[aklug] Re: ACS Google Gateway

Greg Schmitz <greg@amipa.org> wrote:
>
>So basically, even if I don't use gmail (ACS email services) Google has
>
>access to my network connections via ACS (this so that ACS can provide
>a
>better "user experience)? Correct me if I'm wrong - I'm not a network
>guy. And this is all being done without the knowledge of ACS
>subscribers? Seems ACS is drinking the same kool-aide that Google is
>selling to the general public (something for nothing), although it
>might
>be far more dangerous. Perhaps we here in the US need some privacy
>laws
>similar to those in the EU (it used to be the other way around).
>
>--greg
>
>On 10/11/2013 08:12 AM, Tom Simes wrote:
>> On 10/10/13 16:56, Shane Spencer wrote:
>>> Google has an address on ACS
>>>
>>> I noticed this after a rather long split-net situation between
>commodity
>>> DSL and the rest of the Internet while I was trying to diagnose the
>problem.
>>>
>>> Any idea what's the what here?
>> Why yes, I do have a pretty good idea what's going on. ACS has a
>Google
>> Global Cache deployed within their network.
>>
>> https://peering.google.com/about/faq.html
>>
>> (scroll down to Google Global Cache)
>>
>> In a nutshell, ACS uses a BGP peering session with the GGC node to
>> inform it which IP addresses are local to our network and Google uses
>> that data to determine which queries are eligible to be served via
>the
>> GGC node.
>>
>> At the end of the day, it's all about increasing network performance
>and
>> improving the user experience by placing content closer to the
>> user/edge. To that end, I've always been a huge proponent of both
>> non-transit peering in general and CDN deployments in Alaska. As a
>> result, ACS hosts CDN clusters from Google, Akamai and Netflix and
>will
>> be adding another large player soon.
>>
>> I've been a relatively quiet lurker here, but for those whom I
>haven't
>> met - or helped with BGP ;) I've been running carrier networks in AK
>> since '95 beginning with good 'ol Internet Alaska. I've been
>employed
>> by ACS as an IP core engineer since the IA acquisition in '00. That
>> being said, I don't speak for ACS and the data above is both public
>and
>> fairly easy to discover.
>>
>> If you have more specific questions, fire away and I'll answer what I
>can.
>>
>> <obligatory peering plug>
>> If you have an ASN and are in AK, at the SIX or NWAX and are not
>> currently peered with ACS (AS7782), please hit me up. We have a very
>> open non-transit peering policy!
>> </obligatory peering plug>
>>
>>
>
>
>--
>
>Greg Schmitz
>Alaska Moving Image Preservation Association (AMIPA)
>Anchorage, Alaska
>
>v: 907.786.4983
>f: 907.786.1834
>e: greg at amipa dot org
>
>The Alaska Moving Image Preservation Association is a 501(c)(3)
>non-profit dedicated to media preservation and education to ensure
>long-term access to Alaska’s moving image heritage.
>
>www.amipa.org
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.

Excuse the brevity, replying via mobile device. The Google Global Cache only serves Google content, see previous link for full list. It isn't router or deep packet inspection appliance. In other words, it isn't involved in your network traffic in any way unless you're explicitly using some Google product. Regarding the migration of mail service to the Google platform, at the executive level it is viewed as a net positive for customers. I won't debate or comment further except to say I've been running my own mail server since the '90s.

Actually, if you have an interest in electronic privacy there is a really good interview up on YouTube with Ladar Levinson who ran Lavabit, the email service used by Edward Snowden. Search for "NANOG 59" and then look for Ladar. The upshot is, Diffie-Hellman and perfect forward security are the only current defense against entities with the ability to coerce secret keys from victims.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Oct 12 09:44:52 2013