Enterprise Internet - Question
Phil Sykes
phil at atdot.at
Thu Jul 14 19:57:24 UTC 2011
Hi Jeff,
You might have some luck following the instructions on
http://nanog.cluepon.net/index.php/GeoIP to register one particular /32
within your Canadian-announced netblock as being in the USA, and selectively
NATing as you suggest, but I believe some stricter GeoIP databases check
next hops and expected latency and might catch you out.
We're lucky enough to have proxies in most geographies where we operate, so
if a user has GeoIP issues we talk them through changing their proxy
settings (you could also use a personal PAC file).
(My employer's) principles in favour of a local internet breakout:
- Is breaking out to the internet locally significantly cheaper than
backhauling over private WAN (some MPLS providers will offer a local
internet breakout as a VRF; this avoids the need for two access circuits)
- Do you need to congest the internet traffic more than/independently to the
private WAN traffic?
- Would a tunnel over the internet be a useful backup to private circuits?
- Are there latency-related performance reasons (lots of local content) to
break out locally?
- Are there regulatory reasons? (e.g. Middle East / Chinese state-level
filtering)
Against local breakout:
- Do you need to limit the number of locations with an internet breakout
because you have a heavyweight security stack protecting an internet
connection (filtering proxy, IDS/IPS, multi-layer HA firewalls)?
- Is local internet of poor quality?
Regards,
Phil Sykes
Network Architect
$LARGE_OIL_COMPANY
On Thu, Jul 14, 2011 at 8:34 PM, Jeff Cartier <
Jeff.Cartier at pernod-ricard.com> wrote:
> Hi All,
>
> I just wanted to throw a question out to the list...
>
> In our data center we feed Internet to some of our US based offices and
> every now and again we receive complaints that they can't access some US
> based Internet content because they are coming from a Canadian based IP.
>
> This has sparked an interesting discussion around a few questions....of
> which I'd like to hear the lists opinions on.
>
> - How should/can an enterprise deal with accessibility to internet
> content issues? (ie. that whole coming from a Canadian IP accessing US
> content)
>
> o Side question on that - Could we simply obtain a US based IP address
> and selectively NAT?
>
> - Does the idea of regional Internet locations make sense? If so,
> when do they make sense? For instance, having a hub site in South America
> (ie. Brazil) and having all offices in Venezuela, Peru and Argentina route
> through a local Internet feed in Brazil.
>
> - Does the idea of having local Internet at each site make more
> sense? If so why?
>
>
> Again, I would appreciate to hear the opinion from SP oriented
> minds...based on what they've seen from customers...and network
> administrators running large enterprises in different companies. Off-list
> replies are also appreciated.
>
> Thanks!!!
>
> ...jc
>
>
>
>
> __________________________________________________________________
> DISCLAIMER: This e-mail contains proprietary information some or all of
> which may be legally privileged. It is for the intended recipient only. If
> an addressing or transmission error has misdirected this e-mail, please
> notify the author by replying to this e-mail. If you are not the intended
> recipient you must not use, disclose, distribute, copy, print, or rely on
> this e-mail.
>
> This message has been scanned for the presence of computer viruses, Spam,
> and Explicit Content.
>
>
More information about the NANOG
mailing list