<div dir="ltr">Just saw this, "just needs to push an ACL update". Why can't we just route all traffic and let the client nodes run their own firewalls? We *really* don't want to be in the distributed firewall business. :)</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 4:04 PM, Bart Kus <span dir="ltr"><<a href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Global reachability is not in conflict
with autonomy. Achieving both simultaneously just requires
careful design of HamWAN network services. If the HamWAN internet
feed drops off, the routing, DNS and other services need to
continue working. The first word in ASN is Autonomous after all.
:)<br>
<br>
I consider NAT and Proxies as old crusty hacks from the age of
ISPs giving out just 1 IP/customer. It's time to put these ideas
to rest. IPv6 will do this on the commercial internet in the
coming years, and AMPRnet will allow us to do it immediately
here. For the cases where communication is to be restricted due
to user preference, we can push filtering rules to firewalls at
the edges of the network, and at the HamWAN <-> user site
interface. In short, firewalls: yes, nat+gateways: no.<br>
<br>
If a user wants to make a service running on one of his servers
public, he just needs to push an ACL update to HamWAN and it'll be
opened up. No need to re-IP, update DNS, change NICs, whatever
else. And most importantly, it makes everyone equal. Your subnet
allocation has the same powers as mine. There is no special
ground to fight over, such as space on a public subnet, or access
to some officially sanctioned gateway servers that are allowed to
do special things.<br>
<br>
If you want though, you can of course live in the world of private
IPs and NAT. Just configure your LAN router that way.<br>
<br>
Complete freedom of configuration. This is the way the internet
should have evolved for geeks!<span class="HOEnZb"><font color="#888888"><br>
<br>
--Bart</font></span><div><div class="h5"><br>
<br>
<br>
On 2/13/2013 8:30 AM, Cory (NQ1E) wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Unless I've misunderstood the point of this network
all together, there shouldn't be a case where we want the entire
network address space to be reachable from the global internet.
It's much more likely that the network will remain as
autonomous as possible and any connections to the internet will
be for connecting specific services through a gateway of some
sort.
<div>
<br>
</div>
<div>A subnet of at least /23 (typical minimum for
global BGP announcements) should be reserved for the purpose
of being globally routable in the future, if/when HamWAN
decides to peer with one or more ISPs. An address in the /23
can be given to each service gateway for connecting to the
internet.</div>
<div><br>
</div>
<div>The rest of the 44-net allocation can be treated
as private address space, except that it's
essentially guaranteed not to cause conflicts with the
user-level networks since it's still globally unique.</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Feb 13, 2013 at 2:28 AM, Bart
Kus <span dir="ltr"><<a href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Clever ;)<br>
<br>
What if HamWAN switches ISPs? All that IPv6 space would
need to be given up. It can't follow you AFAIK. Or the
ISP may charge whatever they feel like to let you take
it with you. Also bad.<br>
<br>
The fees for IPv6 are not as low as I had hoped, but not
as high as you think either! There's a 25% discount in
effect for "extra-small" allocations (which are still
larger than the entire IPv4 internet). The cost looks
to be $937.50/yr. Not sure it's worth the cost, given
the IPv4 AMPRnet situation. We can very likely just
expand our AMPRnet allocation if we out-grow the /20.<span><font color="#888888"><br>
<br>
--Bart</font></span>
<div>
<div><br>
<br>
<br>
On 2/13/2013 1:10 AM, Cory (NQ1E) wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Here's an IPv6 allocation for you ;)
<div><br>
</div>
<div>::ffff:<a href="http://44.24.240.0/116" target="_blank">44.24.240.0/116</a></div>
<div><br>
</div>
<div>With the obvious exception of AMPRNet
addresses for amateur radio use, IP allocations
should come from an ISP. Obtaining a direct
allocation from ARIN would cost around a couple
grand per year.</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Feb 13, 2013 at
12:46 AM, Bart Kus <span dir="ltr"><<a href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Result: APPROVED<br>
Your allocated subnet is: <a href="tel:44.24.240.0%20%2F%2020" value="+14424240020" target="_blank">44.24.240.0
/ 20</a><br>
<br>
<a href="https://portal.ampr.org/networks.php?a=region&id=191" target="_blank">https://portal.ampr.org/networks.php?a=region&id=191</a><br>
<br>
HamWAN now has 4096 real Internet IPs to play
with. Next up: we gotta crack the mystery of
getting IPv6 net space. Any volunteers? :)<br>
<br>
What an incredibly productive day,<br>
<br>
--Bart<br>
<br>
<br>
_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a><br>
<a href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
PSDR mailing list
<a href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a>
<a href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a><br>
<a href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
PSDR mailing list
<a href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a>
<a href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
PSDR mailing list<br>
<a href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a><br>
<a href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Benjamin<br></div>
</div>