On Mon, 15 Jul 2013, Heikki Hannikainen wrote:
But but... I think they absolutely must stay in encap.txt even if a BGP announcement is place!
If they're removed, most of other traditional amprnet sites, which are not announcing their own network using BGP, cannot send packets to the BGP sites due to source address filtering (spoof protection). Most gateways these days must send out all 44-to-44 traffic encapsulated because they're only allowed to transmit out packets with their gateway's public address as the source address of the outer IP packet.
Existance of a route in the encap file implies there is a tunnel established at the other end willing to accept the encapsulated traffic. The sites doing BGP may or may not be doing that. If the latter, then you're just sending traffic to a black hole.
Most gateways don't have visibility into the core routing tables. As you already mentioned, due to upstream service providers doing uRPF filtering, 44-to-any traffic must be tunneled through a gateway. For the non-encap net-44 destinations that means tunnelling through the UCSD gateway. You will need to setup a default (not just net-44) encap route pointing to UCSD but apply it only to traffic sourced from net-44 hosts - ie. policy routing for net-44.
Antonio Querubin e-mail: tony@lavanauts.org xmpp: antonioquerubin@gmail.com