DVB/IP from teleglobe (and/or others)
i have a client that is looking to use DVB/IP to blast ip packets into various geographic areas. DVB/IP is basically piggy backing ip packets on Digital Video Broadcast satelite signals, allowing the end-users to collect the packets with a rather inexpensive receiving dish. the end-user will need some normal method of sending their packets out, typically via dial-up into a local ISP. this is nothing new, direct PC/ hughes have been doing it for a while, although i don't know if they are/were using DVB/IP, but a similar set up. teleglobe markets a service where they will advertise some subnets on your behalf, take the incoming packets and spew them into the areas you are looking to go. when investigating this, i initially thought it was great. i started discussing issues i had, like how it would be a good idea to have the ingress of the DVB/IP network-wise close to the client's internet egress. this would reduce some of the problems of asymetric routing. i also pointed out, that it would be a good idea to have some kinda system in front of the DVB/IP so that you could do some level of firewalling against DoS attacks and such. i then found out that teleglobe makes no provision for the customer to filter the packets before they hit the DVB/IP uplink. the best they offered was to allow an out-of-band (ie. almost paperbound procedure) configuration of an access list on their router. are their any other DVB/IP providers who will allow my clients to install a firewall/filter box in front of the DVB/IP uplink? -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
Jim, InterPacket Networks offer IP/DVB services to our 650 customers in over 100 countries. The logistics of allowing each customer to put a firewall of their own at the satellite head end are problematic to say the least. Please appreciate that we push many many customers traffic onto the satellite carriers using our diverse upstream connectivity. There is no single point on our network we could pick off just your traffic and filter it. Its like asking UUnet to put a firewall in their core just for you, forget it. How much bandwidth are you looking for via satellite? jm http://www.interpacket.net
i have a client that is looking to use DVB/IP to blast ip packets into various geographic areas.
DVB/IP is basically piggy backing ip packets on Digital Video Broadcast satelite signals, allowing the end-users to collect the packets with a rather inexpensive receiving dish.
the end-user will need some normal method of sending their packets out, typically via dial-up into a local ISP.
this is nothing new, direct PC/ hughes have been doing it for a while, although i don't know if they are/were using DVB/IP, but a similar set up.
teleglobe markets a service where they will advertise some subnets on your behalf, take the incoming packets and spew them into the areas you are looking to go.
when investigating this, i initially thought it was great.
i started discussing issues i had, like how it would be a good idea to have the ingress of the DVB/IP network-wise close to the client's internet egress.
this would reduce some of the problems of asymetric routing.
i also pointed out, that it would be a good idea to have some kinda system in front of the DVB/IP so that you could do some level of firewalling against DoS attacks and such.
i then found out that teleglobe makes no provision for the customer to filter the packets before they hit the DVB/IP uplink.
the best they offered was to allow an out-of-band (ie. almost paperbound procedure) configuration of an access list on their router.
are their any other DVB/IP providers who will allow my clients to install a firewall/filter box in front of the DVB/IP uplink?
-- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
On Tue, 13 Jun 2000, Dan Hollis wrote:
On Tue, 13 Jun 2000, Jon Mansey wrote:
Its like asking UUnet to put a firewall in their core just for you, forget it.
They wont put one on the edges either :) :)
-Dan
It is the same exact thing. The only difference between a fiber/copper bound carrier and someone like InterPacket or TeleGlobe is the media on which the packets are distributed. No flames from the carriers on this one please but, one alternative might be the following: (1)Announce the customers network from only ONE earthstation into the IGP (2)Charge the customer accordingly for carrying the data on your network from the edges to only that one earthstation. (3)Charge the customer for an ethernet port on the core router at the earthstation and a switch. (4)Lay out the earthstation network accordingly: [EARTHSTATION] EDGE<----->CORE ROUTER<----->SWITCH<--->DVB/IP Router<--->Magic RF stuff ^ ^ Customers port---> |--FIREWALL-| Since you're only announcing the customers prefix into IGP via the one earthstation, it should only get into the network via that single earthstation. Ya, sure... It's a royal pain in the butt to do this and if you do it for every customer, you'll end up with 60 customer aggregation routers at each earthstation but, if you make it painfull enough costwise, only those who are _really_ paranoid about it will pursue it. We do something similar within our network for clients who want some special ACL. When we limited the ACLs on the border to BOGONS, networks we announce, and other misc garbage that shouldn't be seen to begin with (if only all the other operators would do the same!) and moved all the anal-retentive ACLs to customer routers, life became much easier! --- John Fraizer EnterZone, Inc
On Tue, Jun 13, 2000 at 04:29:31PM -0700, Jon Mansey wrote:
InterPacket Networks offer IP/DVB services to our 650 customers in over 100 countries.
The logistics of allowing each customer to put a firewall of their own at the satellite head end are problematic to say the least.
i don't see the problem. if i park a box between your primary internet connection, and the router directly in front of the DVB/IP uplink, your main router can send my packets to my machine, which can then hand them to your DVB/IP router. your main router can continue to hand the rest of the packets directly to the DVB/IP router. the customer box, if it malfunctions, only effects the customer's traffic. even doing this 650 times, is not a problem. if a client is willing to pay an additional co-location fee for the box, i don't see why you would object.
Its like asking UUnet to put a firewall in their core just for you, forget it.
the reason this would be a useless request, is that there is no single point in uunet's network (except for the individual customer connection) where such a firewall would make sense.
How much bandwidth are you looking for via satellite?
10-20mbit, for this client. replicate that 3-5 times, if i get a successful and manageable solution. -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
At 17:03 13/06/00 -0400, Jim Mercer wrote: Try http://www.ipplanet.com. Don't know if they can do what you want - but worth a try. -Hank
i have a client that is looking to use DVB/IP to blast ip packets into various geographic areas.
DVB/IP is basically piggy backing ip packets on Digital Video Broadcast satelite signals, allowing the end-users to collect the packets with a rather inexpensive receiving dish.
the end-user will need some normal method of sending their packets out, typically via dial-up into a local ISP.
this is nothing new, direct PC/ hughes have been doing it for a while, although i don't know if they are/were using DVB/IP, but a similar set up.
teleglobe markets a service where they will advertise some subnets on your behalf, take the incoming packets and spew them into the areas you are looking to go.
when investigating this, i initially thought it was great.
i started discussing issues i had, like how it would be a good idea to have the ingress of the DVB/IP network-wise close to the client's internet egress.
this would reduce some of the problems of asymetric routing.
i also pointed out, that it would be a good idea to have some kinda system in front of the DVB/IP so that you could do some level of firewalling against DoS attacks and such.
i then found out that teleglobe makes no provision for the customer to filter the packets before they hit the DVB/IP uplink.
the best they offered was to allow an out-of-band (ie. almost paperbound procedure) configuration of an access list on their router.
are their any other DVB/IP providers who will allow my clients to install a firewall/filter box in front of the DVB/IP uplink?
-- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
participants (5)
-
Dan Hollis -
Hank Nussbacher -
Jim Mercer -
John Fraizer -
Jon Mansey