One of the main purpose of amateur radio is to experiment new things. Then, I think it's globally a good idea to experiment new routing variants, that are more suitable with today and tomorrow usages. Of course, this will raise compatibility issues and routing problems. But that's our job to find solutions :-)
In general I think that is true. But in this particular case, that experiment is just there to work around unfortunate decisions made in the past. I can understand that it is now a lot of work to re-work the German HAMNET to make it compatible with a plain routed address space, but I do not see it as my responsibility to jump through hoops instead.
When it would be a simple change, I would not have a problem. But as it is now, it is just as much work for us to cover their irregularities than it is for them to adapt their network. In that case I favor the "clean solution".
Here, in Corsica, we'll try to adapt our home-made system (OpenVPN tunnels to two central gateways, and OSPF routing through 10.0.0.0/8 private addressing) to AMPR addressing. One of the main advantages is that user connection is very easy (we developed a Plug and Play system called "TKBox" : an OpenWRT router, which opens VPN tunnels to our two data centers, in VPN pass-through mode). It's suitable for a remote location such as our island, because our two data centers will be the only points of connection with the outside world. All the specific routing and firewalling has to be tone only there.
That is very similar to what we do here on the 44.137.0.0/16 network and you will not encounter the difficulties of NAT when you do it that way. All traffic internal and outside of your network is just plain routed. We use OpenVPN only for end-users that connect to our gateway and get 44Net space but only over the tunnels. However, that is the "novice class" of AMPRnet, we really do not want users to connect that way forever. They should use radio links, and when no access point is available they should get together and establish one. And that is developing rapidly.
Of course access points would ideally be linked to other access points via radio, but until their density is sufficient to make that possible we also allow a VPN connection to a central router located in the datacenter, either GRE or L2TP/IPsec, and we run BGP over that connection so it can be used for the connectivity to AMPRnet or as a backup in case their are problems with the radio link. Radio links have preference in the recommended BGP setup.
In this network we have untranslated internet access for every station because we do not directly send traffic on a user's internet connection (only the tunneled traffic to the central router that forwards the encapsulated 44Net packets to internet).
In my opinion that is the correct way to do it. Of course if you want to setup many gateways like that across a larger country, the practical difficulty is that you need to negotiate BGP routing in many places. It is so much easier to just give in on that and go out via NAT over some local amateur's internet connection. But it causes the problems that Jann is now facing.
Rob
Le 20/04/2018 à 10:57, Rob Janssen a écrit :
In general I think that is true. But in this particular case, that experiment is just there to work around unfortunate decisions made in the past. I can understand that it is now a lot of work to re-work the German HAMNET to make it compatible with a plain routed address space, but I do not see it as my responsibility to jump through hoops instead.
Here, we are starting from a blank page. And we are an island. Usually, it's not an advantage, but here, it is :-) We can build our network as an internal, closed network. And we can manage the routing issues with the rest of the world at our gateway level. I think we should be able to implement routing with everything (including IP-IP mesh tunnels).
We use OpenVPN only for end-users that connect to our gateway and get 44Net space but only over the tunnels. However, that is the "novice class" of AMPRnet, we really do not want users to connect that way forever. They should use radio links, and when no access point is available they should get together and establish one. And that is developing rapidly.
+1. But it may be easier to do in flat areas with many hams :-) For now, even our main high points are not in line-of sight :-( We are using tiny VPN boxes behind Internet accesses at low points to feed 5 GHz antennas to the high points... But of course, our goal is not to build VPN networks, HI :-) Radio links must (and will) be used whenever possible. We are still in experimental process (migrating from private addressing to future AMPR adressing). That's why we focus on the network infrastructure and design for now. Once our design is stable, we'll deploy more sites and users, with low cost 5 GHz dishs.
Of course if you want to setup many gateways like that across a larger country, the practical difficulty is that you need to negotiate BGP routing in many places. It is so much easier to just give in on that and go out via NAT over some local amateur's internet connection.
As said before, we are a tiny island of 320 000 people, which makes the problem a lot simpler. Our network will have an "internal" routing (we may keep our existing OSPF), and an "external" routing, with exchanges between the two at the gateway level. As we have two network teams, and two data centers, in the main cities of the island (Ajaccio and Bastia), we can afford two gateways, and a fully redundant design, HI :-)
73 de TK1BI
-
Rob Janssen -
Toussaint OTTAVI