On 10/04/2014 22:51, Bart Kus wrote:
OK, let me stop your email right here. Why did your router choose tunl0 as the next-hop when we don't announce any special route for 44.24.221.0/24? Your router seems to have made a routing mistake here. It should have chosen the default route (0.0.0.0/0) to send the packet since it has no special information about 44.24.221.0/24.
Does that realization clear things up?
No your logic made a mistake. RTFM especially BCP 38.
Most routers are not authorized to send traffic from 44/8 via their commercial Internet upstream. So any traffic from 44net towards the internet has to be routed to UCSD (or somewhere where no the ISP doesn't care potentially spoofed source addresses). If no specific full mesh route is found, the traffic will obviously follow the default route of the routing table handling 44net traffic.
Maybe it would be better to recommend to blackhole traffic for networks that aren't in the encap file via
ip route add blackhole 44.0.0.0/8
That way the "default route" wouldn't catch traffic for 44nets that don't exist in the encap file.
73 de Marc