Automated Geolocation

Don’t change geolocation yourself.

by Leo Vegoda

“They always say time changes things, but you actually have to change them yourself,” according to Andy Warhol.

Changing things yourself is not the best approach when managing IP addresses. Many organizations used to get away with managing IP addresses using a spreadsheet. They had already paid for office productivity software – so why not use it as much as possible?

Today, automation is essential for networks of any size. And the world is changing to require more data, which makes automated data maintenance more compelling.

We could get away with manually maintaining IP address registration data in the 1990s. The only automation was what you built for yourself. That meant that less data was needed, which meant less data was used.

We Rely on Data

The world today is completely different. Everything can be automated. If you don’t automate IP address management, you can’t know what is being used. That reduces your control over your own network and limits the basis of future plans to hope and luck.

But there’s more. In the 1990s all users could access services anywhere on the internet. That’s not the case today. Some services are only available in particular areas. One example is live streams of sports events. They are licensed for specific territories.

IP Address Management (IPAM) automation tools all provide three core functions that are useful for all networks:

  • Network scanning, so you know what’s actually active on your network. Rogue device detection is important!
  • Network planning, so you know where addresses are used. Is that subnet in Datacenter 1 or Datacenter 2?
  • Integration with DHCP and DNS, so authorized clients get an appropriate IP address and associated DNS entries.

Access provider networks need more information than these three key ones. Among the information needed is geographical location of the IP. We’ve written about this before. We’ve also described a free public tool for checking that what you’re publishing can be detected and understood. The bottom line is that changes in the way GeoIP service providers get information will mean IPAM tools needing to support these capabilities. You can find a list of providers and their automation status here.

Security Upgrade Coming

Internet engineers are now discussing a proposal to update the current standard for geographical data.

Key changes are:

  • URLs for geofeed files MUST use HTTPS
  • GeoIP data for addresses not covered by the referring registration MUST be ignored
  • Geofeed files can be digitally signed with RPKI keys

These proposals are designed to improve trust in the data being published.

Publishing over HTTPS provides authentication, integrity, and confidentiality for the fetched geofeed file. No-one on the path between the publisher and reader can change its contents.

Matching the addresses in the RIR database with those in the file avoids another kind of attack.  A typo or a malicious entry cannot cause problems for a network operated by someone else.

Digital signatures linked to the RPKI can authenticate the IP address space assignment. The reader will know that the publisher has control of the addresses.

More Automation

In 2023 networks need both IPv4 and IPv6 addresses. And most networks have more than one block of each. ARIN’s statistics show that most networks have 2.5 blocks, while the RIPE NCC’s show that organizations in Europe have more than 3.

RIRs use two words to describe IP address registrations. An allocation is a – normally large – block of addresses that can be cut up. Each piece should have a specific use and they call it an assignment.

Network operators encourage each other to register assignments. They use this information to inform automated policy implementation, like working out if they can provide a service.

Organizations divide each allocation into more specific assignments. It’s important to share information about different types of use. Content providers, retailers, and banks need that information. Without it they might refuse service or degrade service. Users will be unhappy.

Even small networks are likely to need four or five assignments for each allocation. They’ll need to register assignments for both IPv4 and IPv6 allocations.

This means that, on average, an organization will need to update as many as 30 assignments – and separate geofeed files – after making a change. The answer is not to follow Andy Warhol and “change them yourself.”

Automation is the answer and that starts with a solid IPAM.

If you are building a network and need addresses and advice on IPAMs, contact us. We run the most transparent and trusted address brokerage. And we can connect you with engineers who can help you select the right tools for your organization – including IPAM tools that provide automatically generated GeoIP feeds as part of your provisioning process!

dded a link