On 10/04/2014 23:23, Bart Kus wrote:
At step (c) the packet matched a route that is associated with an IPIP tunnel. The inner headers are from-44.whatever and to-44.24.240.0/20. When that match is made, the packet is IPIP encapsulated, and given new outer src/dst IPs. The dst-IP in this case should be 44.24.221.1, and the src-IP should be whatever local-address was configured for the IPIP tunnel (which should be routable over his public ISP). Then the router has to make a 2nd routing decision about how to deliver to 44.24.221.1. In this case, it should match default route (0.0.0.0/0).
The default route for traffic with ORIGIN (read NOT necessary DESTINATION) inside 44/8 will be routed via IPIP to UCSD.
Routing via ISP without NAT won't work! Read BCP38.
Before recommending NAT, please note we don't want NAT because we want to keep the 44net ORIGIN intact.
Read BCP38. Really read BCP38. Read BCP38 again.
73 de Marc