I was asked a question in my oral exams:
You are accessing a website whose webserver is located in country A. You are in Country B. You know that the TCP/UDP Packets pass through Country C while travelling from Country B to Country A. How will you avoid your packets to travel via Country C, and rather select a different route ?
Any answers for this ?
Private IP addresses are routable, albeit they are not publicly routed. Basically, a router will route a private address to private/internal LAN, rather than to the internet.
In IPv4-based routing, 0.0. 0.0 serves as a default route. This means no particular address has been designated in the routing table as the next hop in the packet's path to its final destination. When the default route is used with a subnet mask of 0.0.
No, it can't have more than one active default gateway. Any operating system can have multiple default gateways configured (technically a route to the unspecified address, i.e. 0.0. 0.0 or :: ). In that event, it does what it would do for any route destination with multiple paths.
The topology looks like this (I have annotated the webserver as Z
, below):
new fiber (in ASN 777)
+-------+
| |
Z----A---C---B
| | |
<INTERNET>
Since there are no rules otherwise, the smartest thing countries A and B could do is purchase a direct fiber run between A and B1. Country B must administer the routers on both sides and announce a small route (something like a /24
block) in BGP from B's router in country A to B's router in B. B should obtain a new ASN for this purpose (we'll call it ASN 777).
Now ensure that all users needing connectivity to Z in country B have a direct connection to an ISP peering with B's intercontinental routers via eBGP2. Country A must ensure that Z is directly connected to an ISP that prefers routes to country B through their router in country A2.
The reason this works is because eBGP picks one shortest path based on the number of ISP hops3; and all the variables are directly in country B and country A's control.
END NOTES
Even if this is a trans-oceanic fiber run; the biggest requirement is that it does not pass through C's territory (or even close to their allies, if security is very critical). You really have no control if you pass traffic between the coutries via any third party (to include the proxy-suggestion in another answer). Also understand that dark-fiber probably will not cut it... due to the distances that are usually involved between countries, managed fiber repeaters will be required in-line.
All ISPs in question must refuse routes for Z and B via any other ASN, except through ASN 777. If you are ultra-paranoid (and it's administratively possible), put Z and all users of the data from Z into ASN 777.
Technically, ISP hops are measured as Autonomous System Numbers, which is how eBGP evaluates route preference (lower numbers of ASNs crossed are better routes).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With