Does an IP geolocation really show the physical location or it can be virtually "moved" from one country to another?

Question

I am working with a CDN company in Chile, but one of the IP addresses of their host(s) is 23.51.154.137, and is located in Cambridge, Massachusetts, United States, according to the information obtained from ipinfo.io.

But the person works for this company swear this IP is located in somewhere Chile. Is that true? An public IP address like this can be "migrated"? From my understanding, an internet name can be at any place, but not IP address. Am I right?

Thank you very much for your time, any suggestion will be helpful.

Answer 1

An organization can be headquartered in one country and receive an IP address block allocation from that nation's overarching continental Registry but is free to host the network on any router(s) it controls anywhere in the world, provided that the router(s) have a peering relationship with at least one carrier/exchange and that the address block meets their minimum prefix length policy to permit advertisement to the global RIB.

In this case, the organization is Akamai (headquartered in Cambridge), who "owns" many IP blocks from American registry "ARIN", including the IP in question. That's why ipinfo.io says the IP is in Cambridge but that is a very lazy guess on their part. Registries only really track who controls an IP, not where the IP is actually hosted.

A more intensive method to geolocate an IP is by running the traceroute command against it:

$ traceroute 23.51.154.137
5:  agg26.tustcaft01r.socal.rr.com                       24.411ms 
6:  bu-ether16.tustca4200w-bcr00.tbone.rr.com            22.242ms 
7:  bu-ether16.dllstx976iw-bcr00.tbone.rr.com            58.393ms asymm  9 
8:  0.ae0.pr1.dfw10.tbone.rr.com                         70.256ms 
9:  66.109.9.158                                         54.039ms 
10:  xe9-0-5-0-grtmiabr1.net.telefonicaglobalsolutions.com  94.483ms 
11:  et2-1-0-0-grtvapem2.net.telefonicaglobalsolutions.com 382.849ms 
12:  a23-51-154-137.deploy.static.akamaitechnologies.com 174.550ms reached

Without giving my own location away from the first hops of the output, you can decipher the location names in the reverse PTR hostnames of each hop's IP to try and deduce the path the ICMP trace packets hit along the way to the target Akamai IP.

• 5: my ISP's aggregation node in Tustin, California
• 7,8: ISP's "backbone" (internal transit) through Dallas, Texas
• 10: "grtmiabr1": MIA == Miami International Airport
• 11: "grtvapem2": VAP == airport code for Valpraiso, Chile

So we have a fairly solid lead that the IP is indeed in Chile, possibly hosted by Telefonica who is reselling Akamai's CDN service as a "partner".

This method doesn't always work. Many carriers do not nicely label their IPs with PTR names that are meaningful (cities & airport codes), many networks' devices don't even answer to ICMP probes.

The moral of the story is that geolocating IPs is not an exact science, but scientific collection, aggregation & analysis of multiple sources of internet topology data (namely, Routing data) can give more accurate answers. It looks like the ipinfo.io search doesn't really do this.

Answer 2

Yes they can use some third party like OpenVPN to change the IP address to other country. You can go to this link: https://openvpn.net/