10 Apr
2014
10 Apr
'14
9:33 p.m.
On 10/04/2014 23:23, Bart Kus wrote:
At step (c) the packet matched a route that is
associated with an IPIP
tunnel. The inner headers are from-44.whatever and to-44.24.240.0/20.
When that match is made, the packet is IPIP encapsulated, and given new
outer src/dst IPs. The dst-IP in this case should be 44.24.221.1, and
the src-IP should be whatever local-address was configured for the IPIP
tunnel (which should be routable over his public ISP). Then the router
has to make a 2nd routing decision about how to deliver to 44.24.221.1.
In this case, it should match default route (0.0.0.0/0).
The default route for traffic with ORIGIN (read NOT necessary
DESTINATION) inside 44/8 will be routed via IPIP to UCSD.
Routing via ISP without NAT won't work! Read BCP38.
Before recommending NAT, please note we don't want NAT because we want
to keep the 44net ORIGIN intact.
Read BCP38.
Really read BCP38.
Read BCP38 again.
73 de Marc