AMPRNet – Lessons learned, things to consider

1.  Don’t rely upon 44 Net/AMPRNet for connectivity. It’s no substitute for building out your local RF links or at least independent internet links. It’s simply too unpredictable long term and a major SPF (Single Point of Failure). If you want to experiment with 44 Net that’s fine, just remember to keep it at that.

UPDATE 01/14/2010:  “Unpredictable” is probably too strong of a word.

2.  I know a lot of the old hats like to use the 44.x.x.x AMPRNet IP’s on the RF side even when there’s really no need for it.  Often TCP/IP is deployed on RF just so folks can say they are doing TCP/IP over RF. Often without a good reason to be adding that additional payload and administrative overhead to the RF side of things. No, I’m not saying TCP/IP doesn’t have any place on RF, but often it’s deployed everywhere on RF when there is no real need for it.

3.  Many of the state/region subnets taken from 44.x.x.x AMRPNet address space are mismanaged or basically in a free for all status.

4.  I’ve personally dealt with some AMPRNet coordinators that clearly had no clue about TCP/IP fundamentals like subnets and so forth. This has likely  “scared” off more than a few talented TCP/IP savvy folks to not even bother with 44 Net in their areas.

5.  I don’t think there is any frequent verification of the ampr.org address space to verify what is actually on the air/net  and where it is.

6.  This will raise the hackles of many, but I just don’t see much need for AMPRNet (44 Net) anymore. In the 1990′s it was a good idea, but not  nearly so much today. This is due to a variety of reasons:

a.  Security mandated changes to the routing infrastructure of the public internet makes widespread and straightforward deployment of 44.x.x.x addresses challenging at best.

b.  With the proliferation of cheap (relatively) broadband access in most areas, the rules and options for internet access have changed drastically since the 1990′s. Stop and think about this. It’s amazing how far consumer internet access has come in a decade or so.

c.  In many areas  getting a static “public” IP address on a consumer broadband connection is no big deal anymore. All three providers in my area offer it for just a few bucks ($5-6) more a month. Yeah, I realize this may not be the case in all areas.

d.  For those that can’t get a static IP address, Dynamic DNS (DDNS) services are available for costs ranging from free to a few bucks a year.

e.  Powerful DNS systems are available to us now. For costs ranging from $15-$50 a year you can have access to first class, highly distributed, fault tolerant DNS services that were only a wild dream a decade ago. Many of these come with DDNS as part of the package, sweet! Yeah 44 Net gives reverse DNS against ampr.org, but come on just how important is that for most real world scenarios? How many of those cases couldn’t be handled by static IPs and hosts file based resolution?

f.  In many cases (if not most) there is little reason why TCP/IP packet networks can’t be built around the 10.0.0.0 /8, 172.16.0.0 /12  , and 192.168.0.0 /16 private IP netblocks. Public internet access from these address spaces can be done via NAT and well controlled by local folks that probably know best regarding what their particular area’s needs are. The fact that these 3 private netblocks are not public internet routable may often be more beneficial than restrictive for what we hams are doing.

g.  Private VPN’s could be used for cases where more “open” links between gateways are needed. Yeah encryption adds some overhead to things, but I don’t think you’ll find too many cases of where RF networks are going to be faster than the slowest broadband based VPN link will be! The encrypted tunnels will also add some security to protocols that normally don’t have much security to them. For example, think POP3/SMTP/Telnet transactions where passwords are sent in the clear.

UPDATE 01/14/2010:  SMTP-AUTH for above. POP & Telnet security issues should be obvious. The risk level  runs from tolerable to very high depending on the particular situation. Think about using telnet at the airport, hotel, or other public wifi hotspot…just one example of many.  These issues are not limited to just 44 networks.

h.  The 10.0.0.0 /8 netblock is just as big as 44.0.0.0 /8 is, both are Class A netblocks.  Yeah, in many scenarios you would want some rhyme, reason, controls, and tracking of what is being used where.

i.  In many, if not most situations you would wind up with more than one gateway in your area by going with items I through H above. If these gateways set on broadband connections from different ISPs, you may very well wind up with a lot of redundancy.  If RF to internet connectivity is down locally, you may have the capability to use RF to connect into an adjacent system/area and pop out onto the internet via their gateway. Think about it, it’s a much better approach compared to what many folks have setup in the past.

j.  For those that worry that the ENTIRE internet will go down, I think you’re dreaming of a nightmare scenario that will likely never happen. Those that truly understand the internet know that this situation is very unlikely. The one thing that could do it IMHO, EMP…would likely take out radio communications too. So it’s much more likely that you would have a local or maybe regional outage due to power failure or a “fiber cut.”  Again this is where having more than one gateway locally and/or regionally on different power/ISP providers would help shift the odds in your favor. Hams that hate the internet need to learn to embrace it, but do so with understanding of the most realistic scenarios for outages in their particular area/region.

k.  The evolution of the “bad stuff” on the public internet shows no sign of slowing down. DDOS, aggressive netblock scans, and other evil/silliness will only continue to plague any public internet facing 44 Net gateway like mirrorshades.

l.  mirrorshades.ampr.org is located at the University of California San Diego campus (UCSD). With the very uncertain and worsening fiscal situation that California faces now, deep state budget cuts have occurred and more cuts are inevitable.  Since mirrorshades.ampr.org has had a free ride for many years now, it’s reasonable to have some concern over it’s future out there in a state university.

UPDATE 01/14/2010:  Per a posting by Brian, the above item doesn’t appear to be an issue at this time. Future? Form your own opinion on how stable California’s budget is…not that they are the only state having fiscal issues.

m.  Hopefully nothing ever does, but what happens if something unexpected happens with Brian Kantor? As the N1URO situation should teach us, key infrastructure ran/provided by a single person creates a big risk of SPF (Single Point of Failure).

UPDATE 01/14/2010:  Per a posting by Brian, the above item doesn’t appear to be an issue. He has already delegated some “backup” individuals to maintain 44 net if something was to happen to him.

So outside of pure experimentation, I just can’t see much advantage to using 44 Net AMPRnet addresses in today’s world of packet radio. But that’s just my opinion.

WA4ZKO