Subject: Re: [44net] Two questions From: Bryan Fields Bryan@bryanfields.net Date: 06/14/2015 09:10 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
No, the issue is the_broken_ routing at UCSD.
ARDC does not announce the 44/8, UCSD does it for them and has a static route for 44/8 pointing at the gateway box. This is broken routing since the gateway is unaware of the more specific networks.
What needs to be done is the UCSD gateway needs to be made aware of the subnets in the global table and only announce the subnets it knows about. There are routing protocols that would make this easy.
But that is already in place!! It is the IPIP tunnel mesh. As long as you provide an IPIP tunnel for the subnet you advertise yourself on BGP, with a tunnel endpoint on an internet address OUTSIDE 44.0.0.0/8, there is no problem at all!
We do have the same situation as UCSD at our gateway. Our ISP does the BGP advertising of 44.137.0.0/16 and routes the traffic to the gateway. We have registered the same space on the portal, and we have an external address for that (213.222.29.194). All the routing is fine, also for people who send the traffic to UCSD. Because UCSD sees the more specific route 44.137.0.0/16 first and sends the traffic via IPIP to us, instead of sending it out to the default gw that would bounce it back.
When you would set up the same configuration, you would be out of trouble. When you don't want a single system to be responsible for the IPIP tunnel you can setup some redundancy, as long as you don't "conveniently" take a subnet out of 44.0.0.0/8 for that, because that does not work. It is known it does not work.
<tangent> I'd argue the BGP networks would be better if 44/8 was split up in such a way set aside a /12 (for example!) for BGP subnets and a /12 for the IPIP users. This makes the routing much easier to configure on a IPIP encap gateway. The present geographic area way of doing it leads to routing table bloat. </tangent>
I don't agree with that. It will just make a new configuration necessary for something that now works OK just by the mechanisms we already have.
Rob
-
Rob Janssen