From: nznog-request@list.waikato.ac.nz
Sent: Monday, March 24, 2014 12:00 PM
To: nznog@list.waikato.ac.nz
Subject: NZNOG Digest, Vol 135, Issue 16

Send NZNOG mailing list submissions to
nznog@list.waikato.ac.nz

To subscribe or unsubscribe via the World Wide Web, visit
http://list.waikato.ac.nz/mailman/listinfo/nznog
or, via email, send a message with subject or body 'help' to
nznog-request@list.waikato.ac.nz

You can reach the person managing the list at
nznog-owner@list.waikato.ac.nz

When replying, please edit your Subject line so it is more specific
than "Re: Contents of NZNOG digest..."

Today's Topics:

1. List of NZ IP addresses? (Clark Mills)
2. Re: List of NZ IP addresses? (Tony Wicks)
3. Re: List of NZ IP addresses? (Clark Mills)
4. Re: List of NZ IP addresses? (Peter Lambrechtsen)
5. Re: List of NZ IP addresses? (Bill Walker)
6. Re: List of NZ IP addresses? (Damian Kissick)
7. Re: List of NZ IP addresses? (Scott Howard)
8. Re: List of NZ IP addresses? (Rob McDonald)
9. Re: List of NZ IP addresses? (Gareth Davies)
10. Re: List of NZ IP addresses? (Lindsay Hill)
11. Re: List of NZ IP addresses? (Richard Naylor)

----------------------------------------------------------------------

Message: 1
Date: Mon, 24 Mar 2014 08:51:30 +1300
From: Clark Mills <c.mills@auckland.ac.nz>
To: nznog@list.waikato.ac.nz
Subject: [nznog] List of NZ IP addresses?
Message-ID: <532F3B42.90609@auckland.ac.nz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Hi all.

I realise that it's a constantly changing list but does anyone have a
list on NZ IPs?

Why: We're trying to set up a website to be accessible in NZ only.
Knowing what I know then firewalling is the tool (a man with a
hammer...) but I need to routinely source a more recent list.

Any suggestions or hints appreciated.

Cheers... Clark

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3575 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140324/b827401f/attachment-0001.bin>

------------------------------

Message: 2
Date: Mon, 24 Mar 2014 08:58:04 +1300
From: "Tony Wicks" <tony@wicks.co.nz>
To: "'Clark Mills'" <c.mills@auckland.ac.nz>
Cc: nznog@list.waikato.ac.nz
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID: <002701cf46d2$347800f0$9d6802d0$@wicks.co.nz>
Content-Type: text/plain; charset="UTF-8"

I would suggest you get a BGP feed from your ISP with all the Peering + National routes, that way you will have an accurate real time list.

-----Original Message-----
From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Clark Mills
Sent: Monday, 24 March 2014 8:52 a.m.
To: nznog@list.waikato.ac.nz
Subject: [nznog] List of NZ IP addresses?

Hi all.

I realise that it's a constantly changing list but does anyone have a list on NZ IPs?

Why: We're trying to set up a website to be accessible in NZ only.
Knowing what I know then firewalling is the tool (a man with a
hammer...) but I need to routinely source a more recent list.

Any suggestions or hints appreciated.

Cheers... Clark

------------------------------

Message: 3
Date: Mon, 24 Mar 2014 09:02:17 +1300
From: Clark Mills <c.mills@auckland.ac.nz>
To: nznog@list.waikato.ac.nz
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID: <532F3DC9.3050707@auckland.ac.nz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Hi Tony.

Thanks, will pass that upstream. :)

Many thanks... Clark

On 24/03/14 08:58, Tony Wicks wrote:
> I would suggest you get a BGP feed from your ISP with all the Peering + National routes, that way you will have an accurate real time list.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3575 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140324/2fe637f5/attachment-0001.bin>

------------------------------

Message: 4
Date: Mon, 24 Mar 2014 09:03:04 +1300
From: Peter Lambrechtsen <Peter.Lambrechtsen@telecom.co.nz>
To: Clark Mills <c.mills@auckland.ac.nz>, "nznog@list.waikato.ac.nz"
<nznog@list.waikato.ac.nz>
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID:
<563C162F43D1B14E9FD2BC0A776C1E919C4D171FAC@WNEXMBX01.telecom.tcnz.net>

Content-Type: text/plain; charset="utf-8"

I think grabbing all the ISPs BGP AS's and using that as a basis is the way most people do it.

Like Telecom's main subscriber AS is AS4771

-----Original Message-----
From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Clark Mills
Sent: Monday, 24 March 2014 8:52 a.m.
To: nznog@list.waikato.ac.nz
Subject: [nznog] List of NZ IP addresses?

Hi all.

I realise that it's a constantly changing list but does anyone have a
list on NZ IPs?

Why: We're trying to set up a website to be accessible in NZ only.
Knowing what I know then firewalling is the tool (a man with a
hammer...) but I need to routinely source a more recent list.

Any suggestions or hints appreciated.

Cheers... Clark

------------------------------

Message: 5
Date: Mon, 24 Mar 2014 07:05:52 +1100
From: Bill Walker <bill@wjw.co.nz>
To: nznog@list.waikato.ac.nz
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID: <e854648fc9185024369f5f5b2ef85a38@webmail.wjw.co.nz>
Content-Type: text/plain; charset=UTF-8; format=flowed

I see you have an Auckland AC email address, are you able to get access
to a Reannz BGP feed?

http://reannz.co.nz/services/tuning-bgp

EXCLUDING ROUTES BASED ON AS NUMBER
It can sometimes be useful to exclude routes being imported based on an
AS number. This could be the AS number of a destination network such as
the REANNZ network AS38299 or it could be that you want to exclude
everything that has transited a particular network such as the network
core AS38022.

It is important to understand the outcome you are trying to achieve. For
example, a REANNZ member that excluded any routes that transited AS38022
would exclude all network routes from the routing table. In a similar
fashion excluding AS38018 (our network International AS) would allow
domestic routes to be imported but no International routes.

On 2014-03-24 06:51, Clark Mills wrote:
> Hi all.
>
> I realise that it's a constantly changing list but does anyone have a
> list on NZ IPs?
>
> Why: We're trying to set up a website to be accessible in NZ only.
> Knowing what I know then firewalling is the tool (a man with a
> hammer...) but I need to routinely source a more recent list.
>
> Any suggestions or hints appreciated.
>
> Cheers... Clark
>
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog

------------------------------

Message: 6
Date: Mon, 24 Mar 2014 09:21:36 +1300
From: Damian Kissick <d.kissick@actrix.co.nz>
To: nznog@list.waikato.ac.nz
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID: <532F4250.9080106@actrix.co.nz>
Content-Type: text/plain; charset=ISO-8859-1

Once upon a time we leveraged APNIC's latest delegations
(http://ftp.apnic.net/stats/apnic/delegated-apnic-latest) and whittled
it down to NZ entries.

The biggest caveat of this method is there are quite a few people
geographically in New Zealand but with an IP from Australia.

- Damian

On 24/03/14 08:51, Clark Mills wrote:
> Hi all.
>
> I realise that it's a constantly changing list but does anyone have a
> list on NZ IPs?
>
> Why: We're trying to set up a website to be accessible in NZ only.
> Knowing what I know then firewalling is the tool (a man with a
> hammer...) but I need to routinely source a more recent list.
>
> Any suggestions or hints appreciated.
>
> Cheers... Clark

------------------------------

Message: 7
Date: Sun, 23 Mar 2014 13:33:44 -0700
From: Scott Howard <scott@doc.net.au>
To: Clark Mills <c.mills@auckland.ac.nz>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID:
<CACnPsNUvmDVRLp_tBT3ioUVDJP6SVBjTSUEYBRfdw07Kmkhcug@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Just use the MaxMind and either a plug-in for your web server, or something
within the web app itself. Their CityLite or CountryLite database is free,
and accuracy at the country level is very good (although not always
perfect, but nothing is ever going to be perfect).

www.maxmind.com

Scott

On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills@auckland.ac.nz>wrote:

> Hi all.
>
> I realise that it's a constantly changing list but does anyone have a list
> on NZ IPs?
>
> Why: We're trying to set up a website to be accessible in NZ only.
> Knowing what I know then firewalling is the tool (a man with a hammer...)
> but I need to routinely source a more recent list.
>
> Any suggestions or hints appreciated.
>
> Cheers... Clark
>
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140323/5df4de6a/attachment-0001.html>

------------------------------

Message: 8
Date: Mon, 24 Mar 2014 09:50:11 +1300
From: Rob McDonald <r@l2.co.nz>
To: Scott Howard <scott@doc.net.au>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID:
<CAJtFmh5CkMdKJD3r8d1NGPqBKoGtKOWTQ5j+BAFxmMxECQpZpw@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

http://dev.maxmind.com/geoip/geoip2/geolite2/

I was too slow

2 votes for maxmind. (or bgp feed with communities or something from your
ISP) it depends if you are trying to firewall for cost reasons, eg: I don't
want to serve my HD content to international viewers because it will
bankrupt me. Or I don't want to serve my international content to
international viewers because it would breach a license agreement with the
rights holder.

Cheers
Rob

*Rob McDonald | *Director

Level 2 Systems Ltd

*M:* +64 21 902 929

*eFax:* +64 9 974 4734

*W:* http://www.L2.co.nz <http://www.l2.co.nz/>

On 24 March 2014 09:33, Scott Howard <scott@doc.net.au> wrote:

> Just use the MaxMind and either a plug-in for your web server, or
> something within the web app itself. Their CityLite or CountryLite
> database is free, and accuracy at the country level is very good (although
> not always perfect, but nothing is ever going to be perfect).
>
> www.maxmind.com
>
> Scott
>
>
>
>
> On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills@auckland.ac.nz>wrote:
>
>> Hi all.
>>
>> I realise that it's a constantly changing list but does anyone have a
>> list on NZ IPs?
>>
>> Why: We're trying to set up a website to be accessible in NZ only.
>> Knowing what I know then firewalling is the tool (a man with a hammer...)
>> but I need to routinely source a more recent list.
>>
>> Any suggestions or hints appreciated.
>>
>> Cheers... Clark
>>
>>
>> _______________________________________________
>> NZNOG mailing list
>> NZNOG@list.waikato.ac.nz
>> http://list.waikato.ac.nz/mailman/listinfo/nznog
>>
>>
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140324/fb29be93/attachment-0001.html>

------------------------------

Message: 9
Date: Sun, 23 Mar 2014 21:02:12 +0000
From: Gareth Davies <Gareth.Davies@fphcare.co.nz>
To: Scott Howard <scott@doc.net.au>, Clark Mills
<c.mills@auckland.ac.nz>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID:
<648F89F9240F094AAF72630F134B864C24B19C81@NZ-EXCHANGE1.fphcare.com>
Content-Type: text/plain; charset="us-ascii"

We use maxmind for a similar process. We use their webserivce in conjunction with .net and find the API queries to return the country in a speed unnoticeable to users of the system.

They have sample code for various languages.

I don't know much about BGP but I would imagine that max minds 5 lines of code is simpler to add than managing the BGP process. However as mentioned by Rob its not allways 100% accurate but if its good enough for google (google analytics) it should hopefully be accurate enough

Gareth Davies
Senior Systems Administrator
DD +64 9 574 0123 EXT 8465
www.fphcare.com

From: nznog-bounces@list.waikato.ac.nz [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Scott Howard
Sent: Monday, 24 March 2014 9:34 a.m.
To: Clark Mills
Cc: nznog
Subject: Re: [nznog] List of NZ IP addresses?

Just use the MaxMind and either a plug-in for your web server, or something within the web app itself. Their CityLite or CountryLite database is free, and accuracy at the country level is very good (although not always perfect, but nothing is ever going to be perfect).

www.maxmind.com<http://www.maxmind.com>

Scott

On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills@auckland.ac.nz<mailto:c.mills@auckland.ac.nz>> wrote:
Hi all.

I realise that it's a constantly changing list but does anyone have a list on NZ IPs?

Why: We're trying to set up a website to be accessible in NZ only.
Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list.

Any suggestions or hints appreciated.

Cheers... Clark

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz<mailto:NZNOG@list.waikato.ac.nz>
http://list.waikato.ac.nz/mailman/listinfo/nznog

____________________________________________________________

This e-mail and any attachments may contain confidential information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140323/343686b0/attachment-0001.html>

------------------------------

Message: 10
Date: Mon, 24 Mar 2014 10:05:45 +1300
From: Lindsay Hill <lindsay.k.hill@gmail.com>
To: Gareth Davies <Gareth.Davies@fphcare.co.nz>
Cc: nznog <nznog@list.waikato.ac.nz>
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID:
<CADhybzdfnnZdGuHE599xeU7i86u8HHE=vQDNFxO_s9sXy5CB9g@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Whatever you end up doing, can you please:
A) Make sure it's kept up to date
B) Have some other method of whitelisting addresses, and make it clear on
your site how people can get in touch if they think you've incorrectly
classified an NZ IP as non-NZ.

(Coming from someone who's been trying to deal with getting various DBs
updated to take into account a recent IPv4 block transfer)

On Mon, Mar 24, 2014 at 10:02 AM, Gareth Davies <Gareth.Davies@fphcare.co.nz
> wrote:

> We use maxmind for a similar process. We use their webserivce in
> conjunction with .net and find the API queries to return the country in a
> speed unnoticeable to users of the system.
>
>
>
> They have sample code for various languages.
>
>
>
> I don't know much about BGP but I would imagine that max minds 5 lines of
> code is simpler to add than managing the BGP process. However as mentioned
> by Rob its not allways 100% accurate but if its good enough for google
> (google analytics) it should hopefully be accurate enough
>
>
>
>
>
> *Gareth Davies*
>
> Senior Systems Administrator
>
> *DD* +64 9 574 0123 *EXT* 8465
>
> *www.fphcare.com <http://www.fphcare.com>*
>
>
>
> *From:* nznog-bounces@list.waikato.ac.nz [mailto:
> nznog-bounces@list.waikato.ac.nz] *On Behalf Of *Scott Howard
> *Sent:* Monday, 24 March 2014 9:34 a.m.
> *To:* Clark Mills
> *Cc:* nznog
> *Subject:* Re: [nznog] List of NZ IP addresses?
>
>
>
> Just use the MaxMind and either a plug-in for your web server, or
> something within the web app itself. Their CityLite or CountryLite
> database is free, and accuracy at the country level is very good (although
> not always perfect, but nothing is ever going to be perfect).
>
>
>
> www.maxmind.com
>
>
>
> Scott
>
>
>
>
>
>
>
> On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills@auckland.ac.nz>
> wrote:
>
> Hi all.
>
> I realise that it's a constantly changing list but does anyone have a list
> on NZ IPs?
>
> Why: We're trying to set up a website to be accessible in NZ only.
> Knowing what I know then firewalling is the tool (a man with a hammer...)
> but I need to routinely source a more recent list.
>
> Any suggestions or hints appreciated.
>
> Cheers... Clark
>
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
>
> _______________________________________
>
> This e-mail and any attachments may contain confidential information. If
> you are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this e-mail
> is strictly forbidden.
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.waikato.ac.nz/pipermail/nznog/attachments/20140324/1eebe319/attachment-0001.html>

------------------------------

Message: 11
Date: Mon, 24 Mar 2014 10:17:31 +1300
From: Richard Naylor <richard.naylor@R2.co.nz>
To: nznog@list.waikato.ac.nz
Subject: Re: [nznog] List of NZ IP addresses?
Message-ID: <20140323212050.725A4164180@fred.iconz.co.nz>
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 09:50 a.m. 24/03/2014, you wrote:
>2 votes for maxmind. (or bgp feed with communities or something from
>your ISP) it depends if you are trying to firewall for cost reasons,
>eg: I don't want to serve my HD content to international viewers
>because it will bankrupt me. Or I don't want to serve my
>international content to international viewers because it would
>breach a license agreement with the rights holder.

The tier-1 CDNs all offer more than enough filtering to do very
decent geo-fencing. So its not hard to limit to "NZ-only" or
"everywhere but not nz". Sometimes we use that as the second line of
defence. Rights agreements often require 2 levels or more.

------------------------------

_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog

End of NZNOG Digest, Vol 135, Issue 16
**************************************