Marius,
You seem to have misunderstood my statement. I didn't mean to imply that the gateway drops all traffic to the internet. It blackholes packets with a 44/8 destination that is directly connected to the internet instead of participating in the IPIP mesh. It doesn't do this intentionally as you seem to believe. It does this because the gateway's upstream network at UCSD has a static 44/8 catch-all route without being aware of the more specific 44/8 routes on the global internet, creating a loop for those packets. Incoming packets from those networks are not treated as spoofs, unlike what you said.
The catch-all route is needed because most of the IPIP-connected networks are too small to be routed on the internet directly, so it's necessary for the gateway to be the default for all internet traffic where a more specific internet route doesn't exist. Unlike what some others have implied, this is a perfectly standard way for BGP networks to operate on the internet.
It seems like some people may be under the impression that anyone who uses 44/8 addresses should be required to participate in the IPIP mesh and that is definitely not true. IPIP is just a workaround for connecting 44 networks to the larger global network since most of them are either too small or lack the resources to make those connections using standard methods. It's important not to confuse this workaround with a VPN that would provide authenticated tunnels, or a private network where you can implicitly trust all of your local traffic.
44-net shouldn't be treated like another radio mode of operation where we can all make contacts with each other using IP packets. It's just a valuable resource that allows us to easily participate in the global network and share our actual ham related resources.
On Sun, Jun 14, 2015 at 11:20 AM, Marius Petrescu marius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Sorry to say but this is not entirely correct.
ampr-gw does not black hole packets from 44/8 to the internet. This is the whole purpose of that gateway: To permit 44/8 traffic to the internet and back. The 44 to 44 traffic is supposed to go via IPIP directly, so that one is dropped correctly.