[HamWAN PSDR] Holy smokes, we have Internet address space!

Benjamin Krueger ben.krueger at gmail.com
Tue Feb 19 20:46:20 PST 2013 

Just saw this, "just needs to push an ACL update". Why can't we just route
all traffic and let the client nodes run their own firewalls? We *really*
don't want to be in the distributed firewall business. :)


On Wed, Feb 13, 2013 at 4:04 PM, Bart Kus <me at bartk.us> wrote:

>  Global reachability is not in conflict with autonomy.  Achieving both
> simultaneously just requires careful design of HamWAN network services.  If
> the HamWAN internet feed drops off, the routing, DNS and other services
> need to continue working.  The first word in ASN is Autonomous after all. :)
>
> I consider NAT and Proxies as old crusty hacks from the age of ISPs giving
> out just 1 IP/customer.  It's time to put these ideas to rest.  IPv6 will
> do this on the commercial internet in the coming years, and AMPRnet will
> allow us to do it immediately here.  For the cases where communication is
> to be restricted due to user preference, we can push filtering rules to
> firewalls at the edges of the network, and at the HamWAN <-> user site
> interface.  In short, firewalls: yes, nat+gateways: no.
>
> If a user wants to make a service running on one of his servers public, he
> just needs to push an ACL update to HamWAN and it'll be opened up.  No need
> to re-IP, update DNS, change NICs, whatever else.  And most importantly, it
> makes everyone equal.  Your subnet allocation has the same powers as mine.
> There is no special ground to fight over, such as space on a public subnet,
> or access to some officially sanctioned gateway servers that are allowed to
> do special things.
>
> If you want though, you can of course live in the world of private IPs and
> NAT.  Just configure your LAN router that way.
>
> Complete freedom of configuration.  This is the way the internet should
> have evolved for geeks!
>
> --Bart
>
>
>
> On 2/13/2013 8:30 AM, Cory (NQ1E) wrote:
>
> Unless I've misunderstood the point of this network all together, there
> shouldn't be a case where we want the entire network address space to be
> reachable from the global internet.  It's much more likely that the network
> will remain as autonomous as possible and any connections to the internet
> will be for connecting specific services through a gateway of some sort.
>
>  A subnet of at least /23 (typical minimum for global BGP announcements)
> should be reserved for the purpose of being globally routable in the
> future, if/when HamWAN decides to peer with one or more ISPs.  An address
> in the /23 can be given to each service gateway for connecting to the
> internet.
>
>  The rest of the 44-net allocation can be treated as private address
> space, except that it's essentially guaranteed not to cause conflicts with
> the user-level networks since it's still globally unique.
>
>
>
> On Wed, Feb 13, 2013 at 2:28 AM, Bart Kus <me at bartk.us> wrote:
>
>>  Clever ;)
>>
>> What if HamWAN switches ISPs?  All that IPv6 space would need to be given
>> up.  It can't follow you AFAIK.  Or the ISP may charge whatever they feel
>> like to let you take it with you.  Also bad.
>>
>> The fees for IPv6 are not as low as I had hoped, but not as high as you
>> think either!  There's a 25% discount in effect for "extra-small"
>> allocations (which are still larger than the entire IPv4 internet).  The
>> cost looks to be $937.50/yr.  Not sure it's worth the cost, given the IPv4
>> AMPRnet situation.  We can very likely just expand our AMPRnet allocation
>> if we out-grow the /20.
>>
>> --Bart
>>
>>
>>
>> On 2/13/2013 1:10 AM, Cory (NQ1E) wrote:
>>
>> Here's an IPv6 allocation for you ;)
>>
>>  ::ffff:44.24.240.0/116
>>
>>  With the obvious exception of AMPRNet addresses for amateur radio use,
>> IP allocations should come from an ISP.  Obtaining a direct allocation from
>> ARIN would cost around a couple grand per year.
>>
>>
>> On Wed, Feb 13, 2013 at 12:46 AM, Bart Kus <me at bartk.us> wrote:
>>
>>> Result: APPROVED
>>> Your allocated subnet is: 44.24.240.0 / 20 <44.24.240.0%20%2F%2020>
>>>
>>> https://portal.ampr.org/networks.php?a=region&id=191
>>>
>>> HamWAN now has 4096 real Internet IPs to play with.  Next up: we gotta
>>> crack the mystery of getting IPv6 net space.  Any volunteers? :)
>>>
>>> What an incredibly productive day,
>>>
>>> --Bart
>>>
>>>
>>> _______________________________________________
>>> PSDR mailing list
>>> PSDR at hamwan.org
>>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>>>
>>
>>
>>
>> _______________________________________________
>> PSDR mailing listPSDR at hamwan.orghttp://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>>
>>
>>
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org
>> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>>
>>
>
>
> _______________________________________________
> PSDR mailing listPSDR at hamwan.orghttp://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>


-- 
Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20130219/90df0d29/attachment.html>

More information about the PSDR mailing list