-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 24/07/2013 20:44, Michael E. Fox - N6MEF wrote:
I certainly don't think it's a good idea to route every internal connection through some centralized gateway somewhere, even if more than one exists. It puts a failure point between me and my destination and it degrades the performance into and out of that gateway. Yes, it increases physical diversity, but it also depends on iBGP and multiple network managers doing the right thing. So removes some failure modes while introducing others. It also makes troubleshooting more of a problem. Today, if I can't reach another gateway, I talk to the person directly. If everything goes through some other point, there's a third location to test with. That would be impractical.
You are absolutely right. Some networks do have the possibility to run the IPIP fullmesh. However you could still benefit from a "local" BGP gateway in terms of access to/from the Internet. For example the subnets for DL, F, G, PA, ON, LX etc could be announced by a gateway in Europe (and via the 44.0.0.0/8 announce as a backup via all the other gateways) and injected in Europe into the IPIP fullmesh.
OTOH some networks cannot connect using the IPIP fullmesh and need to connect using some other tunnel protocol (PPTP, OpenVPN, etc). You could say that those networks are "assisted" networks and they require a "proxy gateway" to connect them to the existing IPIP fullmesh.
These "proxy gateways", if BGP enabled, could announce the local "assisted" networks via BGP and route traffic from the internet directly to the IPIP endpoint or the assisted network and vice versa route traffic from the 44net to the Internet directly via the local upstream provider. That way the proxy gateway wouldn't have to route the non-44net traffic via UCSD. (Btw not every proxy gateway must have to be a BGP gateway.)
This could bring several possible advantages:
- - multiple gateway from 44net to/from internet, resilience - - bandwidth distribution onto several gateways - - latency and possibly bandwidth increase for intra-continental traffic (no real change for North America, but traffic from/to asian 44net to/from asian internet could benefit from a local asian proxy gateway, the same goes for Africa, South America, Europe, etc).
So this discussion is certainly not about replacing the IPIP fullmesh but more about offering additional ways to participate in the IPIP fullmesh.
73 de Marc, LX1DUC