On 09/05/18 15:24, Tom Hayward wrote:
If you've got it accessible to the internet at large via BGP, it'll also be accessible from other 44 networks. Without the tunnel mesh, traffic will be routed through amprgw at UCSD. There used to be a configuration issue that prohibited this, but it was fixed a few years ago.
Depends on the routing setup at the remote end, and for various reasons, that's not a desirable path
You can of course still configure the tunnel mesh if you desire. The primary benefit of this is reduced latency to gateways not near UCSD.
Which includes anything here! Also on today's Internet, vastly increased available bandwidth, because of the more optimal routing.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
This should answer your questions: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
I don't recall that answering my specific case of wanting to run both direct (BGP) AND tunneling at the same time. Details do matter. :)
The way we do this is by importing the 44 networks learned via BGP into our IGP and prioritizing those over routes learned via ampr-ripd. The route filter looks something like this on Mikrotik:
/routing filter add action=accept chain=AMPR prefix=44.0.0.0/8 prefix-length=8-32
Now our route table has routes from both BGP and ampr-ripd, with lower distance on the BGP routes. How you accomplish this will depend on your implementation, but I hope this gives you an idea.
I'm running Linux.