Enterprise Internet - Question

Thu Jul 14 19:57:24 UTC 2011

Hi Jeff,

You might have some luck following the instructions on
http://nanog.cluepon.net/index.php/GeoIP to register one particular /32
within your Canadian-announced netblock as being in the USA, and selectively
NATing as you suggest, but I believe some stricter GeoIP databases check
next hops and expected latency and might catch you out.

We're lucky enough to have proxies in most geographies where we operate, so
if a user has GeoIP issues we talk them through changing their proxy
settings (you could also use a personal PAC file).

(My employer's) principles in favour of a local internet breakout:

- Is breaking out to the internet locally significantly cheaper than
backhauling over private WAN (some MPLS providers will offer a local
internet breakout as a VRF; this avoids the need for two access circuits)
- Do you need to congest the internet traffic more than/independently to the
private WAN traffic?
- Would a tunnel over the internet be a useful backup to private circuits?
- Are there latency-related performance reasons (lots of local content) to
break out locally?
- Are there regulatory reasons? (e.g. Middle East / Chinese state-level
filtering)

Against local breakout:

- Do you need to limit the number of locations with an internet breakout
because you have a heavyweight security stack protecting an internet
connection (filtering proxy, IDS/IPS, multi-layer HA firewalls)?
- Is local internet of poor quality?

Regards,

Phil Sykes
Network Architect
$LARGE_OIL_COMPANY

On Thu, Jul 14, 2011 at 8:34 PM, Jeff Cartier <
Jeff.Cartier at pernod-ricard.com> wrote:

> Hi All,
>
> I just wanted to throw a question out to the list...
>
> In our data center we feed Internet to some of our US based offices and
> every now and again we receive complaints that they can't access some US
> based Internet content because they are coming from a Canadian based IP.
>
> This has sparked an interesting discussion around a few questions....of
> which I'd like to hear the lists opinions on.
>
> -          How should/can an enterprise deal with accessibility to internet
> content issues? (ie. that whole coming from a Canadian IP accessing US
> content)
>
> o   Side question on that - Could we simply obtain a US based IP address
> and selectively NAT?
>
> -          Does the idea of regional Internet locations make sense?  If so,
> when do they make sense?  For instance, having a hub site in South America
> (ie. Brazil) and having all offices in Venezuela, Peru and Argentina route
> through a local Internet feed in Brazil.
>
> -          Does the idea of having local Internet at each site make more
> sense?  If so why?
>
>
> Again, I would appreciate to hear the opinion from SP oriented
> minds...based on what they've seen from customers...and network
> administrators running large enterprises in different companies.  Off-list
> replies are also appreciated.
>
> Thanks!!!
>
> ...jc
>
>
>
>
> __________________________________________________________________
> DISCLAIMER: This e-mail contains proprietary information some or all of
> which may be legally privileged.  It is for the intended recipient only. If
> an addressing or transmission error has misdirected this e-mail, please
> notify the author by replying to this e-mail.  If you are not the intended
> recipient you must not use, disclose, distribute, copy, print, or rely on
> this e-mail.
>
> This message has been scanned for the presence of computer viruses, Spam,
> and Explicit Content.
>
>