Hi Jeff, You might have some luck following the instructions on http://nanog.cluepon.net/index.php/GeoIP to register one particular /32 within your Canadian-announced netblock as being in the USA, and selectively NATing as you suggest, but I believe some stricter GeoIP databases check next hops and expected latency and might catch you out.
We're lucky enough to have proxies in most geographies where we operate, so if a user has GeoIP issues we talk them through changing their proxy settings (you could also use a personal PAC file). (My employer's) principles in favour of a local internet breakout: - Is breaking out to the internet locally significantly cheaper than backhauling over private WAN (some MPLS providers will offer a local internet breakout as a VRF; this avoids the need for two access circuits) - Do you need to congest the internet traffic more than/independently to the private WAN traffic? - Would a tunnel over the internet be a useful backup to private circuits? - Are there latency-related performance reasons (lots of local content) to break out locally? - Are there regulatory reasons? (e.g. Middle East / Chinese state-level filtering) Against local breakout: - Do you need to limit the number of locations with an internet breakout because you have a heavyweight security stack protecting an internet connection (filtering proxy, IDS/IPS, multi-layer HA firewalls)? - Is local internet of poor quality? Regards, Phil Sykes Network Architect $LARGE_OIL_COMPANY On Thu, Jul 14, 2011 at 8:34 PM, Jeff Cartier < jeff.cart...@pernod-ricard.com> wrote: > Hi All, > > I just wanted to throw a question out to the list... > > In our data center we feed Internet to some of our US based offices and > every now and again we receive complaints that they can't access some US > based Internet content because they are coming from a Canadian based IP. > > This has sparked an interesting discussion around a few questions....of > which I'd like to hear the lists opinions on. > > - How should/can an enterprise deal with accessibility to internet > content issues? (ie. that whole coming from a Canadian IP accessing US > content) > > o Side question on that - Could we simply obtain a US based IP address > and selectively NAT? > > - Does the idea of regional Internet locations make sense? If so, > when do they make sense? For instance, having a hub site in South America > (ie. Brazil) and having all offices in Venezuela, Peru and Argentina route > through a local Internet feed in Brazil. > > - Does the idea of having local Internet at each site make more > sense? If so why? > > > Again, I would appreciate to hear the opinion from SP oriented > minds...based on what they've seen from customers...and network > administrators running large enterprises in different companies. Off-list > replies are also appreciated. > > Thanks!!! > > ...jc > > > > > __________________________________________________________________ > DISCLAIMER: This e-mail contains proprietary information some or all of > which may be legally privileged. It is for the intended recipient only. If > an addressing or transmission error has misdirected this e-mail, please > notify the author by replying to this e-mail. If you are not the intended > recipient you must not use, disclose, distribute, copy, print, or rely on > this e-mail. > > This message has been scanned for the presence of computer viruses, Spam, > and Explicit Content. > >