Please find my comments below.

> It is possible that this address is used by North Korea, they don't have
> a massive IP allocation and I would expect that perhaps there are some
> tunnels, but I can't figure out where MaxMind have got this idea from.

We aware of a small number of IP ranges tunneling to North Korea through some specific ISP. However, this IP address is registered by a VPN provider which also registered ranges in many other countries. We have no evidence that this VPN provider has a server located in those countries reported for their VPN service.

> I think GeoIP is actually a far more difficult problem when it's not
> typical residential customers. Satellite customers, for instance, may
> use IP blocks that are spread across multiple countries.
>
> I would expect that cloud providers and larger datacenter providers are
> using tunnels of sorts between their datacenters. Tunnels kill any
> visibility into the real routing path.

The large cloud providers such as AWS and Azure publishes their data center and IP addresses range to public. Data centers usually avoiding tunnels due to performance and cost-effectiveness. We do see rare cases required tunnels such as DDoS protection.

> When it comes to measuring the accuracy of databases for datacenters, I
> wonder if there could be some means for relay operators to self-report a
> location and then we can compare this with different databases.

If this is possible, then it is a good way to perform benchmarking. However, we need to make sure the relay operator is giving the right information.

- Kim

On Thu, Aug 24, 2017 at 3:50 AM, Iain R. Learmonth <irl@torproject.org> wrote:

Hi,

On 23/08/17 03:45, KL Liew wrote:
>> How is your accuracy for data centres?
>
> I don't aware of any research papers targeting data center only.
> IP2Location should be highly accurate because we are using network
> routing information to determine physical location instead of registrant
> address.
>
> For example, IP2Location is reporting 185.56.163.144 as in France after
> reviewing the network routing information as below. However, if you
> search the same IP address in other geolocation providers, you might see
> it as reported as North Korea, a country with limited Internet access.

It is possible that this address is used by North Korea, they don't have
a massive IP allocation and I would expect that perhaps there are some
tunnels, but I can't figure out where MaxMind have got this idea from.

I think GeoIP is actually a far more difficult problem when it's not
typical residential customers. Satellite customers, for instance, may
use IP blocks that are spread across multiple countries.

I would expect that cloud providers and larger datacenter providers are
using tunnels of sorts between their datacenters. Tunnels kill any
visibility into the real routing path.

When attempting to perform GeoIP for routers, the problem is compounded
as you don't know who really owns the router based on IP addresses
alone, routers having multiple IP addresses, etc.

With the influx of new TLDs and TLDs being chosen for vanity purposes,
they are also not a useful indicator.

I fear its the smaller providers, the more Tor-friendly providers, that
are missing or inaccurately represented in the databases.

When it comes to measuring the accuracy of databases for datacenters, I
wonder if there could be some means for relay operators to self-report a
location and then we can compare this with different databases.

Is there a safe way for relay operators to prove that they control a
relay and self-report the location of the relay without us having to
have an extra field in relay descriptors or overload the contact field?
Some sort of out-of-band means?

Thanks,
Iain.

_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev