All,
If it helps understanding the low traffic, personally I lost commercial Internet between 01:10 UTC and 03:10 UTC.
Also, I saw something rather strange while my Internet was "out"
2017-05-16 21:32:23.893 0.529 ICMP 44.60.44.1:0 -> 71.163.244.1:3.0 2 696 1
I'm not quite sure why (and how) my new Verizon gateway sent an IPENCAP packet to my tunl0 interface, while I was offline, prior to obtaining a WAN IP...and elicited a response...even though it should have failed, they could have captured these packets encaped and bound for AMPRGW.
All I can tell is:
- the inner and outer source IP addresses could not have been a bogon (unless ampr-ripd bypasses the RAW iptables as well) and did not equal 44.60.44.0/24 - the destination inner address must have been some IP for which I have a local route - but NOT on table 44; and does not equal 44.60.44.0/24 - my Kernel appears to be leaking information that an IP exists locally - my best guess is they attempted to reach the outside IP of their downstream router via the tunnel, and no route exists
I believe this behavior should have failed with kmod-ipip, as I have a firewall rule in place to accept IPENCAP only from your valid GW IPs. As most may now know, I bring-my-own-device on my Verizon FiOS because I observed the IPENCAP forward rule removed multiple times without my intervention. Their router is downstream only to allow MOCA bridging (and to connect as the gateway when I have a service ticket, as they will only troubleshoot with it).
- Lynwood KB3VWG