AWS using 169.254.0.0/30 for ptp VPNs.

• Previous message (by thread): AWS using 169.254.0.0/30 for ptp VPNs.
• Next message (by thread): dfw equinix back door
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26 Oct 2020 17:57, B F wrote:
> Looking for any fresh experience with this:
> 
> https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNTunnels.html
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.aws.amazon.com_vpn_latest_s2svpn_VPNTunnels.html&d=DwMFaQ&c=uYNHtGtKbnb8KY_aWQH_nw&r=rdjfZQefpT_LdC_BOcEEpw&m=cOAeqtk8BvD_8rwuvYiLdhl4JrJs6NZR0qY7uRIoajg&s=clsyJTjLlh2voqF13Lny9y8vAUWziL95IobbMLlgDdM&e=>
> 
> Any problems experienced with using that reserved space as a non-local
> destination? Seems like it might not be wise WRT RFC3927.
> 
> Apparently space from RFC1918 is not an option.
> 
> Found a few hits in the archives (2012) but looking recent experience.
> 
> Thank you very much in advance.
> 

Using 169.254.0.0/16 or fe80::/64 Link-Local space as next-hop shouldn't
cause you to much of a head-egg. One point to remember is "just"
rewriting the next-hop address to a network reachable for your other
routers and switches to forward the traffic towards. (e.g. the loopback
address of your router peering with AWS Private Cloud)

-- 

Chriztoffer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4309 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201026/efee0168/attachment.bin>

• Previous message (by thread): AWS using 169.254.0.0/30 for ptp VPNs.
• Next message (by thread): dfw equinix back door
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]