16 Jul
2013
16 Jul
'13
9:49 a.m.
Heikki,
But I could (IPIP) tunnel my 44 address back to UCSD
and UCSD would route that in a normal way like every
other Internet address back to those who make the
announcements
My mistake, UCSD would not tunnel but route
in a normal way back over Internet to those gateways.
So no entry in the encap.txt is needed for Gateways making
BGP announcements.
Bob VE3TOK
On 13-07-16 09:22 AM, Heikki Hannikainen wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On Mon, Jul 15, 2013 at 11:21 AM, Bob Tenty <bobtenty(a)gmail.com> wrote:
The 44 addresses not in the encap.txt should be
routed to ucsd
and they will hopefully tunnel them to that specific gateway.
There is normally a line for that in a munge script.
I'm sorry, but I
don't quite understand. If a subnet is not in
encap.txt, the tunnel router in UCSD will not tunnel packets to that
specific gateway - it's not much different than any other gateway in
that respect, it gets its encap routing table from the very same
gateways database. It doesn't have any magic deeper knowledge outside
encap.txt.
Maybe, if you updated your own encap routing table very rarely, you
could send unknown traffic to UCSD and hope that it updates more
often, but even then:
I don't see any reason to remove BGP-announced subnets from encap.txt
*except* at gateways which are doing BGP themselves or are otherwise
certain that they can send out unencapsulated packets with their own
net-44 source addresses. Most sites, these days, won't be able to do
that, and they'll need to learn the net-44 tunnel routes somehow even
for the BGP announced sites.
On 13-07-15 02:54 AM, Heikki Hannikainen wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> On Sun, Jul 14, 2013 at 2:04 AM, Bob Tenty <bobtenty(a)gmail.com> wrote:
>> There are more subnets who are announcing themselfs over Internet with BGP
>> and who are still in the encap.txt
> But but... I think they absolutely must stay in encap.txt even if a
> BGP announcement is place!
>
> If they're removed, most of other traditional amprnet sites, which are
> not announcing their own network using BGP, cannot send packets to the
> BGP sites due to source address filtering (spoof protection). Most
> gateways these days must send out all 44-to-44 traffic encapsulated
> because they're only allowed to transmit out packets with their
> gateway's public address as the source address of the outer IP packet.
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html