ARIN ASN number ( associated to your name or to acompany you directly control)
Once I receive appropriate answers for all of the items above, I would either approve the AMPR subnet in the AMPR Portal or if more Internet-only facing traffic, have the user to close out the current AMPR request and create a new request in the 44.190/16 prefix managed by Jan DG8NGN for an allocation. At that point, Brian Kantor would then review the allocation with all the above Q&A answers. If Brian was satisfied with the details, he would begin the LOA process and ultimately send you an official approval email. At that point, some hosting ISPs would then send Brian Kantor a "consent letter" request that he would need to respond to. This response sometimes would require that it be from the ARDC on ARDC letterhead with Brian's hand signature. With all the paperwork completed, you or your hosting provided would then be able to start announcing your allocated prefix.
I know this process can be invasive but you would be surprised how many bogus requests I've received over the years. I have to assume this is because of the scarcity of IPv4 addresses and/or people trying to do bad things over the Internet hoping that AMPR address space would shield them somehow. I would assume that if you followed a similar process for your BGP prefixes and can provide all the previous email exchanges with you, your local AMPR coordinator and Brian Kantor and most importantly his approval email, I would assume that Chris G1FEF would accept all that as a valid allocation.
Beyond that, you can consider taking this discussion up with the ARDC board:
https://www.ampr.org/about/who-we-are/ -- President/CEO: Phil Karn — KA9Q Treasurer: Bdale Garbee — KB0G John Gilmore — W0GNU K. C. Claffy — KC6KCC Technical Advisory Committee John Hays — K7VE Heikki Hannikainen — OH7LZB Tim Osburn — W7RSZ Tim Pozar — KC6GNJHope this helps.
--David KI6ZHD Silicon Valley 44.4.x.x/16 AMPR Coordinator
On 02/19/2020 09:18 PM, Quan Zhou via 44Net wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I
singled out?
- What are the current rules on allocation now? A snapshot of the
latest version of ToS is at:
https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser...
It does not requires personal information beyond ASN addresses.
- What is G1FEF's role in the allocation, which are the rights that
ARDC holds has been delegated to this guy along.
- The holding-the-ID-in-a-photo-of-you practice is pretty common when
dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
- If there's another change, do anyone with a allocation has to go
through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Wouldn’t a simple option be to use something like WorldLog And have the identification code that is mailed to you be used As proof of identity.
Adam KC7GDY
On Feb 20, 2020, at 10:24 AM, Lin Holcomb via 44Net 44net@mailman.ampr.org wrote:
Quan brings up a very good point. If AMPR is requiring and retaining photo identification and home address on the ham radio licence is the intention to be in compliance with Personal Data Privacy Laws for every country in the world? Note that as an example Russia does not allow this sort of PII (Personally Identifiable Information) to be stored any place besides inside the boarders of Russia. In the professional opinion of my wife W4FHL who is an SPHR (Senior Professional of HR think CPA of HR) who is a director of HR for a global shipping company this is a very, risk to AMPR. Basically AMPR would need to retain a lawyer and hire a copanice manage ensures personal data is protected properly for every country.
AMPR should require only a copy of the licence with the home address blacked out. Anything else is a violation of PII (personal identifiable Information) regulations in almost any country in the world. Our suggestion is conduct an electronic shred what of what AMPR has currently and remove this requirement ASAP. As AMPR has significant funds on hand this make a very large target for both regulatory agencies as well as persons if their data is breached.
Lin and Adrienne Holcomb NI4Y and W4FHL
On Thu, Feb 20, 2020 at 11:42 AM David Ranch via 44Net < 44net@mailman.ampr.org> wrote:
Hello Quan,
I can give you my perspective as an AMPR coordinator on how BGP allocations usually get processed. When I receive a request from a user requesting a BGP prefix, I ask a bunch of questions to ensure the person understands the minimum requirements. My questions include:
- Your callsign (is it valid with your government's amateur radio
licensing body)
- Your current home address (to know if you're in my AMPR
coordination territory or not). The use of PO boxes or otherwise greatly complicate this Q&A discussion
- I have never requested nor am I aware of Brian Kantor previously
requesting copies of a person's photo-id to prove identity. This does NOT mean it's never been requested in the past
- Would your use of address space be for primarily Internet-only
focus traffic or RF-servicing traffic?
- Your intended purpose for the address space (to ensure it meets
the guidelines of AMPR's charter)
- Your Justification for any requests larger than a /24 as our
address space isn't unlimited
- Your allocated ARIN ASN number ( associated to your name or to a
company you directly control)
Once I receive appropriate answers for all of the items above, I would either approve the AMPR subnet in the AMPR Portal or if more Internet-only facing traffic, have the user to close out the current AMPR request and create a new request in the 44.190/16 prefix managed by Jan DG8NGN for an allocation. At that point, Brian Kantor would then review the allocation with all the above Q&A answers. If Brian was satisfied with the details, he would begin the LOA process and ultimately send you an official approval email. At that point, some hosting ISPs would then send Brian Kantor a "consent letter" request that he would need to respond to. This response sometimes would require that it be from the ARDC on ARDC letterhead with Brian's hand signature. With all the paperwork completed, you or your hosting provided would then be able to start announcing your allocated prefix.
I know this process can be invasive but you would be surprised how many bogus requests I've received over the years. I have to assume this is because of the scarcity of IPv4 addresses and/or people trying to do bad things over the Internet hoping that AMPR address space would shield them somehow. I would assume that if you followed a similar process for your BGP prefixes and can provide all the previous email exchanges with you, your local AMPR coordinator and Brian Kantor and most importantly his approval email, I would assume that Chris G1FEF would accept all that as a valid allocation.
Beyond that, you can consider taking this discussion up with the ARDC board:
https://www.ampr.org/about/who-we-are/
President/CEO: Phil Karn — KA9Q
Treasurer: Bdale Garbee — KB0G John Gilmore — W0GNU K. C. Claffy — KC6KCC
Technical Advisory Committee John Hays — K7VE Heikki Hannikainen — OH7LZB Tim Osburn — W7RSZ Tim Pozar — KC6GNJ
Hope this helps.
--David KI6ZHD Silicon Valley 44.4.x.x/16 AMPR Coordinator
On 02/19/2020 09:18 PM, Quan Zhou via 44Net wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I
singled out?
- What are the current rules on allocation now? A snapshot of the
latest version of ToS is at:
https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser...
It does not requires personal information beyond ASN addresses.
- What is G1FEF's role in the allocation, which are the rights that
ARDC holds has been delegated to this guy along.
- The holding-the-ID-in-a-photo-of-you practice is pretty common when
dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
- If there's another change, do anyone with a allocation has to go
through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-- Lin Holcomb
Office: +1 404 806 5412 Mobile: +1 404 933 1595 Fax: +1 404 348 4250 _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi David,
Thank you for kind and detailed reply, this is Very helpful!
I did not realize that there was so many paper work even after the LOA, and it totally makes sense that taking some additional steps to reduce the bogus request. But my major concerns are two things, 1) chain of trust; 2) personal data.
Trust chain:
- When I've received the complaint from G1FEF, I went through this mail-list and figured out that he's in charge of the allocation.
- Then, I've verified the mail is actually from him, since I trust my mail provide "posteo", I briefly checked the mail header "Authentication-Results", and it says "dkim=pass (1024-bit key) header.d=g1fef.co.uk".
(Up to this point, I know he's talking about a real concern, so I complied.)
- After a few turns, he demanded a full suite of KYC material: photo ids, and me holding these ID.
Personal data problem:
- I never send any ID directly to a natural person.
- When submitting to legal entities, they always provide a brief info on justification, scope of usage, deletion, and their liability, though I know it's not strictly followed, but hey, I can accept this.
The emerging privacy laws and regulations today are still very new, the practice is very unclear to both consumers and companies, I believe we feel equally unsafe over this matter. My employer has provided some training sessions on data handling and security from legal perspective, yet those lawyers are still unsure about a lot of things.
Regards,
Quan
On 2/21/20 12:42 AM, David Ranch via 44Net wrote:
Hello Quan,
I can give you my perspective as an AMPR coordinator on how BGP allocations usually get processed. When I receive a request from a user requesting a BGP prefix, I ask a bunch of questions to ensure the person understands the minimum requirements. My questions include:
- Your callsign (is it valid with your government's amateur radio licensing body)
- Your current home address (to know if you're in my AMPR coordination territory or not). The use of PO boxes or otherwise greatly complicate this Q&A discussion
- I have never requested nor am I aware of Brian Kantor previously requesting copies of a person's photo-id to prove identity. This does NOT mean it's never been requested in the past
- Would your use of address space be for primarily Internet-only focus traffic or RF-servicing traffic?
- Your intended purpose for the address space (to ensure it meets the guidelines of AMPR's charter)
- Your Justification for any requests larger than a /24 as our address space isn't unlimited
- Your allocated ARIN ASN number ( associated to your name or to a company you directly control)
Once I receive appropriate answers for all of the items above, I would either approve the AMPR subnet in the AMPR Portal or if more Internet-only facing traffic, have the user to close out the current AMPR request and create a new request in the 44.190/16 prefix managed by Jan DG8NGN for an allocation. At that point, Brian Kantor would then review the allocation with all the above Q&A answers. If Brian was satisfied with the details, he would begin the LOA process and ultimately send you an official approval email. At that point, some hosting ISPs would then send Brian Kantor a "consent letter" request that he would need to respond to. This response sometimes would require that it be from the ARDC on ARDC letterhead with Brian's hand signature. With all the paperwork completed, you or your hosting provided would then be able to start announcing your allocated prefix.
I know this process can be invasive but you would be surprised how many bogus requests I've received over the years. I have to assume this is because of the scarcity of IPv4 addresses and/or people trying to do bad things over the Internet hoping that AMPR address space would shield them somehow. I would assume that if you followed a similar process for your BGP prefixes and can provide all the previous email exchanges with you, your local AMPR coordinator and Brian Kantor and most importantly his approval email, I would assume that Chris G1FEF would accept all that as a valid allocation.
Beyond that, you can consider taking this discussion up with the ARDC board:
https://www.ampr.org/about/who-we-are/ -- President/CEO: Phil Karn — KA9Q
Treasurer: Bdale Garbee — KB0G John Gilmore — W0GNU K. C. Claffy — KC6KCC
Technical Advisory Committee John Hays — K7VE Heikki Hannikainen — OH7LZB Tim Osburn — W7RSZ Tim Pozar — KC6GNJ
Hope this helps.
--David KI6ZHD Silicon Valley 44.4.x.x/16 AMPR Coordinator
On 02/19/2020 09:18 PM, Quan Zhou via 44Net wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I
singled out?
- What are the current rules on allocation now? A snapshot of the
latest version of ToS is at: https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser...
It does not requires personal information beyond ASN addresses.
- What is G1FEF's role in the allocation, which are the rights that
ARDC holds has been delegated to this guy along.
- The holding-the-ID-in-a-photo-of-you practice is pretty common
when dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
- If there's another change, do anyone with a allocation has to go
through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi all,
Le 20/02/2020 à 17:42, David Ranch via 44Net a écrit :
- Your allocated ARIN ASN number ( associated to your name or to a company you directly control)
This points out something I never really understood well.
I don't have any ARIN ASN number, and Brian didn't request for one when he gave me the LOA for my subnet.
I'm currently announcing BGP via a Vultr VPS. I don't announce directly via BGP to other BGP peers. My network provider (currently Vultr) does it for me : I have an iBGP session with them, and they announce to the rest of the world. Moreover, I do not use BGP routing in my company, so I don't have any "business" ASN.
So, here are my questions : Is an ARIN ASN number mandatory in such a situation ? If not mandatory, would it be a good practice to have one ? If so, would RIPE deliver ASN numbers to people or companies that do not own any IPv4 range (I am not the owner of my 44 subnet, ARDC just grants me the right to announce it) ?
Thank you in advance.
73 de TK1BI
Hi Toussaint,
I think that the reason why they want an ARIN ASN is because they are under impression that 44net addresses are ARIN addresses. Usually you don't announce a prefix outside it's RIR area. 44net predates ARIN, in which case should not be limited by such rules.
And yes, RIPE NCC provides ASNs to people without IPv4, you can buy one from LIRs, they often gives you a /48 of IPv6 for free. Most of them will charge you a one time fee around 100 EUR.
It is just my belief that ASNs should be used whenever possible, since you are an actually running autonomous system, so why not put yourself in front of it?
Quan BH1XQV
On 2/21/20 6:32 PM, Toussaint OTTAVI via 44Net wrote:
Is an ARIN ASN number mandatory in such a situation ? If not mandatory, would it be a good practice to have one ? If so, would RIPE deliver ASN numbers to people or companies that do not own any IPv4 range (I am not the owner of my 44 subnet, ARDC just grants me the right to announce it) ?
Toussaint OTTAVI via 44Net 44net@mailman.ampr.org writes:
Is an ARIN ASN number mandatory in such a situation ?
No. TK1 is not in the ARIN region. ARIN is for networks in North America. In RIPE region you should normally have a RIPE-assigned ASN.
If not mandatory, would it be a good practice to have one ?
It's not completely clear from your description of your situation. You said that you speak iBGP with a provider. What ASN are you using for this? What happens when you decide to change providers? How will that transition work? Will you end up announcing your addresses with inconsistent origins? That is to be avoided. Will you maintain direct (maybe tunneled) peering relationships with other networks in AMPR space?
It's important to think through what you want the routing policy to be for your network, now and in the forseeable future. The point of an ASN is basically to give an identifier to a network with a distinct routing policy.
If so, would RIPE deliver ASN numbers to people or companies that do not own any IPv4 range (I am not the owner of my 44 subnet, ARDC just grants me the right to announce it) ?
Yes but you have to justify it. This means explaining how your routing policy is different from your upstream provider's. The questions above will help you articulate that. The barrier is fairly low and essentially designed to check that you know what you're doing and that what you're doing makes sense. The procedure is similar in other regions.
For RIPE region, you will need to get a member (LIR) to ask for the ASN on your behalf. Only LIRs can get number resources from RIPE. The LIR might be but does not have to be your provider. There is a fee from RIPE, I think it's something like EUR50/year. The LIR may or may not charge a fee on top of this, depending on how friendly they are.
73s VE3HW
Hi William, and many thanks for your detailed answer.
Le 21/02/2020 à 12:02, William Waites a écrit :
No. TK1 is not in the ARIN region. ARIN is for networks in North America. In RIPE region you should normally have a RIPE-assigned ASN.
Sorry for the confusion. RIPE is our contact in Europe, of course.
If not mandatory, would it be a good practice to have one ?
It's not completely clear from your description of your situation. You said that you speak iBGP with a provider. What ASN are you using for this?
Currently, we are using a private ASN given by Vultr. They have a good howto. Several of us are using Vultr services, both for the ease of use and tiny prices : https://www.vultr.com/docs/configuring-bgp-on-vultr The howto says I can use a public ASN if I have one.
What happens when you decide to change providers? How will that transition work? Will you end up announcing your addresses with inconsistent origins? That is to be avoided.
That's still not decided yet :-) The idea would be to have redundant announcement with two providers, so that our network still works in case of Vultr failure (this morning, Paris data center has been down during an hour). I planned to use a French telco operator to which I am in contact for my business. The guy is a friend, and he'll be able to manage BGP HAM stuff for just a few bucks more.
Anyway, it was still unclear how I could achieve redundant BGP routing in such a setup (Vultr + business telco). And I didn't have time to investigate yet. But you gave me a nice clue :-)
Will you maintain direct (maybe tunneled) peering relationships with other networks in AMPR space?
For now, we are using BGP only for our 44.190 subnet (things that need to be connected to public Internet, such as Echolink, XLX, etc...). According to DG8NGN specs, this subnet has been designed to be routed only to Internet.
We also have "pure" hamnet subnets in 44.168. It's a Work in Progress... Final routing policy is still undefined for now. But I think I may follow DG8NGN advice : use only HamNet routing rules (iBGP with European HamNet, and IP-IP tunnels to the rest of the world). I do not see any need to announce those on public Internet. And this may/will cause routing problems with AMPRNet / HamNet partners.
Then, keeping things separated, and use Internet BGP only for 44.190, may be the solution.
It's important to think through what you want the routing policy to be for your network, now and in the forseeable future. The point of an ASN is basically to give an identifier to a network with a distinct routing policy.
That's what I missed. And that's why I need a public ASN.
For RIPE region, you will need to get a member (LIR) to ask for the ASN on your behalf. Only LIRs can get number resources from RIPE. The LIR might be but does not have to be your provider. There is a fee from RIPE, I think it's something like EUR50/year. The LIR may or may not charge a fee on top of this, depending on how friendly they are.
Thank you. I thought it was required to be a LIR to get an ASN. Becoming a LIR was not an option for me, because it's over-priced, and I absolutely do not need it for my business. But $50/year is something I can afford, and offer to my radio-club :-)
Thank you again for your detailed explanation.
73 de TK1BI
Hi,
Just to clarify on the fees, the RIPE NCC charges nothing for ASN sponsorships however the LIR may often charge administrative and maintenance fees.
- Cynthia
On Fri, Feb 21, 2020 at 12:41 PM Toussaint OTTAVI via 44Net < 44net@mailman.ampr.org> wrote:
Hi William, and many thanks for your detailed answer.
Le 21/02/2020 à 12:02, William Waites a écrit :
No. TK1 is not in the ARIN region. ARIN is for networks in North America. In RIPE region you should normally have a RIPE-assigned ASN.
Sorry for the confusion. RIPE is our contact in Europe, of course.
If not mandatory, would it be a good practice to have one ?
It's not completely clear from your description of your situation. You said that you speak iBGP with a provider. What ASN are you using for this?
Currently, we are using a private ASN given by Vultr. They have a good howto. Several of us are using Vultr services, both for the ease of use and tiny prices : https://www.vultr.com/docs/configuring-bgp-on-vultr The howto says I can use a public ASN if I have one.
What happens when you decide to change providers? How will that transition work? Will you end up announcing your addresses with inconsistent origins? That is to be avoided.
That's still not decided yet :-) The idea would be to have redundant announcement with two providers, so that our network still works in case of Vultr failure (this morning, Paris data center has been down during an hour). I planned to use a French telco operator to which I am in contact for my business. The guy is a friend, and he'll be able to manage BGP HAM stuff for just a few bucks more.
Anyway, it was still unclear how I could achieve redundant BGP routing in such a setup (Vultr + business telco). And I didn't have time to investigate yet. But you gave me a nice clue :-)
Will you maintain direct (maybe tunneled) peering relationships with other networks in AMPR space?
For now, we are using BGP only for our 44.190 subnet (things that need to be connected to public Internet, such as Echolink, XLX, etc...). According to DG8NGN specs, this subnet has been designed to be routed only to Internet.
We also have "pure" hamnet subnets in 44.168. It's a Work in Progress... Final routing policy is still undefined for now. But I think I may follow DG8NGN advice : use only HamNet routing rules (iBGP with European HamNet, and IP-IP tunnels to the rest of the world). I do not see any need to announce those on public Internet. And this may/will cause routing problems with AMPRNet / HamNet partners.
Then, keeping things separated, and use Internet BGP only for 44.190, may be the solution.
It's important to think through what you want the routing policy to be for your network, now and in the forseeable future. The point of an ASN is basically to give an identifier to a network with a distinct routing policy.
That's what I missed. And that's why I need a public ASN.
For RIPE region, you will need to get a member (LIR) to ask for the ASN on your behalf. Only LIRs can get number resources from RIPE. The LIR might be but does not have to be your provider. There is a fee from RIPE, I think it's something like EUR50/year. The LIR may or may not charge a fee on top of this, depending on how friendly they are.
Thank you. I thought it was required to be a LIR to get an ASN. Becoming a LIR was not an option for me, because it's over-priced, and I absolutely do not need it for my business. But $50/year is something I can afford, and offer to my radio-club :-)
Thank you again for your detailed explanation.
73 de TK1BI
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hardly anyone here has their own public ASN. In your case, you would use the ASN of your provider, Vultr.com. Vultr has extensive documentation on their site, on how to setup BGP advertisements, although you do have to dig through their support docs a bit to find it.
Vultr will assign you a private ASN, which is then used for all interaction with them, even if you use multiple Vultr data center sites. The Private ASN is of no value outside of Vultr, it simply allows their setup process for easily automated. It was amazing (to me anyway) how easy it was to get BGP advertisements working. Literally within a couple of hours, a prefix assigned to you can be setup and be fully operational. They also accept email’d LOA formerly from BrianK, and I assume now from ChrisS.
So, here are my questions : Is an ARIN ASN number mandatory in such a situation ? If not mandatory, would it be a good practice to have one ?
It is mandatory. But like IPv4 addresses, they are a limited resource, and you need to have connections to multiple backbone providers to even apply for one. IOW, you need to be in the business. Nearly all of us here will use the Public ASN of our provider.
If so, would RIPE deliver ASN numbers to people or companies that do not own any IPv4 range (I am not the owner of my 44 subnet, ARDC just grants me the right to announce it) ?
There is no need to involve RIPE (or ARIN), nor any requirement to even communicate with them. ARDC grants the authority to your SP (Vultr) to advertise a specific prefix on your behalf, through the ARDC license or LOA process.
Dave Gingrich via 44Net 44net@mailman.ampr.org writes:
Is an ARIN ASN number mandatory in such a situation ? If not mandatory, would it be a good practice to have one ?
It is mandatory. But like IPv4 addresses, they are a limited resource, and you need to have connections to multiple backbone providers to even apply for one. IOW, you need to be in the business. Nearly all of us here will use the Public ASN of our provider.
Sorry Dave, that's just wrong.
1. We have had 32-bit ASNs for a long while now and while they are limited because 2^32 is a finite number, they are not scarce because it is a big number. Just as IPv6 numbers (2^128) are finite but not scarce. Old 16-bit ASNs are scarce but today the need for those is similar to the need for a personalised license plate.
2. You need to have a distinct routing policy. That is the condition. One way of doing that is by having multiple backbone providers. That is not the only way. You do need connections to at least two networks but there is no prescription about how this must be done or that the relationship must be IP transit. I know this because I have obtained ASNs for small networks doing unusual things from RIPE. You do have to make a coherent case.
3. There is no requirement that it must be an ASN from ARIN. Not from ARIN or RIPE, not from the networking community, and not from AMPRNet unless a new policy that is gratuitously at odds with both industry and amateur radio practice has been invented. There are several ASNs that I know of in Europe announcing 44 space using ASNs from RIPE. It would be unusual (but it does happen) for a network operator in Europe to use an ASN from ARIN.
More generally, learning about and experimenting with networking is something that we ought to encouraged. Generally, the spirit of autonomy in Amateur Radio (in the sense of not relying strongly on a single piece of infrastructure belonging to someone else) is well served by operating networks. Just because "nearly all of us don't" doesn't mean that those who want to shouldn't.
There is a perception that running a BGP-speaking network is somehow complicated or dangerous or magic of some sort. That's complete nonsense. Yes there is a learning curve, as with everything. Nothing more than that.
I don't have a view about whether Toussaint wants to do this or whether their plan will make sense. But let's try not to discourage people from learning and exploring, shall we? That's not what amateur radio is about.
73s VE3HW (Current operator of AS205586, ex of AS{549, 6401, 13901, 60241, ...})
Le 21/02/2020 à 14:14, William Waites via 44Net a écrit :
More generally, learning about and experimenting with networking is something that we ought to encouraged. Generally, the spirit of autonomy in Amateur Radio (in the sense of not relying strongly on a single piece of infrastructure belonging to someone else) is well served by operating networks.
That's not an easy thing, HI :-) The first time I tried to talk about "autonomy" here (we are an island, so the idea of having a technically autonomous network was even more obvious), I received flames by personal mail and on the air. Some people seem to have interpreted it out of the technical scope :-) Thats was not really discouraging, that was just funny, HI :-D
We are still experimenting and developing new things on our free time. One of our future steps would be a fully redundant routing, with two data centers in the two main cities of the island, and a fully redundant BGP setup spread over the two data centers via two different providers. After all, the meaning of "AS" is "Autonomous System" :-) In such a setup, I think having our own ASN may help.
Again, thank you all for your help.
73 de TK1BI
On 21/02/20 23:22, Dave Gingrich via 44Net wrote:
Hardly anyone here has their own public ASN. In your case, you would use the ASN of your provider, Vultr.com. Vultr has extensive documentation on their site, on how to setup BGP advertisements, although you do have to dig through their support docs a bit to find it.
For the record, my setup is slightly different, and probably a rather common one. My provider's ASN was the one I used for my BGP setup, because my provider is the one doing the BGP routing. I don't have any ASN whatsoever. Routing is done statically between my provider and the VPS that hosts my IP range.
It is mandatory. But like IPv4 addresses, they are a limited resource, and you need to have connections to multiple backbone providers to even apply for one. IOW, you need to be in the business. Nearly all of us here will use the Public ASN of our provider.
That's what I did, because I have no need to peer with anyone. My provider does all of that. All I had to do was to get the LOA (then from Brian) to them and possibly their upstream (there wa san extra little step required in the paperwork from memory), and once the paperwork was sorted, everything started working. :)
Hi,
Thank you all for your answers and comments
Le 22/02/2020 à 05:09, Tony Langdon via 44Net a écrit :
It is mandatory. But like IPv4 addresses, they are a limited resource, and you need to have connections to multiple backbone providers to even apply for one. IOW, you need to be in the business. Nearly all of us here will use the Public ASN of our provider.
That's what I did, because I have no need to peer with anyone. My provider does all of that. All I had to do was to get the LOA (then from Brian) to them and possibly their upstream (there wa san extra little step required in the paperwork from memory), and once the paperwork was sorted, everything started working. :)
That's what I did with Vultr. That's also what I'm planning to do with my new business operator. With a single BGP operator, there's no need to have my own public ASN.
But how could I manage redundancy / fault tolerance between two BGP operators ?
For incoming traffic, there's no problem, I can handle any incoming packet whatever the provider.
But how could I handle outgoing traffic ? F/ex, my current Vultr VPS is hosted in Paris, and I'm tunneling from Corsica to Paris. Last week, they had a network problem, and the BGP routing was down. All outbound packets sent from my local router to the Vultr BGP VPS were dropped. Locally, I do not have any easy way to see if Vultr network is working or not, so that I could redirect outbound traffic to my 2nd provider.
For now, I do not have any idea about how to handle outbound redundancy. Having a public ASN, and a local BGP router which peers with the two providers, may be a clue. Am I wrong ?
73 de TK1BI
Hi,
That won't be much trouble, even in the NAT scenario if these traffic originates/ends on the same router/redundancy group, in case of switch over, the connections over the old routes will hit a dead end, but new ones will reach you. Outage can last only a few seconds.
If you are not using NAT, just peer with your upstream and configure preferences, one link down, the routes will be gone automatically.
There's way too much fun in the BGP!
73,
BH1XQV
On 2/24/20 5:18 PM, Toussaint OTTAVI via 44Net wrote:
Hi,
Thank you all for your answers and comments
Le 22/02/2020 à 05:09, Tony Langdon via 44Net a écrit :
It is mandatory. But like IPv4 addresses, they are a limited resource, and you need to have connections to multiple backbone providers to even apply for one. IOW, you need to be in the business. Nearly all of us here will use the Public ASN of our provider.
That's what I did, because I have no need to peer with anyone. My provider does all of that. All I had to do was to get the LOA (then from Brian) to them and possibly their upstream (there wa san extra little step required in the paperwork from memory), and once the paperwork was sorted, everything started working. :)
That's what I did with Vultr. That's also what I'm planning to do with my new business operator. With a single BGP operator, there's no need to have my own public ASN.
But how could I manage redundancy / fault tolerance between two BGP operators ?
For incoming traffic, there's no problem, I can handle any incoming packet whatever the provider.
But how could I handle outgoing traffic ? F/ex, my current Vultr VPS is hosted in Paris, and I'm tunneling from Corsica to Paris. Last week, they had a network problem, and the BGP routing was down. All outbound packets sent from my local router to the Vultr BGP VPS were dropped. Locally, I do not have any easy way to see if Vultr network is working or not, so that I could redirect outbound traffic to my 2nd provider.
For now, I do not have any idea about how to handle outbound redundancy. Having a public ASN, and a local BGP router which peers with the two providers, may be a clue. Am I wrong ?
73 de TK1BI _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Quan Zhou via 44Net 44net@mailman.ampr.org writes:
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
It is important to clarify who the data controller is in this instance. The GDPR still applies in the UK even now after Brexit. There are specific obligations on the data controller who is handling information belonging to people in Europe or the UK that apply even if it happens to be an entity outwith Europe (such as the ARDC). One of those obligations is to specify who, precisely, the data controller is.
73s VE3HW
Sounds like Chris needs some help!
By the way, did those guys ever get the DNS RRs straightened out for the 44.224.x.x & 44.225.x.x namespaces? I think not! I thought AMAZON owns those now!!! Oh WAIT, Google's public dns server shows that they do.
Hey, I'll volunteer my services to administer the DNS zones if given the tools. Really! I'm retired and bored, so WHY NOT?
Here's why I ask about this: ----------- Query from 44.0.0.1 = ; <<>> DiG 9.10.3-P4-Debian <<>> @44.0.0.1 -x 44.225.2.2 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23181 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;2.2.225.44.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: 225.44.in-addr.arpa. 3600 IN NS db0fhn.efi.fh-nuernberg.de. 225.44.in-addr.arpa. 3600 IN NS ns.db0fhn.ampr.org. 225.44.in-addr.arpa. 3600 IN NS db0res.de.
;; Query time: 84 msec ;; SERVER: 44.0.0.1#53(44.0.0.1) ;; WHEN: Sat Feb 22 00:16:44 EST 2020 ;; MSG SIZE rcvd: 166
----------- Query from 8.8.8.8 $ dig @8.8.8.8 -x 44.225.2.2
; <<>> DiG 9.10.3-P4-Debian <<>> @8.8.8.8 -x 44.225.2.2 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48135 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;2.2.225.44.in-addr.arpa. IN PTR
;; ANSWER SECTION: 2.2.225.44.in-addr.arpa. 299 IN PTR ec2-44-225-2-2.us-west-2.compute.amazonaws.com.
;; Query time: 23 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Feb 22 00:19:55 EST 2020 ;; MSG SIZE rcvd: 112
This has to be fixed ASAP!
Chris? Phil? I'll help in any way I can if you need to spread the workload!
Thomas / KG5ZI /8 -- DAYTON
On Thu, Feb 20, 2020 at 12:20 AM Quan Zhou via 44Net 44net@mailman.ampr.org wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I singled
out?
- What are the current rules on allocation now? A snapshot of the
latest version of ToS is at:
https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser... It does not requires personal information beyond ASN addresses.
- What is G1FEF's role in the allocation, which are the rights that
ARDC holds has been delegated to this guy along.
- The holding-the-ID-in-a-photo-of-you practice is pretty common when
dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
- If there's another change, do anyone with a allocation has to go
through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Amazon owns those addresses, nothing can be done about them as they are not ours.
44.192.0.0/10 is not AMPRNet anymore since the Amazon sale.
On Sat, Feb 22, 2020 at 5:10 PM Thomas Jones via 44Net < 44net@mailman.ampr.org> wrote:
Sounds like Chris needs some help!
By the way, did those guys ever get the DNS RRs straightened out for the 44.224.x.x & 44.225.x.x namespaces? I think not! I thought AMAZON owns those now!!! Oh WAIT, Google's public dns server shows that they do.
Hey, I'll volunteer my services to administer the DNS zones if given the tools. Really! I'm retired and bored, so WHY NOT?
Here's why I ask about this:
Query from 44.0.0.1 = ; <<>> DiG 9.10.3-P4-Debian <<>> @44.0.0.1 -x 44.225.2.2 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23181 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;2.2.225.44.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: 225.44.in-addr.arpa. 3600 IN NS db0fhn.efi.fh-nuernberg.de. 225.44.in-addr.arpa. 3600 IN NS ns.db0fhn.ampr.org. 225.44.in-addr.arpa. 3600 IN NS db0res.de.
;; Query time: 84 msec ;; SERVER: 44.0.0.1#53(44.0.0.1) ;; WHEN: Sat Feb 22 00:16:44 EST 2020 ;; MSG SIZE rcvd: 166
Query from 8.8.8.8 $ dig @8.8.8.8 -x 44.225.2.2
; <<>> DiG 9.10.3-P4-Debian <<>> @8.8.8.8 -x 44.225.2.2 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48135 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;2.2.225.44.in-addr.arpa. IN PTR
;; ANSWER SECTION: 2.2.225.44.in-addr.arpa. 299 IN PTR ec2-44-225-2-2.us-west-2.compute.amazonaws.com.
;; Query time: 23 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Feb 22 00:19:55 EST 2020 ;; MSG SIZE rcvd: 112
This has to be fixed ASAP!
Chris? Phil? I'll help in any way I can if you need to spread the workload!
Thomas / KG5ZI /8 -- DAYTON
On Thu, Feb 20, 2020 at 12:20 AM Quan Zhou via 44Net < 44net@mailman.ampr.org> wrote:
Hi all,
Sorry to bother you with a rant, but I'm feeling an urge to ask that what's happening on the AMPR/ARDC.
## Background
A few weeks ago I have received a harsh email from Chris G1FEF accusing me for announcing a prefix was assigned to me. In that case, the claimed reason is that the prefix wasn't listed on the AMPR portal.
I tried to clear things up by sending him the LOA from WB6CYT, which he claims that is NOT legitimate, also denied possibility there could a bug in the portal caused this. I have also complied with his demands on even more information including all conversations between me and Brian regarding that the assignment. Eventually he continued to ask for even more personal information without justification, threatening that not complying may cause "close of account".
## Questions
- Has all previous assignment by WB6CYT been overruled? Or am I singled
out?
- What are the current rules on allocation now? A snapshot of the
latest version of ToS is at:
https://web.archive.org/web/20190731094938/https://www.ampr.org/terms-of-ser...
It does not requires personal information beyond ASN addresses.
- What is G1FEF's role in the allocation, which are the rights that
ARDC holds has been delegated to this guy along.
- The holding-the-ID-in-a-photo-of-you practice is pretty common when
dealing with financial institutions and websites frequently deals with fraudsters. Since LIR, RIR, and BGP upstream also requires and validates these ID, Why this is necessary to do it again?
- Is Chris Smith, G1FEF capable of handling sensitive personal data?
He's handling data as natural person, or an legal entity that ARDC approves?
- If there's another change, do anyone with a allocation has to go
through the same process again?
I see that we already have a problem with transparency, now we got bureaucracy? Also it's not my problem that the assignment wasn't added to the portal.
Best Regards,
Quan
On 12/31/19 1:36 AM, Phil Karn via 44Net wrote:
Hi. As you all know, Brian Kantor WB6CYT passed away suddenly last month. Brian did so much for AMPRNet from the very beginning that he'll be impossible to fully replace. We're trying but it's hard, especially since he was a close personal friend.
Chris Smith, G1FEF (chris@g1fef.co.uk) has kindly volunteered to take over Brian's portal work and to handle portal and BGP allocation requests. Please direct queries to him.
73, Phil Karn, KA9Q
President, ARDC
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
air gapped -
Alistair Mackenzie -
Cynthia Revström -
Dave Gingrich -
David Ranch -
Lin Holcomb -
Phil Karn -
Quan Zhou -
Ruben ON3RVH -
Scott Nicholas -
Thomas Jones -
Tony Langdon -
Toussaint OTTAVI -
William Waites