21 Feb
2019
21 Feb
'19
2:55 p.m.
Hi there
We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to
a small DataCenter
We want from there to allow users to have a gateways that will have IPIP tunnel to it.
By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and
also hopefully get a much bigger bandwidth (from the data center and not from the UCSD
limitations)
What Do we need to have in the Data Center in order to Support it ?
Is there any expert here that may direct the Software person (if it is a software
solution) in our team ? to do it ?
any info would be appreciated
Regards
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
About me . Some of my projects . My Family . My Friends . The Quiz , what is the following
Picture ? What I have to say about the Year 2000 bug . Few words in memory of King Hussein
(JY1)
www.ronen.org
21 Feb
21 Feb
3:15 p.m.
A server (probably a VPS running Linux) equipped with OpenVPN
software can do what you want. A commercial router like a Mikrotik
can do this too.
Each user 'gateway' would be a VPN client. Either a small home
router with VPN capability or perhaps a Raspberry PI could be used
at the client end.
Note that as it will be exposed to the open Internet and will become
a target for hackers, you will have to install and configure various
security measures, keep it up to date, and monitor it closely.
- Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote:
Hi there
We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to
a small DataCenter
We want from there to allow users to have a gateways that will have IPIP tunnel to it.
By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and
also hopefully get a much bigger bandwidth (from the data center and not from the UCSD
limitations)
What Do we need to have in the Data Center in order to Support it ?
Is there any expert here that may direct the Software person (if it is a software
solution) in our team ? to do it ?
any info would be appreciated
Regards
Ronen - 4Z4ZQ
3:27 p.m.
Thank U Brian
What system in the data center will deal the problem of the end users gateways that uses
Dynamic IP that do IPIP to it ? (like UCSD deal with it today )and spread the updated
routing tables ?
Part of the users probably use VPN and with that the IP address change is not a problem
but part of them also will use IPIP ...
________________________________
From: Brian Kantor <Brian(a)bkantor.net>
Sent: Thursday, February 21, 2019 7:15 AM
To: AMPRNet working group
Cc: R P
Subject: Re: [44net] How to allow central gateway to support small gateways that use
dynamic IP ?
A server (probably a VPS running Linux) equipped with OpenVPN
software can do what you want. A commercial router like a Mikrotik
can do this too.
Each user 'gateway' would be a VPN client. Either a small home
router with VPN capability or perhaps a Raspberry PI could be used
at the client end.
Note that as it will be exposed to the open Internet and will become
a target for hackers, you will have to install and configure various
security measures, keep it up to date, and monitor it closely.
- Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote:
Hi there
We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to
a small DataCenter
We want from there to allow users to have a gateways that will have IPIP tunnel to it.
By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and
also hopefully get a much bigger bandwidth (from the data center and not from the UCSD
limitations)
What Do we need to have in the Data Center in order to Support it ?
Is there any expert here that may direct the Software person (if it is a software
solution) in our team ? to do it ?
any info would be appreciated
Regards
Ronen - 4Z4ZQ
3:38 p.m.
I would not use IPIP in this configuration, let OpenVPN handle it.
See https://youtu.be/OxsmGaFZ2MM
The small gateway/client can have a dynamically or static IP subnet
assigned by OpenVPN upon connection.
On Thu, Feb 21, 2019, 07:28 R P via 44Net <44net(a)mailman.ampr.org> wrote:
Thank U Brian
What system in the data center will deal the problem of the end users
gateways that uses Dynamic IP that do IPIP to it ? (like UCSD deal with
it today )and spread the updated routing tables ?
Part of the users probably use VPN and with that the IP address change is
not a problem but part of them also will use IPIP ...
________________________________
From: Brian Kantor <Brian(a)bkantor.net>
Sent: Thursday, February 21, 2019 7:15 AM
To: AMPRNet working group
Cc: R P
Subject: Re: [44net] How to allow central gateway to support small
gateways that use dynamic IP ?
A server (probably a VPS running Linux) equipped with OpenVPN
software can do what you want. A commercial router like a Mikrotik
can do this too.
Each user 'gateway' would be a VPN client. Either a small home
router with VPN capability or perhaps a Raspberry PI could be used
at the client end.
Note that as it will be exposed to the open Internet and will become
a target for hackers, you will have to install and configure various
security measures, keep it up to date, and monitor it closely.
- Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via 44Net wrote:
Hi there
We consider to advertise part of our Country AMPRNET IP Network
allocation via
BGP to a small DataCenter
We want from there to allow users to have a
gateways that will have
IPIP tunnel to it.
By that we will decrease the latency of the
IPIP tunnel that goes to
UCSD and back and also hopefully get a much bigger
bandwidth (from the data
center and not from the UCSD limitations)
What Do we need to have in the Data Center in
order to Support it ?
Is there any expert here that may direct the Software person (if it is a
software
solution) in our team ? to do it ?
any info would be appreciated
Regards
Ronen - 4Z4ZQ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
3:40 p.m.
It will be more difficult and painful to support both IPIP and
OpenVPN.
Since this is a new installation, requiring the users to use OpenVPN
or equivalent software is probably a better idea. IPIP is a legacy
protocol, not secure, and not easy to administrate. You should not
use it if you don't absolutely have to.
If you *do* have to use IPIP, you should talk to someone who is
already doing this. I think PE1CHL Rob may be able to offer advice,
if he has time. I suspect you will have to build your own tools to
manage the IPIP configuration at the server.
OpenVPN will deal with dynamic client addresses.
Since each home gateway will get a small piece of the subnet, routing
is automatic and handled by the OpenVPN server.
There is other VPN server software than OpenVPN. Perhaps you would
prefer one of them.
- Brian
On Thu, Feb 21, 2019 at 03:27:21PM +0000, R P via 44Net wrote:
Thank U Brian
What system in the data center will deal the problem of the end users gateways that uses
Dynamic IP that do IPIP to it ? (like UCSD deal with it today )and spread the updated
routing tables ?
Part of the users probably use VPN and with that the IP address change is not a problem
but part of them also will use IPIP ...
6:43 p.m.
While I’m a fan of the raspberry pi I’d recommend offloading log-writes and other dusk
intensive processes to an external system or disk or maybe creating a RAM disk. I didn’t
account for this and suffered a micro-SD failure taking my gateway down.
I’m currently exploring the Edgerouter (with Marius) as a gateway, and also looking at RAM
disk logging on the raspberry pi.
— tom
Tom Cardinal / MSgt USAF (Ret) / N2XU / BSCS / CASP+
On Feb 21, 2019, at 9:15 AM, Brian Kantor
<Brian(a)bkantor.net> wrote:
A server (probably a VPS running Linux) equipped with OpenVPN
software can do what you want. A commercial router like a Mikrotik
can do this too.
Each user 'gateway' would be a VPN client. Either a small home
router with VPN capability or perhaps a Raspberry PI could be used
at the client end.
Note that as it will be exposed to the open Internet and will become
a target for hackers, you will have to install and configure various
security measures, keep it up to date, and monitor it closely.
- Brian
On Thu, Feb 21, 2019 at 02:55:12PM +0000, R P via
44Net wrote:
Hi there
We consider to advertise part of our Country AMPRNET IP Network allocation via BGP to
a small DataCenter
We want from there to allow users to have a gateways that will have IPIP tunnel to it.
By that we will decrease the latency of the IPIP tunnel that goes to UCSD and back and
also hopefully get a much bigger bandwidth (from the data center and not from the UCSD
limitations)
What Do we need to have in the Data Center in order to Support it ?
Is there any expert here that may direct the Software person (if it is a software
solution) in our team ? to do it ?
any info would be appreciated
Regards
Ronen - 4Z4ZQ
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1902
days inactive
1902
days old
5 comments
4 participants
participants (4)
-
Brian Kantor -
John D. Hays -
R P -
Tom Cardinal