[tech] Re: [ucc] Committee Minutes 2003-08-12
Grahame Bowland
grahame at angrygoats.net
Wed Aug 13 15:39:32 WST 2003
On Wed, 2003-08-13 at 09:14, Davyd wrote:
> On Tue, 2003-08-12 at 16:46, Nick Bannon wrote:
>
> > There's another option:
> > 1. Tunnel 172.26.42.0/24 into WAIX
> > 2. Use WAIX BGP data to unfirewall 130.95.13.0/24 <-> WAIX on hydra or
> > its replacement.
>
> From a "the way it should work" perspective, I prefer (2).
> It would allow us to trash the .waix.ucc subdomain, and just have
> machines work from the correct places without multiple domain names (the
> way it should be).
>
> It there a way to guarentee the BGP of WAIX? and to firewall
> accordingly? Could it be done in the UWA core? or would it be better off
> done on bananabox (looking to become hydra's decendant), or some new
> piece of cisco kit.
Fundamentally, you use BGP to determine *your* routing table. This is
the decision of where to send *outbound* traffic. However, you are
charged on *inbound* traffic. If asymmetric routing happens, you'll get
charged for "free" routes that appear in the BGP table of WAIX.
It's not that rare for traffic to be sent to WAIX and come back through
Optus / AARNET, I think there are a few known offenders.
Do the IPIP tunnel, I'll talk to Adrian about getting it set up.
--
Grahame Bowland all those things hath mine
<grahame at angrygoats.net> hand made and all the people say
amen praise ye the
More information about the tech
mailing list