Author: Hari Jayaraman, BENOCS
We’ve all seen it: “New login detected from [insert random city you’ve never been to].”
This kind of IP-based guesswork is mildly annoying when it’s Netflix getting your location wrong. But when it’s a critical router in your network being misidentified, such inaccuracies stop being a minor irritation and start costing real time.
What is a Geo-IP database?
A geo-IP database is a collection of data that links IP addresses to their corresponding geographic locations. Geo-IP databases, such as ipgeolocation, IPinfo or DB-IP, usually provide information such as country, ZIP code, latitude, and sometimes more specific details such as ISP name and also connection type (DSL or mobile).
When do you use a Geo-IP database?
Some widely known use cases for network operators in telecommunications are:
- Traffic routing & load balancing
- Capacity planning
- Anomaly detection
- DDoS detection & mitigation
- Regulatory Limitations of Geo-IP databases
Take traffic routing: Geo-IP databases work reasonably well when identifying where user traffic originates from and are reliable for country-level detection and broad regional insights. However, some operators also use these databases to correlate flow data with the physical location of subnets within their own network to determine where a specific customer’s traffic is coming from. While operators typically know where their infrastructure and customer allocations are located based on internal records, that information often lives in separate static inventories that aren’t easily integrated into flow analysis tools. So, they turn to Geo-IP data.
The problem? Although the accuracy is typically high (90-99%) for country level, it drops down significantly to 43%1 for city level detection.
We ran a Berlin IP address lookup on some of these databases to test the accuracy. The results:
- ipgeolocation predicted that the IP is from Bremen some 400km away from Berlin
- DB-IP predicted the same IP to be from Frankfurt, 550km from Berlin
- IPinfo was the most accurate, predicting almost the correct district of Berlin
Many factors contribute to such inaccuracies. Cellular networks and mobile IPs often have much lower localisation accuracy compared to broadband or Wi-Fi. Secondly, the usage of VPN, proxies, carrier grade NAT and, more recently, Apple Private Relay further obscures the true location. From our experience in analysing data from 25+ networks, we often see the same IP block being used across multiple regions or cities because of the frequent change in network topologies, which results in IP block reassignment. Lastly, privacy regulations may restrict access to certain information, impacting the completeness or refresh rate of data. This makes it risky to rely on Geo-IP for regional-level insights; it can lead to wrong decisions about peering, routing, or capacity planning.
A better alternative: ingress-egress router-based geo-location
BENOCS Analytics takes a fundamentally different approach: we use what your network actually sees.
BENOCS collects and cross-correlates data from standardised network protocols, including BGP, Flow, SNMP, IGP, and DNS, directly from the operator’s infrastructure. Leveraging our proprietary data-processing engine, we visualise this information in an intuitive multi-dimensional Sankey diagram, with up to twelve traffic dimensions, including but not limited to:
- Source
- Handover
- Ingress
- Egress
- Nexthop
- Destination dimensions.
This visualisation allows you to trace the full journey of a packet, from where the traffic is sourcing from (Source AS) to where it terminates (Destination AS).
Flow data is collected at the ingress interface of all internet-facing edge routers. When combined with BGP information, we can infer the forwarding path, including the corresponding egress routers, both of which are displayed within the Sankey’s respective dimensions.
Further, BENOCS enables you to tag and group these routers by city, country, region, or custom groupings:
Now you have a precise view of traffic exchange between locations in your network:
When accuracy matters, trust your network
By analysing real-time data directly from your own routers, BENOCS Analytics empowers you to see not just where your traffic might be coming from but where it actually enters and exits your infrastructure. With this ground-truth visibility, you gain clarity, confidence, and control over your network’s geographic traffic flows.
Find out more at benocs.com
