<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">It's just a little more efficient to
      stop unwanted traffic early, before it takes up a bunch of
      airtime.  Just an optimization, which may not be worth the
      complexity right up front.  Your suggestion works too.<br>
      <br>
      --Bart<br>
      <br>
      On 2/19/2013 8:46 PM, Benjamin Krueger wrote:<br>
    </div>
    <blockquote
cite="mid:CAMcW5Do28RNt1h7JaDU6batQcdr8h2s2G-_ywcVey7RzKQTtag@mail.gmail.com"
      type="cite">
      <div dir="ltr">Just saw this, "just needs to push an ACL update".
        Why can't we just route all traffic and let the client nodes run
        their own firewalls? We *really* don't want to be in the
        distributed firewall business. :)</div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Wed, Feb 13, 2013 at 4:04 PM, Bart
          Kus <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>Global reachability is not in conflict with
                autonomy.  Achieving both simultaneously just requires
                careful design of HamWAN network services.  If the
                HamWAN internet feed drops off, the routing, DNS and
                other services need to continue working.  The first word
                in ASN is Autonomous after all. :)<br>
                <br>
                I consider NAT and Proxies as old crusty hacks from the
                age of ISPs giving out just 1 IP/customer.  It's time to
                put these ideas to rest.  IPv6 will do this on the
                commercial internet in the coming years, and AMPRnet
                will allow us to do it immediately here.  For the cases
                where communication is to be restricted due to user
                preference, we can push filtering rules to firewalls at
                the edges of the network, and at the HamWAN <->
                user site interface.  In short, firewalls: yes,
                nat+gateways: no.<br>
                <br>
                If a user wants to make a service running on one of his
                servers public, he just needs to push an ACL update to
                HamWAN and it'll be opened up.  No need to re-IP, update
                DNS, change NICs, whatever else.  And most importantly,
                it makes everyone equal.  Your subnet allocation has the
                same powers as mine.  There is no special ground to
                fight over, such as space on a public subnet, or access
                to some officially sanctioned gateway servers that are
                allowed to do special things.<br>
                <br>
                If you want though, you can of course live in the world
                of private IPs and NAT.  Just configure your LAN router
                that way.<br>
                <br>
                Complete freedom of configuration.  This is the way the
                internet should have evolved for geeks!<span
                  class="HOEnZb"><font color="#888888"><br>
                    <br>
                    --Bart</font></span>
                <div>
                  <div class="h5"><br>
                    <br>
                    <br>
                    On 2/13/2013 8:30 AM, Cory (NQ1E) wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">Unless I've misunderstood the point
                      of this network all together, there shouldn't be a
                      case where we want the entire network address
                      space to be reachable from the global internet.
                       It's much more likely that the network will
                      remain as autonomous as possible and any
                      connections to the internet will be for connecting
                      specific services through a gateway of some sort.
                      <div> <br>
                      </div>
                      <div>A subnet of at least /23 (typical minimum for
                        global BGP announcements) should be reserved for
                        the purpose of being globally routable in the
                        future, if/when HamWAN decides to peer with one
                        or more ISPs.  An address in the /23 can be
                        given to each service gateway for connecting to
                        the internet.</div>
                      <div><br>
                      </div>
                      <div>The rest of the 44-net allocation can be
                        treated as private address space, except that
                        it's essentially guaranteed not to cause
                        conflicts with the user-level networks since
                        it's still globally unique.</div>
                      <div><br>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">On Wed, Feb 13, 2013 at
                        2:28 AM, Bart Kus <span dir="ltr"><<a
                            moz-do-not-send="true"
                            href="mailto:me@bartk.us" target="_blank">me@bartk.us</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div text="#000000" bgcolor="#FFFFFF">
                            <div>Clever ;)<br>
                              <br>
                              What if HamWAN switches ISPs?  All that
                              IPv6 space would need to be given up.  It
                              can't follow you AFAIK.  Or the ISP may
                              charge whatever they feel like to let you
                              take it with you.  Also bad.<br>
                              <br>
                              The fees for IPv6 are not as low as I had
                              hoped, but not as high as you think
                              either!  There's a 25% discount in effect
                              for "extra-small" allocations (which are
                              still larger than the entire IPv4
                              internet).  The cost looks to be
                              $937.50/yr.  Not sure it's worth the cost,
                              given the IPv4 AMPRnet situation.  We can
                              very likely just expand our AMPRnet
                              allocation if we out-grow the /20.<span><font
                                  color="#888888"><br>
                                  <br>
                                  --Bart</font></span>
                              <div>
                                <div><br>
                                  <br>
                                  <br>
                                  On 2/13/2013 1:10 AM, Cory (NQ1E)
                                  wrote:<br>
                                </div>
                              </div>
                            </div>
                            <div>
                              <div>
                                <blockquote type="cite">
                                  <div dir="ltr">Here's an IPv6
                                    allocation for you ;)
                                    <div><br>
                                    </div>
                                    <div>::ffff:<a
                                        moz-do-not-send="true"
                                        href="http://44.24.240.0/116"
                                        target="_blank">44.24.240.0/116</a></div>
                                    <div><br>
                                    </div>
                                    <div>With the obvious exception of
                                      AMPRNet addresses for amateur
                                      radio use, IP allocations should
                                      come from an ISP.  Obtaining a
                                      direct allocation from ARIN would
                                      cost around a couple grand per
                                      year.</div>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <br>
                                    <div class="gmail_quote">On Wed, Feb
                                      13, 2013 at 12:46 AM, Bart Kus <span
                                        dir="ltr"><<a
                                          moz-do-not-send="true"
                                          href="mailto:me@bartk.us"
                                          target="_blank">me@bartk.us</a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote"
                                        style="margin:0 0 0
                                        .8ex;border-left:1px #ccc
                                        solid;padding-left:1ex"> Result:
                                        APPROVED<br>
                                        Your allocated subnet is: <a
                                          moz-do-not-send="true"
                                          href="tel:44.24.240.0%20%2F%2020"
                                          value="+14424240020"
                                          target="_blank">44.24.240.0 /
                                          20</a><br>
                                        <br>
                                        <a moz-do-not-send="true"
                                          href="https://portal.ampr.org/networks.php?a=region&id=191"
                                          target="_blank">https://portal.ampr.org/networks.php?a=region&id=191</a><br>
                                        <br>
                                        HamWAN now has 4096 real
                                        Internet IPs to play with.  Next
                                        up: we gotta crack the mystery
                                        of getting IPv6 net space.  Any
                                        volunteers? :)<br>
                                        <br>
                                        What an incredibly productive
                                        day,<br>
                                        <br>
                                        --Bart<br>
                                        <br>
                                        <br>
_______________________________________________<br>
                                        PSDR mailing list<br>
                                        <a moz-do-not-send="true"
                                          href="mailto:PSDR@hamwan.org"
                                          target="_blank">PSDR@hamwan.org</a><br>
                                        <a moz-do-not-send="true"
                                          href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org"
                                          target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                  <br>
                                  <fieldset></fieldset>
                                  <br>
                                  <pre>_______________________________________________
PSDR mailing list
<a moz-do-not-send="true" href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a>
<a moz-do-not-send="true" href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
                                </blockquote>
                                <br>
                              </div>
                            </div>
                          </div>
                          <br>
_______________________________________________<br>
                          PSDR mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:PSDR@hamwan.org"
                            target="_blank">PSDR@hamwan.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org"
                            target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
PSDR mailing list
<a moz-do-not-send="true" href="mailto:PSDR@hamwan.org" target="_blank">PSDR@hamwan.org</a>
<a moz-do-not-send="true" href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org" target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            PSDR mailing list<br>
            <a moz-do-not-send="true" href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a><br>
            <a moz-do-not-send="true"
              href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org"
              target="_blank">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div dir="ltr">Benjamin<br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
PSDR mailing list
<a class="moz-txt-link-abbreviated" href="mailto:PSDR@hamwan.org">PSDR@hamwan.org</a>
<a class="moz-txt-link-freetext" href="http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org">http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>