From owner-freebsd-isp Mon Jan 7 13:23:35 2002 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id EC05137B417 for ; Mon, 7 Jan 2002 13:23:27 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by infiniteloop.ca (Postfix) with ESMTP id E0AAF230; Mon, 7 Jan 2002 16:23:26 -0500 (EST) Received: from blake (CPE0050da7c7e5d.cpe.net.cable.rogers.com [24.101.32.246]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by infiniteloop.ca (Postfix) with ESMTP id 62AC522F; Mon, 7 Jan 2002 16:23:25 -0500 (EST) From: "Blake Crosby" To: "Jim Dixon" , "Blake Crosby" Cc: , Subject: RE: Restricting Users Geographically Date: Mon, 7 Jan 2002 16:23:25 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20020107211415.Q91853-100000@matthew.uk1.vbc.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Someone on another list posted this possible solution: If you have money, I think that Akamai might be able to do this for you. It wouldn't be terribly accurate, but well, that's how those things go. However, this is something that alot of people putting alot of time into developing (judging by recent headlines about gambling sites) . The best way I think you could do this is to get a copy of the radb (www.radb.net, or www.ra.net) get compile a list of ASN's that you think are 'canadian ' enough, and hack together some filters using Zebra (if you can find a peer) whereby you generate ipfw or route filters based upon routing information from your list of 'canadian' ASNs. In fact, you could generate a list of 'canadian' AS's, and write a route map that only accepts routes with an Origin in this list. Make sure that this route map doesn't use a default route, so that incoming traffic from ASN's outside your list won't be reachable. Apply this route map to an the interface/session your mirror is sitting on, and you are good to go. Have I done this? No. Will it work? Probably. > > This is done by a number of large Web sites, notably the BBC, which > has a mirror of their London Web site in New York. Users coming in > via the LINX (the London Internet exchange) are served from London; > everyone else is served from New York. The basic idea is that the > LINX routing tables are made available to the BBC's name servers; > if the requesting IP address is in those routing tables, names like > www.bbc.co.uk resolve to something at the London Web farm, and > otherwise it resolves to a server in New York. Because of asymmetric > routing and other factors there is a certain amount of leakage. > > -- > Jim Dixon jdd@dixons.org > tel +44 117 982 0786 > mobile +44 797 373 7881 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message