Geolocation statistics

From Allegro Packets Product Wiki
Jump to navigation Jump to search

The Geolocation module uses a GeoIP library to identify the country in which the IP address is located. Since it is based on a large internal database of IP ranges, the localization works fine in most cases, but in some rare cases the country might be wrong. A new firmware brings updated databases to permanently improve the localization. The list of countries includes all actual countries as well as some pseudo countries covering traffic for specific corner cases. For example, there is a country unknown country used whenever an IP could not be resolved to any other country. Additional pseudo-countries classify special IP ranges which do not belong to any actual country but are used for a specific use case. The list of these special countries includes:


• local address: Any IP address that belongs to a local network that would not be visible on the Internet.

An example is 192.168.1.2.

• loopback address: The IP address is only visible within the same computer.

An example is 127.0.0.1.

• link local address: The IPv6 address is only valid on the network link segment.

• multicast address: The IP address is reserved for multicast operations.

• broadcast address: The IP address is reserved for broadcast operations.

• set-up host address: The IP address is used when a network device does not have any valid IP address yet.

Examples are 0.0.0.0 or ::.

• IP 6to4 address/Teredo: These cover special IPv6 IP address ranges for the IPv6 within IPv4 tunnels.


Web interface


Geolocation statistics.png

Overview

The main view shows a table with all countries known to the GeoIP database. The table includes the total counters for bytes and packets sent or received from the corresponding country and the current throughput. A history graph is shown using the global resolution interval. The last columns allows for capturing traffic involving only the specific country. Each country name can be clicked to view detailed statistics for only this country.


Country details

The detailed statistics for a country contains an overview graph for the received and sent packets and bytes overtime. The IPs tab shows a table of all IP address identified for the specific country. The IP address can be clicked to reach the IP module page about that IP address. The table contains the alternative names for each IP, which includes all known sources of name lookup such as DNS, DHCP, or HTTP/SSL information. The number of packets and bytes and the history graph is shown for each IP, and there is a capture button to record traffic for the corresponding IP address.


Custom local subnets

The button to configure custom local subnets is located above the main location statistics table. It opens a dialog where IPv4 and IPv6 subnets can be added and removed to and from the custom local subnet list. If an IP address matches one of the configured subnets no further country, city of ASN lookup will be performed and the address will be shown as a local address wherever geolocation information is shown. Traffic for such an address will also be accounted as local traffic in the geolocation statistics. Changes to the custom local subnets will only affect new connections. Existing connections will still be accounted towards the country that was determined when the connection was established.


Resetting statistics

The stored data about each country can be removed by clicking on the trashcan button on the top right of the Geolocation statistics web page.