19

I've been spending some time last weeks researching about dedicated server rentals in Spain and, appart from all of them being really expensive, I found something that's bugging me.

So this is a range of IPs used by one of those providers (51.254.154.0/24). I got some of the ips, used some geo location tools and got back some weird results. While some of the ips seem to be located in Spain, others don't.

I then found out that the company linked to those IPs is OVH, which offers no services in Spain, having the nearest datacenter in France, where some of those IPs seem to be from. enter image description here

As a final check, I wanted to simply ping these IPs and compare it to some I knew are located in OVH France's datacenter finding out that there was almost no difference, having between 53-54ms of response time.

mtrcheck on "spanish" IP (51.254.154.225) and one of my servers(192.0.2.50) in France from fr1 located there as well:

# mtr -c10 -r -n 51.254.154.225
Start: Mon Feb 27 14:14:23 2017
HOST: fr1                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.0.2.10                 0.0%    10  974.0 208.1   0.3 1079. 432.2
  2.|-- 10.95.68.132               0.0%    10    0.3   0.3   0.2   0.3   0.0
  3.|-- 10.95.66.72                0.0%    10    0.2   0.2   0.2   0.4   0.0
  4.|-- 37.187.231.253             0.0%    10    1.8   1.8   1.7   1.8   0.0
  5.|-- 178.33.103.226            80.0%    10    2.0   8.7   2.0  15.5   9.5
  6.|-- 51.254.154.225             0.0%    10    1.8   1.8   1.8   1.9   0.0

# mtr -c10 -r -n 192.0.2.50
Start: Mon Feb 27 14:14:24 2017
HOST: fr1                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.0.2.10                 0.0%    10    1.8 156.6   0.3 1069. 342.6
  2.|-- 10.95.68.196               0.0%    10    0.3   0.3   0.2   0.3   0.0
  3.|-- 10.95.66.70                0.0%    10    0.2   0.3   0.2   0.3   0.0
  4.|-- 37.187.232.120            70.0%    10    0.2   0.2   0.2   0.3   0.0
  5.|-- 192.0.2.50                 0.0%    10    0.6   0.6   0.5   0.7   0.0

So...

  • Is this spanish provider lying about the location of their servers?
  • If so, how can it be possible to show that the IP is located in Spain when it actually isn't?
  • Might it be pure coincidence that I get same ping results as I live in the middle of France and Madrid datacenters?

If you got here with the same question I had and not just by clicking on the "Month/Week question feed, don't just read the correct answer, it's worth having a look at everything

Community
  • 1
sysfiend
  • 1,327
  • 1
  • 11
  • 24
  • 12
    Hey, I work for a cloud provider and we have this problem all the time. The databases that providers use are often out of date or use our regional entity address when our datacenter is often in another place altogether. We do our best to keep things accurate, but it doesn't create too many issues when the record is incorrect. – Jacob Feb 27 '17 at 12:52
  • In the moment OVH really only has a CDN POP and an office in Madrid but no DC (I think this is planned for the future; https://www.ovh.co.uk/discover/). You can however book directly using ovh.es (if it's the place of contract and not the few ms extra latency, which you care about). – s1lv3r Feb 27 '17 at 14:58
  • @s1lv3r thanks for the info but I only care about those few less ms of latency – sysfiend Feb 27 '17 at 15:09
  • 1
    I'm confused... why are you renting a dedicated server from a company in Spain instead of renting directly from OVH? – cerberus Feb 27 '17 at 18:35
  • @cerberus because OVH has no datacenter in Spain and I want a server there for latency reasons. – sysfiend Feb 27 '17 at 18:40
  • Sounds like that company you're renting from is lying to you then about the services they are providing if the dedicated IP addresses are leased to OVH :) – cerberus Feb 27 '17 at 18:42
  • @cerberus nah, I'm not renting anything from them, just from OVH in France. – sysfiend Feb 27 '17 at 18:47
  • So... if you're renting from OVH in France, haven't you just answered your own question? – cerberus Feb 27 '17 at 19:48
  • @cerberus what? No. I already rent servers in France with OVH[DOT] I would like to rent some in Spain with some provider as OVH does not offer servers there. – sysfiend Feb 27 '17 at 23:00
  • The RIPE 'whois' entry for 51.254.154.192/26 clearly shows "OVH ES", so if there's blame to be apportioned for the misleading location I'd say it's theirs. I'm 99% sure the servers are actually in France, though - I'm getting 11ms pings from my FTTP connection in the UK to 51.254.154.225. – Alnitak Feb 28 '17 at 08:38
  • 3
    Also, the two IPs quoted above, _even if they are in different countries but connected via an OVH internal network_ **must** externally both get routed via OVH FR, because they're in the same /24, and that's the smallest practical subnet size used on the global BGP routing table. If your intention is to provide better latency to end users located in Spain itself, this won't do it, because the traffic _will_ leave Spain before it could ever come back again. – Alnitak Feb 28 '17 at 08:43
  • 2
    @Alnitak +1 for the interesting information about the routing. OVH actually [sells geolocated IP's](https://www.ovh.co.uk/dedicated_servers/ripe_ip_block.xml) (in the sense of the RIPE entry being from a specific country) independent from the servers actual location. An OVH server can therefore easily have multiple IP's "from different countries" at the same time. – s1lv3r Feb 28 '17 at 11:14
  • @s1lv3r I wonder what RIPE's take would be on an LIR publishing deliberately misleading information about a prefix? AFAICS the only good reason to offer this as a service is to allow customers to (fraudulently) mislead people who rely on the RIR-derived geolocation databases... – Alnitak Feb 28 '17 at 13:08
  • @Alnitak I can't really answer your question on RIPE's position, however the reason for those offers is quite obvious. They sell it as a tool for the black magic of the 21st century: ranking enhancement/ SEO. ;-) – s1lv3r Feb 28 '17 at 14:56
  • @s1lv3r it was mostly a rhetorical question, but I know plenty of RIPE people I could ask. – Alnitak Feb 28 '17 at 15:09
  • 1
    @sysfired Have a look at PeeringDB.net they, OVH have both public and private peering in Spain, https://www.peeringdb.com/net/1264 – Darragh Feb 28 '17 at 18:25

3 Answers3

25

Geolocation is not an exact science. The databases are full of errors and misinformation.

Note: OVH do not appear to have a Spanish DC.

Who is passing on terminological inexactitude I wouldn't like to say.

Looking at the output of mtr to both of the IPs listed, it appears that both systems are likely located in the OVH Gravelines DC in France. 

sudo mtr -c10 -r -n 51.254.154.225
[sudo] password for iain: 
Start: Mon Feb 27 12:58:53 2017
HOST: fedoraws                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.1.2                0.0%    10    0.3   0.3   0.2   0.4   0.0
  2.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  3.|-- 31.55.185.181             90.0%    10   11.8  11.8  11.8  11.8   0.0
  4.|-- 31.55.185.180              0.0%    10   13.0  12.9  12.7  13.5   0.0
  5.|-- core1-hu0-17-0-1.colindal  0.0%    10   12.0  12.2  11.9  12.4   0.0
  6.|-- 195.99.127.81              0.0%    10   13.9  13.6  13.2  13.9   0.0
  7.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  8.|-- be10-1193.gra-g1-a9.fr.eu  0.0%    10   15.6  19.6  15.2  49.0  10.4
  9.|-- vl21.gra-g1-a75.fr.eu      0.0%    10   15.6  15.9  15.6  16.3   0.0
 10.|-- vl5.gra-3a-6k.fr.eu       90.0%    10   15.0  15.0  15.0  15.0   0.0
 11.|-- host-es.ipadicto.com       0.0%    10   14.9  15.2  14.9  15.5   0.0

and 

sudo mtr -c10 -r -n 51.254.154.158
Start: Mon Feb 27 13:00:04 2017
HOST: fedora                      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.1.2                0.0%    10    0.2   0.3   0.2   0.4   0.0
  2.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  3.|-- 31.55.185.181             80.0%    10   12.0  12.1  12.0  12.3   0.0
  4.|-- 31.55.185.188              0.0%    10   12.1  12.4  12.1  12.7   0.0
  5.|-- core2-hu0-17-0-1.colindal  0.0%    10   13.3  13.1  12.8  13.3   0.0
  6.|-- 62.172.103.19              0.0%    10   13.5  13.4  13.1  13.8   0.0
  7.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
  8.|-- be10-1193.gra-g1-a9.fr.eu  0.0%    10   15.2  15.4  14.8  15.9   0.0
  9.|-- vl21.gra-g1-a75.fr.eu      0.0%    10   15.5  15.6  15.5  16.0   0.0
 10.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0
user9517
  • 114,104
  • 20
  • 206
  • 289
  • Even if so, what about the ping? That's an updated fact. – sysfiend Feb 27 '17 at 12:49
  • 14
    Ping is irrelevant. take a look at the path using`mtr`. – user9517 Feb 27 '17 at 12:50
  • Updated question with `mtr` results. – sysfiend Feb 27 '17 at 13:22
  • Why using root with mtr? – Braiam Feb 27 '17 at 13:49
  • @Braiam old habits die hard I guess - from a C6.8 box `mtr 51.254.154.158 mtr: unable to get raw sockets.` – user9517 Feb 27 '17 at 13:51
  • 2
    mtr _does_ need root, it's just usually setuid. (Many traceroute modes, e.g. --icmp, are also root-only.) – user1686 Feb 27 '17 at 13:57
  • I learned mtr on some earlier version of CentOS where sudo was required (rather than setuid) and I haven't updated y muscle memory accordingly. – user9517 Feb 27 '17 at 14:00
  • 7
    @sysfired: one reason ping is less significant is that for almost any network, ping (request/response) are some of the lowest priority traffic on any network, and so performance tends to be 'worse' than other, more practical protocols like UDP or TCP. In other words: when ping is good, good, and if it is not, it doesn't tell you all that much. – iwaseatenbyagrue Feb 27 '17 at 15:22
  • @iwaseatenbyagrue yep, I see, makes sense. – sysfiend Feb 27 '17 at 15:54
  • 1
    Yeah, GeoLocation is not reliable. One way of looking up my home address puts me on the other side of the state. The other way shows me in a different country on the other side of the continent! – Brian Knoblauch Feb 27 '17 at 16:42
  • @BrianKnoblauch I've experienced that myself as well but, as it's a dynamic IP address, I never expect it to work properly. – sysfiend Feb 28 '17 at 09:11
12

There is another way to check, which is to query some BGP looking glasses.

This is generally more reliable than GeoIP (as mentionned by @Jacob, GeoIP databases vary in quality and freshness), since BGP is the protocol for routing the ranges across the cyberpipes (or is it interwebz).

Generally, you'll need to check a few locations to make sure you aren't seeing aggregated routes, BUT, ultimately, every IP belongs to AS, and that AS can easily be traced to a company.

Per the Hurricane Electric looking glass (http://bgp.he.net/ip/51.254.154.0#_ipinfo), OVH indeed owns that /24, and its supernet (51.254.0.0/15). Checking a Spanish looking glass, http://www.rediris.es/red/lg/lg.pl, seems to confirm as much (but this is nothing more than a quick check on my part).

Your traceroutes/mtr outputs seem to confirm as much: the IP is owned and announced by OVH, and routes, at least, via them (if not to them).

tl;dr: it seems your provider is using a French provider, and their data centers/infra. This isn't 100% certain, but seems the most likely explanation.

Edit: to be clear, the fact OVH is AS to which the IP is allocated doesn't necessarily mean anything about specific locations. Sadly, neither necessarily does mtr-output - even if (as seems to be the case) OVH are pushing out the whole /24 your provider is a part of with a peer in France, some internal transport (e.g. MPLS) could still be used. That wouldn't necessarily be the most sensible way of doing all this, but it isn't impossible.

iwaseatenbyagrue
  • 3,588
  • 12
  • 22
  • `BGP is the protocol for routing the ranges across the cyberpipes (or is it interwebz)` - I believe the phrase you're looking for is `information superhighway`. – flith Feb 28 '17 at 07:17
1

Not that all of the other answers aren't great and really helpfull (it is worth reading every post in here) but I think I just found the answer myself yesterday.

So, we were in need of another IP for one of our servers located in France rent with So You Start, which is just like Kimsufi (they both are OVH companies) but a bit better and more expensive. When I got to the administration panel and clicked on "Add extra IP Addresses", they let me choose the location of the IP and, guess what? Spain was there.

Here's the screenshot that proves it. It is in spanish but I think it's quite easy to understand the concept.

Conclusion:

There's some spanish (and probably somewhere else) hosting companies reselling OVH dedicated servers located in France with spanish IPs as if they were located in Spain, increasing the monthly cost between 3 and 4 times.
Appart from being absolutely ilegal, it is insulting how these bastards keep on ripping off people with IT related stuff. Just be aware when spending your money (specially in Spain right now) and, just like a friend says, don't even trust a flower.

sysfiend
  • 1,327
  • 1
  • 11
  • 24