10 Apr
2014
10 Apr
'14
9:11 p.m.
On 10/04/2014 22:51, Bart Kus wrote:
OK, let me stop your email right here. Why did your
router choose tunl0
as the next-hop when we don't announce any special route for
44.24.221.0/24? Your router seems to have made a routing mistake here.
It should have chosen the default route (0.0.0.0/0) to send the packet
since it has no special information about 44.24.221.0/24.
Does that realization clear things up?
No your logic made a mistake. RTFM especially BCP 38.
Most routers are not authorized to send traffic from 44/8 via their
commercial Internet upstream. So any traffic from 44net towards the
internet has to be routed to UCSD (or somewhere where no the ISP doesn't
care potentially spoofed source addresses). If no specific full mesh
route is found, the traffic will obviously follow the default route of
the routing table handling 44net traffic.
Maybe it would be better to recommend to blackhole traffic for networks
that aren't in the encap file via
ip route add blackhole 44.0.0.0/8
That way the "default route" wouldn't catch traffic for 44nets that
don't exist in the encap file.
73 de Marc