Subject:
Geo-location of IP addresses
Category:
Computers > Internet
Asked by:
brian_mulvaney-ga
List Price:
50ドル.00
 Posted:
30 Oct 2002 13:24 PST
Expires:
29 Nov 2002 13:24 PST
Question ID:
93523
 Is it possible for two fixed IP addresses with the same first three
octets (e.g. 128.121.121.1 and 128.121.121.2) to correspond to
machines in two different geographies (e.g. Dallas and Chicago)?
The underlying question is, "Do we lose precision and or accuracy in
trying to geo-locate an IP address if we are only working with the
first three octets of the address?"
 
 Subject:
Re: Geo-location of IP addresses
Answered By:
alexander-ga
on
30 Oct 2002 20:23 PST
Rated:5 out of 5 stars
 
 As the comments below point out, the answer to the first question is a
simple yes. There are many ways this could happen: people from
different areas dialing into the same modem pool and router, VPN
tunnels, proxied connections, etc. Geolocation is a very inexact
science, and the accuracy of the results are often fairly low, even
with the most advanced methods.
The underlying question is a bit more indicative of the real problem,
and requires analysis of how you are performing the geolocation.
Probably the most popular method is by looking up the owners of
netblocks and their addresses. For example, for IPs in the Americas,
you can use:
http://ws.arin.net/cgi-bin/whois.pl
Enter an IP, then click on the the OrgID result to get an approximate
location.
For other regions, see:
http://uptime.netcraft.com/up/accuracy.html#hosted
Using this method results in a provable "no, you do not lose
precision", because the smallest netblock assigned by ARIN (for
technical reasons) is a "/20", or a set of 16 contiguous Class C
blocks (4,096 IP addresses).
http://www.arin.net/library/guidelines/ipv4.html#allocations
Other, more complex forms of geolocation can theoretically lose
precision if you leave off the last octet. For example, Quova (
http://www.quova.com ) provides a service that is based off of a large
database of information that is difficult to obtain programatically.
For instance, if you do a traceroute to answers.google.com, the route
ends near "dcr1-so-1-3-0.SantaClara.cw.net" and
"csr01-ve240.sntc03.exodus.net". One can deduce that these nodes are
likely near Santa Clara, CA, and answers.google.com is likely to be
located in that region as well. It is not impossible for a small
subnet (less than a /24, 256 addresses) to be routed via
geographically-named routers to different locations. In this case,
these routers would not be backbone routers, but rather routers set up
by the individual organization creating the small subnet. For example,
you can imagine a situation where a large company based in, say, New
York (and whose netblock would therefore identify the location as New
York) set up a small satellite office in Albany, directly connected it
via a leased T1, gave it a small subnet, and called the router
"albany.bigco.com". If Quovis found and made note in their database of
this router, they would be able to determine which IPs went through it
and which did not, providing accurate geographical information for a
very fine slice of IPs.
However, routed subnets smaller than a /24 are very rare in practice,
and even in a situation such as this, any accuracy you lose by
dropping the last octet would be BY FAR drowned out by the effectively
non-locatable situations discussed in the first paragraph.
So, in summary, if you are using a very advanced geolocation system,
it is technically possible to misidentify some nodes if you drop the
last octet, but in practice, this number will be infinitesimally
small.
Terms used: netblock owner, geolocation
 
 
Request for Answer Clarification by
brian_mulvaney-ga
on
30 Oct 2002 22:42 PST
Very comprehensive answer. Thank you. The business scenario (which I
probably should have mentioned in the question) is that we may need to
do geo-location with the first three octets of a large number of IP
addresses (trimmed for privacy reasons). We are actually talking to
Quova about using their database. Quova has asserted that due to the
superior precision of their tool, we need all four octets to get best
results. We suspect the four octet precision claim is posturing on
the part of the vendor and are hard pressed to see how they can
consistently supply differentiated geography for subnets /24 and
smaller. And even if they can, how this could add up to a significant
number of addresses.
thegiantkahuna strongly disagrees with your statement that subnets /24
and below are rare and says, "that large ISPs do subnet their /24s". 
Do we have any way of testing this claim as relates to the problem of
geo-location? We understand the challenges of geo-location of dial up
modem users and have ways of excluding those IPs. We are more
concerned with midband/broadband Internet users. If large ISPs
frequently subnet their /24s *and* those IP address are spread over
differenct geographies *and* Quova has access to those mappings
directly from the ISPs, then we may have something to consider.
Thanks!
   
Clarification of Answer by
alexander-ga 
on
31 Oct 2002 11:27 PST
Thegiantkahuna's situation sounds like one where, at worst, you have a
modem pool of 127 or fewer modems in one town, and then the other 127
in a nearby town. (Though I don't even think he's talking about a
situation this drastic -- a "regional data center" anything more than
a very small, local bank of modems would not have fewer than 256 IPs.)
Again, the issue is with having a network of 128 IPs or fewer in a
(substantially) different geographical location from the other 128 in
its /24. An ISP would not make a block of 128 IPs, route it to Level
3, and then say "here, you make this dialup in another state" --
that's a routing nightmare.
The real thing to be aware of is that routing a subnet smaller than a
/20 long distances over the public Internet is somewhere between
impossible and not a very good idea, due to the limited size of the
routing tables. Also, Level 3 would not purchase a direct link between
two distant cities to serve a small subnet, they would send the
traffic back over the "big iron", and assign a completely different
set of IPs. The only case where such a small subnet could be routed a
substantial distance is if a company decided to lease raw fiber or
copper between one location and another, possibly to leverage their
home location's bandwidth and/or for security or reliability reasons.
Even in this case, they would be likely to assign the remote location
at least a /24 (256 addresses).
I think the most definitive source of information about Quova's
granularity would be Quova themselves. Ask them for an example where
two IP addresses with the same first three octets end up in different
geographical locations. If they know you're serious, and have such an
example, it should not be difficult for them to provide it, or even
the number of /24s in their database that contain more than one
geographical address. This is what they do, they should be more than
happy to tell you about the incredible detail present in their
database. That is, unless they don't have that kind of precision, or
the fourth octet does not, in fact, matter. (And in either case, you
know your answer.)
 
 brian_mulvaney-ga
rated this answer:5 out of 5 stars
Quality and depth of answer greatly exceeded my expectations.
 
 Subject:
Re: Geo-location of IP addresses
From:
jacktrades-ga
on
30 Oct 2002 15:13 PST
 
 The simple answer is yes.
   Subject:
Re: Geo-location of IP addresses
From:
brightshadow-ga
on
30 Oct 2002 15:40 PST
 
 Yes, and yes. An IP address does not necessarily correspond to a
physical location. They can track it down to a general "idea" of
location, by the IP ranges owned by certain service providers, etc,
but in reality, two consecutive IP numbers can very easily be
thousands of miles apart.
Finding a physical location going on IP address alone is voodoo at
best. You'd have to find out who owns the range of IP addresses, find
out from them who that particular IP is leased to/used by, and from
there, perhaps obtain a billing address, which may or may not even be
where the machine using that IP is located, and get a name from that
address, then track down that person and find out where exactly the
machine is. All of this assumes a great deal of cooperation on the
part of several parties, many of whom won't divulge the necessary
information to follow the paper trail without a subpoena or the threat
of one..
   Subject:
Re: Geo-location of IP addresses
From:
thegiantkahuna-ga
on
30 Oct 2002 20:58 PST
 
 At my last company we attempted to geo-locate tens of thousands of IPs
using several different retail packages, to no avail.
One of the biggest issues are ISPs that use telcos to back-haul
traffic to regional modem centers; and ISPs that aggregate traffic
through proxy servers. The largest example of the latter is AOL --
using something like Visual Trace Route and it will show all of the
AOL users are located in Herndon, VA.
The second biggest issue (and I strongly disagree with part of the
answer here) is that large ISPs do subnet their /24s. Good example
here would be Level 3's regional data centers with large modem pools
where they are doing the dial-up for other companies...
The third issue was inconsistency with the naming convention. As
shown in the answer, Santa Clara is sntc03 for Exodus; and SantaClara
for Cable and Wireless. There was a push at one time to use local
airport codes; however some ISPs use other codes. So the retailers
(Quova, Visual tracert, etc) are constantly asking the users to update
their database on the inconsistent naming conventions and getting GIGO
My answer to the first question is yes; and the answer to the second
is that there is no accuracy involved