On Tue, May 8, 2018 at 8:23 PM Tony Langdon vk3jed@vkradio.com wrote:
Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
If you've got it accessible to the internet at large via BGP, it'll also be accessible from other 44 networks. Without the tunnel mesh, traffic will be routed through amprgw at UCSD. There used to be a configuration issue that prohibited this, but it was fixed a few years ago.
You can of course still configure the tunnel mesh if you desire. The primary benefit of this is reduced latency to gateways not near UCSD.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
This should answer your questions: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
The way we do this is by importing the 44 networks learned via BGP into our IGP and prioritizing those over routes learned via ampr-ripd. The route filter looks something like this on Mikrotik:
/routing filter add action=accept chain=AMPR prefix=44.0.0.0/8 prefix-length=8-32
Now our route table has routes from both BGP and ampr-ripd, with lower distance on the BGP routes. How you accomplish this will depend on your implementation, but I hope this gives you an idea.
Tom KD7LXL