Home page logo
/

nanog logo nanog mailing list archives

re: in-addr survey
From: ggm () apnic net
Date: Mon, 14 May 2001 16:30 EST



Hi. I'm new here, I hope I'm not in breach of AUP diving in.

Some time ago (2-3 years?) I discussed how a large mirror site
could use BGP information to modify common log format logging
in apache to dump BGP source-AS information.

The idea was to tag the logline with the AS of the neighbour of
the ISP the mirror was hosted on, so the inbound path could be
determined. Actually, the idea was to do the (much smaller than
exhaustive IP) work to tag things in one of 3 or 4 classes which
could be named:
        
        on-net  # this ISP, or zero-cost equivalents
        domestic# at least I know its onshore
        offshore# came on a slow/long link

Glenn (its aarnet) worked out a simple hack on Zebra to make this
fly. 

I didn't deploy it, because first approximation the simple dumps of
IP for on-net and domestic were enough to let me sinbin all the rest
to offshore. Well, I thought so, but history proved me wrong.

Anyway. My point is that BGP is your friend. It should be both cheap
(as cheap as a routing lookup, which for an application writing a log
to disk like apache is cheap, at least compared to DNS lookup) and
very cacheable.

Why don't more applications do this? 

Why is this not viable for implementing things like on/offshore applications
policy, egregiously wrong though it may be from a libertarian aspect?

cheers
        -George



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault