TULIP comparison of geolocation with database based approaches=>

June 9, 2021

VTrace gallery

=>

  • A host may move as the owning company moves from one site to another.=>
  • As IPv4 addresses run out some companies are registering their IP addre= sses in regions/countries taht still have IPv4 address space. The adoption of foreign IP addresses gives so= me breathing room, but there are also drawbacks. It will become more diffic= ult to use geolocation services that rely on IP addresses. Geolocation and = ad revenue are such a powerful driving forces that they may help speed up t= he implementation of IPv6, Eriksson said. See US, Kansas. IP2Location suggests that its in Washingt= on, DC.

     TULIP suggest that it is somewhere in Europe: (though it locates i= n Norway my hunch is that its somewhere closer to the intersection of the 4= circles)
    UK and= so does

    Here are the RTTs from TULIP: (Netherlands RTT 3ms)

    Incorrect Result III 

    dsas3.ctio.noao.edu (139.229.17.44) is in La Serena Chile. GeoTool indic= ates it is in Tucson near the university. There are other hosts with the sa= me domain name such as dsan3.ctio.noao.edu that are located in Tuscon. Unfo= rtunately these hosts do not respond to pings. The traceroute indicates tha= t the host is a long way away (> 300ms) from SLAC and probably in S. Ame= rica (ampath is the connection point in Florida to S. America):

    =20 37cottr= ell@pinger:~>traceroute dsas3.ctio.noao.edu 140 traceroute to dsas3.ctio.noao.edu (139.229.17.44), 30 hops max, 140 byte pa= ckets 1 rtr-iepm-test (134.79.243.1) 0.326 ms 0.252 ms 0.244 ms 2 rtr-core1-p2p-iepm (134.79.252.5) 0.287 ms 0.232 ms 0.219 ms 3 rtr-core1-p2p-core1old (134.79.252.182) 0.321 ms 0.274 ms 0.268 ms 4 rtr-border1-p2p-core1 (134.79.252.133) 0.428 ms 0.324 ms 0.312 ms 5 slac-mr2-p2p-rtr-border1 (192.68.191.245) 0.260 ms 0.228 ms 0.224 ms 6 sunnsdn2-ip-slacmr2.es.net (134.55.217.2) 0.874 ms 0.862 ms 0.859 ms MPLS Label=3D306784 CoS=3D6 TTL=3D1 S=3D0 7 sunncr1-sunnsdn2.es.net (134.55.209.98) 0.960 ms 0.932 ms 0.937 ms MPLS Label=3D326496 CoS=3D6 TTL=3D1 S=3D0 8 denvcr1-sunncr1.es.net (134.55.220.49) 27.943 ms 27.934 ms 56.111 ms MPLS Label=3D306272 CoS=3D6 TTL=3D1 S=3D0 9 kanscr1-ip-denvcr1.es.net (134.55.209.46) 41.012 ms 41.024 ms 40.991= ms MPLS Label=3D307728 CoS=3D6 TTL=3D1 S=3D0 10 chiccr1-ip-kanscr1.es.net (134.55.221.58) 51.640 ms 51.666 ms 51.631= ms MPLS Label=3D337056 CoS=3D6 TTL=3D1 S=3D0 11 clevcr1-ip-chiccr1.es.net (134.55.217.53) 60.633 ms 60.601 ms 60.610= ms MPLS Label=3D301856 CoS=3D6 TTL=3D1 S=3D0 12 washcr1-ip-clevcr1.es.net (134.55.222.58) 68.134 ms 68.175 ms 68.105= ms 13 ampath-max.es.net (198.124.194.6) 88.318 ms 88.364 ms 88.375 ms 14 aura.ampath.net (198.32.252.218) 325.346 ms 325.963 ms 325.492 ms 15 139.229.127.249 (139.229.127.249) 326.392 ms 326.598 ms 326.655 ms 16 * * * 17 * * * =20

    Incorrect result IV

    Traceroute from SLAC to DESY (mms1.desy.de) using mtr.

    =20 46cottrell@pinger:~>sudo mtr -r -c 100 mms1.desy.de HOST LOSS RCVD SENT BEST AVG W= ORST rtr-servcore1-serv01-iepm.slac.stanford.edu 0% 100 100 0.32 0.6= 7 1.41 rtr-core1-p2p-servcore1.slac.stanford.edu 0% 100 100 0.31 0.61 = 1.14 rtr-border1-p2p-core1.slac.stanford.edu 0% 100 100 0.42 3.66 = 89.68 slac-mr2-p2p-rtr-border1.slac.stanford.edu 0% 100 100 0.29 3.46= 43.24 sunnsdn2-ip-slacmr2.es.net 0% 100 100 0.69 4.28 6= 3.48 sunncr1-sunnsdn2.es.net 0% 100 100 0.76 0.98 = 1.50 elpacr1-ip-sunncr1.es.net 0% 100 100 25.57 28.03 5= 1.02 houscr1-ip-elpacr1.es.net 0% 100 100 40.47 41.79 7= 1.40 atlacr1-ip-houscr1.es.net 0% 100 100 63.91 64.12 6= 4.51 washcr1-atlacr1.es.net 0% 100 100 77.41 78.02 11= 1.31 esnet-wash.rt1.fra.de.geant2.net 0% 100 100 170.44 170.87 18= 7.50 ??? 100% 0 100 0.00 0.00 = 0.00 zr-pot1-te0-0-0-4.x-win.dfn.de 0% 100 100 184.23 184.76 19= 4.12 xr-tub1-vlan500.x-win.dfn.de 0% 100 100 185.11 187.46 24= 3.94 xr-des1-te1-1.x-win.dfn.de 0% 100 100 189.55 191.71 27= 2.54 kr-desy.x-win.dfn.de 0% 100 100 190.41 196.04 50= 9.16 ??? 100% 0 100 0.00 0.00 = 0.00 rt-198-5.desy.de 1% 99 100 189.81 190.66 21= 5.42 mms1.desy.de 1% 99 100 189.52 194.19 21= 8.15 =20

    The traceroute is as expected till Washington to Frankfurt (esnet-wash.r= t1.fra.de.geant2.net). There’s an increase of approx. 100ms since it crosse= s the Atlantic. The actual path within Germany is Frankfurt, Potsdam, Tubin= gen, Hamburg. Therefore Frankfurt to Potsdam is as expected. However things= become strange at this point. From Potsdam (zr-pot1-te0-0-0-4.x-win.dfn.de= ) to Tubingen (xr-tub1-vlan500.x-win.dfn.de) it takes under 3ms on average.= This seems highly unlikely since Potsdam is way up north of Germany and is= about 650km away from Tubingen.

    Moreover the traceroute shows that a packet takes more of a circuitous r= oute to DESY (near Hamburg) from Frankfurt. We found more details on the ro= ute by looking at the

    This observation also points out that RTT based geolocation techniques c= annot be relied upon in case of such circuitous routes.

    Malaysian Hosts

    Looking at the Directivity for Malaysian hosts monitored from Malaysian = host we see several with Directivity > 1.
    h= ttp://www-wanmon.slac.stanford.edu/cgi-wrap/pingtable.pl?by=3Dby-node&f= ile=3Dalpha&from=3DMY.UM.PINGER&to=3DMY.AIU.EDU.MY
    that this is= true for each month Feb thru April 2013.

    Looking in pingtable.pl at the last 120 days from UM to Malaysia we see = this is true for each day measured (the URL is http://www-wanmon.slac.stanford.edu/cgi= -wrap/pingtable.pl?file=3Dalpha&by=3Dby-node&size=3D100&tick=3D= last120days&from=3DMY.UM.PINGER&to=3DMalaysia&ex=3Dnone&onl= y=3Dall&dataset=3Dhep&percentage=3Dany)

    Looking in pingtable.pl at last 120 days for minimum RTT for UM to Malay= sia we see the min RTT to be consistent at ~ 1.2ms.

    Clicking on the ?r for UM to AIU we get the lat-longs of the two sites: NODENAME: pinger.fsktm.um.edu.my
    IPADDRESS: 202.185.107.238
    SIT= ENAME: fsktm.um.edu.my
    NICKNAME: MY.UM.PINGER
    FULLNAME: University = of Malaya
    LOCATION: Kuala Lumpur
    COUNTRY: Malaysia
    CONTINENT: S= .E. Asia
    LATANDLONG: 3.1601 101.6910

    NODENAME: www.aiu.edu.my
    IPADDRESS: 110.4.45.135
    SITENAME: aiu.e= du.my
    NICKNAME: MY.AIU.EDU.MY
    FULLNAME: Albukhary International Uni= versity
    LOCATION: Albukhary International University, Alor Setar, Kedah=
    COUNTRY: Malaysia
    CONTINENT: S.E. Asia
    LATANDLONG: 6.1356 100.= 3905

    Using the Google map tool (with Chrome or Firefox) Wikipedia Education in Hawaii. This gave is 4 universities:

    Looking at the TULIP and the Maxmind/GeoIpTool results below, it is seen= none are in Haiti not withstanding their top level domain of .ht.  =>

    Universite Caraibe Universite D’Etat d’Haiti Universite Notre Dame d’Haiti Universite Adventiste d’Haiti
    • Universite Caraibe: GeoIPTool locates the University in California. How= ever TULIP locates it in Pennsylvania with an uncertainty area that does no= t include California.  It si also interesting that the TULIP uncertain= ty area is broken into 3 pieces.
    • Universite d’Etat d’Haiti: Both TULIP and GeoIPTool locate it in Texas,= I tend to believe the GeoIPTool result.
    • Universite Notre Dame d’Haiti: GeoIPTool locates the university in Fran= ce while TULIP locates it near Austin Texas with some degree of certainty.
    • Universite Adventiste d’Haiti: both GeoIPTool and TULIP locate the univ= ersity in Utah. The GeoIPTool location of Salt lake City is probably the mo= re accurate.

    www.lbl.gov

    From its name one would expect this web server to be at LBNL in Berkeley= California. However TULIP locates it in Dallas.

    US view of locations for www.lbl.gov Detail of location for www.lbl.gov
       

    Traceroutes 

    From SLAC to www.lbl.gov 9th hop location Location of 9th hop seen from LBL
     
    Traceroute Traceroute from LBL Traceroute from Dallas , i.e. host= is <404km from Dallas.
    Source