On 4/11/2014 8:49 AM, Bryan Fields wrote:
On 4/11/14, 11:32 AM, Bart Kus wrote:
It allows our microwave network to remain connected to the rest of AMPRnet as long as we have at least 1 ISP that isn't dead. The microwave network peers with the Internet at 2 different points at present, but more points will come in the future. It's a robustness improvement in the face of partial failures, like in a natural disaster when an ISP's fiber gets torn or their building collapses.
So this is a hack to correct for the hack of AMPRnet IPIP tunnels. Argh, it makes my head hurt.
If AMPRnet was treated like any other network on the internet, this problem would go away. At worst anyone not redundantly connected to the global internet would lose connectivity if their small gateway went down.
Well, IPIP itself is not the problem. It avoids the costs of Internet BGP peering. What is a problem is the lack of dead-peer-detection between IPIP gateways. If intra-AMPR BGP peering was actually deployed as part of the general recommendations then we wouldn't need to anycast to achieve redundancy. But as it stands, the deployed technologies are very light, and anycasting our IPIP endpoint is the easiest way to achieve the desired redundancy. We do plan to make special BGP+IPSec arrangements with select AMPRnet peers to further improve our availability and security, but there's no need to do any of that work on the mailing list.
--Bart