The problem is that the route 44.140.0.0/16 via 44.140.0.1 creates a routing loop.
The moment one sets this route ont their machine, all traffic, including the one to the gateway will be encasulated and sent via the tunnel to the gateway which is impossible...
So for such a setup to work there are 3 solutions: 1) classic: 44.140.0.0/16 via 192.16.126.18
2) 2 routes: 44.140.0.1/32 via 192.16.126.18 44.140.0.0/16 via 44.140.0.1 This will break most setups since usually there is no recursive next-hop lookup on a sinlge machine GW system. In a full routed dedicated tunnel host + router combination this would work (I can give you the details).
3) don't broadcast anything at all In this case, ham traffic is treated as any regular internet traffic and nat-ed to ones public IP on their gateway (if there is no 44/8 route via UCSD), If the client is also bgp announcet, case in which it wil work flawless. The problem is that in this case you can not diferentiate ham traffic from bgp unannounced subnets from regular internet traffic on your GW side.
Talking about other solutions, I want to analyse a little the other BGP announced setup, which is correct:
44.24.240.0/20 via 44.24.221.1 44.24.221.1 is unannounced in RIP.
In this case, on a completely correct setup (which doesn't send all unknown 44s to UCSD via tunnel) will do the following: - encap all traffic to 44.24.240.0/20 - all encaped frames will be nat-ed to the local public GW IP and sent to 44.24.221.1 Of course, 44.24.221.1 has to maintain its own encap target list to be able to send traffic back to the originator, and accept proto 4 from any public IP.
So as a conclusion: Announcing BGP enabled subnets in the encap breaks some advantages of being bgp announced. It allows internet hosts to circumvent the UCSD gateway, and allows direct access to internet hosts from 44 macines without passing UCSD while maintaining its original 44 src address. But it still needs the tunnel system to allow access from 44 hosts behind tunnels. If the subnet is unannounced, only nat-ed trafic is possible from tuneled 44 systems (since UCSD routers don't forward traffic to 44 destinations).
Marius, YO2LOJ