Introduction
We are providing some examples of where database methods get the location of a host incorrect. Reasons for this are multiple, including
- The database uses the Top Level Domain to identify the country. However some countries such as Tuvalu (.tv) and Djibouti (.dj short for music Disk Jockey) market their TLDs
- To improve performance, especially for regions with poor connectivity, there may be a proxy in another country.
- To improve performance for very popular sites they often have hosts with the same name distributed across the world.
- Internet routers are often identified as located at the corporate headquarters. This can lead to invalid visual traceroutes, see for example the VTrace gallery
- A host may move as the owning company moves from one site to another.
- As IPv4 addresses run out some companies are registering their IP addresses in regions/countries taht still have IPv4 address space. The adoption of foreign IP addresses gives some breathing room, but there are also drawbacks. It will become more difficult to use geolocation services that rely on IP addresses. Geolocation and ad revenue are such a powerful driving forces that they may help speed up the implementation of IPv6, Eriksson said. See http://www.networkworld.com/article/2363543/ipv6/need-to-move-to-ipv6-highlighted-as-microsoft-runs-out-of-us-address-space.html?source=NWWNLE_nlt_daily_pm_2014-06-13#tk.rss_all
Incorrect result I
No Format |
---|
traceroute to 193.220.46.70 (193.220.46.70), 30 hops max, 38 byte packets 1 rtr-servcore1-nethub (134.79.19.4) 0.648 ms 0.228 ms 0.472 ms 2 rtr-core2-p2p-servcore1 (134.79.252.162) 0.342 ms 0.256 ms 0.271 ms 3 rtr-border1-p2p-core2 (134.79.252.137) 0.497 ms 0.926 ms 0.301 ms 4 192.68.191.245 (192.68.191.245) 0.562 ms 0.363 ms 0.481 ms 5 sunnsdn2-slacmr1.es.net (134.55.217.2) 0.619 ms 0.714 ms 0.748 ms 6 sunncr1-sunnsdn2.es.net (134.55.209.98) 1.023 ms 0.788 ms 0.931 ms MPLS Label=136016 CoS=0 TTL=1 S=1 7 paixpart2-sunncr1.es.net (134.55.218.133) 1.432 ms 1.409 ms 1.292 ms 8 unknown.Level3.net (209.245.146.145) 1.166 ms 1.217 ms 1.075 ms 9 so-2-1-0.bbr1.SanJose1.Level3.net (4.68.114.153) 3.574 ms 3.049 ms 3.790 ms 10 ae-1-0.bbr2.Dusseldorf1.Level3.net (212.187.128.21) 165.467 ms 165.667 ms 165.440 ms 11 so-3-0-0.mp1.Berlin1.Level3.net (4.68.128.42) 176.505 ms 224.081 ms 177.365 ms 12 ae-31-53.ebr1.Berlin1.Level3.net (4.68.108.94) 177.440 ms 190.223 ms 180.747 ms 13 ae-2-7.bar1.Stockholm1.Level3.net (4.69.140.201) 194.848 ms 194.563 ms 194.597 ms 14 VIZADA-NETW.bar1.Stockholm1.Level3.net (213.242.69.34) 203.616 ms 203.061 ms 203.522 ms 15 NO-NIT-TN-6.taide.net (193.219.193.136) 204.151 ms 204.134 ms 204.159 ms 16 193.220.46.65 (193.220.46.65) 740.045 ms 738.744 ms 739.817 ms 17 193.220.46.78 (193.220.46.78) 739.863 ms 739.441 ms 739.970 ms 18 193.220.46.70 (193.220.46.70) 741.354 ms 738.494 ms 739.066 ms |
...
TULIP suggest that it is somewhere in Europe: (though it locates in Norway my hunch is that its somewhere closer to the intersection of the 4 circles)
Incorrect result II
Similarly the node ae-1-0.bbr2.Dusseldorf1.Level3.net (212.187.128.21) is in Germany considering the following RTTs:
...
Here are the RTTs from TULIP: (Netherlands RTT 3ms)
Incorrect Result III
dsas3.ctio.noao.edu (139.229.17.44) is in La Serena Chile. GeoTool indicates it is in Tucson near the university. There are other hosts with the same domain name such as dsan3.ctio.noao.edu that are located in Tuscon. Unfortunately these hosts do not respond to pings. The traceroute indicates that the host is a long way away (> 300ms) from SLAC and probably in S. America (ampath is the connection point in Florida to S. America):
Code Block |
---|
37cottrell@pinger:~>traceroute dsas3.ctio.noao.edu 140 traceroute to dsas3.ctio.noao.edu (139.229.17.44), 30 hops max, 140 byte packets 1 rtr-iepm-test (134.79.243.1) 0.326 ms 0.252 ms 0.244 ms 2 rtr-core1-p2p-iepm (134.79.252.5) 0.287 ms 0.232 ms 0.219 ms 3 rtr-core1-p2p-core1old (134.79.252.182) 0.321 ms 0.274 ms 0.268 ms 4 rtr-border1-p2p-core1 (134.79.252.133) 0.428 ms 0.324 ms 0.312 ms 5 slac-mr2-p2p-rtr-border1 (192.68.191.245) 0.260 ms 0.228 ms 0.224 ms 6 sunnsdn2-ip-slacmr2.es.net (134.55.217.2) 0.874 ms 0.862 ms 0.859 ms MPLS Label=306784 CoS=6 TTL=1 S=0 7 sunncr1-sunnsdn2.es.net (134.55.209.98) 0.960 ms 0.932 ms 0.937 ms MPLS Label=326496 CoS=6 TTL=1 S=0 8 denvcr1-sunncr1.es.net (134.55.220.49) 27.943 ms 27.934 ms 56.111 ms MPLS Label=306272 CoS=6 TTL=1 S=0 9 kanscr1-ip-denvcr1.es.net (134.55.209.46) 41.012 ms 41.024 ms 40.991 ms MPLS Label=307728 CoS=6 TTL=1 S=0 10 chiccr1-ip-kanscr1.es.net (134.55.221.58) 51.640 ms 51.666 ms 51.631 ms MPLS Label=337056 CoS=6 TTL=1 S=0 11 clevcr1-ip-chiccr1.es.net (134.55.217.53) 60.633 ms 60.601 ms 60.610 ms MPLS Label=301856 CoS=6 TTL=1 S=0 12 washcr1-ip-clevcr1.es.net (134.55.222.58) 68.134 ms 68.175 ms 68.105 ms 13 ampath-max.es.net (198.124.194.6) 88.318 ms 88.364 ms 88.375 ms 14 aura.ampath.net (198.32.252.218) 325.346 ms 325.963 ms 325.492 ms 15 139.229.127.249 (139.229.127.249) 326.392 ms 326.598 ms 326.655 ms 16 * * * 17 * * * |
Incorrect result IV
Traceroute from SLAC to DESY (mms1.desy.de) using mtr.
...
This observation also points out that RTT based geolocation techniques cannot be relied upon in case of such circuitous routes.
Malaysian Hosts
Looking at the Directivity for Malaysian hosts monitored from Malaysian host we see several with Directivity > 1.
...
Thus I come to the conclusion that the host www.aiu.edu.my is not in Alor Setar. I will Disable this host in our database.
www.mib.edu.my
This host is for the Malaysian Institute of Baking. According to the database it is at 3.0997 101.6451. However, www.mib.edu.my is using an external hosting company in Malaysia (Exabytes) and they (Exabytes) seems to have server in two different location, one in Penang and another in KL. Not really sure which server the website is located. We found that the directivity from UM was >2.
dns.edu.cn
According to NODEDETAILS this is a China Education and Research Network host (CERN) in Beijing. When one looks up China Education and Research Network on Google maps it says it is in Guangzhou, ~ 4300km from Beijing. When one pings the host from v-www.ihep.ac.cn in Beijing the RTT is 1.1km. Thus it is within 101 km (taking a direct path with the speed of light in a fibre).
Haiti
Trying to find hosts to monitor in Haiti we went to Wikipedia Education in Hawaii. This gave is 4 universities:
- Université Caraïbe (CUC)
- Université d'État d'Haïti (UEH)
- Université Notre Dame d'Haïti (UNDH)
- Université Adventiste d'Haïti (Haitian Adventist University)
Looking at the TULIP and the Maxmind/GeoIpTool results below, it is seen none are in Haiti not withstanding their top level domain of .ht.
Universite Caraibe | Universite D'Etat d'Haiti | Universite Notre Dame d'Haiti | Universite Adventiste d'Haiti |
- Universite Caraibe: GeoIPTool locates the University in California. However TULIP locates it in Pennsylvania with an uncertainty area that does not include California. It si also interesting that the TULIP uncertainty area is broken into 3 pieces.
- Universite d'Etat d'Haiti: Both TULIP and GeoIPTool locate it in Texas, I tend to believe the GeoIPTool result.
- Universite Notre Dame d'Haiti: GeoIPTool locates the university in France while TULIP locates it near Austin Texas with some degree of certainty.
- Universite Adventiste d'Haiti: both GeoIPTool and TULIP locate the university in Utah. The GeoIPTool location of Salt lake City is probably the more accurate.