Maybe we need a BGP list and check against it for tunnel endpoints?


John D. Hays
K7VE
PO Box 1223, Edmonds, WA 98020-1223 
  


On Fri, Mar 1, 2013 at 12:56 PM, Brian Kantor <Brian@ucsd.edu> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On Fri, Mar 01, 2013 at 08:52:09PM +0000, Chris Smith wrote:
> I am also putting in an additional check to ensure the tunnel
> endpoint is outside 44/8 as well as bogon / un-routable networks.

When the BGP-routed subnets start supplying tunnels to their clients
both the destination network and the tunnel origin endpoint will be in
network 44 space.  Validation will be a bit more complex.
        - Brian