Hello all, and thank you for your assistance. I have 44.10.10.0/24 allocated and announced via BGP. The subnet terminates to an Ubuntu server in a data center. I want to allocate addresses from this subnet via tunnels to other locations. For example, I would like to assign an address or a block of addresses to my home location (Cisco 1900 router) from this subnet. Is this possible, or do I need to look at a different option? Thank you!
On Mon, May 1, 2017 at 10:18 AM, Phil Pacier ad6nh@aprs2.net wrote:
Hello all, and thank you for your assistance. I have 44.10.10.0/24 allocated and announced via BGP. The subnet terminates to an Ubuntu server in a data center. I want to allocate addresses from this subnet via tunnels to other locations. For example, I would like to assign an address or a block of addresses to my home location (Cisco 1900 router) from this subnet. Is this possible, or do I need to look at a different option? Thank you!
Hi Phil,
This was actually just discussed: http://hamradio.ucsd.edu/mailman/private/44net/2017-April/006918.html It can only be done manually by the portal maintainer.
Your other option is to create your own tunnel system (site-to-site VPN) at your BGP endpoint.
Tom KD7LXL
Phil,
I am currently doing this. I am announcing my subnet with BGP on a PFSENSE VPS. I have half of it site to site to my house, and the other is a remote access vpn for my mobile devices that I am doing HAM stuff with.
I will write up a HOW-TO at some point, but it is definitely possible.
There are even some ways to do OPENVPN with a null cipher, but I am about to experiment a bit more with some other methods.
Just be weary on the site to site method...you are obviously going to be using double bandwidth for anything. I am working on setting up caching for linux packages.
Another thing that is kind of cool is that you can use cloudflare CDN for free to reduce the load of your webserver if your home connection is slow or data capped.
My HAM site is still kind of in shambles right now, I am trying to rebuild it after some hardware difficulties so that's why you wont see much on that subnet.
Here is a traceroute from one of the hosts on that site to site VPN to my actual ISP provided network so you can get an idea of the route:
mike@status:~$ curl icanhazip.com 44.20.4.14 mike@status:~$ traceroute HOMEIP traceroute to HOMEIP (xx.xx.xx.xx), 30 hops max, 60 byte packets 1 router.kf5jxv.net (44.20.4.1) 1.285 ms 1.193 ms 1.126 ms 2 10.20.4.1 (10.20.4.1) 41.441 ms 41.321 ms 42.295 ms 3 * * * 4 vl199-ds1-j2-650.01.05.dal4.choopa.net (173.199.97.65) 57.796 ms 57.702 ms 57.625 ms 5 vl913-br1-cer.dal4.choopa.net (108.61.110.41) 43.415 ms 43.736 ms 44.116 ms 6 dls-b22-link.telia.net (62.115.149.44) 44.368 ms 42.816 ms 42.999 ms 7 dls-b21-link.telia.net (62.115.140.29) 43.874 ms dls-b21-link.telia.net (62.115.143.58) 42.200 ms dls-b21-link.telia.net (62.115.120.88) 42.505 ms 8 qwest-ic-136700-dls-bb1.c.telia.net (213.248.84.198) 42.258 ms 41.628 ms 41.958 ms 9 hlrn-agw1.inet.qwest.net (208.168.140.73) 75.268 ms 74.908 ms 74.700 ms 10 hlrn-dsl-gw07-50.hlrn.qwest.net (71.217.188.50) 74.893 ms 74.663 ms 75.214 ms
Hop 1 is my local PFSENSE(VM) Hop 2 is my VPS with the bgp session over the site to site
The only thing I have found with this is that the latency is kind of a bummer(+40ms). I am trying to find somewhere a bit more local for this BGP session. I also still do not have it setup to accept incoming IPIP from the rest of 44net yet.
Going the other direction I have static routes pointing those subnets to my 44net VM router.
Hope this is of use to someone.
Cheers,
Mike KF5JXV
On Mon, May 1, 2017 at 11:29 AM, Tom Hayward esarfl@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Mon, May 1, 2017 at 10:18 AM, Phil Pacier ad6nh@aprs2.net wrote:
Hello all, and thank you for your assistance. I have 44.10.10.0/24 allocated and announced via BGP. The subnet terminates to an Ubuntu server in a data center. I want to allocate addresses from this subnet via tunnels to other locations. For example, I would like to assign an address or a block of addresses to my home location (Cisco 1900 router) from this subnet. Is this possible, or do I need to look at a different option? Thank you!
Hi Phil,
This was actually just discussed: http://hamradio.ucsd.edu/mailman/private/44net/2017-April/006918.html It can only be done manually by the portal maintainer.
Your other option is to create your own tunnel system (site-to-site VPN) at your BGP endpoint.
Tom KD7LXL _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Hi,
I also have a /24 announced via BGP which I have then allocated sub-allocations to end sites. My coordinator upgraded my portal account to be able to create sub-allocations within my subnet so I could do what you seem to be asking about, however it didn't end up being as useful as I expected. I am using the ability for testing things, however the "production" stuff is not registered on the portal and just goes to my /24.
As an example, I have routed a /29 to a server that is used as a VPN endpoint to give static IPs to a few devices. As I am advertising the space over BGP, I need to have a tunnelled route available from the router advertising the /24 to forward to the /29. It is likely that outbound traffic will also need to go through this path for Internet access. The router already has AMPRNet connectivity for the /24, so the /29 automatically "inherits it". The only advantage I can see to configuring the /29 on the portal as well is for direct traffic to other 44/8 networks. I came to the conclusion that the "inefficiency" of sending this traffic through my main router is a lot less hassle than maintaining RIP44 daemons at every tunnel endpoint and registering everything on the portal. I am effectively using the routers advertising the /24 as VPN gateways for the rest of the subnet.
The latency issue KF5JXV is having appears to be because he's located in the middle of nowhere in Internet routing terms. I am in the UK so my traffic goes via London anyway, making a detour via a London VPS not noticeable. You appear to be in CA and have the prefix advertised from LA, so your additional latency should be as imperceivable as mine. While the obvious option might be an OpenVPN server or something, as you're already using Vultr I can't help but mention the educational value in setting up stateless services that can be anycasted from multiple locations*. :)
Thanks, Mike, M6XCV
*You don't just need to worry about configuration, but also how the rest of the Internet chooses its "shortest" route!
On 1 May 2017 at 18:18, Phil Pacier ad6nh@aprs2.net wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hello all, and thank you for your assistance. I have 44.10.10.0/24 allocated and announced via BGP. The subnet terminates to an Ubuntu server in a data center. I want to allocate addresses from this subnet via tunnels to other locations. For example, I would like to assign an address or a block of addresses to my home location (Cisco 1900 router) from this subnet. Is this possible, or do I need to look at a different option? Thank you!
--
73 de Phil Pacier, AD6NH APRS Tier2 Network Coordinator https://u4477715.ct.sendgrid.net/wf/click?upn=L7qqYgwPvTwMbUijAihV1lv9mjaTup...
44Net mailing list 44Net@hamradio.ucsd.edu https://u4477715.ct.sendgrid.net/wf/click?upn=vS4GjSiF-2F5vYmfX5tr6ez81-2Fej...
-
M6XCV (Mike) -
Mike Nabhan -
Phil Pacier -
Tom Hayward