[HamWAN PSDR] Holy smokes, we have Internet address space!
Bart Kus
me at bartk.us
Wed Feb 20 00:16:48 PST 2013
It's just a little more efficient to stop unwanted traffic early, before
it takes up a bunch of airtime. Just an optimization, which may not be
worth the complexity right up front. Your suggestion works too.
--Bart
On 2/19/2013 8:46 PM, Benjamin Krueger wrote:
> Just saw this, "just needs to push an ACL update". Why can't we just
> route all traffic and let the client nodes run their own firewalls? We
> *really* don't want to be in the distributed firewall business. :)
>
>
> On Wed, Feb 13, 2013 at 4:04 PM, Bart Kus <me at bartk.us
> <mailto:me at bartk.us>> wrote:
>
> Global reachability is not in conflict with autonomy. Achieving
> both simultaneously just requires careful design of HamWAN network
> services. If the HamWAN internet feed drops off, the routing, DNS
> and other services need to continue working. The first word in
> ASN is Autonomous after all. :)
>
> I consider NAT and Proxies as old crusty hacks from the age of
> ISPs giving out just 1 IP/customer. It's time to put these ideas
> to rest. IPv6 will do this on the commercial internet in the
> coming years, and AMPRnet will allow us to do it immediately
> here. For the cases where communication is to be restricted due
> to user preference, we can push filtering rules to firewalls at
> the edges of the network, and at the HamWAN <-> user site
> interface. In short, firewalls: yes, nat+gateways: no.
>
> If a user wants to make a service running on one of his servers
> public, he just needs to push an ACL update to HamWAN and it'll be
> opened up. No need to re-IP, update DNS, change NICs, whatever
> else. And most importantly, it makes everyone equal. Your subnet
> allocation has the same powers as mine. There is no special
> ground to fight over, such as space on a public subnet, or access
> to some officially sanctioned gateway servers that are allowed to
> do special things.
>
> If you want though, you can of course live in the world of private
> IPs and NAT. Just configure your LAN router that way.
>
> Complete freedom of configuration. This is the way the internet
> should have evolved for geeks!
>
> --Bart
>
>
>
> On 2/13/2013 8:30 AM, Cory (NQ1E) wrote:
>> Unless I've misunderstood the point of this network all together,
>> there shouldn't be a case where we want the entire network
>> address space to be reachable from the global internet. It's
>> much more likely that the network will remain as autonomous as
>> possible and any connections to the internet will be for
>> connecting specific services through a gateway of some sort.
>>
>> A subnet of at least /23 (typical minimum for global BGP
>> announcements) should be reserved for the purpose of being
>> globally routable in the future, if/when HamWAN decides to peer
>> with one or more ISPs. An address in the /23 can be given to
>> each service gateway for connecting to the internet.
>>
>> The rest of the 44-net allocation can be treated as private
>> address space, except that it's essentially guaranteed not to
>> cause conflicts with the user-level networks since it's still
>> globally unique.
>>
>>
>>
>> On Wed, Feb 13, 2013 at 2:28 AM, Bart Kus <me at bartk.us
>> <mailto:me at bartk.us>> wrote:
>>
>> Clever ;)
>>
>> What if HamWAN switches ISPs? All that IPv6 space would need
>> to be given up. It can't follow you AFAIK. Or the ISP may
>> charge whatever they feel like to let you take it with you.
>> Also bad.
>>
>> The fees for IPv6 are not as low as I had hoped, but not as
>> high as you think either! There's a 25% discount in effect
>> for "extra-small" allocations (which are still larger than
>> the entire IPv4 internet). The cost looks to be $937.50/yr.
>> Not sure it's worth the cost, given the IPv4 AMPRnet
>> situation. We can very likely just expand our AMPRnet
>> allocation if we out-grow the /20.
>>
>> --Bart
>>
>>
>>
>> On 2/13/2013 1:10 AM, Cory (NQ1E) wrote:
>>> Here's an IPv6 allocation for you ;)
>>>
>>> ::ffff:44.24.240.0/116 <http://44.24.240.0/116>
>>>
>>> With the obvious exception of AMPRNet addresses for amateur
>>> radio use, IP allocations should come from an ISP.
>>> Obtaining a direct allocation from ARIN would cost around a
>>> couple grand per year.
>>>
>>>
>>> On Wed, Feb 13, 2013 at 12:46 AM, Bart Kus <me at bartk.us
>>> <mailto:me at bartk.us>> wrote:
>>>
>>> Result: APPROVED
>>> Your allocated subnet is: 44.24.240.0 / 20
>>> <tel:44.24.240.0%20%2F%2020>
>>>
>>> https://portal.ampr.org/networks.php?a=region&id=191
>>>
>>> HamWAN now has 4096 real Internet IPs to play with.
>>> Next up: we gotta crack the mystery of getting IPv6 net
>>> space. Any volunteers? :)
>>>
>>> What an incredibly productive day,
>>>
>>> --Bart
>>>
>>>
>>> _______________________________________________
>>> PSDR mailing list
>>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> PSDR mailing list
>>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>>
>>
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>>
>>
>>
>>
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
>
>
> --
> Benjamin
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20130220/6a6a6cd9/attachment.html>
More information about the PSDR
mailing list