15 Jun
2015
15 Jun
'15
1:37 a.m.
On 15.06.2015 07:17, Tim Osburn wrote:
I remember that, I setup a tunnel but I don't
think anyone did any
testing with it. We can try that again. So to recap that idea, that
would be a IPIP tunnel from a none UCSD router (Router Z) on the
internet to the amprgw server. You would then add the current 53
authorized BGP prefixes as static routes on the amprgw to go over that
IPIP tunnel and then egress out to the internet from that router Z
location. Router Z would need to allow traffic from any 44 IP Address to
egress out router Z's ISP internet connectivity
+1
Once that's working it would be nice to let the maintainers of the
current 53 authorized BGP prefixes decide (e.g. through the AMPRNet
Portal) whether they want to add an IPIP route for their prefix pointing
to router Z which is decapsulating traffic directed to these nets or not
(some do setup an IPIP endpoint theirself already). This way we are able
to keep End-to-End-Communication (Source-44 to Dest-44) alive and
source-route-filtered gateways do not net to NAT through their ISPs
commercial address(es).
Btw: My current workaround would be to parse the BGP-table of the
Internet for net44-prefixes and do it myself (I have something similar
to "router Z"). I would be happy if there is a non-private solution...
73,
Jann