6 Jun
2016
6 Jun
'16
4:26 p.m.
Hello Lynwood,
Interesting point on not requiring a defined point to point
configuration for IPENCAP. Though not an ideal setup but I only see 528
entries in the ENCAP file, that's not a huge number of next hops for a
sizable Unix host to handle. Ultimately, I *believe* that impacted
users getting hosed by changes from their ISP would have more success
with GRE than IPIP. This would need to be proven though.
--David
On 06/06/2016 01:38 PM, lleachii--- via 44Net wrote:
(Please trim inclusions from previous messages)
_______________________________________________
David,
- GRE is a point-to-point protocol. While those using devices that
require a single tunnel for each remote gateway wouldn't mind (e.g.
Cisco), IPENCAP does not require the host to configure a tunnel for
each remote IP address/subnet. (as i recall this setup won't work with
AMPRGW)
- GRE would still have to be handled in the same manner (e.g.
forwarding '-p 47' instead of '-p 4'). This also have to do this for
6in4, other tunneling, TCP, UDP, etc...as there's a firewall in
between. It's not a matter of the protocol, it's a matter of
permitting the traffic through the firewall, then NATing it to its
Destination.