Brian Kantor,
Concerning hosts with no DNS entries can only use the IPIP mesh system.
Couldn't this be tweaked at UCSD to allow only 44net traffic for hosts with no DNS entries? Thus letting BGP'd 44 hosts be able to communicate with IPIP 44 hosts regardless of DNS entries?
And of course if there is a DNS entry then (like now) allow general/all inbound traffic.
Just a thought, not sure if it raises any other issues.
Steve, KB9MWR
marius at yo2loj.ro wrote:
John,
Yes, you should be able to send encapsulated data via amprgw and get the correct replies, but only for specific BGP announced and registered subnets.
Arbitrary 44net targets not in those BGP announced networks are NOT forwarded via amprgw, and only DNS registered hosts will be able to use the gateway (as you correctly assume).
Hosts with no DNS entries can only use the IPIP mesh system, since there is usually no check for that criteria on the gateways, and any subnet match is accepted.
Marius, YO2LOJ
On Tue, Aug 18, 2015 at 10:31:03PM -0500, Steve L wrote:
Concerning hosts with no DNS entries can only use the IPIP mesh system. Couldn't this be tweaked at UCSD to allow only 44net traffic for hosts with no DNS entries? Thus letting BGP'd 44 hosts be able to communicate with IPIP 44 hosts regardless of DNS entries?
And of course if there is a DNS entry then (like now) allow general/all inbound traffic.
Just a thought, not sure if it raises any other issues.
Steve, KB9MWR
Hi Steve, The filtering at UCSD is based on the destination of the traffic, not its source. I don't offhand see a way to do what you suggest with the existing filter mechanism. I'll have to think on it some.
One concern I have is the amount of IBR that seems to come from faked 44-net addresses; letting that through would be bad for the limited bandwidth that most of the tunneled gateways operate under. - Brian
-
Brian Kantor -
Steve L