Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink proxies, which may require peer-peer connectivity. Currently, 44.x tunneled addresses connecting to the system would go via their local router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
Tony
I advertise my /23 via 2 providers. We then use our internal routers to break them down into subnets i require.
Sam Vk4aa
Sent from MailDroid
-----Original Message----- From: Tony Langdon vk3jed@vkradio.com To: 44net@mailman.ampr.org Sent: Wed, 09 May 2018 1:22 pm Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink proxies, which may require peer-peer connectivity. Currently, 44.x tunneled addresses connecting to the system would go via their local router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
On 09/05/18 15:03, vk4aa@vk4aa.com.au wrote:
Tony
I advertise my /23 via 2 providers. We then use our internal routers to break them down into subnets i require.
That doesn't answer my question at all, seems to answer an entirely different question, which I'm not sure is relevant.
Sam Vk4aa
Sent from MailDroid
-----Original Message----- From: Tony Langdon vk3jed@vkradio.com To: 44net@mailman.ampr.org Sent: Wed, 09 May 2018 1:22 pm Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink proxies, which may require peer-peer connectivity. Currently, 44.x tunneled addresses connecting to the system would go via their local router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
I use tons where i still usr encapsulation.
Sent from MailDroid
-----Original Message----- From: Tony Langdon vk3jed@vkradio.com To: 44net@mailman.ampr.org Sent: Wed, 09 May 2018 3:20 pm Subject: Re: [44net] Setting up a tunnel to my BGP's 44net range
On 09/05/18 15:03, vk4aa@vk4aa.com.au wrote:
Tony
I advertise my /23 via 2 providers. We then use our internal routers to break them down into subnets i require.
That doesn't answer my question at all, seems to answer an entirely different question, which I'm not sure is relevant.
Sam Vk4aa
Sent from MailDroid
-----Original Message----- From: Tony Langdon vk3jed@vkradio.com To: 44net@mailman.ampr.org Sent: Wed, 09 May 2018 1:22 pm Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink proxies, which may require peer-peer connectivity. Currently, 44.x tunneled addresses connecting to the system would go via their local router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
Tony
With your other questions please contact me off list and I will be send you my config
In short nothing changed greatly in our apps.
I run tnos, aprs. Mmdvm etc on 44net as well I can duplicate the network via eoip to our colo
Sam Vk4aa@vk4aa.com.au
Sent from MailDroid
-----Original Message----- From: Tony Langdon vk3jed@vkradio.com To: 44net@mailman.ampr.org Sent: Wed, 09 May 2018 1:22 pm Subject: [44net] Setting up a tunnel to my BGP's 44net range
Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
Reason for this is I'm likely to be running services other than Echolink proxies, which may require peer-peer connectivity. Currently, 44.x tunneled addresses connecting to the system would go via their local router, which most likely involves NAT.
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
On Tue, May 8, 2018 at 8:23 PM Tony Langdon vk3jed@vkradio.com wrote:
Now that my BGP announced 44.x range is up and running, I'd like to be able to make it transparently accessible for tunneled networks. I just need to double check a few things.
If you've got it accessible to the internet at large via BGP, it'll also be accessible from other 44 networks. Without the tunnel mesh, traffic will be routed through amprgw at UCSD. There used to be a configuration issue that prohibited this, but it was fixed a few years ago.
You can of course still configure the tunnel mesh if you desire. The primary benefit of this is reduced latency to gateways not near UCSD.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
This should answer your questions: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
And on a similar note, is there a way to exclude other directly connected subnets capable of IPIP tunneling from using a tunnel? (since that's obviously not required!)
The way we do this is by importing the 44 networks learned via BGP into our IGP and prioritizing those over routes learned via ampr-ripd. The route filter looks something like this on Mikrotik:
/routing filter add action=accept chain=AMPR prefix=44.0.0.0/8 prefix-length=8-32
Now our route table has routes from both BGP and ampr-ripd, with lower distance on the BGP routes. How you accomplish this will depend on your implementation, but I hope this gives you an idea.
Tom KD7LXL
On 09/05/18 15:24, Tom Hayward wrote:
If you've got it accessible to the internet at large via BGP, it'll also be accessible from other 44 networks. Without the tunnel mesh, traffic will be routed through amprgw at UCSD. There used to be a configuration issue that prohibited this, but it was fixed a few years ago.
Depends on the routing setup at the remote end, and for various reasons, that's not a desirable path
You can of course still configure the tunnel mesh if you desire. The primary benefit of this is reduced latency to gateways not near UCSD.
Which includes anything here! Also on today's Internet, vastly increased available bandwidth, because of the more optimal routing.
First, I know I'd need to run ampr-ripd on the box. I also have non-44 net addresses to use as the ipip encap endpoint. What else do I need to do? Do I need to advertise the subnet as "tunneled" in addition to direct in the portal? Anything else?
This should answer your questions: http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
I don't recall that answering my specific case of wanting to run both direct (BGP) AND tunneling at the same time. Details do matter. :)
The way we do this is by importing the 44 networks learned via BGP into our IGP and prioritizing those over routes learned via ampr-ripd. The route filter looks something like this on Mikrotik:
/routing filter add action=accept chain=AMPR prefix=44.0.0.0/8 prefix-length=8-32
Now our route table has routes from both BGP and ampr-ripd, with lower distance on the BGP routes. How you accomplish this will depend on your implementation, but I hope this gives you an idea.
I'm running Linux.
-
Tom Hayward -
Tony Langdon -
vk4aa@vk4aa.com.au