30 Dec
2020
30 Dec
'20
2:35 p.m.
On 12/30/20 9:14 PM, Marius Petrescu via 44Net wrote:
What happens between POPs is another story, and the
sky is the limit.
But a first practical approach is to keep existing IPIP ful mesh between POPs which needs
a minimal effort, while moving regular clients to another VPN star topology to increase
the accessibility of the network.
The IPIP mesh works but it has the problem of static routing (fixed subnets to each
endpoint).
You could use IPIP tunnels between routers but they would change to /30 addresses on the
endpoints with BGP peering between te routers. When there is such a change it is
probably
better to migrate to GRE instead of IPIP at the same time to be IPv6-future-proof and also
to
have at least authentication (IPsec AH) underneath to protect against unwanted packet
injection
from spoofed source addresses on internet.
Rob