20 Apr
2018
20 Apr
'18
4:57 a.m.
One of the main purpose of amateur radio is to
experiment new things.
Then, I think it's globally a good idea to experiment new routing
variants, that are more suitable with today and tomorrow usages. Of
course, this will raise compatibility issues and routing problems. But
that's our job to find solutions :-)
In general I think that is true. But in this particular case, that experiment is just
there
to work around unfortunate decisions made in the past. I can understand that it is now a
lot
of work to re-work the German HAMNET to make it compatible with a plain routed address
space,
but I do not see it as my responsibility to jump through hoops instead.
When it would be a simple change, I would not have a problem. But as it is now, it is
just as
much work for us to cover their irregularities than it is for them to adapt their
network.
In that case I favor the "clean solution".
Here, in Corsica, we'll try to adapt our home-made
system (OpenVPN
tunnels to two central gateways, and OSPF routing through 10.0.0.0/8
private addressing) to AMPR addressing. One of the main advantages is
that user connection is very easy (we developed a Plug and Play system
called "TKBox" : an OpenWRT router, which opens VPN tunnels to our two
data centers, in VPN pass-through mode). It's suitable for a remote
location such as our island, because our two data centers will be the
only points of connection with the outside world. All the specific
routing and firewalling has to be tone only there.
That is very similar to what we do here on the 44.137.0.0/16 network and you will not
encounter
the difficulties of NAT when you do it that way. All traffic internal and outside of your
network
is just plain routed. We use OpenVPN only for end-users that connect to our gateway and
get
44Net space but only over the tunnels. However, that is the "novice class" of
AMPRnet, we really
do not want users to connect that way forever. They should use radio links, and when no
access
point is available they should get together and establish one. And that is developing
rapidly.
Of course access points would ideally be linked to other access points via radio, but
until their
density is sufficient to make that possible we also allow a VPN connection to a central
router
located in the datacenter, either GRE or L2TP/IPsec, and we run BGP over that connection
so it
can be used for the connectivity to AMPRnet or as a backup in case their are problems with
the
radio link. Radio links have preference in the recommended BGP setup.
In this network we have untranslated internet access for every station because we do not
directly
send traffic on a user's internet connection (only the tunneled traffic to the central
router that
forwards the encapsulated 44Net packets to internet).
In my opinion that is the correct way to do it.
Of course if you want to setup many gateways like that across a larger country, the
practical
difficulty is that you need to negotiate BGP routing in many places. It is so much easier
to just
give in on that and go out via NAT over some local amateur's internet connection.
But it causes the problems that Jann is now facing.
Rob
20 Apr
20 Apr
5:35 a.m.
New subject: Echolink proxy/relay hosting
Le 20/04/2018 à 10:57, Rob Janssen a écrit :
In general I think that is true. But in this
particular case, that
experiment is just there
to work around unfortunate decisions made in the past. I can
understand that it is now a lot
of work to re-work the German HAMNET to make it compatible with a
plain routed address space,
but I do not see it as my responsibility to jump through hoops instead.
Here, we are starting from a blank page. And we are an island. Usually,
it's not an advantage, but here, it is :-) We can build our network as
an internal, closed network. And we can manage the routing issues with
the rest of the world at our gateway level. I think we should be able to
implement routing with everything (including IP-IP mesh tunnels).
We use OpenVPN only for end-users that connect to our
gateway and get
44Net space but only over the tunnels. However, that is the "novice
class" of AMPRnet, we really
do not want users to connect that way forever. They should use radio
links, and when no access
point is available they should get together and establish one. And
that is developing rapidly.
+1. But it may be easier to do in flat areas with many hams :-) For now,
even our main high points are not in line-of sight :-( We are using tiny
VPN boxes behind Internet accesses at low points to feed 5 GHz antennas
to the high points... But of course, our goal is not to build VPN
networks, HI :-) Radio links must (and will) be used whenever possible.
We are still in experimental process (migrating from private addressing
to future AMPR adressing). That's why we focus on the network
infrastructure and design for now. Once our design is stable, we'll
deploy more sites and users, with low cost 5 GHz dishs.
Of course if you want to setup many gateways like that across a larger
country, the practical
difficulty is that you need to negotiate BGP routing in many places.
It is so much easier to just
give in on that and go out via NAT over some local amateur's internet
connection.
As said before, we are a tiny island of 320 000 people, which makes the
problem a lot simpler. Our network will have an "internal" routing (we
may keep our existing OSPF), and an "external" routing, with exchanges
between the two at the gateway level. As we have two network teams, and
two data centers, in the main cities of the island (Ajaccio and Bastia),
we can afford two gateways, and a fully redundant design, HI :-)
73 de TK1BI
2407
days inactive
2407
days old
1 comments
2 participants
participants (2)
-
Rob Janssen -
Toussaint OTTAVI