Versions Compared

Old Version 19

changes.mady.by.user Les Cottrell

Saved on

compared with

New Version 20

changes.mady.by.user Les Cottrell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

We are providing some examples of where database methods get the location of a host incorrect. Reasons for this are multiple, including

  • The database uses the Top Level Domain to identify the country. However some countries such as Tuvalu (.tv) and Djibouti (.dj short for music Disk Jockey) market their TLDs 
  • To improve performance, especially for regions with poor connectivity, there may be a proxy in another country. 
  • To improve performance for very popular sites they often have hosts with the same name distributed across the world.
  • Internet routers are often identified as located at the corporate headquarters. This can lead to invalid visual traceroutes, see for example the VTrace gallery
  • A host may move as the owning company moves from one site to another.
  • As IPv4 addresses run out some companies are registering their IP addresses in regions/countries taht still have IPv4 address space. The adoption of foreign IP addresses gives some breathing room, but there are also drawbacks. It will become more difficult to use geolocation services that rely on IP addresses. Geolocation and ad revenue are such a powerful driving forces that they may help speed up the implementation of IPv6, Eriksson said. See http://www.networkworld.com/article/2363543/ipv6/need-to-move-to-ipv6-highlighted-as-microsoft-runs-out-of-us-address-space.html?source=NWWNLE_nlt_daily_pm_2014-06-13#tk.rss_all 

Incorrect result I

No Format
traceroute to 193.220.46.70 (193.220.46.70), 30 hops max, 38 byte packets
 1  rtr-servcore1-nethub (134.79.19.4)  0.648 ms  0.228 ms  0.472 ms
 2  rtr-core2-p2p-servcore1 (134.79.252.162)  0.342 ms  0.256 ms  0.271 ms
 3  rtr-border1-p2p-core2 (134.79.252.137)  0.497 ms  0.926 ms  0.301 ms
 4  192.68.191.245 (192.68.191.245)  0.562 ms  0.363 ms  0.481 ms
 5  sunnsdn2-slacmr1.es.net (134.55.217.2)  0.619 ms  0.714 ms  0.748 ms
 6  sunncr1-sunnsdn2.es.net (134.55.209.98)  1.023 ms  0.788 ms  0.931 ms
     MPLS Label=136016 CoS=0 TTL=1 S=1
 7  paixpart2-sunncr1.es.net (134.55.218.133)  1.432 ms  1.409 ms  1.292 ms
 8  unknown.Level3.net (209.245.146.145)  1.166 ms  1.217 ms  1.075 ms
 9  so-2-1-0.bbr1.SanJose1.Level3.net (4.68.114.153)  3.574 ms  3.049 ms  3.790 ms
10  ae-1-0.bbr2.Dusseldorf1.Level3.net (212.187.128.21)  165.467 ms  165.667 ms  165.440 ms
11  so-3-0-0.mp1.Berlin1.Level3.net (4.68.128.42)  176.505 ms  224.081 ms  177.365 ms
12  ae-31-53.ebr1.Berlin1.Level3.net (4.68.108.94)  177.440 ms  190.223 ms  180.747 ms
13  ae-2-7.bar1.Stockholm1.Level3.net (4.69.140.201)  194.848 ms  194.563 ms  194.597 ms
14  VIZADA-NETW.bar1.Stockholm1.Level3.net (213.242.69.34)  203.616 ms  203.061 ms  203.522 ms
15  NO-NIT-TN-6.taide.net (193.219.193.136)  204.151 ms  204.134 ms  204.159 ms
16  193.220.46.65 (193.220.46.65)  740.045 ms  738.744 ms  739.817 ms
17  193.220.46.78 (193.220.46.78)  739.863 ms  739.441 ms  739.970 ms
18  193.220.46.70 (193.220.46.70)  741.354 ms  738.494 ms  739.066 ms

...

 TULIP suggest that it is somewhere in Europe: (though it locates in Norway my hunch is that its somewhere closer to the intersection of the 4 circles)

Incorrect result II

Similarly the node ae-1-0.bbr2.Dusseldorf1.Level3.net (212.187.128.21) is in Germany considering the following RTTs:

...

Here are the RTTs from TULIP: (Netherlands RTT 3ms)

Incorrect Result III 

dsas3.ctio.noao.edu (139.229.17.44) is in La Serena Chile. GeoTool indicates it is in Tucson near the university. There are other hosts with the same domain name such as dsan3.ctio.noao.edu that are located in Tuscon. Unfortunately these hosts do not respond to pings. The traceroute indicates that the host is a long way away (> 300ms) from SLAC and probably in S. America (ampath is the connection point in Florida to S. America):

Code Block
37cottrell@pinger:~>traceroute dsas3.ctio.noao.edu 140
traceroute to dsas3.ctio.noao.edu (139.229.17.44), 30 hops max, 140 byte packets
 1  rtr-iepm-test (134.79.243.1)  0.326 ms  0.252 ms  0.244 ms
 2  rtr-core1-p2p-iepm (134.79.252.5)  0.287 ms  0.232 ms  0.219 ms
 3  rtr-core1-p2p-core1old (134.79.252.182)  0.321 ms  0.274 ms  0.268 ms
 4  rtr-border1-p2p-core1 (134.79.252.133)  0.428 ms  0.324 ms  0.312 ms
 5  slac-mr2-p2p-rtr-border1 (192.68.191.245)  0.260 ms  0.228 ms  0.224 ms
 6  sunnsdn2-ip-slacmr2.es.net (134.55.217.2)  0.874 ms  0.862 ms  0.859 ms
     MPLS Label=306784 CoS=6 TTL=1 S=0
 7  sunncr1-sunnsdn2.es.net (134.55.209.98)  0.960 ms  0.932 ms  0.937 ms
     MPLS Label=326496 CoS=6 TTL=1 S=0
 8  denvcr1-sunncr1.es.net (134.55.220.49)  27.943 ms  27.934 ms  56.111 ms
     MPLS Label=306272 CoS=6 TTL=1 S=0
 9  kanscr1-ip-denvcr1.es.net (134.55.209.46)  41.012 ms  41.024 ms  40.991 ms
     MPLS Label=307728 CoS=6 TTL=1 S=0
10  chiccr1-ip-kanscr1.es.net (134.55.221.58)  51.640 ms  51.666 ms  51.631 ms
     MPLS Label=337056 CoS=6 TTL=1 S=0
11  clevcr1-ip-chiccr1.es.net (134.55.217.53)  60.633 ms  60.601 ms  60.610 ms
     MPLS Label=301856 CoS=6 TTL=1 S=0
12  washcr1-ip-clevcr1.es.net (134.55.222.58)  68.134 ms  68.175 ms  68.105 ms
13  ampath-max.es.net (198.124.194.6)  88.318 ms  88.364 ms  88.375 ms
14  aura.ampath.net (198.32.252.218)  325.346 ms  325.963 ms  325.492 ms
15  139.229.127.249 (139.229.127.249)  326.392 ms  326.598 ms  326.655 ms
16  * * *
17  * * *

Incorrect result IV

Traceroute from SLAC to DESY (mms1.desy.de) using mtr.

...

This observation also points out that RTT based geolocation techniques cannot be relied upon in case of such circuitous routes.

Malaysian Hosts

Looking at the Directivity for Malaysian hosts monitored from Malaysian host we see several with Directivity > 1.

...

Thus I come to the conclusion that the host www.aiu.edu.my is not in Alor Setar. I will Disable this host in our database.

www.mib.edu.my

This host is for the Malaysian Institute of Baking. According to the database it is at 3.0997 101.6451. However, www.mib.edu.my is using an external hosting company in Malaysia (Exabytes) and they (Exabytes) seems to have server in two different location, one in Penang and another in KL. Not really sure which server the website is located. We found that the directivity from UM was >2.

dns.edu.cn

According to NODEDETAILS this is a China Education and Research Network host (CERN) in Beijing. When one looks up China Education and Research Network on Google maps it says it is in Guangzhou, ~ 4300km from Beijing. When one pings the host from v-www.ihep.ac.cn in Beijing the RTT is 1.1km. Thus it is within 101 km (taking a direct path with the speed of light in a fibre).

Haiti

Trying to find hosts to monitor in Haiti we went to Wikipedia Education in Hawaii. This gave is 4 universities:

Looking at the TULIP and the Maxmind/GeoIpTool results below, it is seen none are in Haiti not withstanding their top level domain of .ht.  

Universite CaraibeUniversite D'Etat d'HaitiUniversite Notre Dame d'HaitiUniversite Adventiste d'Haiti
Image AddedImage AddedImage AddedImage Added
  • Universite Caraibe: GeoIPTool locates the University in California. However TULIP locates it in Pennsylvania with an uncertainty area that does not include California.  It si also interesting that the TULIP uncertainty area is broken into 3 pieces.
  • Universite d'Etat d'Haiti: Both TULIP and GeoIPTool locate it in Texas, I tend to believe the GeoIPTool result.
  • Universite Notre Dame d'Haiti: GeoIPTool locates the university in France while TULIP locates it near Austin Texas with some degree of certainty.
  • Universite Adventiste d'Haiti: both GeoIPTool and TULIP locate the university in Utah. The GeoIPTool location of Salt lake City is probably the more accurate.