[CentOS-mirror] IRC meeting regarding new mirroring system for CentOS

Tue Nov 9 23:06:27 UTC 2010
Peter Pöml <peter at poeml.de>

A short addition...

Am 09.11.2010 um 23:52 schrieb Peter Pöml:
>> I also like being able to specify some IP ranges I'm authoritative
>> for.  As my mirror is on a university campus, I'd love to be able to
>> enter my campus' IP ranges, and that way ensure that all my campus
>> gets my mirror.  So far, none of the OSes I mirror for (I don't mirror
>> Fedora presently) allows me to do that.
> 
> Regarding this, I would like to question the need for such manual configuration. 
> centos.eecs.wsu.edu is your mirror, right? Without any configuration, MirrorBrain would send you all requests from clients out of 134.121.0.0/16 (if there isn't any mirror in the same network of course). If a client is not in that particular network, but within AS10430, it would still get sent to your mirror -- if there is no other mirror in that autonomous system. Would there be a second mirror in your autonomous system? That's the question. If not, everything would happen automatically anyway. No need to juggle lists of network prefixes. (And no need to make such configuration accessible, which could result in a security issue after all, if not handled carefully.)
> 
> So far, I didn't encounter a case where clients are outside the network prefix of a mirror, but within the same AS, and there is a second mirror in that AS -- so there was no need to add a way to specify network prefixes at all.
> 
> However, if you see the need, it would be easy to implement. (In the same way, one could define other autonomous systems to be handled by a mirror.)

I actually forgot about the latest feature, which helps even one step further: Provided that GeoIP works, two mirrors within the same AS would be prioritized by geographical distance to the client. This should take care of most other cases...

A more challenging case is when clients are connected through IPs that use address space allocated in another country. For example, clients in Europe using a VPN to their employer could be geolocated (by GeoIP) to the US, because their employer (the formal network operator) is based there. Many corporations own several network prefixes, but not all of them are physically in the same country. GeoIP typically misses these extra networks. With a mirror present in those networks/ASs, that's no problem. But otherwise it can be interesting. Does anyone have this problem here?

Peter