Hacker News new | past | comments | ask | show | jobs | submit login

How do they handle corporate intranets?

Normally I'd expect Globocorp to configure its intranet with, for example, a separate AS each for Germany and Russia. But the AS in Germany may be connected to the Russia AS via a 155 Mb/s leased line from Berlin to St Petersburg with BGP routers. The German AS may also connect via a corporate firewall to a public ISP in Germany, and the Russian AS to a public ISP in Russia.

It is theoretically possible, therefore for a user on a public ISP to connect via Globocorp's intranet to a public ISP web site in Germany.

Is there some technical or administrative requirement to prevent transit via corporate intranets?




It would be very unlikely that a company would publish that kind of route (it really should be filtered out) or allow traffic from outside the network to route through it.

Unless they are intending to provide transit, the only routes they would announce to peers in either country would be to their own network.


I guess they would simply cut it in half by disconnecting the Russian ISP to the German one. Even VPNs stop being useful if all connections to the outside are severed.


Disconnecting the Russian ISP to the German one doesn't disconnect the leased line internal to Globocorps intranet which connects the Gobalcorp intranets in Russia and Germany.


They have the ability to redirect traffic to government controlled devices that isps have to support (they sometimes have nice DNS ptrs like DPI in them). The isps have to speak bgp to the govt boxes and they can announce large swaths of IP space to be redirected.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: