From time to time testing various setups I need to determine if the
remote 44 host is IPIP or BGP so that I can verify everything is working etc.
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Does anyone know of an up to date source?
I used to test new installs against hambook.de.ampr.org (44.225.164.16) as I know this is not reachable via the normal internet, but is via 44net. It used to be via an IPIP tunnel. I don't see it in my routes, so it must be via BGP now, but I don't see it from the above source.
Thanks
Nevermind I figured it out. The address wasn't showing up when I'd grep 44.225 because its part of a much bigger CIDR: 44.224.0.0/15 (which I wasn't taking into account)
root@ampr-pi:/var/lib/ampr-ripd# ip route show table 44 | grep 44.224 44.224.0.0/15 via 141.75.245.225 dev tunl0 proto 44 onlink window 840
So it's via an IPIP tunnel and not BGP, which is why I wasn't seeing it via the thyme host.
On Fri, Feb 22, 2019 at 11:12 PM Steve L kb9mwr@gmail.com wrote:
From time to time testing various setups I need to determine if the remote 44 host is IPIP or BGP so that I can verify everything is working etc.
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Does anyone know of an up to date source?
I used to test new installs against hambook.de.ampr.org (44.225.164.16) as I know this is not reachable via the normal internet, but is via 44net. It used to be via an IPIP tunnel. I don't see it in my routes, so it must be via BGP now, but I don't see it from the above source.
Thanks
On 23/02/19 16:12, Steve L via 44Net wrote:
From time to time testing various setups I need to determine if the remote 44 host is IPIP or BGP so that I can verify everything is working etc.
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Looks fairly up to date, from what I can see.
Regarding this topic, I have a "technical" proposal on it.
Wouldn't it make sense to advertise the BGP subnets in the RIP broadcasts, too?
In light of the fact that the ampr gw forwards these routes anyway, if those subnets would appear as 44.x.y.z/n via 169.228.34.84 (the ampr gw) (and most gateways feature a default route to the ampr gw anyway), then all current setups would work without any change.
This would also allow to easily find out all BGP routed networks using a simple filter on the route list.
Announcing them with a routing distance of 16 (infinity) in the RIP would also make sense since Ampr-ripd and Amprd ignores those routes.
Marius, YO2LOJ
On 23.02.2019 07:12, Steve L via 44Net wrote:
From time to time testing various setups I need to determine if the remote 44 host is IPIP or BGP so that I can verify everything is working etc.
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Does anyone know of an up to date source?
I used to test new installs against hambook.de.ampr.org (44.225.164.16) as I know this is not reachable via the normal internet, but is via 44net. It used to be via an IPIP tunnel. I don't see it in my routes, so it must be via BGP now, but I don't see it from the above source.
Thanks _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
It works, at least for 44.182.1.1 - I just checked. Egress via ampr tunnel default route, a reglar trace with amprgw as the first hop.
Marius, YO2LOJ
On 23.02.2019 14:02, Brian Kantor wrote:
As far as I know it does NOT. I believe they're blocked at the entrance firewall to amprgw.
- Brian
On Sat, Feb 23, 2019 at 01:38:19PM +0200, Marius Petrescu wrote:
In light of the fact that the ampr gw forwards these routes anyway [...]
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Ah, I see I misunderstood what you said. Yes, that would be expected to work. I was thinking of the inbound path. - Brian
On Sat, Feb 23, 2019 at 06:33:14PM +0200, Marius Petrescu wrote:
It works, at least for 44.182.1.1 - I just checked. Egress via ampr tunnel default route, a reglar trace with amprgw as the first hop.
Marius, YO2LOJ
On 23.02.2019 14:02, Brian Kantor wrote:
As far as I know it does NOT. I believe they're blocked at the entrance firewall to amprgw.
- Brian
On Sat, Feb 23, 2019 at 01:38:19PM +0200, Marius Petrescu wrote:
In light of the fact that the ampr gw forwards these routes anyway [...]
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
So, wouldn't it make sense to publish BGP routed networks that do not have 'tunnel ' set in the portal as RIP routes using amprgw as gateway?
This would solve some issues: - Users could actually see all reachable destinations in their route list
- Users could easily identify BGP networks by checking 169.228.34.84 as their gateway
- they could drop the setting of that 'default' route in the ampr routing table, allowing a (implicit) throw to the main table. This will make it easier to reach local or directly connected ampr networks (which now need routes placed in the ampr table). Also, unknown destinations would be NATed to the system's gateway, without putting any additional traffic to amprgw.
- it would also allow to have all routes in a single routing table while being able to reach tunneled and BGPd networks using their AMPR address without policy routing.
Existing set-ups would not affected by such a change in any way.
Marius, YO2LOJ
On 23.02.2019 19:00, Brian Kantor wrote:
Ah, I see I misunderstood what you said. Yes, that would be expected to work. I was thinking of the inbound path.
- Brian
On Sat, Feb 23, 2019 at 06:33:14PM +0200, Marius Petrescu wrote:
It works, at least for 44.182.1.1 - I just checked. Egress via ampr tunnel default route, a reglar trace with amprgw as the first hop.
Marius, YO2LOJ
On 23.02.2019 14:02, Brian Kantor wrote:
As far as I know it does NOT. I believe they're blocked at the entrance firewall to amprgw.
- Brian
On Sat, Feb 23, 2019 at 01:38:19PM +0200, Marius Petrescu wrote:
In light of the fact that the ampr gw forwards these routes anyway [...]
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
It'll take a significant redesign of the rip sender. Maybe in a couple of months I'll be able to devote some time to it. Don't hold your breath.
I can't help but wonder what we're missing in this. - Brian
On Sat, Feb 23, 2019 at 09:15:34PM +0200, Marius Petrescu wrote:
So, wouldn't it make sense to publish BGP routed networks that do not have 'tunnel ' set in the portal as RIP routes using amprgw as gateway?
This would solve some issues:
Users could actually see all reachable destinations in their route list
Users could easily identify BGP networks by checking 169.228.34.84 as
their gateway
- they could drop the setting of that 'default' route in the ampr
routing table, allowing a (implicit) throw to the main table. This will make it easier to reach local or directly connected ampr networks (which now need routes placed in the ampr table). Also, unknown destinations would be NATed to the system's gateway, without putting any additional traffic to amprgw.
- it would also allow to have all routes in a single routing table while
being able to reach tunneled and BGPd networks using their AMPR address without policy routing.
Existing set-ups would not affected by such a change in any way.
Marius, YO2LOJ
On 23.02.2019 19:00, Brian Kantor wrote:
Ah, I see I misunderstood what you said. Yes, that would be expected to work. I was thinking of the inbound path.
- Brian
On Sat, Feb 23, 2019 at 06:33:14PM +0200, Marius Petrescu wrote:
It works, at least for 44.182.1.1 - I just checked. Egress via ampr tunnel default route, a reglar trace with amprgw as the first hop.
Marius, YO2LOJ
On 23.02.2019 14:02, Brian Kantor wrote:
As far as I know it does NOT. I believe they're blocked at the entrance firewall to amprgw.
- Brian
On Sat, Feb 23, 2019 at 01:38:19PM +0200, Marius Petrescu wrote:
In light of the fact that the ampr gw forwards these routes anyway [...]
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Marius,
I know I said this would take quite a bit of time/work, but I dreamed up a clever way to get it done, and I'm ready to turn that on if you think it really won't hurt any existing installations. - Brian
On Sat, Feb 23, 2019 at 09:15:34PM +0200, Marius Petrescu wrote:
So, wouldn't it make sense to publish BGP routed networks that do not have 'tunnel ' set in the portal as RIP routes using amprgw as gateway?
Won’t that break things? Exit through ampr gateway but entry through the internet? I know some statefull firewalls that won’t like that very much.. Where ampr router is on one interface and the internet on another
Ruben - ON3RVH
On 24 Feb 2019, at 15:03, Brian Kantor Brian@bkantor.net wrote:
Marius,
I know I said this would take quite a bit of time/work, but I dreamed up a clever way to get it done, and I'm ready to turn that on if you think it really won't hurt any existing installations.
- Brian
On Sat, Feb 23, 2019 at 09:15:34PM +0200, Marius Petrescu wrote: So, wouldn't it make sense to publish BGP routed networks that do not have 'tunnel ' set in the portal as RIP routes using amprgw as gateway?
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Ruben,
It won't enter trough the internet unless your tunnel GW address is BGP announced. And if the system is BGP announced, it won't need the tunnels.
For those also providing tunnel endpoints on BGPd systems using 44. endpoints, a simple addition of the on the 169.228.34.84 address to the -a parameter will restore the previous situation.
On tunnel only systems, the behavior would be the same as the ubiquitous default route via amprgw on most setups. Just that we have those individual routes to play with.
Marius, YO2LOJ
On 24.02.2019 16:28, Ruben ON3RVH wrote:
Won’t that break things? Exit through ampr gateway but entry through the internet? I know some statefull firewalls that won’t like that very much.. Where ampr router is on one interface and the internet on another
Ruben - ON3RVH
On 24 Feb 2019, at 15:03, Brian Kantor Brian@bkantor.net wrote:
Marius,
I know I said this would take quite a bit of time/work, but I dreamed up a clever way to get it done, and I'm ready to turn that on if you think it really won't hurt any existing installations. - Brian
On Sat, Feb 23, 2019 at 09:15:34PM +0200, Marius Petrescu wrote: So, wouldn't it make sense to publish BGP routed networks that do not have 'tunnel ' set in the portal as RIP routes using amprgw as gateway?
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Check... http://yo2tm.ampr.org/nettools.php?host=44.182.1.1&submit=IPv4+Trace&...
On 23.02.2019 14:02, Brian Kantor wrote:
As far as I know it does NOT. I believe they're blocked at the entrance firewall to amprgw.
- Brian
On Sat, Feb 23, 2019 at 01:38:19PM +0200, Marius Petrescu wrote:
In light of the fact that the ampr gw forwards these routes anyway [...]
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
I believe that 'thyme' list is as current a list as you're going to find, and unlike the portal database, it doesn't list subnets that people aren't actively advertising.
Also, there is a significant discrepency. The 'thyme' list is of actual advertisements; there are 199 of those. The portal database lists 253 Direct networks, so clearly some allocated BGP networks aren't being actively advertised to the backbone. Worse, some people got allocations for a /22 or a /23, but then chose to advertise pieces of it as multiple /24s, which is confusing! - Brian
On 23.02.2019 07:12, Steve L via 44Net wrote:
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Does anyone know of an up to date source?
You can always query a specific subnet on the whois server (whois.ampr.org), it will tell you if the subnet is permitted to be BGP announced or not (amongst other things).
Chris
On 23 Feb 2019, at 12:19, Brian Kantor Brian@bkantor.net wrote:
I believe that 'thyme' list is as current a list as you're going to find, and unlike the portal database, it doesn't list subnets that people aren't actively advertising.
Also, there is a significant discrepency. The 'thyme' list is of actual advertisements; there are 199 of those. The portal database lists 253 Direct networks, so clearly some allocated BGP networks aren't being actively advertised to the backbone. Worse, some people got allocations for a /22 or a /23, but then chose to advertise pieces of it as multiple /24s, which is confusing!
- Brian
On 23.02.2019 07:12, Steve L via 44Net wrote:
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Does anyone know of an up to date source?
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Would it be possible for the whois server to also display the gateway address? I'd find that rather handy.
whois -h whois.ampr.org 44.92.21.35
Network: 44.92.21.0/25 Type: user BGP: NO Callsign: KB9MWR Locator: EN54xl Description:KB9MWR-LAN Allocated: 2016-03-22 14:57:27 Updated: 2016-03-22 15:24:11
On Sat, Feb 23, 2019 at 7:13 AM G1FEF via 44Net 44net@mailman.ampr.org wrote:
You can always query a specific subnet on the whois server (whois.ampr.org), it will tell you if the subnet is permitted to be BGP announced or not (amongst other things).
Chris
On 23 Feb 2019, at 12:19, Brian Kantor Brian@bkantor.net wrote:
I believe that 'thyme' list is as current a list as you're going to find, and unlike the portal database, it doesn't list subnets that people aren't actively advertising.
Also, there is a significant discrepency. The 'thyme' list is of actual advertisements; there are 199 of those. The portal database lists 253 Direct networks, so clearly some allocated BGP networks aren't being actively advertised to the backbone. Worse, some people got allocations for a /22 or a /23, but then chose to advertise pieces of it as multiple /24s, which is confusing! - Brian
On 23.02.2019 07:12, Steve L via 44Net wrote:
I used to grep this, but apparently this is not current? http://thyme.rand.apnic.net/current/data-add-ARIN
Does anyone know of an up to date source?
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
-
Brian Kantor -
G1FEF -
Marius Petrescu -
Ruben ON3RVH -
Steve L -
Tony Langdon