PROJECTS: Meta-Network - Policies
Disclaimer Policies
- The Meta-network is intended for research and entertainment purposes by members only. No guarantees of service are made or can be expected.
Governance and User Policies
- The over-riding principle guiding behaviour on the meta-network: Do not adversely affect someone elses portion of the meta-network. While dynamic routing protocols and other technical tools might accidently cause network problems outside your own portion of the meta-network, deliberately causing problems will quickly result in expulsion.
- Minimal interference: The meta-network follows a general principle of minimal regulation, administration and interfence. Users are expected to take ownership of problems as they discover them and collaboratively work to fix them.
- Dispute resolution: No formal dispute mechanism exists. If someone disagrees strongly enough with what you are doing, removing links to you and/or packet filtering your traffic is a reasonable response. Group consensus should rarely be needed as most disputes can be handled on an individual basis. The section on ``Exceptions to the Policies'' is related.
Technical Policies
Note that the terms MUST and SHOULD, capitalized, are used in the same way as described in RFC 2119.
- Packet filtering and source IPs: All routers MUST implement packet filter rules to prevent IP address spoofing. Specifically, routers MUST ensure that any packets injected into the meta-network from their local network have a source IP address that actually belongs on that local network. Routers SHOULD also ensure that the only source IP addresses used on the meta-network are ones where the route back will also pass over the meta-network.
- Other packet filtering: All routers that are on the meta meta-network SHOULD implement careful packet filtering to control access to services they offer and/or transit to other networks. While failure to do so does not excuse mis-use of a network it also does not prevent mis-use. Use packet filtering.
- Linux users and proxy_arp: All routers that are on the meta-network and have a default route that goes through a tunnel MUST turn off proxy arp. This is because the router otherwise will start answering ARP requests for absolutely everything on all your Ethernet interfaces, and Very Bad Things ensue. Thus, if you're using Linux and thinking of participating in the meta-network, it's very important that you put this line in whatever script you use to bring up the meta-network tunnels: echo "0" > /proc/sys/net/ipv4/conf/all/proxy_arp
- MTU size: Tunnels SHOULD be configured with the largest possible MTU. For OpenVPN, this means using the --udp-mtu 1500 switch. Any routers providing a default route out of the meta-network will clamp the MSS to the correct value for such a tunnel. Users using tunnels with a small MTU are responsible for ensuring that their MSS is set correctly, or else they will be unable to communicate with sites that fail to implement Path MTU Discovery correctly (such as www.cityregina.com, last time we checked).
- Summarization of RFC 1918 networks: Private networks in the 192.168.0.0/16 range SHOULD connect to a core router run by Tillman Hodgson and private networks in the 10.0.0.0/8 range SHOULD connect to a core router run by Scott Wunsch. This is facilitate more efficient route summarization. Note that a core router for 172.16.0.0/12 currently does not exist and a volunteer would be welcomed.
- Point-to-point IPs for tunnels: The IP addresses used for tunnel end-points SHOULD fall within the range for the Area they are in so that route summarization can be simplified. IP allocations MUST be managed by the person responsible for the Area 0 Hub Host in question. 196.168.254.0/24 are reserved for PtP IPs for the 192.168.0.0/16 Area Hub Host. 10.1.1.0/24 is reserved for PtP IPs for the 10.0.0.0/8 Area Hub Host.
Exceptions to the Policies
Specific policies can be deviated from if the individual network(s) wishing to use a different policy both find a hub (tunnel termination point) willing to accept a tunnel from then and ensure that their intended modifications will not affect the operation of the rest of the meta-network.
