On 12/30/20 9:14 PM, Marius Petrescu via 44Net wrote:
What happens between POPs is another story, and the sky is the limit.
But a first practical approach is to keep existing IPIP ful mesh between POPs which needs a minimal effort, while moving regular clients to another VPN star topology to increase the accessibility of the network.
The IPIP mesh works but it has the problem of static routing (fixed subnets to each endpoint). You could use IPIP tunnels between routers but they would change to /30 addresses on the endpoints with BGP peering between te routers. When there is such a change it is probably better to migrate to GRE instead of IPIP at the same time to be IPv6-future-proof and also to have at least authentication (IPsec AH) underneath to protect against unwanted packet injection from spoofed source addresses on internet.
Rob