I'll address your question in two parts: 1) is it redundant to store both the IP subnet and its subnet mask, and 2) why doesn't the router store only the bits necessary to make the routing decision.

Prior to the introduction of CIDR -- which came with the "slash" notation, like /8 for the 10.0.0.0 RFC1918 private IPv4 subnet range -- subnets would genuinely be any bit arrangement imaginable. The most sensible would be to have contiguous MSBit-justified subnet masks, such as 255.0.0.0. But the standard did not preclude using something unconventional like 255.0.0.1.

For those confused what a 255.0.0.1 subnet mask would do -- and to be clear, a lot of software might prove unable to handle this -- this is describing a subnet with 2^23 addresses, where the LSBit must match the IP subnet. So if your IP subnet was 10.0.0.0, then only even numbered addresses are part of that subnet. And if the IP subnet is 10.0.0.1, then that only covers odd numbered addresses.

Yes, that means two machines with addresses 10.69.3.3 and 10.69.3.4 aren't on the same subnet. This would not be allowed when using CIDR, as contiguous set bits are required with CIDR.

So in answer to the first question, CIDR imposed a stricter (and sensible) limit on valid IP subnet/mask combinations, so if CIDR cannot be assumed, then it would be required to store both of the IP subnet and the subnet mask, since mask bits might not be contiguous.

For all modern hardware in the last 15-20 years, CIDR subnets are basically assumed. So this is really a non-issue.

For the second question, the router does in-fact store only the necessary bits to match the routing table entry, at least for hardware appliances. Routers use what's known as a TCAM memory for routing tables, where the bitwise AND operation can be performed, but with a twist.

Suppose we're storing a route for 10.0.42.0/24. The subnet size indicates that the first 24 bits must match a prospective destination IP address. And the remaining 8 bits don't matter. TCAMs can store 1's and 0's, but also X's (aka "don't cares") which means those bits don't have to match. So in this case, the TCAM entry will mirror the route's first 24 bits, then populate the rest with X's. And this will precisely match the intended route.

As a practical matter then, the TCAM must still be as wide as the longest possible route, which is 32 bits for IPv4 and 128 bits for IPv6. Yes, I suppose some savings could be made if a CIDR-only TCAM could conserve the X bits, but this makes little difference in practice and it's generally easier to design the TCAM for max width anyway, even though non-CIDR isn't supported on most routing hardware anymore.

To start off, I'm sorry to hear that you're not receiving the healthcare you need. I recognize that these words on a screen aren't going to solve any concrete problems, but in the interest of a fuller comprehension of the USA healthcare system, I will try to offer an answer/opinion to your question that goes into further depth than simply "capitalism" or "money and profit" or "greed".

What are my qualifications? Absolutely none, whatsoever. Although I did previously write a well-received answer in this community about the USA health insurance system, which may provide some background for what follows.

In short, the USA healthcare system is a hodge-podge of disparate insurers and government entities (collectively "payers"), and doctors, hospitals, clinics, ambulances, and more government entities (collectively "providers"), overseen by separate authorities in each of the 50 US States, territories, tribes, and certain federal departments (collectively "regulators"). There is virtually no national-scale vertical integration in any sense, meaning that no single or large entity has the viewpoint necessary to thoroughly review the systemic issues in this "system", nor is there the visionary leadership from within the system to even begin addressing its problems.

It is my opinion that by bolting-on short-term solutions without a solid long-term basis, the nation was slowly led to the present dysfunction, akin to boiling a frog. And this need not be through malice or incompetence, since it can be shown that even the most well-intentioned entities in this sordid and intricate pantomime cannot overcome the pressures which this system creates. Even when there are apparent winners like filthy-rich plastic surgeons or research hospitals brimming with talented expert doctors of their specialty, know that the toll they paid was heavy and worse than it had to be.

That's not to say you should have pity on all such players in this machine. Rather, I wish to point to what I'll call "procedural ossification", as my field of computer science has a term known as "protocol ossification" that originally borrowed the term from orthopedia, or the study of bone deformities. How very fitting for this discussion.

I define procedural ossification as the loss of flexibility in some existing process, such that rather than performing the process in pursuit of a larger goal, the process itself becomes the goal, a mindless, rote machine where the crank is turned and the results come out, even though this wasn't what was idealized. To some, this will harken to bureaucracy in government, where pushing papers and forms may seem more important that actually solving real, pressing issues.

I posit to you that the USA healthcare system suffers from procedural ossification, as many/most of the players have no choice but to participate as cogs in the machine, and that we've now entirely missed the intended goal of providing for the health of people. To be an altruistic player is to be penalized by the crushing weight of practicalities.

What do I base this on? If we look at a simple doctor's office, maybe somewhere in middle America, we might find the staff composed of a lead doctor -- it's her private practice, after all -- some Registered Nurses, administrative staff, a technician, and an office manager. Each of these people have particular tasks to make just this single doctor's office work. Whether it's supervising the medical operations (the doctor) or operating/maintaining the X-ray machine (technician) or cutting the checks to pay the building rent (office manager), you do need all these roles to make a functioning, small doctor's office.

How is this organization funded? In my prior comment about USA health insurance, there was a slide which showed the convoluted money flows from payers to providers, which I've included below. What's missing from this picture is how even with huge injections of money, bad process will lead to bad outcomes.

Source

In an ideal doctor's office, every patient that walks in would be treated so that their health issues are managed properly, whether that's fully curing the condition or controlling it to not get any worse. Payment would be conditioned upon the treatment being successful and within standard variances for the cost of such treatment, such as covering all tests to rule out contributing factors, repeat visits to reassess the patient's condition, and outside collaboration with other doctors to devise a thorough plan.

That's the ideal, and what we have in the USA is an ossified version of that, horribly contorted and in need of help. Everything done in a doctor's office is tracked with a "CPT/HCPCS code", which identifies the type of service rendered. That, in and of itself, could be compatible with the ideal doctor's office, but the reality is that the codes control payment as hard rules, not considering "reasonable variances" that may have arisen. When you have whole professions dedicated to properly "coding" procedures so an insurer or Medicare will pay reimbursement, that's when we've entirely lost the point and grossly departed from the ideal. The payment tail wags the doctor dog.

To be clear, the coding system is well intentioned. It's just that its use has been institutionalized into only ever paying out if and only if a specific service was rendered, with zero consideration for whether this actually advanced the patient's treatment. The coding system provides a wealth of directly-comparable statistical data, if we wanted to use that data to help reform the system. But that hasn't substantially happened, and when you have fee-for-service (FFS) as the base assumption, of course patient care drops down the priority list. Truly, the acronym is very fitting.

Even if the lead doctor at this hypothetical office wanted to place patient health at the absolute forefront of her practice, she will be without the necessary tools to properly diagnose and treat the patient, if she cannot immediately or later obtain reimbursement for the necessary services rendered. She and her practice would have to absorb costs that a "conforming" doctor's office would have, and that puts her at a further disadvantage. She may even run out of money and have to close.

The only major profession that I'm immediately aware of which undertakes unknown costs with regularity, in the hopes of a later full-and-worthwhile reimbursement, is the legal profession. There, it is the norm for personal injury lawyers to take cases on contingency, meaning that the lawyer will eat all the costs if the lawsuit does not ultimately prevail. But if the lawyer succeeds, then they earn a fixed percentage of the settlement or court judgement, typically 15-22%, to compensate for the risk of taking the case on contingency.

What's particularly notable is that lawyers must have a good eye to only accept cases they can reasonably win, and to decline cases which are marginal or unlikely to cover costs. This heuristic takes time to hone, but a lawyer could start by being conservative with cases accepted. The reason I mention this is because a doctor-patient relationship is not at all as transactional as a lawyer-client relationship. A doctor should not drop a patient because their health issues won't allow the doctor to recoup costs.

The notion that an altruistic doctor's office can exist sustainably under the FFS model would require said doctor to discard the final shred of decency that we still have in this dysfunctional system. This is wrong in a laissez-faire viewpoint, is wrong in a moral viewpoint, and is wrong in a healthcare viewpoint. Everything about this is wrong.

But the most insidious problems are those that perpetuate themselves. And because of all those aforementioned payers, providers, and regulators are merely existing and cannot themselves take the initiative to unwind this mess, it's going to take more than a nudge from outside to make actual changes.

As I concluded my prior answer on USA health insurance, I noted that Congressional or state-level legislation would be necessary to deal with spiraling costs for healthcare. I believe the same would be required to refocus the nation's healthcare procedures to put patient care back as the primary objective. This could come in the form of a single-payer model. Or by eschewing insurance pools outright by extending a government obligation to the health of the citizenry, commonly in the form of a universal healthcare system. Costs of the system would become a budgetary line-item so that the health department can focus its energy on care.

To be clear, the costs still have to be borne, but rather than fighting for reimbursement, it could be made into a form of mandatory spending, meaning that they are already authorized to be paid from the Treasury on an ongoing basis. For reference, the federal Medicare health insurance system (for people over 65) is already a mandatory spending obligation. So upgrading Medicare to universal old-people healthcare is not that far of a stretch,

Good luck with your endeavors! Always keep in mind that when debugging a complex problem, try isolating individual components and testing them individually. This can be as easy as swapping a web application with the Python SimpleHTTPServer to validate firewall and reverse proxy configuration.

Thank you for that detailed description. I see two things which are of concern: the first is the IPv6 network unreachable. The second is the lost IPv4 connection, as opposed to a rejection.

So staring in order, the machine on the external network that you're running curl on, does it have a working IPv6 stack? As in, if you opened a web browser to https://test-ipv6.com/ , does it pass all or most tests? An immediate "network is unreachable" suggests that external machine doesn't have IPv6 connectivity, which doesn't help debug what's going on with the services.

Also, you said that all services that aren't on port 80 or 443 are working when viewed externally, but do you know if that was with IPv4 or IPv6? I use a browser extension called IPvFoo to display which protocol the page has loaded with, available for Chrome and Firefox. I would check that your services are working over IPv6 equally well as IPv4.

Now for the second issue. Since you said all services except those on port 80, 443 are reachable externally, that would mean the IP address -- v4 or v6, whichever one worked -- is reachable but specifically ports 80 and 443 did not.

On a local network, the norm (for properly administered networks) is for OS firewalls to REJECT unwanted traffic -- I'm using all-caps simply because that's what I learned from Linux IP tables. A REJECT means that the packet was discarded by the firewall, and then an ICMP notification is sent back to the original sender, indicating that the firewall didn't want it and the sender can stop waiting for a reply.

For WANs, though, the norm is for an external-facing firewall to DROP unwanted traffic. The distinction is that DROPping is silent, whereas REJECT sends the notification. For port forwarding to work, both the firewall on your router and the firewall on your server must permit ports 80 and 443 through. It is a very rare network that blocks outbound ICMP messages from a LAN device to the Internet.

With all that said, I'm led to believe that your router's firewall is not honoring your port-forward setting. Because if it did and your server's firewall discarded the packet, it probably would have been a REJECT, not a silent drop. But curl showed your connection timed out, which usually means no notifications was received.

This is merely circumstantial, since there are some OS's that will DROP even on the LAN, based on misguided and improper threat modeling. But you will want to focus on the router's firewall, as one thing routers often do is intercept ports 80 and 443 for the router's own web UI. Thus, you have to make sure there aren't such hidden rules that preempt the port-forwarding table.

I'm still trying to understand exactly what you do have working. You have other services exposed by port numbers, and they're accessible in the form .ducksns.org: with no problems there. And then you have Jellyfin, which you're able to access at home using https://jellyfin..duckdns.org without problems.

But the moment you try accessing that same URL from an external network, it doesn't work. Even if you use HTTP with no S, it still doesn't connect. Do I understand that correctly?

I know this is c/programmerhumor but I'll take a stab at the question. If I may broaden the question to include collectively the set of software engineers, programmers, and (from a mainframe era) operators -- but will still use "programmers" for brevity -- then we can find examples of all sorts of other roles being taken over by computers or subsumed as part of a different worker's job description. So it shouldn't really be surprising that the job of programmer would also be partially offloaded.

The classic example of computer-induced obsolescence is the job of typist, where a large organization would employ staff to operate typewriters to convert hand-written memos into typed documents. Helped by the availability of word processors -- no, not the software but a standalone appliance -- and then the personal computer, the expectation moved to where knowledge workers have to type their own documents.

If we look to some of the earliest analog computers, built to compute differential equations such as for weather and flow analysis, a small team of people would be needed to operate and interpret the results for the research staff. But nowadays, researchers are expected to crunch their own numbers, possibly aided by a statistics or data analyst expert, but they're still working in R or Python, as opposed to a dedicated person or team that sets up the analysis program.

In that sense, the job of setting up tasks to run on a computer -- that is, the old definition of "programming" the machine -- has moved to the users. But alleviating the burden on programmers isn't always going to be viewed as obsolescence. Otherwise, we'd say that tab-complete is making human-typing obsolete lol

it works fine (but no https)

This would suggest port 443 is not being exposed externally. You might try using a CLI tool like "curl" which is fairly verbose about how it is connecting to a given URL, as part of trying to download the link. If given an HTTPS URL that doesn't work, the output should help point at the issue.

Another wonderful post to read, but once again, I'm in shock as to what the Australian frequency regulator seemingly doesn't do. Perhaps it's a tad unfair to compare ACMA to the American FCC -- the latter well-recognized throughout the world for their (often counterfeited) certification mark -- but it seems like ACMA is dropping the ball.

Ubiquiti is probably the top producer outside of China for point-to-point WiFi-based equipment, so I have to imagine that other similar Western national frequency regulators to the FCC have the same demands upon Ubiquiti, such as to submit certification test reports from an RF lab. So either ACMA doesn't request this before approving equipment to be sold in the country, or they don't review test result and rely on other national regulator's approvals, and that they don't conduct spot testing on their own.

All of those prospects are unfortunate. But I suppose if the national carrier is adjacent to the 900 MHz ISM band -- I'm assuming Australia has this ISM band for unlicensed use? -- that's going to be rough no matter what.

It's also worth noting that switching from ANSI to ISO 216 paper would not be a substantial physical undertaking, as the short-side of even-numbered ISO 216 paper (eg A2, A4, A6, etc) is narrower than for ANSI equivalents. And for the odd-numbered sizes, I've seen Tabloid-size printers in America which generously accommodate A3.

For comparison, the standard "Letter" paper size (aka ANSI A) is 8.5 inches by 11 inches. (note: I'm sticking with American units because I hope Americans read this). Whereas the similar A4 paper size is 8.3 inches by 11.7 inches. Unless you have the rare, oddball printer which takes paper long-edge first, this means all domestic and small-business printers could start printing A4 today.

In fact, for businesses with an excess stock of company-labeled #10 envelopes -- a common size of envelope, measuring 4.125 inches by 9.5 inches -- a sheet of A4 folded into thirds will still (just barely) fit. Although this would require precision folding, that's no problem for automated letter mailing systems. Note that the common #9 envelope (3.875 inches by 8.875 inches) used for return envelopes will not fit an A4 sheet folded in thirds. It would be advisable to switch entirely to A series paper and C series envelopes at the same time.

Confusingly, North America has an A-series of envelopes, which bear no relation to the ISO 216 paper series. Fortunately, the overlap is only for the less-common A2, A6, and A7.

TL;DR: bring reams of A4 to the USA and we can use it. And Tabloid-size printers often accept A3.

At its very core, an insurance company operates by: 1) pooling policyholder's risks together and 2) collecting premiums from the policyholders based on actuarial data, to pay claims and maybe make a small profit. But looking broader, an insurance market exists when: a) policyholders voluntarily or are obliged to obtain policies, b) insurers are willing and able to accept the risks in exchange for a premium expected to support the insurance pool, and c) the actuarial risks are calculable and prove true, on average.

The loss of any of A, B, or C will substantially impact a healthy insurance market, or can prevent the insurance market from ever getting started. For some examples of market failures, the ongoing California homeowner insurance crisis shows how losing B (starting with insurers refusing to renew policies near the wildland-rural interface) and C (increase in insured losses due to climate change) results in policies becoming unaffordable or impossible to obtain.

As a broader nationwide example, an established business sector that operates wholly without insurance availability is cannabis. A majority of US States have decriminalized marijuana for medical use, and a near-majority have legalized recreational consumption. Yet due to unyielding federal law, no insurer will issue policies for marijuana businesses, to protect from risks that any business would face, such as losses from fire, due to a product recall or product liability, or for liability to employees. These risks are calculable and there's a clear need for such policies -- thus meeting criteria A and C -- but no commercial insurer is willing to issue. Accordingly, the formal market for cannabis business insurance is virtually non-existent in the USA.

With these examples, we can see that the automobile insurance market meets all three criteria for a healthy market, but it's how these criteria are met which is noteworthy. Motorists in the USA are obliged to insure in every state except New Hampshire and Virginia: it is a criminal offense to drive a car without third-party liability insurance, meaning the motorist might spend time in jail. Note: NH and VA won't send a motorist to jail, but they do have administrative penalties for driving without "financial responsibility", which includes insurance or a bond at the DMV.

The exact requirement varies per state, with some requiring very low amounts of coverage and others requiring extra coverage like Personal Injury Protection (PIP, aka no-fault insurance). The point is that criteria A is easily met: motorists want to avoid jail, but also want to avoid the indignity of being sued after having caused a road incident, in addition to protecting their apparently only viable mode of transportation.

Insurers can take into account the overall trends in national risks trends for automobiles (eg new car safety, through the Insurance Institute for Highway Safety, IIHS) as well as local or hyper-local risks (eg hail damage in the southeast, property crime in a particular zip code). And as a large country with nearly as many cars as people, many insurers are willing to meet the demand. This satisfies criteria B and C.

So well-organized is the automobile insurance market that you could almost say that it's vertically integrated: the largest nationwide insurers have contracts in place with every dealership network, auto collision chain, new and used parts dealers, as well as automatic data sharing with state DMVs, plus with firms like CarFax that buy information. Despite each state being slightly different, the insurers have overcome and achieved a level of near uniformity that allows an efficient market to exist.

Things are drastically different for the American healthcare system and for American health insurance companies. While most think of their healthcare provider as a national name like Anthem Blue Cross or Kaiser Permanente, the reality is that each state is an island, and sometimes counties in a state are enclaves. Even federal programs like Medicaid and Medicare are subject to state-level non-uniformities. For example, hospitals can be either privately operated (eg religion-affiliated, or for-profit) or run by a public entity (eg county or state), and can exist as a single entity or form part of a regional hospital network. Some entities operate both the insurance pool as well as providing the health care (eg HMOs like Kaiser Permanente) while others dispatch to a list of contracted providers, usually being doctor's own private practices or specialist offices.

With so many disparate entities, and where healthcare is a heavily-regulated activity by each state, the cost of insurable risks -- that is, for routine healthcare services -- is already kinda difficult to compute. Hospitals and doctors go through intense negotiations with insurers to come to an agreement on reimbursement rates, but the reality is that neither has sufficient actuarial data to price based on what can be borne by the market. So they just pass their costs on, whatever those may be, and insurers either accept it into their calculations, or drop the provider.

Suffice it to say, there are fewer pressure to push the total cost of healthcare down, given this reality, and more likely prices will continue to climb. This fails criteria C.

Source

Briefly speaking, it's fairly self explanatory why people would want health insurance, since the alternative is either death or serious health repercussions, paying out-of-pocket rates for service, or going to the ER and being burdened by medical debt that will somehow haunt even after death. Criteria A is present.

As for Criteria B, that was actually resolved as part of the Affordable Care Act (ACA). During discussions with the drafters, insurers bargained for an obligation for everyone to have insurance (aka the individual mandate, bolstering criteria A), in exchange for an obligation to issue policies for anyone who applies, irrespective of pre-existing health conditions. Thus, Criteria B is present for all ACA-compliant policies in the USA, even though the individual mandate was later legislatively repealed.

So to answer your question directly, the costs for healthcare in the USA continue to spiral so far out of control that it causes distortions in the health insurance market, to everyone's detriment. Specific issues such as open-enrollment periods, employer subsidies, and incomprehensible coverage levels all stem from -- and are attempts to reduce -- costs.

Enrollment periods prevent people from changing plans immediately after obtaining an expensive service, like a major surgery. Employer subsidies exist due to a federal tax quirk decades ago, which has now accidentally become an essential part of the health insurance and health care situation. And coverage levels try to provide tiered plans, so people can still afford minimal coverage for "catastrophic" injuries while others can buy coverage for known, recurring medical needs.

But these are all bandaging the bleeding which is unchecked costs. It would take an act of Congress -- literally -- or of state legislatures to address the structural issues at play. The most prominent solution to nip costs is the bud is to achieve the same near-vertical integration as with automobile insurance. This means a single or very few entities which have contracts in place with every provider (doctors and hospitals), negotiated at once and uniformly, so as to achieve criteria C. The single-payer model -- which Medicare already uses -- is one such solution.

Going further would be the universal healthcare model, which discards the notion of health insurance entirely and creates an obligation for a government department to provide for the health of the citizens, funded by taxes. This means doctors and hospitals work at the behest of the department for the citizenry, or work privately outside the system entirely, with no guarantee of a steady stream of work. Substantial administrative savings would arise, since the number of players has been reduced and thus simplifies things, including the basic act of billing and getting paid for services rendered.

These models could be approached by individual states or by the nation as a whole, but it's unclear where the Overton window for that idea currently is.

For other people's benefit beyond my own:

RIIR: "Rewrite It In Rust"

OSM can definitely find you a bank near a freeway ramp, but it can also find you a bank near a creek to make an inflatable boat getaway. What it can't do is arrange for decoys to confuse the police while you eacape.

The inflatable boat robber was ultimately caught and sentenced a year later.