On Jul 14, 2011, at 12:34 PM, Jeff Cartier wrote: > Hi All, > > I just wanted to throw a question out to the list... > > In our data center we feed Internet to some of our US based offices and every > now and again we receive complaints that they can't access some US based > Internet content because they are coming from a Canadian based IP. > > This has sparked an interesting discussion around a few questions....of which > I'd like to hear the lists opinions on. > > - How should/can an enterprise deal with accessibility to internet > content issues? (ie. that whole coming from a Canadian IP accessing US > content) >
This is an example of why content restriction based on IP address geolocation is such a bad idea in general. Frankly, the easiest thing to do (since most Canadian companies aren't as brain-dead) is to update your whois records with the address of the block allocated to your datacenter so that it looks like it's in one of your US offices. I realize this sounds silly for a variety of reasons, but, it solves the problem without expensive or configuration-intensive workarounds such as selective NAT, etc. > o Side question on that - Could we simply obtain a US based IP address and > selectively NAT? > You can, but, you can also hit yourself over the head repeatedly with a hammer. Selective NAT will yield more content, but, the pain levels will probably be similar. > - Does the idea of regional Internet locations make sense? If so, > when do they make sense? For instance, having a hub site in South America > (ie. Brazil) and having all offices in Venezuela, Peru and Argentina route > through a local Internet feed in Brazil. > Not really. The whole content-restriction by IP geolocation thing also doesn't make sense. Unfortunately, the fact that something is nonsensical does not prevent someone from doing it or worse, selling it. You should do what makes sense for the economics of the topology you need. The address geolocation issues can usually be best addressed by manipulating whois. If your address block from ARIN is an allocation, you can manipulate sub-block address registration issues through the use of SWIP, for example. > - Does the idea of having local Internet at each site make more > sense? If so why? > That's really more of an economic and policy question within your organization than a technical one. > Owen
