Connectivity Providers Database

From: randy@psg.com (Randy Bush) Subject: Re: leased line implementation To: ccfj@hippo.ru.ac.za (F. Jacot Guillarmod) Date: Fri, 8 Nov 91 21:58:13 PST Cc: randy@psg.com, barrett@daisy.ee.und.ac.za, ccfj@quagga.ru.ac.za, ccdw@quagga.ru.ac.za, nerd@percival.rain.com, vicshaw@frd.ac.za > The existing setup is as follows (excuse the ASCII graphics): And over here it looks like: agora percy AlterNet onion qiclab .192.66 | |.192.34 | .192.98 | |.192.130 .----. .----. .-----. .----. .----. |2400| |9600| | 56k | |9600| |9600| `----' `----' `-----' `----' `----' .192.65 | |.192.33 | .192.97 | |.192.129 .---------. .---------. .---------. | rtr0 | | cisco0 | | rtr1 | | PCRoute | | Cisco | | ka9q | `---------' `---------' `---------' |.0.61 |.0.60 |.0.62 /------------------------------------------------------------------/ RAINet ether subnet | 147.28.0.32 mask ff.ff.ff.c0 | | .192.225 .---------. | .---------. .-----. | rtr2 |------+-------| Sun3 | (Rhodes) | 14k |--| ka9q | | .0.34 | rain | `-----' `---------' | `---------' | | | | .---------. .---------. .---------. | DOS/386 | | m2xenix | | DOS/286 | | puddle | |Xenix/386| | dawggon | `---------' `---------' `---------' |.10 |.1 |.11 /------------------------------------------------------------------/ PSG-Local-Ether 192.83.230.0 mask ff.ff.ff.00 91.10.28 Note that your packets need never see any hosts, even as routers. > On R 2, we can set up a pretty effective set of filters that will stop > RIP broadcasts, but allow given networks to be visible (or invisible) > on the quagga subnet. This is kind of you. But as you say, it is only for the nonce. But it makes a nice test environment. You could make it a subnet of RAINet, and have a couple of advantages. quagga can experiment with direct delivery to the Internet. RAINet gets a few weeks to experimentally (i.e. not hanging you up) see if the gigantic RIPS do no damage. quagga would route all .ZA mail to hippo. > present a 'unified' RIP metric for all .ZA sites. That would seem to require static routes, which have always bothered me. > (Isn't ka9q nice?!) Yes! > a - cut over of uucp: > Config R 3 to have a static route pointing at m2xenix, modify smail > config to deliver via SMTP. On Randy's side, he configs a static > route to quagga, etc. Why does rtr2.psg.com need a static route to quagga in any circumstance? Let quagga RIP to RAIN. If quagga needs to see parts of UNINET, then it cann do an 'add private'. This way, all control of broadcasting the UNINET networks stays in one place, on your side of the ocean <grin>. > b - allow quagga to have visibility on/of RainNet, and start tidying up > DNS issues and filtering of network numbers. At the end of this > phase, by judicious filtering, we can start giving various nets on > this side unlimited TCP/IP access. There are a few unresolved DNS > issues on my mind, though, as regards quagga. During this phase, let quagga continue to dump all non-quagga .ZA, .ZW, and .NA mail to hippo for delivery within UNINET. Those which go out uucp from quagga, let smail filter them off. > e - argue endlessly with the Post Office about running two links for the > price of one :-( Luckily the US's NSA would not tell such things to your SAPT. :-) > OK, so my doubts about the DNS issues in 'b'... it isn't in the least > bit clear to me as to what the network visibility (as in 'netstat -r') > is going to be... what do we see? You will see everything in the /etc/host I sent. That will be four networks being RIPped to you as follows: 147.28 - RAINet 192.83.221 - WiskNet (local here on RAIN's SLIP net. Is the guy who supports DialUp-IP. 192.83.230 - PSGnet default - the Cisco broadcasts a default route to tell everyone to send all stuff to unknown networks. Note that it takes the root servers a week or more to all switch once the switch starts. Hence, it will be difficult to switch when there are any packet blocks in place more severe than the DNS filter. I.e., how can undeed nameserve a primary to the Internet unless undeed can get to the Internet and vice versa? So, I would like to resubmit my original scenario: 0 - quagga uses UNINET's current DNS. - rtr2.psg.com is not allowing DNS packets through to Rhodes's interface right now. - Change quagga's smail forces to go via SMTP to [147.28.0.33] as opposed to m2xenix.psg.com. - m2xenix similarly changes smail forces to go to [146.231.64.2] (or a RAINnet address if quagga goes in a RAINet subnet for a while) as opposed to quagga.ru.ac.za viua UUCP. - News moves via NNTP to addresses which are in one's /etc/hosts or are hard-coded IP addresses. 1 - Open the packet gates, but not the DNS gates. - Start out with mail delivery as in 0. - Open the block on quagga's subnet to allow RIPs of all of UNINET to go to RAINet. - Ask NSFNET to annnounce the UNINET networks. - quagga could go to the 'real' DNS if it put a filter between it and UNINET. It could choose which DNS universe it wanted to be in by which side it unblocked. It can deliver via SMTP to all hosts in whichever universe it allows itself to see. 2 - Alan moves the true .ZA zone to rain.psg.com, the advertised primary. - Alan can maintain it here via telnet. - UNINET kills its fake root server. Stick a stake through its heart, and make sure it is dead dead dead. Allow no possible chance that it could put a bogon on the Internet. - Open the DNS gates. - Real world sites can deliver directly to UNINET destinations, and vice versa. 3 - Move the .ZA zone back to Alan's nameserver. - Tell the NIC to move the primary. - Move the primary back to Alan. - rain.psg.com becomes a secondary. How's that seem? Note that, for the entire time, quagga is merely running a cacheing server or a resolv.conf pointing either to the right (undeed) or to the left (the Internet). randy