28 Jul
2017
28 Jul
'17
3:59 a.m.
I gave a talk tonight at one of our local clubs to see if any other
local amateurs are interested in AMPRnet. I tried to stay out of the
weeds to just give a general overview and did not present any slides. I
did use slides as note cards on my iPad to keep from straying that I
have now placed on my AMPR web server (n2xu.ampr.org) for the folks in
attendance that might be more interested. There were about 20 or so
folks in attendance and I think there are 3 or 4 that are interested.
I will be doing another talk at the club where I was once President here
in Fort Walton Beach and then for the folks that are more interested I
will present another more in the weeds presentation at some point in the
future. I'm big on trying to get 44net here on RF (slow 1200 or
broadband at 5.8 GHz) down here and need others that are local in order
to do so.
I might be leveraging expertise here as I try to grow interest... so
please bear with me and any new folks I bring aboard.
With all that said, is there anyone out there performing intermediate
routing... what I mean is anyone running a tunneled gateway and
performing routing for other subnets over RF. I may request a second but
separate allocation to experiment in that realm... I'd like to learn
how to do that. I think it's a natural expansion for times when network
connectivity goes out for an area where we can act as an RF gateway
between the RF and the tunneled AMPRNet. My eventual goal is I'd like
to bring the HAMWAN to the Florida panhandle... I think these are all
baby steps to get there.
Input, advice ideas and criticism are all welcome.
--
Tom Cardinal/N2XU/MSgt USAF (Ret)/BSCS/CASP, Security+ ce
28 Jul
28 Jul
6:41 a.m.
-----Original Message-----
With all that said, is there anyone out there performing intermediate
routing... what I mean is anyone running a tunneled gateway and
performing routing for other subnets over RF.
I presume you mean routing other subnets over amateur radio frequencies.
We used to do that. But there are two main problems with it here in the US.
1) Encryption. More than half of websites are now encrypted and the percentage is
growing every day. E-mail encryption is also on the rise. And encryption is not allowed
over US amateur frequencies. So amateur frequencies are fast becoming
impractical/irrelevant for real-world, mainstream network traffic.
2) 3rd party-initiated traffic. Routing inbound e-mail, even if unencrypted, over an
amateur frequency is a violation of Part 97, according to the FCC enforcement bureau. At
least it was when I asked them about this a few years ago. That's because anyone
anywhere could initiate a transmission on an amateur frequency without a license simply by
sending you an email. So we allowed only outbound email from hams to traverse the amateur
frequencies. Inbound email stopped at the gateway. It wasn't very practical, but at
least a message could go out.
We later got internet connections at all of our hub sites. So we turned each of them into
their own gateways. Users can access the site over amateur frequencies to download their
mail since the ham initiates that connection. But we still have to filter out encrypted
email. And we're using Part 15 frequencies between hub sites. I suppose we could
still use 44.x addresses. But since a 44.x subnet can only exist behind one gateway in
AMPRnet routing, we didn't see much point in that either.
Not trying to be a bummer. But the FCC regulations really squash creativity and
innovation.
Michael
N6MEF
11:46 a.m.
On 28/07/2017 06:41, Michael Fox - N6MEF wrote:
I presume you mean routing other subnets over amateur
radio frequencies.
I've got a BeagleBone single board computer that I've set
up to sit on my /30 allocation. The WiFi dongle connects to my 192.168.1.* network and
then tunnels to the AMPR network, with ampr0 as one of my two IP addresses and the TNC-X
as the other one. What I'd like to now do is to use the eth0 instead of the TNC-X and
route to another 44/29 network of AREDN/BBHN devices.
So this would be routing a 44/29 via a computer on the 44net. Would this be ok,
license-wise?
Bill (M1BKF)
--
Red to red, black to black, switch it on, but stand well back.
11:54 a.m.
I don't consider it a bummer Michael. I covered the encryption issue and
would close off routing for RF routing to only AMPRnet sources and
destinations. The encryption of email would be something I have not yet
accounted for?
Tom
On Fri, Jul 28, 2017 at 00:43 Michael Fox - N6MEF <n6mef(a)mefox.org> wrote:
-----Original
Message-----
With all that said, is there anyone out there performing intermediate
routing... what I mean is anyone running a tunneled gateway and
performing routing for other subnets over RF.
I presume you mean routing other subnets over amateur radio frequencies.
We used to do that. But there are two main problems with it here in the
US.
1) Encryption. More than half of websites are now encrypted and the
percentage is growing every day. E-mail encryption is also on the rise.
And encryption is not allowed over US amateur frequencies. So amateur
frequencies are fast becoming impractical/irrelevant for real-world,
mainstream network traffic. Not trying to be a bummer. But the FCC regulations
really squash
creativity and innovation.
Michael
N6MEF
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
73 de N2XU/Tom Cardinal/MSgt USAF (Ret)/BSCS/Security+/IPv6 Certified
2:51 p.m.
-----Original Message-----
I don't consider it a bummer Michael. I covered the encryption issue and
would close off routing for RF routing to only AMPRnet sources and
destinations.
That would still leave you open to someone initiating a transmission on a US
amateur frequency who does not have a US amateur license. We have
reciprocal operating agreements with many, but not all countries. Granted,
the chances of a violation are much smaller than if you left it open to the
whole Internet. I suppose you could further restrict by 44.x address block.
Then no one could say that a "reasonable person could expect a violation."
(Of course, when we've had interference problems around here, the FCC
doesn't act. So, what the FCC says and what they do are two different
things.)
The encryption of email would be something I have not
yet
accounted for?
If traffic is limited to 44.x addresses, then I would think that the chances
of this are really slim.
BTW, when we had only the one Internet connection, we even routed NTP and
DNS across 1200 baud RF. NTP was important since some of the other machines
were on mountain tops and we didn't visit them for many months at a time.
We didn't want the clocks to drift by more than a second or so because we
were using the date/time in message headers for some EmComm purposes. It
worked fine. But I recall we had to tune NTP to account for the lower
bandwidth and longer delay. And we set up DNS so that the RF-attached
machines used the Internet-attached machine as their server and the server
performed the recursive searches. It worked.
Michael
N6MEF
3:14 p.m.
With the usage of POP3, the user always initiates the connection to the mail server.
Using a good mail filter for keywords, etc would prevent unnecessary words or phrases that
could be prohibited from being transmitted.
As long as the mail server is on the internet and on the opposite side on the amprnet this
should not be an issue to receive mail as the user is requesting the mail from the server
and thus falls under 3rd party traffic. Same as dialing a phone patch to a 3rd party, the
licensee initiates the connections.
My mail server has an option to have a list of approved senders as well as to require new
senders to confirm their identity before mail will be released to the user.
Maybe some configuration or hybrid of the sort would work.
Best Regards
Elias
Kd5jfe
Louisiana Amprnet IP Coordinator
4:08 p.m.
Hi Tom,
I’ve read your emails and viewed your presentation. You asked for anyone using IP over RF
without much detail on the RF part. For that reason, and the fact you mentioned projects
similar to what I have collaborated to build, I’m giving this answer on the list,
understanding it might be valid for you.
For the sake of being as much detailed as possible without kidnaping the thread I’ll use
bullet points:
- I live in the NW coast of Spain, in a Province named Asturias, in a city named Gijón. My
locator is IN73dm.
- We advert our assigned part of 44 network (44.133.233.0/24) via BGP (AS205827) directly.
- I have built a core of communications that is interconnected by RF, more precisely,
using 5GHz links for transport and 2.4 GHz links for accessing the network. RF area
expands over 5000 sq km / 2000 sq mi. Into that area, longer link is about 37 km, whereas
shortest link is about 1 km. Average link is distance is 11 km. Higher position is about
1700m ASL, whereas lower position is about 6m ASL. Average elevation is about 400m ASL
Local orography is abrupt with several mountain ranges that conform meadows, canyons and
defiles, in the upper part of the territory, while at the other side we have the sea. The
distance between higher elevations and shoreline is about 50 km.
- We have 5 main sites that corresponds to: a) 3 repeater sites, b) 1 rx-only location and
c) 1 technical site. The 3 repeater sites act as our network core and is fully
interconnected. Internet access and connection to our ISP for the BGP session is directly
present in our network core.
- Our core implements dynamic routing. In more detail, it implements an OSPF backbone area
to maintain site adjacency information and network topology. We provide a default route
from BGP to the OSPF autonomous system and a default route path is set back from the
network in order to reach the Internet.
- The 3 repeater sites itself move DMR traffic, that is, signaling and voice, plus site
telemetry. The 2 other sites are OSPF Stub Areas that provide network services (dns,
proxy, web, vpn, etc..) to the network users.
- Technologies implemented are: a) Mikrotik for routers (2 per site, 1 for
distribution+access and 1 for core); b) Ubiquiti antennas in many form factors, like
vertical, parabolic and sector antennas; c) a virtual machine host for Debian servers (VM)
for DNS, Proxy, Web), SoftEther VPN concentrator appliance (VM), a Windows 2012 R2 server
for Active Directory and Radius/IAS service and a pfSense appliance (VM) for firewalling
purposes.
- Network core sites have 2 routers, 1 for distribution+access and 1 for core networking.
Core network layer is at full speed (no filters, no mangle, no acl, just packet
forwarding). Distribution+access layer implements filtering, mangle, acl, qos/diffserv and
other typical network-based services.
- Users (ham radio operators) and user groups (of hams) with direct visibility of one of
the main sites can connect to the site via RF using a 2.4Ghz (Wi-Fi) antenna. They can get
connected to the distribution+access router to get IP vía PPPoE session.
- Users (ham radio operators) and user groups (of hams) with non-direct view of one of the
main sites can connect to the network vía VPN in order to get a 44 IP address from the VPN
concentrator with a default route to Internet a specific router to our assigned segment
of network 44 in order to access local network services.
- The part of the network 44 we maintain is publicly reachable from Internet and other
hams on network 44. Firewall filtering is acting at the edge of the network in bridge mode
in order to stop DDoS and malware from affecting hams (at least, in order to stop the
biggest hits).
Hope this brief resume helps understand our local project. If you have any doubt or
comment, please, do not hesitate to write me.
Best regards,
--
Vy73 de EA1HET, Jonathan
El 28 jul 2017, a las 4:59, Tom Cardinal
<ki4szj(a)gmail.com> escribió:
I gave a talk tonight at one of our local clubs to see if any other local amateurs are
interested in AMPRnet. I tried to stay out of the weeds to just give a general overview
and did not present any slides. I did use slides as note cards on my iPad to keep from
straying that I have now placed on my AMPR web server (n2xu.ampr.org) for the folks in
attendance that might be more interested. There were about 20 or so folks in attendance
and I think there are 3 or 4 that are interested.
I will be doing another talk at the club where I was once President here in Fort Walton
Beach and then for the folks that are more interested I will present another more in the
weeds presentation at some point in the future. I'm big on trying to get 44net here
on RF (slow 1200 or broadband at 5.8 GHz) down here and need others that are local in
order to do so.
I might be leveraging expertise here as I try to grow interest... so please bear with me
and any new folks I bring aboard.
With all that said, is there anyone out there performing intermediate routing... what I
mean is anyone running a tunneled gateway and performing routing for other subnets over
RF. I may request a second but separate allocation to experiment in that realm... I'd
like to learn how to do that. I think it's a natural expansion for times when network
connectivity goes out for an area where we can act as an RF gateway between the RF and the
tunneled AMPRNet. My eventual goal is I'd like to bring the HAMWAN to the Florida
panhandle... I think these are all baby steps to get there.
Input, advice ideas and criticism are all welcome.
--
Tom Cardinal/N2XU/MSgt USAF (Ret)/BSCS/CASP, Security+ ce
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
11:26 p.m.
Aploigies, I've been busy and just saw this now.
On 7/27/17 10:59 PM, Tom Cardinal wrote:
I gave a talk tonight at one of our local clubs to see
if any other
local amateurs are interested in AMPRnet. I tried to stay out of the
weeds to just give a general overview and did not present any slides. I
did use slides as note cards on my iPad to keep from straying that I
have now placed on my AMPR web server (n2xu.ampr.org) for the folks in
attendance that might be more interested. There were about 20 or so
folks in attendance and I think there are 3 or 4 that are interested.
Do they have any experience with IP networking? How about coding or server
stuff?
Being interested is good, but there's quite a bit to learn if you're only
passively interested in it. I've found it's typically 2 to 4 core people who
really get involved.
I will be doing another talk at the club where I was
once President here
in Fort Walton Beach and then for the folks that are more interested I
will present another more in the weeds presentation at some point in the
future. I'm big on trying to get 44net here on RF (slow 1200 or
broadband at 5.8 GHz) down here and need others that are local in order
to do so.
When and where? I'm down in Tampa Bay but get up there about 2x a year for a
customer.
With all that said, is there anyone out there
performing intermediate
routing... what I mean is anyone running a tunneled gateway and
performing routing for other subnets over RF.
Many people do this, as they cannot get BGP type transit locally, but
hamwan.org can do routeing over an Internet tunnel for your subnet.
https://hamwan.org/Labs/Open%20Peering%20Policy.html
Our group down here, Florida Simulcast Group/HamWAN Tampa Bay is able to do
the same for you, and it would likely be closer/better performing for you.
You'd get some IPv6 too.
http://flscg.org/hamwan/
https://youtu.be/8EdDtLRgH7k?t=1108
My talk on HamWAN at Dayton 2016
https://www.youtube.com/watch?v=IFcESjoWSP8&t=2541s
Part of this talk I mention some of the legal aspects:
https://youtu.be/IFcESjoWSP8?t=4140
IPv6 in HamWAN Tampa Bay
https://youtu.be/mkKOX5q1XJ4?t=274
HamWAN is the way forward, it's extendable and the only system we have in
deployment that enables your users to have deterministic performance. If VoIP
doesn't work reliably, you're going to have users who can't use it.
Our main problem here is the lack of interest from other amateurs as most of
the local clubs expect HamWAN Tampa (us) to install and manage all their
routers. We're happy to help out and educate, but draw the line as doing
everything :)
I'd love to get more users online, but it's been difficult getting hams
involved in it. The clubs around here are mostly 55+ guys who want to watch
the latest DX expedition video. The younger guys want to get involved but
with work and family it's hard to do. We've done quite a bit of outreach, but
need to do more. Again our issue is time, as the main people involved here
(including myself) travel extensively for work.
What you'll need is a small group of guys that understand networking. It's
ideal for people who want to learn if you have the right elmers. Moving from
there, you need good sites and at least one good core routing site where you
can interconnect with the internet.
Once this is setup any ham user will be able to get on with a ~$160 Dynadish
if they have a clear line of site.
Feel free to reach out directly if there's anything we can do to help out.
73's
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
2470
days inactive
2470
days old
8 comments
7 participants
participants (7)
-
Bryan Fields -
Elias Basse -
Jonathan Gonzalez [EA1HET] -
Michael Fox - N6MEF -
Tom C -
Tom Cardinal
-
W.B.Hill