12 Jul
2017
12 Jul
'17
2:11 p.m.
Rob, it looks like the problem might be nearer to
you...
Interestingly, when I traceroute to 44.137.40.2 with
169.228.34.84 as
the source address, I get:
...
That is normal, it will be routed over internet to our BGP subnet 44.137.0.0/16
which is via that gw-44-137 which then forwards it to 44.137.40.2 over IPIP.
However, 44.137.40.2 does not reply to pings from internet.
When I repeat that traceroute with 44.0.0.1 as the
source address,
it gets nearly as far, but not quite:
...
That is strange. Don't you have a route to 44.137.40.2 in your encap table?
I would expect you to send it into an IPIP tunnel direct to that system.
Or is there some magic in amprgw that makes it ignore IPIP tunnels within BGP
routed subnets? That would cause this to fail...
I can ping 213.222.29.194 from 169.228.34.84, but not
from
44.0.0.1.
But you can ping 44.137.0.1 (the amprnet address of that same system) from 44.0.0.1 ?
It looks, at first glance, like there's a 44 path
problem in
213.222.29.194.
When you route back to 44.137.40.2 via 213.222.29.194 it is explained, because that
system has a stateful firewall that does not expect replies to traffic that has not
gone out via that same system.
Rob
12 Jul
12 Jul
3:03 p.m.
New subject: gw.ampr.org from tunnel system
On Wed, Jul 12, 2017 at 09:11:54PM +0200, Rob Janssen wrote:
Or is there some magic in amprgw that makes it ignore
IPIP tunnels within BGP
routed subnets? That would cause this to fail...
Yes, BGP overrides encap on amprgw.
- Brian
2692
days inactive
2692
days old
1 comments
2 participants
participants (2)
-
Brian Kantor -
Rob Janssen