_______________________________________________
On 28/03/2014 21:58, Tom Hayward wrote:
AMPR IPIP tunnels are currently broken for our
network,
44.24.240.0/20. 44.24.240.0/20 is multi-homed. We have two edge
routers. We originate IPIP tunnels from both routers, but other AMPR
systems only accept IPIP traffic from one of the routers. Why? The
second gateway IP is not in the encap file.
The problem with 2+ gateway for a
single network is that with IPIP we
don't know if a packet has been delivered to your gateway or not. We
only know to encap traffic towards you into IPIP towards a destination
IP. Once the IPIP packet has left my gateway, the packet is gone, wether
it has been sent to a gateway that is currently reachable or not.
So actually 2+ gateways does NOT give you redundancy, for that we would
need to know the state of your gateways and stop using unavailable
gateways. So the only thing you might get is round robin packet delivery
if ECMP is supported by my gateway. Debugging a failure situation in
such a setup could be very hard.
Until such time that networks are announced directly by their gateways
using some existing or new routing protocol or ...., there will be no
possibility to have redundancy.
However you can add 1 single IP to the gateway list and than anycast
that IP from different machines in the same or different locations, that
way the routing protocols used to announce and reach your anycast IPIP
endpoint will take care of the necessary redundancy. There might be
other ways... YMMV.
Yup, you're right. We're moving forward with an anycast solution for
our IPIP tunnel termination/origination to achieve redundancy.
--Bart