-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/07/2013 20:44, Michael E. Fox - N6MEF wrote:
I certainly don't think it's a good idea to
route every internal
connection through some centralized gateway somewhere, even if more
than one exists. It puts a failure point between me and my
destination and it degrades the performance into and out of that
gateway. Yes, it increases physical diversity, but it also depends
on iBGP and multiple network managers doing the right thing. So
removes some failure modes while introducing others. It also makes
troubleshooting more of a problem. Today, if I can't reach another
gateway, I talk to the person directly. If everything goes
through some other point, there's a third location to test with.
That would be impractical.
You are absolutely right. Some networks do have the possibility to run
the IPIP fullmesh. However you could still benefit from a "local" BGP
gateway in terms of access to/from the Internet. For example the
subnets for DL, F, G, PA, ON, LX etc could be announced by a gateway
in Europe (and via the 44.0.0.0/8 announce as a backup via all the
other gateways) and injected in Europe into the IPIP fullmesh.
OTOH some networks cannot connect using the IPIP fullmesh and need to
connect using some other tunnel protocol (PPTP, OpenVPN, etc). You
could say that those networks are "assisted" networks and they require
a "proxy gateway" to connect them to the existing IPIP fullmesh.
These "proxy gateways", if BGP enabled, could announce the local
"assisted" networks via BGP and route traffic from the internet
directly to the IPIP endpoint or the assisted network and vice versa
route traffic from the 44net to the Internet directly via the local
upstream provider. That way the proxy gateway wouldn't have to route
the non-44net traffic via UCSD. (Btw not every proxy gateway must have
to be a BGP gateway.)
This could bring several possible advantages:
- - multiple gateway from 44net to/from internet, resilience
- - bandwidth distribution onto several gateways
- - latency and possibly bandwidth increase for intra-continental
traffic (no real change for North America, but traffic from/to asian
44net to/from asian internet could benefit from a local asian proxy
gateway, the same goes for Africa, South America, Europe, etc).
So this discussion is certainly not about replacing the IPIP fullmesh
but more about offering additional ways to participate in the IPIP
fullmesh.
73 de Marc, LX1DUC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools -
http://gpgtools.org
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iQIcBAEBAgAGBQJR8E6SAAoJEHFIN1T8ZA8vgskP/1U7LZI0jx1D3BBDNnNvDKAA
McgtXjbYmyDKWXvWYGf0CEOYpq2MdCvqggP0GxXm/ytyr+ct/wfNnPTibTXxLc87
B5d7s7mjBZO5p3sv228x+N1G0Kl4g/z9qjZ33ihox0JvPc1aLjmvdX2a753IJXiY
CZ5RXe8mPpnNI6eNsDvsYKiikWlZMP8wB9q5OV2Jc20uJcU1YJKsY4yZtVasGIOB
CYBtuzptkP+VWFBL+yG408gAGhq0ZZFpGHK2euBhBV02Z1yZGcEuR7EtOfU2NBUc
9uRkRxiGB/5QSk96l5Iz1QSbQLygFXseLa93SS059xC6CK4fQLwuuJYnP0UV5wDo
AXDpP2LEjsWkfDWzy/QT1W5UwH9TICO3qEc/FOlxqVSHweBEIvGfTtMEsArtMfwm
dhFPqDV1ZypqfjuiDgk1cSc2AXR6n937Q6nL2x60ZcSJ3HYlp0GNFJYaEAm8ung4
LyhHSu+hBHi3oTKBXJvuWWtqX5yLxC0slrelPg1OkZk1FOdoY3oi95yFTuJTntWe
oni3JzYhSKd0jBVZ4M2JQlF+61Dy8RJmLMhQoTIdURKOoSnheA8DQ6RDC+h5hUXb
G//arx3liGvavN2DK4sfE+LteIbfK0ZnRSXHrZ37BJk6U++Rdva99oaM0W48URDI
woar9kCVK4nnGBOyHkfI
=awyj
-----END PGP SIGNATURE-----