[142832] in North American Network Operators' Group
Re: Enterprise Internet - Question
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jul 14 17:06:39 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <6EDE133FF50DBA4B963028BD5CD690DD26971B@CAPRGWLKWEMBX1.pernod-ricard.group>
Date: Thu, 14 Jul 2011 14:01:31 -0700
To: Jeff Cartier <Jeff.Cartier@pernod-ricard.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 14, 2011, at 12:34 PM, Jeff Cartier wrote:
> Hi All,
>=20
> I just wanted to throw a question out to the list...
>=20
> In our data center we feed Internet to some of our US based offices =
and every now and again we receive complaints that they can't access =
some US based Internet content because they are coming from a Canadian =
based IP.
>=20
> This has sparked an interesting discussion around a few =
questions....of which I'd like to hear the lists opinions on.
>=20
> - How should/can an enterprise deal with accessibility to =
internet content issues? (ie. that whole coming from a Canadian IP =
accessing US content)
>=20
This is an example of why content restriction based on IP address =
geolocation is such a bad idea in general.
Frankly, the easiest thing to do (since most Canadian companies aren't =
as brain-dead) is to update your whois records with the address of the =
block
allocated to your datacenter so that it looks like it's in one of your =
US offices. I realize this sounds silly for a variety of reasons, but, =
it solves the problem
without expensive or configuration-intensive workarounds such as =
selective NAT, etc.
> o Side question on that - Could we simply obtain a US based IP =
address and selectively NAT?
>=20
You can, but, you can also hit yourself over the head repeatedly with a =
hammer. Selective NAT will yield more content, but, the pain levels will =
probably be similar.
> - Does the idea of regional Internet locations make sense? =
If so, when do they make sense? For instance, having a hub site in =
South America (ie. Brazil) and having all offices in Venezuela, Peru and =
Argentina route through a local Internet feed in Brazil.
>=20
Not really. The whole content-restriction by IP geolocation thing also =
doesn't make sense. Unfortunately, the fact that something is =
nonsensical does not prevent someone from doing it or worse, selling it.
You should do what makes sense for the economics of the topology you =
need. The address geolocation issues can usually be best addressed by =
manipulating whois. If your address block from ARIN is an allocation, =
you can manipulate sub-block address registration issues through the use =
of SWIP, for example.
> - Does the idea of having local Internet at each site make =
more sense? If so why?
>=20
That's really more of an economic and policy question within your =
organization than a technical one.
>=20
Owen
