On 3/28/2014 5:59 PM, Marc, LX1DUC wrote:
On 28/03/2014 21:58, Tom Hayward wrote:
AMPR IPIP tunnels are currently broken for our network, 44.24.240.0/20. 44.24.240.0/20 is multi-homed. We have two edge routers. We originate IPIP tunnels from both routers, but other AMPR systems only accept IPIP traffic from one of the routers. Why? The second gateway IP is not in the encap file.
The problem with 2+ gateway for a single network is that with IPIP we don't know if a packet has been delivered to your gateway or not. We only know to encap traffic towards you into IPIP towards a destination IP. Once the IPIP packet has left my gateway, the packet is gone, wether it has been sent to a gateway that is currently reachable or not.
So actually 2+ gateways does NOT give you redundancy, for that we would need to know the state of your gateways and stop using unavailable gateways. So the only thing you might get is round robin packet delivery if ECMP is supported by my gateway. Debugging a failure situation in such a setup could be very hard.
Until such time that networks are announced directly by their gateways using some existing or new routing protocol or ...., there will be no possibility to have redundancy.
However you can add 1 single IP to the gateway list and than anycast that IP from different machines in the same or different locations, that way the routing protocols used to announce and reach your anycast IPIP endpoint will take care of the necessary redundancy. There might be other ways... YMMV.
Yup, you're right. We're moving forward with an anycast solution for our IPIP tunnel termination/origination to achieve redundancy.
--Bart