Hi Jeff, You might have some luck following the instructions on http://nanog.cluepon.net/index.php/GeoIP to register one particular /32 within your Canadian-announced netblock as being in the USA, and selectively NATing as you suggest, but I believe some stricter GeoIP databases check next hops and expected latency and might catch you out. We're lucky enough to have proxies in most geographies where we operate, so if a user has GeoIP issues we talk them through changing their proxy settings (you could also use a personal PAC file). (My employer's) principles in favour of a local internet breakout: - Is breaking out to the internet locally significantly cheaper than backhauling over private WAN (some MPLS providers will offer a local internet breakout as a VRF; this avoids the need for two access circuits) - Do you need to congest the internet traffic more than/independently to the private WAN traffic? - Would a tunnel over the internet be a useful backup to private circuits? - Are there latency-related performance reasons (lots of local content) to break out locally? - Are there regulatory reasons? (e.g. Middle East / Chinese state-level filtering) Against local breakout: - Do you need to limit the number of locations with an internet breakout because you have a heavyweight security stack protecting an internet connection (filtering proxy, IDS/IPS, multi-layer HA firewalls)? - Is local internet of poor quality? Regards, Phil Sykes Network Architect $LARGE_OIL_COMPANY On Thu, Jul 14, 2011 at 8:34 PM, Jeff Cartier < Jeff.Cartier@pernod-ricard.com> wrote:
Hi All,
I just wanted to throw a question out to the list...
In our data center we feed Internet to some of our US based offices and every now and again we receive complaints that they can't access some US based Internet content because they are coming from a Canadian based IP.
This has sparked an interesting discussion around a few questions....of which I'd like to hear the lists opinions on.
- How should/can an enterprise deal with accessibility to internet content issues? (ie. that whole coming from a Canadian IP accessing US content)
o Side question on that - Could we simply obtain a US based IP address and selectively NAT?
- Does the idea of regional Internet locations make sense? If so, when do they make sense? For instance, having a hub site in South America (ie. Brazil) and having all offices in Venezuela, Peru and Argentina route through a local Internet feed in Brazil.
- Does the idea of having local Internet at each site make more sense? If so why?
Again, I would appreciate to hear the opinion from SP oriented minds...based on what they've seen from customers...and network administrators running large enterprises in different companies. Off-list replies are also appreciated.
Thanks!!!
...jc
__________________________________________________________________ DISCLAIMER: This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail.
This message has been scanned for the presence of computer viruses, Spam, and Explicit Content.