[142858] in North American Network Operators' Group
RE: Enterprise Internet - Question
daemon@ATHENA.MIT.EDU (Jeff Cartier)
Fri Jul 15 08:34:20 2011
From: Jeff Cartier <Jeff.Cartier@pernod-ricard.com>
To: Owen DeLong <owen@delong.com>
Date: Fri, 15 Jul 2011 12:29:10 +0000
In-Reply-To: <6325B189-76E0-4573-ADB8-72B122870412@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Thanks for the comments everyone. They are much appreciated.
In regards to changing the address of our ARIN block to a US office address=
....are their any trades-offs in doing that? Just curious.
-----Original Message-----
From: Owen DeLong [mailto:owen@delong.com]=20
Sent: Thursday, July 14, 2011 5:02 PM
To: Jeff Cartier
Cc: nanog@nanog.org
Subject: Re: Enterprise Internet - Question
On Jul 14, 2011, at 12:34 PM, Jeff Cartier wrote:
> Hi All,
>=20
> I just wanted to throw a question out to the list...
>=20
> In our data center we feed Internet to some of our US based offices and e=
very now and again we receive complaints that they can't access some US bas=
ed Internet content because they are coming from a Canadian based IP.
>=20
> This has sparked an interesting discussion around a few questions....of w=
hich I'd like to hear the lists opinions on.
>=20
> - How should/can an enterprise deal with accessibility to intern=
et content issues? (ie. that whole coming from a Canadian IP accessing US c=
ontent)
>=20
This is an example of why content restriction based on IP address geolocati=
on is such a bad idea in general.
Frankly, the easiest thing to do (since most Canadian companies aren't as b=
rain-dead) is to update your whois records with the address of the block al=
located to your datacenter so that it looks like it's in one of your US off=
ices. I realize this sounds silly for a variety of reasons, but, it solves =
the problem without expensive or configuration-intensive workarounds such a=
s selective NAT, etc.
> o Side question on that - Could we simply obtain a US based IP address =
and selectively NAT?
>=20
You can, but, you can also hit yourself over the head repeatedly with a ham=
mer. Selective NAT will yield more content, but, the pain levels will proba=
bly be similar.
> - Does the idea of regional Internet locations make sense? If s=
o, when do they make sense? For instance, having a hub site in South Ameri=
ca (ie. Brazil) and having all offices in Venezuela, Peru and Argentina rou=
te through a local Internet feed in Brazil.
>=20
Not really. The whole content-restriction by IP geolocation thing also does=
n't make sense. Unfortunately, the fact that something is nonsensical does =
not prevent someone from doing it or worse, selling it.
You should do what makes sense for the economics of the topology you need. =
The address geolocation issues can usually be best addressed by manipulatin=
g whois. If your address block from ARIN is an allocation, you can manipula=
te sub-block address registration issues through the use of SWIP, for examp=
le.
> - Does the idea of having local Internet at each site make more =
sense? If so why?
>=20
That's really more of an economic and policy question within your organizat=
ion than a technical one.
>=20
Owen
__________________________________________________________________
DISCLAIMER: This e-mail contains proprietary information some or all of w=
hich may be legally privileged. It is for the intended recipient only. I=
f an addressing or transmission error has misdirected this e-mail, please=
notify the author by replying to this e-mail. If you are not the intend=
ed recipient you must not use, disclose, distribute, copy, print, or rely=
on this e-mail.
This message has been scanned for the presence of computer viruses, Spam,=
and Explicit Content.
=0D
