Geolocation statistics

From Allegro Network Multimeter Manual
Revision as of 11:51, 11 November 2021 by Martin.Weiser (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The Geolocation module uses a GeoIP library to identify the country in which the IP address is located. Since it is based on a large internal database of IP ranges, the localization works fine in most cases, but in some rare cases the country might be wrong. A new firmware brings updated databases to permanently improve the localization. The list of countries includes all actual countries as well as some pseudo countries covering traffic for specific corner cases. For example, there is a country unknown country used whenever an IP could not be resolved to any other country. Additional pseudo-countries classify special IP ranges which do not belong to any actual country but are used for a specific use case. The list of these special countries includes:


• local address: Any IP address that belongs to a local network that would not be visible on the Internet.

An example is 192.168.1.2.

• loopback address: The IP address is only visible within the same computer.

An example is 127.0.0.1.

• link local address: The IPv6 address is only valid on the network link segment.

• multicast address: The IP address is reserved for multicast operations.

• broadcast address: The IP address is reserved for broadcast operations.

• set-up host address: The IP address is used when a network device does not have any valid IP address yet.

Examples are 0.0.0.0 or ::.

• IP 6to4 address/Teredo: These cover special IPv6 IP address ranges for the IPv6 within IPv4 tunnels.

Countries

Geolocation statistics.png

Overview

The main view shows a table with all countries known to the GeoIP database. The table includes the total counters for bytes and packets sent or received from the corresponding country and the current throughput. A history graph is shown using the global resolution interval. The last columns allows for capturing traffic involving only the specific country. Each country name can be clicked to view detailed statistics for only this country.


Country details

The detailed statistics for a country contains an overview graph for the received and sent packets and bytes overtime. The IPs tab shows a table of all IP address identified for the specific country. The IP address can be clicked to reach the IP module page about that IP address. The table contains the alternative names for each IP, which includes all known sources of name lookup such as DNS, DHCP, or HTTP/SSL information. The number of packets and bytes and the history graph is shown for each IP, and there is a capture button to record traffic for the corresponding IP address.

Configuration

Custom local subnets

The button Configure custom local subnets opens a dialog where IPv4 and IPv6 subnets can be added and removed to and from the custom local subnet list. If an IP address matches one of the configured subnets no further country, city or ASN lookup will be performed and the address will be shown as a local address wherever geolocation information is shown. Traffic for such an address will also be accounted as local traffic in the geolocation statistics. Changes to the custom local subnets will only affect new connections. Existing connections will still be accounted towards the country that was determined when the connection was established.


Custom location databases

The button Install custom location databases opens a dialog that can be used to upload user-provided city- and ASN-databases. The database files must be in the MaxMind binary database format (MMDB). It is not required to upload both databases. If only one database is uploaded the default database will be used for the other one.

User-provided databases will only be used after the next restart of the device or after restarting the processing. If any error occurs while loading a user-provided database this error will be reported as an incident when the processing is stared.

The button Reset to default location databases will remove any user-provided geolocation database but the default databases will only be used after the next restart of the device or after restarting the processing.