On 8/26/21 10:10 AM, Chris Smith via 44Net wrote:
But you can have a /24 or larger subnet announced on BGP and have the same subnet on the IPIP mesh as well. In fact this improves connectivity for hosts within AMPRnet that are not routing towards internet or do so with limitations (e.g. NAT).
This has been tried, but the routing setup gets very complicated and it is easy to get it wrong, a way back Brian got me to put code in the portal that disallows this after a few occasions when folk tried to do this and used their BGP announced 44 address as the IPIP gateway IP - it broke things badly!
That is right, but that is a different problem. A gateway like this should have both an external IP outside of net-44 to be used as the tunnel endpoint, and the subnet it announces on BGP and IPIP which is within net-44. In that case it works very well. Of course you need the proper routing setup, and the proper source address selection for outgoing connections. It is always easiest when "the router" (an actual router, or a general-purpose machine that does the routing) does not host any services itself. (so the source address is already determined on another machine and the traffic is just passed on) But it is possible to make it work OK even when services are hosted, with a little care (and testing).
It is important to have all routes in a single routing table on that router so it considers all routes in subnet-size order (smallest subnet first) and will find the IPIP route for gateways before it considers routing to internet. Solutions where different types of routes are put in different tables that are then used with policy routing do not work well for this case. (they are OK and preferable for stations that are only on the IPIP mesh, as described in the wiki)
Rob