11

I risk posing an ill formed question here, but I'll give it a whirl.

Does it generally stand to reason that the nearer IP address A is to IP address B numerically, then the nearer IP address A is to IP address B geographically?

Whatever your feelings, it would be most helpful if you could point me toward some good reading material on this.

splattne
  • 28,348
  • 19
  • 97
  • 147
John Berryman
  • 347
  • 3
  • 12
  • 4
    No need to apologize...I thought it an excellent question, to which the answer is clear to those who have been around the industry for a while, but not so much to new (or aspiring) entrants to the IT field. – EEAA Dec 09 '10 at 18:56

5 Answers5

13

Does it generally stand to reason that the nearer IP address A is to IP address B numerically, then the nearer IP address A is to IP address B geographically?

Most definitely not.

IP Netblocks are handed out by IANA to the Regional Internet Registries (RIRs), who in turn hand out netblocks to individual organizations in their region. Once handed out, each recipient org can do whatever they want with those address. So, while a netblock may be initially handed out in the APNIC region, there's nothing preventing a company from using those IP addresses say, in Europe or the United States.

Additionally, some addresses in a netblock may be used in one corner of the globe, while others in a completely opposite corner.

See, for instance, IANA's IPv4 Address Space Registry page. 40/8 is allocated to the Eli Lily company, 41/8 is allocated to AfriNIC, and 42/8 is allocated to APNIC. Those three sequential netblocks are allocated to three geographically disparate bodies.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • RIR: http://en.wikipedia.org/wiki/Regional_Internet_Registry IANA: http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority – iainlbc Dec 09 '10 at 18:51
  • 2
    This. A million times this. Geolocation *might* be an acceptable way of telling what country a visitor is from *maybe*, with a certain margin of error. That's pretty much it, and that springs from a database mapping what addresses are allocated to which ISPs, etc, and not because of any association between the numbers themselves and a location or other "nearby" numbers. – Rob Moir Dec 09 '10 at 18:54
  • 2
    I think you missed the "generally" in the question. – Sparr Dec 09 '10 at 23:24
  • @Sparr - no I did not. Even generally speaking, it is foolish make *any* assumptions about the physical location of adjacent IP addresses. Take, for instance, pseudowire WAN connections and/or QinQ tunnels. With these, L2 domains can be in opposite corners of the country or world even. – EEAA Dec 10 '10 at 02:26
  • 1
    @ErikA I appreciate your answer, but, respectfully, @Sparr understood the nature of my question as it was intended. In my particular problem, a good initial guess that works 90% of the time will get me a long way toward what I want. The 10% of the time that it doesn't work at all is not necessarily harmful. Also notice that my question is not concerned with the absolute location of the IP address but the relative location of two IP addresses. – John Berryman Dec 10 '10 at 03:02
  • @ErikA: I follow your reasoning, but I believe it is a based on a flawed analogy. Your examples of 40/8, 41/8, and 42/8 are not really valid, because they are NOT numerically close to each other, when correctly interpreted as 32-bit integers. Consider that 40.0.0.0 = 671088640 and 41.0.0.0 = 687865856, and their difference is 16777216. Not very close at all. A better analysis would look at, say 40.0.0.0 and 40.0.0.1, which are adjacent in IP space. What are the odds that those IPs are geographically close to each other? Likely much higher than another random pair of IPs. – Steven Monday Dec 10 '10 at 03:02
  • @John - right on, I'm glad you got the answer you were looking for. – EEAA Dec 10 '10 at 03:13
  • 1
    @Steven yes, that's correct. Using `/8` networks wasn't a great example. My point stands, though, that there are many ways two *directly* adjacent IP addresses can appear very far physically apart, even if that doesn't happen very often. – EEAA Dec 10 '10 at 03:14
  • @all Perhaps the converse would be a better question here. If two people are setting next to each other, then *generally* how far apart can their IP addresses be? Will it only differ in the last group? In the last two groups? *((and what are the groups called))* – John Berryman Dec 10 '10 at 03:19
  • @ErikA as you realized, "many" from among billions can be "doesn't happen very often", which means that the opposite case is "generally" true. There could be a BILLION pairs of numerically adjacent but physically distant IPs... and the other three billion would still be close to their neighbors. – Sparr Dec 10 '10 at 03:37
  • 2
    *Sparr understood the nature of my question as it was intended. In my particular problem, a good initial guess that works 90% of the time will get me a long way toward what I want.* Sorry but telling you what you want to hear isn't the same as giving you a good answer. There are too many exceptions to that rule of thumb for it to be useful. – Rob Moir Dec 10 '10 at 14:18
5

A.B.C.001 and A.B.C.002 are very likely to be in close physical proximity, possibly as likely as 99% that they are on the same city block.

A.B.C.001 and A.B.C.254 are only slightly less likely to be so.

A.B.001.D and A.B.002.D are less likely still, perhaps 90%, for a 256x as large definition of "close".

A.B.001.D and A.B.254.D slightly less likey again.

This pattern continues. You could calculate relatively accurate percentages for the top two octets by simply polling a reliable geolocation service.

In the olden days (2006) when IPv4 still had plenty of available address space, xkcd made a Map of the Internet that shows distribution of the first octet by country and organization. It's gotten a lot denser since then, but the general pattern continues, with neighboring first octets having about a 30% chance of being in the same country or region.

Sparr
  • 770
  • 1
  • 5
  • 14
  • 1
    Auto +1 for xkcd. – Orbling Dec 10 '10 at 00:38
  • (Referring to note on ErikA's answer.) That being said, I would like it if you could refer me to reading material that confirms this. It is something that I need to understand deeply. – John Berryman Dec 10 '10 at 03:05
  • @John I am not aware of any single piece of material that would cover this. Assignment of /8 blocks follows some rules, and those rules are published _somewhere_. One of the emergent results of those rules is that blocks allocated to an entity (most of whom are countries or geographic regions) tend to be sequential, even when they assignments are made years apart. Once a local authority (like ARIN) has a /8, how they distribute it is again governed by rules, and THOSE rules have emergent properties. This continues right down to ISP nodes, which have rules for which house gets which IP(s). – Sparr Dec 10 '10 at 03:34
  • note that the XKCD map is the location where the IP is registered to. It does not mean it is necessarily used there. While your answer is somewhat correct that there is a reasonable chance, I think your % numbers are way too high unless you're talking about 1918 ranges. – Chris S Dec 10 '10 at 13:41
  • @Chris S do you disagree with my 99%? To clarify, I am saying that out of every /24 in the world, the average number of geographic area splits in a single /24 is 2-3. Does it sound more believable that way? – Sparr Dec 11 '10 at 00:17
3

You know, not only does numeric "closeness" not have any direct relation on geographical closeness, with the widespread use of NAT there's not even any guarantee that requests from the SAME IP have any geographic relation to each other, in terms of the geographic location of the end user or machine making the request. There are plenty of corporate networks that are spread across the US that have only a single internet drain, for instance...

UPDATED: I thought of another couple examples using some parts of network design (meaning, not directly related to an IP assigned to Joe Blow's home connection).

First, it's common for a network designer to have a larger subnet (like, say, a /24) set aside solely to be used for point to point connections (that is, carved into a bunch of /30s). So, 1.1.1.1 might be in Chicago, 1.1.1.2 might be the other end of the link in Los Angeles, etc. Not only are adjacent IPs in often in different physical locations by design, the entire supernet might be filled with these /30s that are all in different locations.

Another similar example is loopback IPs. Again you might have a /24, but instead of being carved up into /30s it's carved into /32s (single IPs), each of which is used on a loopback interface on a router. So, similar to above, 1.1.2.1 might be lo0 on a router in Chicago and 1.1.2.2 might be lo0 on a router in Los Angeles, and the two routers don't even have to have a direct connection between them any more.

jj33
  • 11,038
  • 1
  • 36
  • 50
2

ISPs will buy range of IP addresses and sites that trace IP addresses like http://www.ip-adress.com/ip_tracer/ Keep track of which ISPs have which addresses where.

So... if IP address A & B are numerically close as in under the same netblock then they are probably geographically close but there is no guarantee that the ISP will use all of their IP addresses in the same region. The netblocks are distributed throughout the world and were sold first come first served so in general if they are not in the same netblock then the are geographically unrelated even if they netblocks are close numberically IE: the 93.0.0.0 isn't close to 95.0.0.0 but the ISP distributing 95.10.10.1 is probably distributing 95.10.10.2 in the same region.

cpgascho
  • 753
  • 1
  • 9
  • 23
1

However, if you do a whois or reverse DNS lookup on two addresses, and they are in the same netblock, or originate from the same ISP, you can draw some conclusions from that, I believe.

Most residential ISPs reveal a lot about location in their reverse DNS lookups.

LawrenceC
  • 1,192
  • 6
  • 14