Re: US/Canada International border concerns for routing
It seems to me the original question was asking about it more from a legal perspective, in other words does Canadian traffic have to stay in Canada. IANAL (or a Canadian), but the answer is "mostly, no, especially as related to publicly routed traffic" as should be evidenced based on what's already been discussed here. In other words, there is restricted traffic but unless you're making a play for MAN/WAN type service on owned infrastructure, those requirements are unlikely to arise. To support the macro point, there is some big-boy level peering in Toronto but not really much else outside that, but there are plenty of routes that don't cross the border if you don't have to jump networks to your destination, for example going to an AWS on ramp in Canada using a native partner network, especially in the Toronto-Ottawa-Montreal. Dave Cohen craetdave@gmail.com
On Aug 8, 2017, at 8:41 PM, Bill Woodcock <woody@pch.net> wrote:
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii
On Aug 8, 2017, at 5:33 PM, Clayton Zekelman <clayton@MNSi.Net> wrote: =20 =20 =20 With the peering policies of the major Canadian ISPs, you're virtually = guaranteed to hairpin through the US on most paths. =20 Robellus (Rogers, Bell & Telus) will peer with you at any of their = major Canadian peering points, such as NYC, Chicago or LA.
To be fair, Rogers does peer in Toronto. Along with New York, Chicago, = Seattle, and Ashburn.
-Bill
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJZilooAAoJEG+kcEsoi3+HgNsQAIPkgL/lVL/j1sdPyiyQsepE TCyHm4bsAq6m085kXoRj/IWn+KsVwmAq8ZGKnKEAiozmrSeyxAa2vmw5Kfs57l1/ crBima+EOOlPT4VcD7tv9e8yEiVdjDuMp5tnLI238qCfIlHeHRtuU7CClzWPv6uD 3jCNIBEcScrLWz37Ofm/D2AkYRAhhK5H8I417Y/39TH4MIoIKFsGbvWwpl30Fv8r 5phO0MrTP6mB8niHne6HTxyMED5TGQpVEL2Qgh6qgaI9vzAs5/47KwwY57tZpxaL v9GjkPJ4Ql7QVWbsSkXnFmHxXzqaHXAfg8SR+gsCN42Jyn99AIyAAwdALhqc4RuZ ydi+lOlEutAMndA01CnrI81Eu/RpWrN+q/vi37W2rb6EPTPcCz2196JDlpC6VVW6 tJOMNuP6Pa/ee52Cxu6RWwA4QZ6QVIT9fbDcRFXTGNuohwP8XVpujcsPLChzsFXA Y2nt+TliL697lTZNbTZEzQ0f9w2rpCDpcLjTMCR8MNWZ4MjQHL3eDgO5ZIWHPTQf ggR1Dz2EhPSXXZdvN7KPh1q9rhRb2VUPSn3EeEDo2TjgUVeUlunsDg/ILpf8lxUY RTsXe5Nky7YqXKDG4HSlLF3R/RtfaVqKJfjljYg351cs40rzivzjD2TJ8r35RQeW btKUtEvrcU28g15nOhLG =MTUG -----END PGP SIGNATURE-----
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E--
Canadian here who's evaluated service providers and dealt with legal requirements for our customers... Generally we weren't worried about data travelling through the US based on normal internet routes, as long as it was encrypted. The thing we usually specified in RFPs was that the data could never be stored in the US. On Tue, 8 Aug 2017 at 17:52 Dave Cohen <craetdave@gmail.com> wrote
It seems to me the original question was asking about it more from a legal perspective, in other words does Canadian traffic have to stay in Canada. IANAL (or a Canadian), but the answer is "mostly, no, especially as related to publicly routed traffic" as should be evidenced based on what's already been discussed here. In other words, there is restricted traffic but unless you're making a play for MAN/WAN type service on owned infrastructure, those requirements are unlikely to arise.
To support the macro point, there is some big-boy level peering in Toronto but not really much else outside that, but there are plenty of routes that don't cross the border if you don't have to jump networks to your destination, for example going to an AWS on ramp in Canada using a native partner network, especially in the Toronto-Ottawa-Montreal.
Dave Cohen craetdave@gmail.com
On Aug 8, 2017, at 8:41 PM, Bill Woodcock <woody@pch.net> wrote:
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii
On Aug 8, 2017, at 5:33 PM, Clayton Zekelman <clayton@MNSi.Net> wrote: =20 =20 =20 With the peering policies of the major Canadian ISPs, you're virtually = guaranteed to hairpin through the US on most paths. =20 Robellus (Rogers, Bell & Telus) will peer with you at any of their = major Canadian peering points, such as NYC, Chicago or LA.
To be fair, Rogers does peer in Toronto. Along with New York, Chicago, = Seattle, and Ashburn.
-Bill
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJZilooAAoJEG+kcEsoi3+HgNsQAIPkgL/lVL/j1sdPyiyQsepE TCyHm4bsAq6m085kXoRj/IWn+KsVwmAq8ZGKnKEAiozmrSeyxAa2vmw5Kfs57l1/ crBima+EOOlPT4VcD7tv9e8yEiVdjDuMp5tnLI238qCfIlHeHRtuU7CClzWPv6uD 3jCNIBEcScrLWz37Ofm/D2AkYRAhhK5H8I417Y/39TH4MIoIKFsGbvWwpl30Fv8r 5phO0MrTP6mB8niHne6HTxyMED5TGQpVEL2Qgh6qgaI9vzAs5/47KwwY57tZpxaL v9GjkPJ4Ql7QVWbsSkXnFmHxXzqaHXAfg8SR+gsCN42Jyn99AIyAAwdALhqc4RuZ ydi+lOlEutAMndA01CnrI81Eu/RpWrN+q/vi37W2rb6EPTPcCz2196JDlpC6VVW6 tJOMNuP6Pa/ee52Cxu6RWwA4QZ6QVIT9fbDcRFXTGNuohwP8XVpujcsPLChzsFXA Y2nt+TliL697lTZNbTZEzQ0f9w2rpCDpcLjTMCR8MNWZ4MjQHL3eDgO5ZIWHPTQf ggR1Dz2EhPSXXZdvN7KPh1q9rhRb2VUPSn3EeEDo2TjgUVeUlunsDg/ILpf8lxUY RTsXe5Nky7YqXKDG4HSlLF3R/RtfaVqKJfjljYg351cs40rzivzjD2TJ8r35RQeW btKUtEvrcU28g15nOhLG =MTUG -----END PGP SIGNATURE-----
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E--
That is what our lawyers are starting to figure out, too. Very glad to see them converging on the tribal wisdom. Cheers, David -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Andrew Kerr Sent: Tuesday, August 08, 2017 6:03 PM To: nanog@nanog.org Subject: Re: US/Canada International border concerns for routing Canadian here who's evaluated service providers and dealt with legal requirements for our customers... Generally we weren't worried about data travelling through the US based on normal internet routes, as long as it was encrypted. The thing we usually specified in RFPs was that the data could never be stored in the US. On Tue, 8 Aug 2017 at 17:52 Dave Cohen <craetdave@gmail.com> wrote
It seems to me the original question was asking about it more from a legal perspective, in other words does Canadian traffic have to stay in Canada. IANAL (or a Canadian), but the answer is "mostly, no, especially as related to publicly routed traffic" as should be evidenced based on what's already been discussed here. In other words, there is restricted traffic but unless you're making a play for MAN/WAN type service on owned infrastructure, those requirements are unlikely to arise.
To support the macro point, there is some big-boy level peering in Toronto but not really much else outside that, but there are plenty of routes that don't cross the border if you don't have to jump networks to your destination, for example going to an AWS on ramp in Canada using a native partner network, especially in the Toronto-Ottawa-Montreal.
Dave Cohen craetdave@gmail.com
On Aug 8, 2017, at 8:41 PM, Bill Woodcock <woody@pch.net> wrote:
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii
On Aug 8, 2017, at 5:33 PM, Clayton Zekelman <clayton@MNSi.Net> wrote: =20 =20 =20 With the peering policies of the major Canadian ISPs, you're virtually = guaranteed to hairpin through the US on most paths. =20 Robellus (Rogers, Bell & Telus) will peer with you at any of their = major Canadian peering points, such as NYC, Chicago or LA.
To be fair, Rogers does peer in Toronto. Along with New York, Chicago, = Seattle, and Ashburn.
-Bill
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJZilooAAoJEG+kcEsoi3+HgNsQAIPkgL/lVL/j1sdPyiyQsepE TCyHm4bsAq6m085kXoRj/IWn+KsVwmAq8ZGKnKEAiozmrSeyxAa2vmw5Kfs57l1/ crBima+EOOlPT4VcD7tv9e8yEiVdjDuMp5tnLI238qCfIlHeHRtuU7CClzWPv6uD 3jCNIBEcScrLWz37Ofm/D2AkYRAhhK5H8I417Y/39TH4MIoIKFsGbvWwpl30Fv8r 5phO0MrTP6mB8niHne6HTxyMED5TGQpVEL2Qgh6qgaI9vzAs5/47KwwY57tZpxaL v9GjkPJ4Ql7QVWbsSkXnFmHxXzqaHXAfg8SR+gsCN42Jyn99AIyAAwdALhqc4RuZ ydi+lOlEutAMndA01CnrI81Eu/RpWrN+q/vi37W2rb6EPTPcCz2196JDlpC6VVW6 tJOMNuP6Pa/ee52Cxu6RWwA4QZ6QVIT9fbDcRFXTGNuohwP8XVpujcsPLChzsFXA Y2nt+TliL697lTZNbTZEzQ0f9w2rpCDpcLjTMCR8MNWZ4MjQHL3eDgO5ZIWHPTQf ggR1Dz2EhPSXXZdvN7KPh1q9rhRb2VUPSn3EeEDo2TjgUVeUlunsDg/ILpf8lxUY RTsXe5Nky7YqXKDG4HSlLF3R/RtfaVqKJfjljYg351cs40rzivzjD2TJ8r35RQeW btKUtEvrcU28g15nOhLG =MTUG -----END PGP SIGNATURE-----
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E--
---------------------------------------------------------------------- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
On 2017-08-09 10:11, Hiers, David wrote:
That is what our lawyers are starting to figure out, too. Very glad to see them converging on the tribal wisdom.
late to discussion. You might get some organisations which require you to provide intra-canada routes for privacy reasons. But at the moment there are no laws that require it. Also, you need to consider that the way the Internet is designed, should a Montréal-Toroonto link go down, traffic will automatically reroute Montréal-New-York-Chicago-Toronto. So it becomes hard to *guarantee* intra-Canadian routes. (such arrangements do exist for military type of classified private networks). It is consumer pressure and advocacy groups who are raising the issue of intra-Canada routing. (Patriot Act in USA gets NSA to listen to any/all intl traffic, and Canada-USA-Canada traffic is considered such by USA). But from a regulatory poimt of view, the most one could expect would be a requireement to openly peer at exchanges where a netowrk has a presence. (as opposed to garanteeing intra-canada routes). And even that isn't on horizon at the moment. Note that normal businesses want to peer because it reduces costs. The old incumbents such as Bell work on a monopoly mentality of forcing people to buy transit from them, so allowing peering is against their philosophy of forcing yo to buy transit. (and if you don't buy from them, you then have to buy extra capacity to USA to connect to them). Some US transit providers, after having been here for a while, start to get their own intra-Canada links (such as Montréal to Toronto) where traffic warrants. reduced latency is likely the biggest winner in this.
I can't thank everyone enough for their input and insight! It sounds like my discovery didn't miss some glaringly obvious form, checkbox, agreement or community (NO-US-EH, for instance <snark> ) to keep traffic from crossing the border. Data *storage*, on the other hand, is a very different thing, and even a drunk intern can find the rules around that kind of thing. Thanks again, David -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Dave Cohen Sent: Tuesday, August 08, 2017 5:53 PM To: Bill Woodcock <woody@pch.net> Cc: nanog@nanog.org Subject: Re: US/Canada International border concerns for routing It seems to me the original question was asking about it more from a legal perspective, in other words does Canadian traffic have to stay in Canada. IANAL (or a Canadian), but the answer is "mostly, no, especially as related to publicly routed traffic" as should be evidenced based on what's already been discussed here. In other words, there is restricted traffic but unless you're making a play for MAN/WAN type service on owned infrastructure, those requirements are unlikely to arise. To support the macro point, there is some big-boy level peering in Toronto but not really much else outside that, but there are plenty of routes that don't cross the border if you don't have to jump networks to your destination, for example going to an AWS on ramp in Canada using a native partner network, especially in the Toronto-Ottawa-Montreal. Dave Cohen craetdave@gmail.com
On Aug 8, 2017, at 8:41 PM, Bill Woodcock <woody@pch.net> wrote:
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii
On Aug 8, 2017, at 5:33 PM, Clayton Zekelman <clayton@MNSi.Net> wrote: =20 =20 =20 With the peering policies of the major Canadian ISPs, you're virtually = guaranteed to hairpin through the US on most paths. =20 Robellus (Rogers, Bell & Telus) will peer with you at any of their = major Canadian peering points, such as NYC, Chicago or LA.
To be fair, Rogers does peer in Toronto. Along with New York, Chicago, = Seattle, and Ashburn.
-Bill
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJZilooAAoJEG+kcEsoi3+HgNsQAIPkgL/lVL/j1sdPyiyQsepE TCyHm4bsAq6m085kXoRj/IWn+KsVwmAq8ZGKnKEAiozmrSeyxAa2vmw5Kfs57l1/ crBima+EOOlPT4VcD7tv9e8yEiVdjDuMp5tnLI238qCfIlHeHRtuU7CClzWPv6uD 3jCNIBEcScrLWz37Ofm/D2AkYRAhhK5H8I417Y/39TH4MIoIKFsGbvWwpl30Fv8r 5phO0MrTP6mB8niHne6HTxyMED5TGQpVEL2Qgh6qgaI9vzAs5/47KwwY57tZpxaL v9GjkPJ4Ql7QVWbsSkXnFmHxXzqaHXAfg8SR+gsCN42Jyn99AIyAAwdALhqc4RuZ ydi+lOlEutAMndA01CnrI81Eu/RpWrN+q/vi37W2rb6EPTPcCz2196JDlpC6VVW6 tJOMNuP6Pa/ee52Cxu6RWwA4QZ6QVIT9fbDcRFXTGNuohwP8XVpujcsPLChzsFXA Y2nt+TliL697lTZNbTZEzQ0f9w2rpCDpcLjTMCR8MNWZ4MjQHL3eDgO5ZIWHPTQf ggR1Dz2EhPSXXZdvN7KPh1q9rhRb2VUPSn3EeEDo2TjgUVeUlunsDg/ILpf8lxUY RTsXe5Nky7YqXKDG4HSlLF3R/RtfaVqKJfjljYg351cs40rzivzjD2TJ8r35RQeW btKUtEvrcU28g15nOhLG =MTUG -----END PGP SIGNATURE-----
--Apple-Mail=_8DA28412-F6D0-43D8-A90F-5E151E54468E--
---------------------------------------------------------------------- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
participants (4)
-
Andrew Kerr
-
Dave Cohen
-
Hiers, David
-
Jean-Francois Mezei