Enterprise Internet - Question

• Previous message (by thread): Enterprise Internet - Question
• Next message (by thread): Enterprise Internet - Question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for the comments everyone.  They are much appreciated.
In regards to changing the address of our ARIN block to a US office address....are their any trades-offs in doing that?  Just curious.


-----Original Message-----
From: Owen DeLong [mailto:owen at delong.com] 
Sent: Thursday, July 14, 2011 5:02 PM
To: Jeff Cartier
Cc: nanog at nanog.org
Subject: Re: Enterprise Internet - Question


On Jul 14, 2011, at 12:34 PM, Jeff Cartier wrote:

> Hi All,
> 
> I just wanted to throw a question out to the list...
> 
> In our data center we feed Internet to some of our US based offices and every now and again we receive complaints that they can't access some US based Internet content because they are coming from a Canadian based IP.
> 
> This has sparked an interesting discussion around a few questions....of which I'd like to hear the lists opinions on.
> 
> -          How should/can an enterprise deal with accessibility to internet content issues? (ie. that whole coming from a Canadian IP accessing US content)
> 

This is an example of why content restriction based on IP address geolocation is such a bad idea in general.

Frankly, the easiest thing to do (since most Canadian companies aren't as brain-dead) is to update your whois records with the address of the block allocated to your datacenter so that it looks like it's in one of your US offices. I realize this sounds silly for a variety of reasons, but, it solves the problem without expensive or configuration-intensive workarounds such as selective NAT, etc.

> o   Side question on that - Could we simply obtain a US based IP address and selectively NAT?
> 
You can, but, you can also hit yourself over the head repeatedly with a hammer. Selective NAT will yield more content, but, the pain levels will probably be similar.

> -          Does the idea of regional Internet locations make sense?  If so, when do they make sense?  For instance, having a hub site in South America (ie. Brazil) and having all offices in Venezuela, Peru and Argentina route through a local Internet feed in Brazil.
> 

Not really. The whole content-restriction by IP geolocation thing also doesn't make sense. Unfortunately, the fact that something is nonsensical does not prevent someone from doing it or worse, selling it.

You should do what makes sense for the economics of the topology you need. The address geolocation issues can usually be best addressed by manipulating whois. If your address block from ARIN is an allocation, you can manipulate sub-block address registration issues through the use of SWIP, for example.

> -          Does the idea of having local Internet at each site make more sense?  If so why?
> 

That's really more of an economic and policy question within your organization than a technical one.
> 

Owen



__________________________________________________________________
DISCLAIMER: This e-mail contains proprietary information some or all of which may be legally privileged.  It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail.  If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail.

This message has been scanned for the presence of computer viruses, Spam, and Explicit Content.

• Previous message (by thread): Enterprise Internet - Question
• Next message (by thread): Enterprise Internet - Question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]