On 3/22/14, 11:14 AM, Geoff Joy wrote:
What I see above from both of you is "this is a mess, someone needs to clean it up, but that someone isn't going to be me". I must boldly state that if you have the time to discern a problem and criticize a state of affairs, you have the time to take ownership of that problem and fix it.
+1
I've said there are numerous things I don't care for with the way 44net is used and deployed (not a personal attack :). I've also mentioned I don't have the time to write up proposals and do stuff to change it. As such I'm not going to bitch about it (or at least try not to).
I'd be happy to start a working group if I have some help, but between my day job, building a simulcast repeater system, and doing the paperwork to get our repeater group to to be 501c3 non-profit I just don't have the time to do it all myself. I for one would like to get away from the IPIP encap, and get more distributed interconnects to the internet for 44/8.
73's
I keep hearing complaints that we should "get away from using IP-IP tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to understand why your local ISP won't (and shouldn't) let you source traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and keep) an ASN for the 44-net address space ($500 initial, $100/yr maintenance from ARIN). An ASN is necessary for multi-homing and BGP routing.
- Explain to me what financial incentive a commercial ISP has to routing (or peering with) 44-net address space for a small number of customers.
- As for using VPN's, explain how to pay for and maintain the appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE) end-points.
After understanding all the nuances of 44-net, I find that the mesh of IP-IP tunnels and the rip44d daemon are actually quite an elegant solution to the limitations and constraints we have to work with.
-Neil
On Sat, Mar 22, 2014 at 2:23 PM, Bryan Fields Bryan@bryanfields.net wrote:
(Please trim inclusions from previous messages) _______________________________________________ On 3/22/14, 11:14 AM, Geoff Joy wrote:
What I see above from both of you is "this is a mess, someone needs to clean it up, but that someone isn't going to be me". I must boldly state that if you have the time to discern a problem and criticize a state of affairs, you have the time to take ownership of that problem and fix it.
+1
I've said there are numerous things I don't care for with the way 44net is used and deployed (not a personal attack :). I've also mentioned I don't have the time to write up proposals and do stuff to change it. As such I'm not going to bitch about it (or at least try not to).
I'd be happy to start a working group if I have some help, but between my day job, building a simulcast repeater system, and doing the paperwork to get our repeater group to to be 501c3 non-profit I just don't have the time to do it all myself. I for one would like to get away from the IPIP encap, and get more distributed interconnects to the internet for 44/8.
73's
-- Bryan Fields
727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
I really don't get some ideas being pushed around in our discussions:
1. Why does everyone assume that all 44net links have to be low speed AX.25? There are nice access points out there, and some of them can be used on ham radio frequencies. On the other hand, noone can stop one to use regular ISM band for data transfer. In that case it is just a regular internet traffic, except the fact that is is using 44 addresses and it may be even encrypted since it doesn't violate anything in this case.
2. Who is stoping anyone to set up a wired/wifi network with some IPIP gateway server, the rest using BGP or OSPF or whatever. This is how the german/austrian hamnet works: all station are linked via WiFi on ham bands (Ubiquity has nice hardware for this) or using direct P2P VPNs. Everything inside is managed via BGP. To the outside world there is a gateway ensuring interoperatibility with the rest of the 44net, but everything else is self sustained. So you want BGP or other dynamic protocols: set up your network as you like, noone is enforcing anything on you. It is NOT mandatory to use IPIP. Inside your network, you can treat this addresses like any other private IP range. Just you have the OPTION to interconnect via IPIP.
&#s de Marius, YO2LOJ
We announce 44.144.0.0/16 over BGP to the public internet (in Belgium) This ip space is then run on our local variant of "hamwan/hamnet" in Belgium on 2.4ghz accesspoints and 5ghz and recently 24ghz backbone links.
We already used 3 ISP's in 2 datacenters (free/sponsored) and our entire network was running on 10.x.x.x addresses before we started using the 44.144.0.0/16. (The network started in 2003 and we have started using 44.144 in 2013). We were using a public /23, and several /27's from the ISPs to get certain services and repeaters on the internet. For echolink e.g. you need a unique ip per repeater since you can only use the ports once. The same goes for d-star.
So when we told our ISPs we wanted to announce our own subnet, via BGP, their main incentive was the fact that we would be giving back the ip space we were using and they could use them for other clients, since well, ipv4 space is sparse.
In terms of traffic nothing has changed since we still use the same amount of traffic, the only difference is that we now have BGP sessions to our ISPs and use our own IPs. All of our traffic is sponsored by our ISPs (+- 70mbit avg over all 3 ISPs)
Furthermore we are now able to use public adresses directly on devices like repeater or routers where before we had to nat everything and sometimes things were getting double-natted since some HAMs put another nat router in between their network and our "hamnet" network.
The routers in the datacenter are "The Big Firewall" and disallow any incoming traffic to 44.144 from the internet by default, and get opened up for certain ports, ip's or subnets when the ham using them requests to do so or is using his own firewall. There is also a lot of internet storm on the 44.144 (and I suspect the entire 44) network.
For the moment we are still announcing this subnet from the ASN of our main ISP. However, we are looking into announcing this subnet through the multiple ISPs we use and have recently aquired our own ASN number.
The ASN number has been sponsored by one of the ISPs, since they virtually don't have to pay for them, they only cost RIPE-points. The ISP that provided us with this ASN also loved the fact that it was a challenge to get it approved by RIPE since 44.0.0.0/8 is essentially a legacy subnet in ARIN and is nowhere to be found in RIPE.
Since then, RIPE has added a route object for our network; https://apps.db.ripe.net/search/lookup.html?source=ripe&key=44.144.0.0/1...
It took almost 2 years to get all of this done, and this was mostly due to RIPE being stubborn. However, CisarNet in Italy (44.208.0.0/16) already had a route object in RIPE which in the end was a precedent that convinced RIPE to do the same for us. So thanks to the Italian network :)
I have since seen that the Swedish network (44.140.0.0/16) has also gotten a route object in RIPE.
So there are already several networks on the 44 address space that are doing BGP announcements directly. If it is smart to use these ip address on the internet ?
My personal vision is that HAMRadio has also evolved to the Internet. Echolink, D-Star, DMR, DXClusters, APRS, etc. all use the internet as a backbone. So why not use our IP space as part of the Internet ? Ofcourse, the use of firewalls is strongly advised! Our firewalls allow all 44 to 44 traffic but block any other public inbound traffic unless exceptions have been allowed (eg echolink ports)
The biggest problem we are seeing by connecting 44 addresses to the internet, is when a ham comes to a hamclub and brings their own laptop. They connect to the local wifi and get a 44.144 ip adress from the local DHCP server. However, this ham's laptop is either infected with a virus, or the ham is knowingly downloading copyrighted files via torrents. You can already guess what is going on here. The illigal download continues over the 44.144 address and we get abuse complaints through Brian.
It has been an ongoing battle to block these practices on the network and to educate hams to not use the 44 network for these kinds of practices, or to at least turn of their torrent software when they connect to the 44.144 network. We are currently "natting" some of the 44.144 subnets outbound internet traffic to other commercial public ip's to prevent the abuse complaints until we can find a better solution.
As for the IPIP AMPR network, We ourselves have no link with the IPIP network to the rest of AMPR since we never got around to finding out how to set it all up. However we peer with the German hamnet and they also gate our subnet to the AMPR IPIP network. At the moment this peering is done though a tunnel over the internet, but we are currently working on doing this over RF on 5Ghz. Though the German HAMNET we also are connected to the austria and the other networks they are peering with. All of this using native internet routing protocols (BGP) and no AMPR IPIP.
We use OpenVPN to connect users who are not able to link to our network over RF (eg, no LOS to an accesspoint or none around to start with) so everything goes through our BGP session and peerings and IPIP. There are some users who are doing AMPR IPIP themselves and might receive traffic from the internet through us over AMPR IPIP. However, most of these users subnet's have never been opened up in the firewalls so there is probably no internet traffic at all.
So, try it yourself and do a traceroute to 44.144.144.144 over AMPR and over the public internet :)
73s Robbie ON4SAX
On Sat, Mar 22, 2014 at 11:10 PM, Neil Johnson neil.johnson@erudicon.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ I keep hearing complaints that we should "get away from using IP-IP tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to
understand why your local ISP won't (and shouldn't) let you source traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and
keep) an ASN for the 44-net address space ($500 initial, $100/yr maintenance from ARIN). An ASN is necessary for multi-homing and BGP routing.
- Explain to me what financial incentive a commercial ISP has to
routing (or peering with) 44-net address space for a small number of customers.
- As for using VPN's, explain how to pay for and maintain the
appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE) end-points.
After understanding all the nuances of 44-net, I find that the mesh of IP-IP tunnels and the rip44d daemon are actually quite an elegant solution to the limitations and constraints we have to work with.
-Neil
Robbie,
Your trace route looks good. Are these all wireless links?
WC3XS-CME#traceroute ip 44.144.144.144 source lo0 (44.64.193.1)
Type escape sequence to abort. Tracing the route to 44.144.144.144
1 44.130.60.100 132 msec 132 msec 132 msec 2 44.130.60.101 132 msec 132 msec 140 msec 3 44.224.12.238 148 msec 148 msec 144 msec 4 44.144.208.38 148 msec 148 msec 148 msec 5 44.144.208.10 152 msec 160 msec 144 msec 6 44.144.208.26 148 msec 148 msec 152 msec 7 44.144.208.97 152 msec 152 msec 152 msec 8 44.144.208.93 156 msec 156 msec 160 msec 9 44.144.208.89 176 msec 160 msec 184 msec 10 44.144.208.85 164 msec 188 msec 172 msec 11 44.144.208.81 188 msec 208 msec 196 msec 12 44.144.208.49 172 msec 216 msec 180 msec 13 44.144.144.144 172 msec 172 msec 172 msec
Thanks Jesse - WC3XS
On Mar 24, 2014, at 7:38 AM, Robbie De Lise robbie.delise@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ We announce 44.144.0.0/16 over BGP to the public internet (in Belgium) This ip space is then run on our local variant of "hamwan/hamnet" in Belgium on 2.4ghz accesspoints and 5ghz and recently 24ghz backbone links.
We already used 3 ISP's in 2 datacenters (free/sponsored) and our entire network was running on 10.x.x.x addresses before we started using the 44.144.0.0/16. (The network started in 2003 and we have started using 44.144 in 2013). We were using a public /23, and several /27's from the ISPs to get certain services and repeaters on the internet. For echolink e.g. you need a unique ip per repeater since you can only use the ports once. The same goes for d-star.
So when we told our ISPs we wanted to announce our own subnet, via BGP, their main incentive was the fact that we would be giving back the ip space we were using and they could use them for other clients, since well, ipv4 space is sparse.
In terms of traffic nothing has changed since we still use the same amount of traffic, the only difference is that we now have BGP sessions to our ISPs and use our own IPs. All of our traffic is sponsored by our ISPs (+- 70mbit avg over all 3 ISPs)
Furthermore we are now able to use public adresses directly on devices like repeater or routers where before we had to nat everything and sometimes things were getting double-natted since some HAMs put another nat router in between their network and our "hamnet" network.
The routers in the datacenter are "The Big Firewall" and disallow any incoming traffic to 44.144 from the internet by default, and get opened up for certain ports, ip's or subnets when the ham using them requests to do so or is using his own firewall. There is also a lot of internet storm on the 44.144 (and I suspect the entire 44) network.
For the moment we are still announcing this subnet from the ASN of our main ISP. However, we are looking into announcing this subnet through the multiple ISPs we use and have recently aquired our own ASN number.
The ASN number has been sponsored by one of the ISPs, since they virtually don't have to pay for them, they only cost RIPE-points. The ISP that provided us with this ASN also loved the fact that it was a challenge to get it approved by RIPE since 44.0.0.0/8 is essentially a legacy subnet in ARIN and is nowhere to be found in RIPE.
Since then, RIPE has added a route object for our network; https://apps.db.ripe.net/search/lookup.html?source=ripe&key=44.144.0.0/1...
It took almost 2 years to get all of this done, and this was mostly due to RIPE being stubborn. However, CisarNet in Italy (44.208.0.0/16) already had a route object in RIPE which in the end was a precedent that convinced RIPE to do the same for us. So thanks to the Italian network :)
I have since seen that the Swedish network (44.140.0.0/16) has also gotten a route object in RIPE.
So there are already several networks on the 44 address space that are doing BGP announcements directly. If it is smart to use these ip address on the internet ?
My personal vision is that HAMRadio has also evolved to the Internet. Echolink, D-Star, DMR, DXClusters, APRS, etc. all use the internet as a backbone. So why not use our IP space as part of the Internet ? Ofcourse, the use of firewalls is strongly advised! Our firewalls allow all 44 to 44 traffic but block any other public inbound traffic unless exceptions have been allowed (eg echolink ports)
The biggest problem we are seeing by connecting 44 addresses to the internet, is when a ham comes to a hamclub and brings their own laptop. They connect to the local wifi and get a 44.144 ip adress from the local DHCP server. However, this ham's laptop is either infected with a virus, or the ham is knowingly downloading copyrighted files via torrents. You can already guess what is going on here. The illigal download continues over the 44.144 address and we get abuse complaints through Brian.
It has been an ongoing battle to block these practices on the network and to educate hams to not use the 44 network for these kinds of practices, or to at least turn of their torrent software when they connect to the 44.144 network. We are currently "natting" some of the 44.144 subnets outbound internet traffic to other commercial public ip's to prevent the abuse complaints until we can find a better solution.
As for the IPIP AMPR network, We ourselves have no link with the IPIP network to the rest of AMPR since we never got around to finding out how to set it all up. However we peer with the German hamnet and they also gate our subnet to the AMPR IPIP network. At the moment this peering is done though a tunnel over the internet, but we are currently working on doing this over RF on 5Ghz. Though the German HAMNET we also are connected to the austria and the other networks they are peering with. All of this using native internet routing protocols (BGP) and no AMPR IPIP.
We use OpenVPN to connect users who are not able to link to our network over RF (eg, no LOS to an accesspoint or none around to start with) so everything goes through our BGP session and peerings and IPIP. There are some users who are doing AMPR IPIP themselves and might receive traffic from the internet through us over AMPR IPIP. However, most of these users subnet's have never been opened up in the firewalls so there is probably no internet traffic at all.
So, try it yourself and do a traceroute to 44.144.144.144 over AMPR and over the public internet :)
73s Robbie ON4SAX
On Sat, Mar 22, 2014 at 11:10 PM, Neil Johnson neil.johnson@erudicon.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ I keep hearing complaints that we should "get away from using IP-IP tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to
understand why your local ISP won't (and shouldn't) let you source traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and
keep) an ASN for the 44-net address space ($500 initial, $100/yr maintenance from ARIN). An ASN is necessary for multi-homing and BGP routing.
- Explain to me what financial incentive a commercial ISP has to
routing (or peering with) 44-net address space for a small number of customers.
- As for using VPN's, explain how to pay for and maintain the
appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE) end-points.
After understanding all the nuances of 44-net, I find that the mesh of IP-IP tunnels and the rip44d daemon are actually quite an elegant solution to the limitations and constraints we have to work with.
-Neil
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On 24/03/2014 12:38, Robbie De Lise wrote:
As for the IPIP AMPR network, We ourselves have no link with the IPIP network to the rest of AMPR since we never got around to finding out how to set it all up. However we peer with the German hamnet and they also gate our subnet to the AMPR IPIP network. At the moment this peering is done though a tunnel over the internet, but we are currently working on doing this over RF on 5Ghz. Though the German HAMNET we also are connected to the austria and the other networks they are peering with. All of this using native internet routing protocols (BGP) and no AMPR IPIP.
You may want to have a look into this tool
https://github.com/HamWAN/hamwan_scripts/tree/master/amprupdate
I had none and still have very very limited knowledge of Python and Scripting on Mikrotik, but I was able to setup a Mikrotik based IPIP Gateway within an hour.
vy 73 de Marc, LX1DUC
Hi All,
I seem to have accidentally stirred up a can of worms here but it does show that the information available to 44net newbies like me is not available in a form or location where we can get at the basics.
Historically speaking hams have always had a source of information available at all levels of expertise. Mention was made of morse keys in one post and I can remember almost every ham magazine had articles on how to build your own morse key in step by step fashion when I first started in amateur radio.
This is not the case now.
Even after a fair search on the internet I haven't been able to find even a basic mud map of how the 44 net all fits together. I don't mean a degree course in networking, there is plenty of information I can assimilate on that subject, but more a simple schematic saying you are here, and this is what you need in principle to interact with the 44 net without opening it up to attack and abuse by non hams.
When I started out I learnt a lot about transmitter construction by copying and building other peoples circuits and layouts. When I had learnt sufficient to have some confidence in my own designs, I then went on and published them, first off in local club magazines and then in our national magazine.
As another post mentioned this doesn't seem to be the case these days. Lots of people are beavering away in private doing their own thing and rather selfishly not letting anyone else know what is going on so they can least try to join in.
On packet my main forwarding partner has as his address xxxx@amprnet.org. So how are my packets launched through normal internet space reaching him? I don't know and I can't find out how or what the precautions or limitations of traffic for this cross connect may be. I don't want to trash anyone's internet data allocation by accident in as much as I saw a post here mentioning 1GB as the figure.
As far as writing php/html or whatever, or any other form of documentation, when I have at least a basic understanding of how it all works I will be only to eager to contribute to help other newbies however at the moment my full contribution could only be "Duh Duh".
If the gurus don't take time out from their innovative projects to at least write up a little bit of basic information, then the trend of most hams saying "it's to hard and to much work to find out the basics of 44 net use" will continue and the amazing allocation of the 44 address block will probably disappear back into the greedy maw of the general internet due to gross under use.
Many Hams started out as youngsters building commercial electronic kits.
From there they fostered an interest in electronics and progressed to
ham radio.
Perhaps what is needed is a basic kit to get newbies fired up. I noticed that a Michigan club has done this for Jnos in the form of a script that performs all the (hard) parts of the jnos set-up and presents a simple form type menu for setting the station specific parts. It's pretty restrictive but it gave me a good start in showing how a basic jnos install should be configured and I happily went forward from there.
Could something similar be done here. Perhaps a raspberry pi distro (for example) which presents a form to set all the station specific bits but which looks after setting up all the other requirements automatically. In this way the integrity of the 44 net could be protected by having some one who knows what they are doing help with the setup script in the distro whilst at the same time offering a simple and cheap enough way for most hams to at least start to become involved.
Regards (still in the dark) Tony VK3API
On Sun, 2014-03-23 at 09:31 +1100, amprnet@wizards.sytes.net spake:
I seem to have accidentally stirred up a can of worms here but it does show that the information available to 44net newbies like me is not available in a form or location where we can get at the basics.
I have something I've been working on. When it's ready I'll post it on my website.
Here's a link to a simplified diagram showing how traffic flows around AMPRNet.
Sorry it's such a long URL.
https://docs.google.com/drawings/d/1sunLKYKHppyp1IH4w4Q3wmR0YJI9Omeb_kVY_SwT...
On Sat, Mar 22, 2014 at 7:04 PM, Brian n1uro@n1uro.ampr.org wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Sun, 2014-03-23 at 09:31 +1100, amprnet@wizards.sytes.net spake:
I seem to have accidentally stirred up a can of worms here but it does show that the information available to 44net newbies like me is not available in a form or location where we can get at the basics.
I have something I've been working on. When it's ready I'll post it on my website. -- 73 de Brian Rogers - N1URO email: n1uro@n1uro.ampr.org Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
amprnet@wizards.sytes.net -
Brian -
Bryan Fields -
Jesse Hindmarsh -
Marc, LX1DUC -
Marius Petrescu -
Neil Johnson -
Robbie De Lise