IP geolocation database – Understanding Network and Security for Near-Edge Computing

Several companies maintain databases that map IP ranges to physical locations and update this data at regular intervals. GSLB appliances typically pay for a subscription to these feeds. But where do those companies get their data? When an ISP obtains public IP space or an ASN, it ultimately does so via the Internet Assigned Numbers Authority (IANA), and WHOIS queries to IANA for the owner of the IP prefix and ASN in question are a good source. Another data source emerges from the analysis of reverse DNS crawls. Most ISPs name their routers things such as r1.dfw.tx.isp.com, which gives you a pretty good hint that a client connected to that router is somewhere near Dallas, TX, USA.

If you are using an IP geolocation database because you need to make sure customers go to a specific server that is physically located in a certain country for compliance reasons, you probably don’t care as much about minimizing latency. VPNs pose a problem for these situations as they mask the true IP of the device with that of a VPN gateway that could be located on the other side of the world. Proxy detection databases are another offering that GSLB users can subscribe to so that they know how to refuse service to clients coming from an IP known to be owned by a VPN service provider or similar.

Custom rules

Most GSLB solutions can incorporate some form of logic above and beyond the other methods that would be specific to a given deployment. For example, if Server 1 is under heavy load, we might decide to send Customer 1 to Server 2 even though the RTT is higher. We might also parse the URL or IP header information and make a decision based on that – for instance, we might pin a remote worker to a certain home server regardless of where they travel in the world for compliance reasons.

Of course, none of these methods are perfect. If someone wants to set up a VPN server in another country and move it to a new IP if it ever winds up on a VPN server list, it is next to impossible for GSLB to detect this.

Physical or virtual appliances that are capable of doing GSLB are known as Application Delivery Controllers (ADCs) or Global Traffic Managers (GTMs). While it is possible to build a functioning GSLB solution yourself with open source software, it is complex to both deploy and operate. For something so mission-critical, this is a risk most enterprises are not willing to take. Therefore, fully integrated solutions from vendors such as F5, Citrix, A10, Infoblox, and the like are the most common choice for self-managed GSLBs, despite their significant upfront cost.