26 Aug
2021
26 Aug
'21
3:25 a.m.
On 8/26/21 10:10 AM, Chris Smith via 44Net wrote:
That is right, but that is a different problem.
A gateway like this should have both an external IP outside of net-44 to be used as the
tunnel endpoint, and the subnet it announces on BGP and IPIP which is within net-44.
In that case it works very well. Of course you need the proper routing setup, and the
proper source address selection for outgoing connections.
It is always easiest when "the router" (an actual router, or a general-purpose
machine that does the routing) does not host any services itself.
(so the source address is already determined on another machine and the traffic is just
passed on)
But it is possible to make it work OK even when services are hosted, with a little care
(and testing).
It is important to have all routes in a single routing table on that router so it
considers all routes in subnet-size order (smallest subnet first) and will find the IPIP
route for gateways before it considers routing to internet. Solutions where different
types of routes are put in different tables that are then used with policy routing do not
work well for this case.
(they are OK and preferable for stations that are only on the IPIP mesh, as described in
the wiki)
Rob
But you can have a /24 or larger subnet announced on BGP and have the same subnet on the
IPIP mesh as well.
In fact this improves connectivity for hosts within AMPRnet that are not routing towards
internet or do so with limitations (e.g. NAT).
This has been tried, but the routing
setup gets very complicated and it is easy to get it wrong, a way back Brian got me to put
code in the portal that disallows this after a few occasions when folk tried to do this
and used their BGP announced 44 address as the IPIP gateway IP - it broke things badly!