IP Geo localization setup

Back

LBL IP Geo Localization is a service available at the level of balance and routing to locate the origins of the requests through the IP addressing.

The service is divided into two elements such as the Downloader of the topography of the routes of global routing used by the balancing service.

The tables of the topography of IP addressing must be periodically updated as their distribution or reassignment.

A good frequency ratio to update the tables and about 30 calendar days.

This document is related to only one configuration of the service of downloading and usage of filter rules of component of balance and routing. For the installation of the Monitor components refer to the installation documents LBL_Platform_Installation.pdf and LBL_StandardEnterprise_Installation.pdf.

Introduction

The periodic updating of the tables of the topography IP world, LBL  IP Geo Localization Downloader, is a service provided by the subscription of maintenance of the components LBL. At the time of the subscription or renewal of the maintenance will be distributed the login and password to access the service to update the repository.

Downloader: A01_LBLIPGeolocalizationDownloader

In every distribution LBL now available a new process that allows you to update the repository of the topography IP world with regular periods.

It is possible to access the configuration of the service through LBL Management Console to process A01_LBLIPGeolocalizationDownloader as indicated by the image below. The process A01_LBLIPGeolocalizationDownloader is the process that supervises the timed download of updated repository.

Setup: A01_LBLIPGeolocalizationDownloader


The setup of the process is very simple because preconfigured at the factory. From the context menu, right-click in the shaft of the processes and choice Properties, you can access the service configuration file.

Once you have selected Properties in the right pane will be loaded the descriptors of the configuration.

The service of setting offers the three panels for the general configuration of the process panel (iplocalizationdownloader) for setting the parameters specific to the service:

Go to the panel ” iplocalizationdownloader” for the setup of the process:

The first parameter,¬†downloaddir, specifies the final position of download/the repository file. The default location is the directory where¬†LBL¬ģLoadBalancer¬†expects to find the file of the geo location.

The second parameter, iplocalozationfilename, is the name that will take the file repository after its complete are measured through accurate.

The downloadurl## your activation key is parameter indicates the download URL of the repository file. The parameter is preset with the download URL from the site TCOProject but can be changed to centralize the download at the level of datacenter.

The parameters user and password  must be set with the corresponding values issued by TCOProject from the signing of the maintenance contract. These values are used to access the update service repository file.

The parameter filemaxsize serves to limit the maximum size of the download file to avoid any interference with the run-time.

If the download system must pass through a proxy to get to the download service TCOProject you must set proxyaddress, proxyPort and if require authentication, even proxyuser and proxyPassword property to.

The parameter expiredays indicates the frequency of download the new versions. At the time of writing this document a frequency of 30 days and more than sufficient to ensure a good update of the repository.

Keepgzip if set to true allows you to download, check the contents and then re-generate in the local files in gzip format ( … .gep.gz ). This parameter in a datacenter with many instances of balance serves to centralize the download in a single internal repository and then make it available locally.

Setup IP filters Geo Localization

The filter setting of geo localization in the processes of balancing and routing is obtainable through the application of simple rules to rewrite in the configuration file iproxy.xml processes of balancing and routing in paragraph <rewritemanagement>.

In the example below was set a rule name “LBL_IPGEOLOC_FILTER” predisposed to accept¬†IP addresses from Italy, France and Great Britain.

The definition of the country and in ISO format 3166 encoded in two letters.

You can also indicate with ” ..” addresses that do not have a match in the repository. This indication is very useful as the association address/country is not 100% accurate and is in continuous evolution. With ” ..” we assured that an address, not found in the repository, both considered valid by allowing you to deliver the service. In the example below the ” ..” are escaped backslash ” \ . \ .” to be used by the engine of regular expressions.

With country “ZZ” and you can indicate the addresses reserved IETF. For reserved addresses IETF are including, for example, the localhost: IPv4 127.0.0.1 ; IPv6 [ : :1].¬†(At the time of writing this document: RFC 1918, 1700, 3330, 3068, 2544, 3171 and subsequent amendments)

< !--- This rules filter the incoming IP addres for country been (ISO 3166 2-letter code)- You can filter for white, eval= "NOT" or black list, without eval properties features.- ZZ code identified IETF reserved addresses- ... code identified address not found or not initialized DB (address not found in the Country DB)- -->

<rewriteheaderrule enable="true" flow="REQUEST" name ="LBL_IPGEOLOC_FILTER"> <conditions

operator=" AND ">

<Cond from="INNERVAR" name ="REQUEST_INCOMING_COUNTRY" eval=" NOT">

<Regextag>^ \ . \ . |z|IT|FR|GB< /regextag>

< /Cond>

< /Conditions> <redirectto

redirecturl="http://www.tcoproject.com/" responsecode="302" />

< /rewriteheaderrule>

 

It is possible to interrogate the provenance of the IP by the variable reserved “REQUEST_INCOMING_COUNTRY”. The modifier¬†eval¬†allows you to perform the filter in white or black lists. In this case, the eval¬†=” NOT”, the filter is arranged in white list, i.e. if you do not check the condition is controlled a redirectto .¬†www.tcoproject.com

Using rules rewrite and you can exploit all the expressiveness made available by rewriter of LBL LoadBalancer.

In the rule below, for example, was added a further condition in AND to allow the input of all the addresses from Italy, France, Britain but also from localhost and all addresses beginning with 192.168.4 .

In other cases LBL will command to the browser a redirect to . www.tcoproject.com

< !--- Only addresses for: IT;FR;GB and 127.0.0.1 and 192.168.4 * - -- > <rewriteheaderrule
enable="true" flow="REQUEST" name ="LBL_IPGEOLOC_FILTER">
<Conditions operator=" AND">
<Cond from="INNERVAR" name ="REQUEST_INCOMING_COUNTRY" eval=" NOT">
<Regextag>^EN|FR|GB< /regextag>
< /Cond>
<Cond from="INNERVAR" name ="REQUEST_INCOMING_ADDRESS" eval=" NOT">
<Regextag>^ 127 \.0 \.0 \.1 | 192 \.168 \.4< /regextag>
< /Cond>
< /Conditions>
<Redirectto redirecturl="http://www.tcoproject.com/" responsecode="302" />
< /rewriteheaderrule>

 

As for the other rules of rewrite once defined to be applied must be associate them to the affected streams. The association is the same as for the other rules by setting a level of <endpointsgrouping> or < virtualdomain> up to the group of endpoint ( <endp>) parameter rewriteheaderrules.

<Endpointsgrouping enable="true" rewriteheaderrules="LBL_IPGEOLOC_FILTER">
<Virtualdomain enable="true">
<Endp address="192.168.45.109" port ="8181" uripath="" enable= "true" />
<Endp address="192.168.45.110" port ="8181" uripath="" enable= "true" />
< /Virtualdomain>
< /endpointsgrouping>