Hi. I'm new here, I hope I'm not in breach of AUP diving in. Some time ago (2-3 years?) I discussed how a large mirror site could use BGP information to modify common log format logging in apache to dump BGP source-AS information. The idea was to tag the logline with the AS of the neighbour of the ISP the mirror was hosted on, so the inbound path could be determined. Actually, the idea was to do the (much smaller than exhaustive IP) work to tag things in one of 3 or 4 classes which could be named: on-net # this ISP, or zero-cost equivalents domestic# at least I know its onshore offshore# came on a slow/long link Glenn (its aarnet) worked out a simple hack on Zebra to make this fly. I didn't deploy it, because first approximation the simple dumps of IP for on-net and domestic were enough to let me sinbin all the rest to offshore. Well, I thought so, but history proved me wrong. Anyway. My point is that BGP is your friend. It should be both cheap (as cheap as a routing lookup, which for an application writing a log to disk like apache is cheap, at least compared to DNS lookup) and very cacheable. Why don't more applications do this? Why is this not viable for implementing things like on/offshore applications policy, egregiously wrong though it may be from a libertarian aspect? cheers -George