 |
 |
While I find the idea interesting, I am doubtful there will be any ubiquitous technique that every or even most networks will be willing to implement for this purpose, especially since not every prefix is likely to be presented from a single geo; some operators likely have one prefix broken into smaller networks, each of which are in disparate geos while being presented to eBGP/DFZ as an aggregate prefix because, you know, they are trying to be good netizens by being mindful of RIB and FIB limitations. Even if some sort of self-applied geo-tagging of prefixes were defined clearly by some body like IETF or something, it would likely take a tremendous amount of motivation to get operators to actually implement such a thing and then also keep it up to date over time. We can't even get people to do the sensible BCP38 filtering on a large scale and that has pretty significant benefits whereas I, at least at first glance, don't see any noteworthy value of such a geo-tagging mechanism to provoke active implementation by the majority. Maybe something could be embedded in BGP origin validation rpki... like stuff some additional geo bits stuffed into that. This is not a thoroughly thought out idea, just kind of tossing it out there as it is something that is gaining some momentum and sits in the same realm of administratively assessing BGP prefixes. You might consider something fully within your own administrative control like RTT testing to IP addresses on various prefixes to gauge an approximate distance, though I suppose this idea would be severely unreliable due to many variable conditions affecting RTT that have nothing to do with geographic distance. ¯\_(?)_/¯ Best of luck on your search ________________________________ From: MICE Discuss <[log in to unmask]> on behalf of Timothy Peiffer <[log in to unmask]> Sent: Friday, December 28, 2018 3:39 PM To: [log in to unmask] Subject: [MICE-DISCUSS] ip route objects in MICE I am interested in gathering data for a firewall ruleset that allows more direct usage from networks that are in the metro region of Twin Cities and Duluth, and to a lesser degree communities and surrounding areas for Crookston and Morris. For the participants of MICE, do you have a way of easily presenting your routes by geolocation? I pulled down our route tables for one of our Northern Lights routers connected and matched the base address against max mind geolocate. The result was a list of about 7,000 routes that I thought was unmanageable. Is there a better way, maybe through BGP communities or similar methods, to get more direct relevant info? I want to have a ruleset that permits/minneapolis but denies /atlanta. -- Regards, Tim Peiffer +1 612-626-7884 Network Engineer Office of Information Technology (OIT) University of Minnesota ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1