The only thing missing is IPIP to BGP connectivity via the ampr-gw which
is filtered.
It's actually much worse than just a filter. The ampr-gw doesn't make the 44/8 BGP announcements out to the internet itself. Instead, the announcement is made higher up in the UCSD network and the traffic is statically routed back down to the ampr-gw system. This means that any packets ampr-gw attempts to send to 44 addresses on other networks will never make it to the internet and will simply be routed back to itself. This is why BGP networks need to also run the IPIP mesh if they want to talk to any non-BGP 44 networks. Even with the IPIP mesh, BGP networks can never talk to ampr-gw and expect to hear a response.
Has there ever been any progress in getting a fix for this, Brian?