Date: Mon, 7 Jan 2002 16:23:25 -0500 From: "Blake Crosby" <dev@samurai.com> To: "Jim Dixon" <jdd@dixons.org>, "Blake Crosby" <dev@samurai.com> Cc: <isp-webhosting@isp-webhosting.com>, <freebsd-isp@FreeBSD.ORG> Subject: RE: Restricting Users Geographically Message-ID: <JAEEIJKIHAONENKPFCCPKEPECBAA.dev@samurai.com> In-Reply-To: <20020107211415.Q91853-100000@matthew.uk1.vbc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Someone on another list posted this possible solution: If you have money, I think that Akamai might be able to do this for you. It wouldn't be terribly accurate, but well, that's how those things go. However, this is something that alot of people putting alot of time into developing (judging by recent headlines about gambling sites) . The best way I think you could do this is to get a copy of the radb (www.radb.net, or www.ra.net) get compile a list of ASN's that you think are 'canadian ' enough, and hack together some filters using Zebra (if you can find a peer) whereby you generate ipfw or route filters based upon routing information from your list of 'canadian' ASNs. In fact, you could generate a list of 'canadian' AS's, and write a route map that only accepts routes with an Origin in this list. Make sure that this route map doesn't use a default route, so that incoming traffic from ASN's outside your list won't be reachable. Apply this route map to an the interface/session your mirror is sitting on, and you are good to go. Have I done this? No. Will it work? Probably. > > This is done by a number of large Web sites, notably the BBC, which > has a mirror of their London Web site in New York. Users coming in > via the LINX (the London Internet exchange) are served from London; > everyone else is served from New York. The basic idea is that the > LINX routing tables are made available to the BBC's name servers; > if the requesting IP address is in those routing tables, names like > www.bbc.co.uk resolve to something at the London Web farm, and > otherwise it resolves to a server in New York. Because of asymmetric > routing and other factors there is a certain amount of leakage. > > -- > Jim Dixon jdd@dixons.org > tel +44 117 982 0786 > mobile +44 797 373 7881 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JAEEIJKIHAONENKPFCCPKEPECBAA.dev>