| |
ARRL Michigan Section Digital Radio Group (DRG)
|
Responsibilites of Running a Hamgate
for
Hamgate SysOps
Definition of a Hamgate:
"Hamgates" are defined as JNOS TCP/IP routers, attached to the Internet with a fixed address,
using the ENCAP.TXT route table to form a fully-meshed backbone with other Hamgates around the
world, and serving as the 'core' or 'default' router for one or more IP 'subnets' for one or more
counties or networks.
The requirements for becoming a "Hamgate" are:
1) A willingness to be THE *DEFAULT GATEWAY* FOR *ALL* THE TRAFFIC IN
YOUR ASSIGNED SUBNET OR ENTIRE COUNTY
o Everyone will be depending upon you!
o This involves being online 7x24
o Having a dependable Internet connection during extended power
failures (usually rules out Cable). T1, DSL, and ISDN work well.
o Some form of UPS *and* generator backup power
2) Does the site have the adaquate RF footprint to reach all parts of
the county where you have packet users?
o The whole point of being a Hamgate is to "service" the users in
your assigned subnet. If your RF footprint is too poor, then
the users needs have not been met.
3) Does the site have a FIXED/STATIC IP address available to assign
to the JNOS box?
o Hamgates reach one another by fixed IP address (dotted-quad) and
*NOT* by a Fully Qualified Domain Name (FQDN) such as
blah.domain.com (this issue is NOT subject to change)
o NAT (Network Address Translation) is frowned upon but can be
used in some situations
4) Is the IP address simply 'routed' or will it be going through a
firewall?
o If a firewall is used for NAT, it *MUST* do "DNAT" so the
ports/services remain open at all times to the outside Internet.
o The JNOS box's public IP address MUST respond to ping
o Firewalls are the biggest farce on the Internet and cause more
outages and problems and eat more man-hours troubleshooting than
they are worth. Any firewall in front of a JNOS/Hamgate *MUST*
cleanly pass the following protocols WITHOUT interference:
Telnet --- for remote system maintenance and
remote user access
FTP --- for system maintenance
Finger --- for performance monitoring
Ping (ICMP) --- for network monitoring
Protocol-4 IPIP Encap --- for connectivity with the rest of the
worldwide network
Others that may be needed:
HTTP --- web services
NTP --- time/clock syncronization
Remote (UDP) --- Remote reset/reboot & route table maint.
5) If the JNOS box must sit behind a firewall, that firewall *MUST*
pass Protocol-4 "IPIP Encapsulation" or this is a NO-GO deal.
o IPIP Encapsulation is what makes this network work. Without it
there is no network. Many firewalls (cheapie consumer junk like
LinkSys, etc.) are often incapable of passing this protocol.
Cisco and other commercial grade firewalls are easily configured
to pass Proto-4 IPIP encap and do it quite well.
o For the "IT guy" who is really just a noobe... Protocol-4 IPIP
Encapsulation is *not* TCP and you *cannot* do Port Forwarding!!
In many cases low-end firewalls will not even pass Proto-4 to the
DMZ, hence the desire to have our Public IP address 'routed' and
not firewalled :)
|
