22 Mar
2014
22 Mar
'14
3:23 p.m.
On 3/22/14, 11:14 AM, Geoff Joy wrote:
What I see above from both of you is "this is a
mess, someone needs to
clean it up, but that someone isn't going to be me". I must boldly
state that if you have the time to discern a problem and criticize a
state of affairs, you have the time to take ownership of that problem
and fix it.
+1
I've said there are numerous things I don't care for with the way 44net is
used and deployed (not a personal attack :).
I've also mentioned I don't have the time to write up proposals and do stuff
to change it. As such I'm not going to bitch about it (or at least try not to).
I'd be happy to start a working group if I have some help, but between my day
job, building a simulcast repeater system, and doing the paperwork to get our
repeater group to to be 501c3 non-profit I just don't have the time to do it
all myself. I for one would like to get away from the IPIP encap, and get
more distributed interconnects to the internet for 44/8.
73's
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
22 Mar
22 Mar
6:10 p.m.
New subject: 44net problems - was: 44net cool toys
I keep hearing complaints that we should "get away from using IP-IP
tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to
understand why your local ISP won't (and shouldn't) let you source
traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and
keep) an ASN for the 44-net address space ($500 initial, $100/yr
maintenance from ARIN). An ASN is necessary for multi-homing and BGP
routing.
- Explain to me what financial incentive a commercial ISP has to
routing (or peering with) 44-net address space for a small number of
customers.
- As for using VPN's, explain how to pay for and maintain the
appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE)
end-points.
After understanding all the nuances of 44-net, I find that the mesh
of IP-IP tunnels and the rip44d daemon are actually quite an elegant
solution to the limitations and constraints we have to work with.
-Neil
On Sat, Mar 22, 2014 at 2:23 PM, Bryan Fields <Bryan(a)bryanfields.net> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On 3/22/14, 11:14 AM, Geoff Joy wrote:
--
Neil Johnson
http://erudicon.com
What I see above from both of you is "this
is a mess, someone needs to
clean it up, but that someone isn't going to be me". I must boldly
state that if you have the time to discern a problem and criticize a
state of affairs, you have the time to take ownership of that problem
and fix it.
+1
I've said there are numerous things I don't care for with the way 44net is
used and deployed (not a personal attack :).
I've also mentioned I don't have the time to write up proposals and do stuff
to change it. As such I'm not going to bitch about it (or at least try not to).
I'd be happy to start a working group if I have some help, but between my day
job, building a simulcast repeater system, and doing the paperwork to get our
repeater group to to be 501c3 non-profit I just don't have the time to do it
all myself. I for one would like to get away from the IPIP encap, and get
more distributed interconnects to the internet for 44/8.
73's
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net 
6:26 p.m.
New subject: 44net problems - was: 44net cool toys
I really don't get some ideas being pushed around in our discussions:
1. Why does everyone assume that all 44net links have to be low speed AX.25?
There are nice access points out there, and some of them can be used on ham
radio frequencies. On the other hand, noone can stop one to use regular ISM
band for data transfer. In that case it is just a regular internet traffic,
except the fact that is is using 44 addresses and it may be even encrypted
since it doesn't violate anything in this case.
2. Who is stoping anyone to set up a wired/wifi network with some IPIP
gateway server, the rest using BGP or OSPF or whatever. This is how the
german/austrian hamnet works: all station are linked via WiFi on ham bands
(Ubiquity has nice hardware for this) or using direct P2P VPNs. Everything
inside is managed via BGP. To the outside world there is a gateway ensuring
interoperatibility with the rest of the 44net, but everything else is self
sustained.
So you want BGP or other dynamic protocols: set up your network as you like,
noone is enforcing anything on you. It is NOT mandatory to use IPIP. Inside
your network, you can treat this addresses like any other private IP range.
Just you have the OPTION to interconnect via IPIP.
&#s de Marius, YO2LOJ
24 Mar
24 Mar
7:38 a.m.
New subject: 44net problems - was: 44net cool toys
We announce 44.144.0.0/16 over BGP to the public internet (in Belgium)
This ip space is then run on our local variant of "hamwan/hamnet" in
Belgium on 2.4ghz accesspoints and 5ghz and recently 24ghz backbone
links.
We already used 3 ISP's in 2 datacenters (free/sponsored) and our
entire network was running on 10.x.x.x addresses before we started
using the 44.144.0.0/16. (The network started in 2003 and we have
started using 44.144 in 2013). We were using a public /23, and several
/27's from the ISPs to get certain services and repeaters on the
internet. For echolink e.g. you need a unique ip per repeater since
you can only use the ports once. The same goes for d-star.
So when we told our ISPs we wanted to announce our own subnet, via
BGP, their main incentive was the fact that we would be giving back
the ip space we were using and they could use them for other clients,
since well, ipv4 space is sparse.
In terms of traffic nothing has changed since we still use the same
amount of traffic, the only difference is that we now have BGP
sessions to our ISPs and use our own IPs. All of our traffic is
sponsored by our ISPs (+- 70mbit avg over all 3 ISPs)
Furthermore we are now able to use public adresses directly on devices
like repeater or routers where before we had to nat everything and
sometimes things were getting double-natted since some HAMs put
another nat router in between their network and our "hamnet" network.
The routers in the datacenter are "The Big Firewall" and disallow any
incoming traffic to 44.144 from the internet by default, and get
opened up for certain ports, ip's or subnets when the ham using them
requests to do so or is using his own firewall. There is also a lot of
internet storm on the 44.144 (and I suspect the entire 44) network.
For the moment we are still announcing this subnet from the ASN of our main ISP.
However, we are looking into announcing this subnet through the
multiple ISPs we use and have recently aquired our own ASN number.
The ASN number has been sponsored by one of the ISPs, since they
virtually don't have to pay for them, they only cost RIPE-points. The
ISP that provided us with this ASN also loved the fact that it was a
challenge to get it approved by RIPE since 44.0.0.0/8 is essentially a
legacy subnet in ARIN and is nowhere to be found in RIPE.
Since then, RIPE has added a route object for our network;
https://apps.db.ripe.net/search/lookup.html?source=ripe&key=44.144.0.0/…
It took almost 2 years to get all of this done, and this was mostly
due to RIPE being stubborn.
However, CisarNet in Italy (44.208.0.0/16) already had a route object
in RIPE which in the end was a precedent that convinced RIPE to do the
same for us.
So thanks to the Italian network :)
I have since seen that the Swedish network (44.140.0.0/16) has also
gotten a route object in RIPE.
So there are already several networks on the 44 address space that are
doing BGP announcements directly.
If it is smart to use these ip address on the internet ?
My personal vision is that HAMRadio has also evolved to the Internet.
Echolink, D-Star, DMR, DXClusters, APRS, etc. all use the internet as
a backbone.
So why not use our IP space as part of the Internet ? Ofcourse, the
use of firewalls is strongly advised!
Our firewalls allow all 44 to 44 traffic but block any other public
inbound traffic unless exceptions have been allowed (eg echolink
ports)
The biggest problem we are seeing by connecting 44 addresses to the
internet, is when a ham comes to a hamclub and brings their own
laptop. They connect to the local wifi and get a 44.144 ip adress from
the local DHCP server. However, this ham's laptop is either infected
with a virus, or the ham is knowingly downloading copyrighted files
via torrents. You can already guess what is going on here. The illigal
download continues over the 44.144 address and we get abuse complaints
through Brian.
It has been an ongoing battle to block these practices on the network
and to educate hams to not use the 44 network for these kinds of
practices, or to at least turn of their torrent software when they
connect to the 44.144 network. We are currently "natting" some of the
44.144 subnets outbound internet traffic to other commercial public
ip's to prevent the abuse complaints until we can find a better
solution.
As for the IPIP AMPR network, We ourselves have no link with the IPIP
network to the rest of AMPR since we never got around to finding out
how to set it all up. However we peer with the German hamnet and they
also gate our subnet to the AMPR IPIP network. At the moment this
peering is done though a tunnel over the internet, but we are
currently working on doing this over RF on 5Ghz. Though the German
HAMNET we also are connected to the austria and the other networks
they are peering with. All of this using native internet routing
protocols (BGP) and no AMPR IPIP.
We use OpenVPN to connect users who are not able to link to our
network over RF (eg, no LOS to an accesspoint or none around to start
with) so everything goes through our BGP session and peerings and
IPIP. There are some users who are doing AMPR IPIP themselves and
might receive traffic from the internet through us over AMPR IPIP.
However, most of these users subnet's have never been opened up in the
firewalls so there is probably no internet traffic at all.
So, try it yourself and do a traceroute to 44.144.144.144 over AMPR
and over the public internet :)
73s
Robbie
ON4SAX
On Sat, Mar 22, 2014 at 11:10 PM, Neil Johnson
<neil.johnson(a)erudicon.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
I keep hearing complaints that we should "get away from using IP-IP
tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to
understand why your local ISP won't (and shouldn't) let you source
traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and
keep) an ASN for the 44-net address space ($500 initial, $100/yr
maintenance from ARIN). An ASN is necessary for multi-homing and BGP
routing.
- Explain to me what financial incentive a commercial ISP has to
routing (or peering with) 44-net address space for a small number of
customers.
- As for using VPN's, explain how to pay for and maintain the
appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE)
end-points.
After understanding all the nuances of 44-net, I find that the mesh
of IP-IP tunnels and the rip44d daemon are actually quite an elegant
solution to the limitations and constraints we have to work with.
-Neil
11:59 a.m.
New subject: 44net problems - was: 44net cool toys
Robbie,
Your trace route looks good. Are these all wireless links?
WC3XS-CME#traceroute ip 44.144.144.144 source lo0 (44.64.193.1)
Type escape sequence to abort.
Tracing the route to 44.144.144.144
1 44.130.60.100 132 msec 132 msec 132 msec
2 44.130.60.101 132 msec 132 msec 140 msec
3 44.224.12.238 148 msec 148 msec 144 msec
4 44.144.208.38 148 msec 148 msec 148 msec
5 44.144.208.10 152 msec 160 msec 144 msec
6 44.144.208.26 148 msec 148 msec 152 msec
7 44.144.208.97 152 msec 152 msec 152 msec
8 44.144.208.93 156 msec 156 msec 160 msec
9 44.144.208.89 176 msec 160 msec 184 msec
10 44.144.208.85 164 msec 188 msec 172 msec
11 44.144.208.81 188 msec 208 msec 196 msec
12 44.144.208.49 172 msec 216 msec 180 msec
13 44.144.144.144 172 msec 172 msec 172 msec
Thanks
Jesse - WC3XS
On Mar 24, 2014, at 7:38 AM, Robbie De Lise <robbie.delise(a)gmail.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
We announce 44.144.0.0/16 over BGP to the public internet (in Belgium)
This ip space is then run on our local variant of "hamwan/hamnet" in
Belgium on 2.4ghz accesspoints and 5ghz and recently 24ghz backbone
links.
We already used 3 ISP's in 2 datacenters (free/sponsored) and our
entire network was running on 10.x.x.x addresses before we started
using the 44.144.0.0/16. (The network started in 2003 and we have
started using 44.144 in 2013). We were using a public /23, and several
/27's from the ISPs to get certain services and repeaters on the
internet. For echolink e.g. you need a unique ip per repeater since
you can only use the ports once. The same goes for d-star.
So when we told our ISPs we wanted to announce our own subnet, via
BGP, their main incentive was the fact that we would be giving back
the ip space we were using and they could use them for other clients,
since well, ipv4 space is sparse.
In terms of traffic nothing has changed since we still use the same
amount of traffic, the only difference is that we now have BGP
sessions to our ISPs and use our own IPs. All of our traffic is
sponsored by our ISPs (+- 70mbit avg over all 3 ISPs)
Furthermore we are now able to use public adresses directly on devices
like repeater or routers where before we had to nat everything and
sometimes things were getting double-natted since some HAMs put
another nat router in between their network and our "hamnet" network.
The routers in the datacenter are "The Big Firewall" and disallow any
incoming traffic to 44.144 from the internet by default, and get
opened up for certain ports, ip's or subnets when the ham using them
requests to do so or is using his own firewall. There is also a lot of
internet storm on the 44.144 (and I suspect the entire 44) network.
For the moment we are still announcing this subnet from the ASN of our main ISP.
However, we are looking into announcing this subnet through the
multiple ISPs we use and have recently aquired our own ASN number.
The ASN number has been sponsored by one of the ISPs, since they
virtually don't have to pay for them, they only cost RIPE-points. The
ISP that provided us with this ASN also loved the fact that it was a
challenge to get it approved by RIPE since 44.0.0.0/8 is essentially a
legacy subnet in ARIN and is nowhere to be found in RIPE.
Since then, RIPE has added a route object for our network;
https://apps.db.ripe.net/search/lookup.html?source=ripe&key=44.144.0.0/…
It took almost 2 years to get all of this done, and this was mostly
due to RIPE being stubborn.
However, CisarNet in Italy (44.208.0.0/16) already had a route object
in RIPE which in the end was a precedent that convinced RIPE to do the
same for us.
So thanks to the Italian network :)
I have since seen that the Swedish network (44.140.0.0/16) has also
gotten a route object in RIPE.
So there are already several networks on the 44 address space that are
doing BGP announcements directly.
If it is smart to use these ip address on the internet ?
My personal vision is that HAMRadio has also evolved to the Internet.
Echolink, D-Star, DMR, DXClusters, APRS, etc. all use the internet as
a backbone.
So why not use our IP space as part of the Internet ? Ofcourse, the
use of firewalls is strongly advised!
Our firewalls allow all 44 to 44 traffic but block any other public
inbound traffic unless exceptions have been allowed (eg echolink
ports)
The biggest problem we are seeing by connecting 44 addresses to the
internet, is when a ham comes to a hamclub and brings their own
laptop. They connect to the local wifi and get a 44.144 ip adress from
the local DHCP server. However, this ham's laptop is either infected
with a virus, or the ham is knowingly downloading copyrighted files
via torrents. You can already guess what is going on here. The illigal
download continues over the 44.144 address and we get abuse complaints
through Brian.
It has been an ongoing battle to block these practices on the network
and to educate hams to not use the 44 network for these kinds of
practices, or to at least turn of their torrent software when they
connect to the 44.144 network. We are currently "natting" some of the
44.144 subnets outbound internet traffic to other commercial public
ip's to prevent the abuse complaints until we can find a better
solution.
As for the IPIP AMPR network, We ourselves have no link with the IPIP
network to the rest of AMPR since we never got around to finding out
how to set it all up. However we peer with the German hamnet and they
also gate our subnet to the AMPR IPIP network. At the moment this
peering is done though a tunnel over the internet, but we are
currently working on doing this over RF on 5Ghz. Though the German
HAMNET we also are connected to the austria and the other networks
they are peering with. All of this using native internet routing
protocols (BGP) and no AMPR IPIP.
We use OpenVPN to connect users who are not able to link to our
network over RF (eg, no LOS to an accesspoint or none around to start
with) so everything goes through our BGP session and peerings and
IPIP. There are some users who are doing AMPR IPIP themselves and
might receive traffic from the internet through us over AMPR IPIP.
However, most of these users subnet's have never been opened up in the
firewalls so there is probably no internet traffic at all.
So, try it yourself and do a traceroute to 44.144.144.144 over AMPR
and over the public internet :)
73s
Robbie
ON4SAX
On Sat, Mar 22, 2014 at 11:10 PM, Neil Johnson
<neil.johnson(a)erudicon.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
I keep hearing complaints that we should "get away from using IP-IP
tunnels and just route the 44-net address space using BGP".
Can someone explain what this means and how this would be done ?
- Be sure read up on BCP38 http://tools.ietf.org/html/bcp38 to
understand why your local ISP won't (and shouldn't) let you source
traffic from IP addresses other than theirs
- Explain how you would justify and obtain stable funding to get (and
keep) an ASN for the 44-net address space ($500 initial, $100/yr
maintenance from ARIN). An ASN is necessary for multi-homing and BGP
routing.
- Explain to me what financial incentive a commercial ISP has to
routing (or peering with) 44-net address space for a small number of
customers.
- As for using VPN's, explain how to pay for and maintain the
appropriate size server(s) to host CPU-intensive VPN (IPSec and GRE)
end-points.
After understanding all the nuances of 44-net, I find that the mesh
of IP-IP tunnels and the rip44d daemon are actually quite an elegant
solution to the limitations and constraints we have to work with.
-Neil
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
7:44 p.m.
New subject: 44net problems - was: 44net cool toys
On 24/03/2014 12:38, Robbie De Lise wrote:
As for the IPIP AMPR network, We ourselves have no
link with the IPIP
network to the rest of AMPR since we never got around to finding out
how to set it all up. However we peer with the German hamnet and they
also gate our subnet to the AMPR IPIP network. At the moment this
peering is done though a tunnel over the internet, but we are
currently working on doing this over RF on 5Ghz. Though the German
HAMNET we also are connected to the austria and the other networks
they are peering with. All of this using native internet routing
protocols (BGP) and no AMPR IPIP.
You may want to have a look into this tool
https://github.com/HamWAN/hamwan_scripts/tree/master/amprupdate
I had none and still have very very limited knowledge of Python and
Scripting on Mikrotik, but I was able to setup a Mikrotik based IPIP
Gateway within an hour.
vy 73 de Marc, LX1DUC
22 Mar
22 Mar
6:31 p.m.
New subject: 44net problems - was: 44net cool toys
Hi All,
I seem to have accidentally stirred up a can of worms here but it does
show that the information available to 44net newbies like me is not
available in a form or location where we can get at the basics.
Historically speaking hams have always had a source of information
available at all levels of expertise. Mention was made of morse keys in
one post and I can remember almost every ham magazine had articles on
how to build your own morse key in step by step fashion when I first
started in amateur radio.
This is not the case now.
Even after a fair search on the internet I haven't been able to find
even a basic mud map of how the 44 net all fits together. I don't mean
a degree course in networking, there is plenty of information I can
assimilate on that subject, but more a simple schematic saying you are
here, and this is what you need in principle to interact with the 44 net
without opening it up to attack and abuse by non hams.
When I started out I learnt a lot about transmitter construction by
copying and building other peoples circuits and layouts. When I had
learnt sufficient to have some confidence in my own designs, I then went
on and published them, first off in local club magazines and then in our
national magazine.
As another post mentioned this doesn't seem to be the case these days.
Lots of people are beavering away in private doing their own thing and
rather selfishly not letting anyone else know what is going on so they
can least try to join in.
On packet my main forwarding partner has as his address
xxxx(a)amprnet.org. So how are my packets launched through normal
internet space reaching him? I don't know and I can't find out how or
what the precautions or limitations of traffic for this cross connect
may be. I don't want to trash anyone's internet data allocation by
accident in as much as I saw a post here mentioning 1GB as the figure.
As far as writing php/html or whatever, or any other form of
documentation, when I have at least a basic understanding of how it all
works I will be only to eager to contribute to help other newbies
however at the moment my full contribution could only be "Duh Duh".
If the gurus don't take time out from their innovative projects to at
least write up a little bit of basic information, then the trend of most
hams saying "it's to hard and to much work to find out the basics of 44
net use" will continue and the amazing allocation of the 44 address
block will probably disappear back into the greedy maw of the general
internet due to gross under use.
Many Hams started out as youngsters building commercial electronic kits.
From there they fostered an interest in electronics and
progressed to
ham radio.
Perhaps what is needed is a basic kit to get newbies fired up. I
noticed that a Michigan club has done this for Jnos in the form of a
script that performs all the (hard) parts of the jnos set-up and
presents a simple form type menu for setting the station specific parts.
It's pretty restrictive but it gave me a good start in showing how a
basic jnos install should be configured and I happily went forward from
there.
Could something similar be done here. Perhaps a raspberry pi distro (for
example) which presents a form to set all the station specific bits but
which looks after setting up all the other requirements automatically.
In this way the integrity of the 44 net could be protected by having
some one who knows what they are doing help with the setup script in the
distro whilst at the same time offering a simple and cheap enough way
for most hams to at least start to become involved.
Regards
(still in the dark)
Tony VK3API
8:04 p.m.
New subject: 44net problems - was: 44net cool toys
On Sun, 2014-03-23 at 09:31 +1100, amprnet(a)wizards.sytes.net spake:
I seem to have accidentally stirred up a can of worms
here but it does
show that the information available to 44net newbies like me is not
available in a form or location where we can get at the basics.
I have something I've been working on. When it's ready I'll post it on
my website.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
9:27 p.m.
New subject: 44net problems - was: 44net cool toys
Here's a link to a simplified diagram showing how traffic flows around AMPRNet.
Sorry it's such a long URL.
https://docs.google.com/drawings/d/1sunLKYKHppyp1IH4w4Q3wmR0YJI9Omeb_kVY_Sw…
On Sat, Mar 22, 2014 at 7:04 PM, Brian <n1uro(a)n1uro.ampr.org> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On Sun, 2014-03-23 at 09:31 +1100, amprnet(a)wizards.sytes.net spake:
--
Neil Johnson
http://erudicon.com
I seem to have accidentally stirred up a can of
worms here but it does
show that the information available to 44net newbies like me is not
available in a form or location where we can get at the basics.
I have something I've been working on. When it's ready I'll post it on
my website.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
3707
days inactive
3709
days old
8 comments
8 participants
participants (8)
-
amprnet@wizards.sytes.net -
Brian -
Bryan Fields -
Jesse Hindmarsh -
Marc, LX1DUC -
Marius Petrescu -
Neil Johnson -
Robbie De Lise