9 May
2018
9 May
'18
4:22 a.m.
Now that my BGP announced 44.x range is up and running, I'd like to be
able to make it transparently accessible for tunneled networks. I just
need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink
proxies, which may require peer-peer connectivity. Currently, 44.x
tunneled addresses connecting to the system would go via their local
router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly
connected subnets capable of IPIP tunneling from using a tunnel? (since
that's obviously not required!)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
9 May
9 May
6:03 a.m.
Tony
I advertise my /23 via 2 providers.
We then use our internal routers to break them down into subnets i require.
Sam
Vk4aa
Sent from MailDroid
-----Original Message-----
From: Tony Langdon <vk3jed(a)vkradio.com>
To: 44net(a)mailman.ampr.org
Sent: Wed, 09 May 2018 1:22 pm
Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be
able to make it transparently accessible for tunneled networks. I just
need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink
proxies, which may require peer-peer connectivity. Currently, 44.x
tunneled addresses connecting to the system would go via their local
router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly
connected subnets capable of IPIP tunneling from using a tunnel? (since
that's obviously not required!)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
6:20 a.m.
On 09/05/18 15:03, vk4aa(a)vk4aa.com.au wrote:
Tony
I advertise my /23 via 2 providers.
We then use our internal routers to break them down into subnets i require.
That
doesn't answer my question at all, seems to answer an entirely
different question, which I'm not sure is relevant.
Sam
Vk4aa
Sent from MailDroid
-----Original Message-----
From: Tony Langdon <vk3jed(a)vkradio.com>
To: 44net(a)mailman.ampr.org
Sent: Wed, 09 May 2018 1:22 pm
Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be
able to make it transparently accessible for tunneled networks. I just
need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink
proxies, which may require peer-peer connectivity. Currently, 44.x
tunneled addresses connecting to the system would go via their local
router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly
connected subnets capable of IPIP tunneling from using a tunnel? (since
that's obviously not required!)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
10 May
10 May
12:40 a.m.
I use tons where i still usr encapsulation.
Sent from MailDroid
-----Original Message-----
From: Tony Langdon <vk3jed(a)vkradio.com>
To: 44net(a)mailman.ampr.org
Sent: Wed, 09 May 2018 3:20 pm
Subject: Re: [44net] Setting up a tunnel to my BGP's 44net range
On 09/05/18 15:03, vk4aa(a)vk4aa.com.au wrote:
Tony
I advertise my /23 via 2 providers.
We then use our internal routers to break them down into subnets i require.
That
doesn't answer my question at all, seems to answer an entirely
different question, which I'm not sure is relevant.
Sam
Vk4aa
Sent from MailDroid
-----Original Message-----
From: Tony Langdon <vk3jed(a)vkradio.com>
To: 44net(a)mailman.ampr.org
Sent: Wed, 09 May 2018 1:22 pm
Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be
able to make it transparently accessible for tunneled networks. I just
need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink
proxies, which may require peer-peer connectivity. Currently, 44.x
tunneled addresses connecting to the system would go via their local
router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly
connected subnets capable of IPIP tunneling from using a tunnel? (since
that's obviously not required!)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
9 May
9 May
6:09 a.m.
Tony
With your other questions please contact me off list and I will be send you my config
In short nothing changed greatly in our apps.
I run tnos, aprs. Mmdvm etc on 44net as well I can duplicate the network via eoip to our
colo
Sam
Vk4aa(a)vk4aa.com.au
Sent from MailDroid
-----Original Message-----
From: Tony Langdon <vk3jed(a)vkradio.com>
To: 44net(a)mailman.ampr.org
Sent: Wed, 09 May 2018 1:22 pm
Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be
able to make it transparently accessible for tunneled networks. I just
need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink
proxies, which may require peer-peer connectivity. Currently, 44.x
tunneled addresses connecting to the system would go via their local
router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly
connected subnets capable of IPIP tunneling from using a tunnel? (since
that's obviously not required!)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
6:24 a.m.
On Tue, May 8, 2018 at 8:23 PM Tony Langdon <vk3jed(a)vkradio.com> wrote:
Now that my BGP announced 44.x range is up and
running, I'd like to be
able to make it transparently accessible for tunneled networks. I just
need to double check a few things.
If you've got it accessible to the internet at large via BGP, it'll also be
accessible from other 44 networks. Without the tunnel mesh, traffic will be
routed through amprgw at UCSD. There used to be a configuration issue that
prohibited this, but it was fixed a few years ago.
You can of course still configure the tunnel mesh if you desire. The
primary benefit of this is reduced latency to gateways not near UCSD.
First, I know I'd need to run ampr-ripd on the
box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
This should answer your questions:
http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
And on a similar note, is there a way to exclude other
directly
connected subnets capable of IPIP tunneling from using a tunnel? (since
that's obviously not required!)
The way we do this is by importing the 44 networks learned via BGP into our
IGP and prioritizing those over routes learned via ampr-ripd. The route
filter looks something like this on Mikrotik:
/routing filter add action=accept chain=AMPR prefix=44.0.0.0/8
prefix-length=8-32
Now our route table has routes from both BGP and ampr-ripd, with lower
distance on the BGP routes. How you accomplish this will depend on your
implementation, but I hope this gives you an idea.
Tom KD7LXL
6:32 a.m.
On 09/05/18 15:24, Tom Hayward wrote:
I don't recall that
answering my specific case of wanting to run both
direct (BGP) AND tunneling at the same time. Details do matter. :)
If you've got it accessible to the internet at
large via BGP, it'll also be
accessible from other 44 networks. Without the tunnel mesh, traffic will be
routed through amprgw at UCSD. There used to be a configuration issue that
prohibited this, but it was fixed a few years ago.
Depends on the routing setup at
the remote end, and for various reasons,
that's not a desirable path
You can of course still configure the tunnel mesh if you desire. The
primary benefit of this is reduced latency to gateways not near UCSD.
Which
includes anything here! Also on today's Internet, vastly
increased available bandwidth, because of the more optimal routing.
First, I know I'd need to run ampr-ripd on
the box. I also have non-44
net addresses to use as the ipip encap endpoint. What else do I need to
do? Do I need to advertise the subnet as "tunneled" in addition to
direct in the portal? Anything else?
This should answer your questions:
http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux The way we do this is by importing the 44 networks
learned via BGP into our
IGP and prioritizing those over routes learned via ampr-ripd. The route
filter looks something like this on Mikrotik:
/routing filter add action=accept chain=AMPR prefix=44.0.0.0/8
prefix-length=8-32
Now our route table has routes from both BGP and ampr-ripd, with lower
distance on the BGP routes. How you accomplish this will depend on your
implementation, but I hope this gives you an idea.
I'm running Linux.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
2194
days inactive
2194
days old
6 comments
3 participants
participants (3)
-
Tom Hayward -
Tony Langdon -
vk4aa@vk4aa.com.au