Subject: [44net] TUNNEL vs DIRECT connection of subnets From: Brian Kantor Brian@UCSD.Edu Date: 03/14/2015 02:30 AM
To: 44net@hamradio.ucsd.edu
At the current moment I can see no way for an AMPRNet subnet to be both TUNNEL and DIRECT (BGP-announced) connected, unless a special provision has been made to operate a gateway from a non-44/8 address into the BGP-connected subnet.
Sure, but I think that is not unreasonable. We do it on our gateway and there is no problem with it. The provider has issued a small non-44 subnet to the gateway machine and it routes the net-44 traffic to that address. (i.e. our provider announces 44.137.0.0/16 on BGP and accepts the traffic on their core router and they forward it to us, we forward our traffic for internet to them on another address in that subnet on which their router listens).
We are also on the IPIP mesh with our /16 and the tunnel endpoint is that same non-44 address (213.222.29.194). This means that other IPIP gateways forward traffic via a tunnel.
This works just fine. It also means the others do not have to setup exceptions for our subnet in their IPIP tunnel systems. Getting the /30 network required for this should be no problem even today.
Rob
Hi,
I think this is not a problem and is a false issue. A network can be BGP announced AND may offer IPIP tunnel access.
From the point of view of a IPIP endpoint system, the BGP announcement is
irelevant.
The criteria for a network to be announced in RIP/encap are simple to define:
1. An IPIP endpoint is available on its gateway address with access from the public internet (confirmed by the TUNNEL flag set in the web interface and a defined gateway address) AND 2. its gateway address is NOT an ampr address from an already announced subnet with another IPIP gateway (no IPIP over IPIP allowed) AND 3. its gateway address is NOT in its own subnet (and there is no simple way to exclude the gateway address from the IPIP network routes at the moment).
All other variants are possible and functional, BGP announced or not. The BGP announced networks can be, of course registered, but should not appear in the encap file, nor in the RIP data, unless it offers an IPIP endpoint on a public IP. This public IP can be any address, including BGP announced IPs, as long as criteria 2 and 3 are not violated.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Rob Janssen Sent: Saturday, March 14, 2015 21:10 To: 44net@hamradio.ucsd.edu Subject: Re: [44net] TUNNEL vs DIRECT connection of subnets
At the current moment I can see no way for an AMPRNet subnet to be both TUNNEL and DIRECT (BGP-announced) connected, unless a special provision has been made to operate a gateway from a non-44/8 address into the BGP-connected subnet.
-
Marius Petrescu -
Rob Janssen