17 Jun
2013
17 Jun
'13
12:44 a.m.
On 6/17/13 1:25 AM, Heikki Hannikainen wrote:
It's intended to be totally separate, but
there's a single gateway in
the US announcing all of 44/8 and relaying packets from the Internet
to amprnet hosts which have an ampr.org DNS entry in place. Also, a
few local subnets are announced locally by the gateways using BGP,
after signing the TOS (http://www.ampr.org/tos.txt) and obtaining
permission documents from ARDC.
Upstream amprnet->internet packets should be routed, if possible, from
the local gateway directly to the Internet, but ISP anti-spoofing
filters / uRPF typically prohibit it these days (which is a very good
thing in the botnet/DDOS respect). Unless, of course, you've arranged
a BGP peering and announcing the subnet yourself, in which case you
can send packets out from that subnet.
My intention was just to use a VRF on my main colo router for the 44net space,
and keep it separate from everything else. I'm routing this over a tunnel
back to my home and from there out to my wireless links. Right now I have 5
links all running with 172.17/16 space and thought it would be cool to link it
all with "real" IP's.
So for the exception of the 44/net space directly announced, can everything be
reached via the gateway at ucsd? Does this gateway have tunnels to the rest
of the network behind it?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net