The Next Generation IP Geolocation Service: Patented Precision from BigDataCloud

Updated: 29 July 2025

This is part 2 of a two-part series. Part 1, IP Geolocation Demystified, covers how IP geolocation works, the methodologies used by traditional providers, and the inherent limitations of each approach. This post explains how BigDataCloud's patented technology addresses those limitations.

Why traditional IP geolocation falls short

Most IP geolocation providers build their databases from a combination of WHOIS registration records, user-submitted data, and reverse DNS lookups. These sources share a fundamental problem: they tell you where an IP address is registered, not where it is actively being used. An ISP headquartered in Sydney may register its IP allocations with a Sydney address, but those IPs could serve customers in Perth, Brisbane, or internationally. The registration address and the operational location are often different things.

Some providers supplement this with latency-based triangulation — sending probes to target IPs and estimating location from round-trip times. This approach has well-documented problems: network congestion, asymmetric routing, and the fact that most IPs behind NAT or carrier-grade NAT don't respond to probes at all. The IPs that do respond tend to be routers and servers, not the end-user devices that matter most for geolocation.

The result is that traditional providers are fundamentally estimating the wrong thing: they're locating infrastructure rather than active usage areas.

A different approach: mapping the routing fabric

BigDataCloud's patented technology (US Patent No. 11,792,110 B2) takes a different starting point. Rather than asking "where is this IP registered?" or "how far away does it seem based on latency?", we ask: "which router is responsible for delivering traffic to this IP address, and what geographic area does that router serve?"

To understand why this matters, consider how internet routing actually works. The internet is a hierarchical network of Autonomous Systems (ASes) — organisations that each manage a portion of the global IP address space. When a device makes a connection, data packets travel through a chain of routers across multiple ASes until they reach the final router closest to the destination. That final router — the access or aggregation router — is the one that actually delivers traffic to the end device.

The key insight is this: if you can identify which router is responsible for delivering traffic to a given IP address, and you know the geographic service area that router covers, you have a reliable basis for determining where that IP is in use. Not where it's registered. Not how far away it appears to be. Where it actually operates.

The postal analogy

A useful way to think about this is the postal system. When you send a parcel from Norwood, South Australia to Denver, Colorado, it passes through a series of sorting hubs — local, regional, national, international — before arriving at the Denver post office for final delivery. If you know which post office made the final delivery, you know the parcel's destination is within that post office's service area, even without knowing the exact street address.

The internet works the same way. Routers are the sorting hubs. ASes are like countries or states. The final router — the one that delivers traffic to the end device — defines the geographic service area within which the IP address is operating.

How our patented process works

Our system continuously maps the entire routable IPv4 and IPv6 address space. Here is what that involves:

1. Non-intrusive discovery — We systematically identify all public routing paths worldwide without disrupting any networks. This gives us a complete, current map of the internet's routing infrastructure.
2. Router interface classification — Every detected router interface is recorded and classified by its role: access router (delivers directly to end users), core router (moves traffic within an AS), or edge/border router (manages traffic between ASes). This classification is essential because only access routers are relevant to locating end-user traffic.
3. Service area estimation — Using a curated set of IP addresses with independently verified locations (our ground truth dataset), we calculate the actual geographic coverage area for each access router. This is not a static database — it is recalculated continuously as network topology changes.
4. IP address location prediction — For any given IP address, we identify the access router responsible for its traffic and assign the location based on that router's verified service area. The result is a location grounded in how the network actually delivers traffic, not how it is registered.
5. Confidence reporting — We report not just a location but a confidence indicator and, where applicable, a confidence area polygon — the boundary of the geographic region within which the IP is likely operating. This gives users a clear signal of how much to trust any given result, rather than presenting every result as equally reliable.

What this means for accuracy

Because our locations are derived from the actual routing structure of the internet, they reflect operational reality rather than administrative records. When an ISP deploys IP addresses to customers in a new city, our system detects this through changes in routing behaviour and updates accordingly. We don't wait for the ISP to update their WHOIS records, and we don't rely on users submitting corrections.

Our Daily IP Geolocation Accuracy Report publishes independently verifiable accuracy figures across different network types and regions. We are the only provider that does this on a daily basis. We believe accuracy claims should be backed by evidence you can check, not marketing assertions.

Continuously updated

The internet's routing infrastructure changes constantly — ASes expand, contract, and reorganise; BGP routes are updated; new infrastructure is deployed. Our system re-scans and recalculates continuously, with geolocation data typically refreshed every two hours. This is significantly more frequent than providers relying on periodic database snapshots.

Real-world applications

The practical implications of more accurate, operationally-grounded IP geolocation are broad:

• Fraud detection and risk scoring — Detecting when a transaction originates from a geographic location inconsistent with the account history, or from infrastructure rather than a genuine residential user.
• Content localisation and compliance — Serving region-appropriate content, pricing, and regulatory disclosures based on where users actually are, not where their provider is registered.
• Cybersecurity — Identifying anomalous routing behaviour, unexpected geographic shifts in traffic origin, or traffic routing through hosting infrastructure rather than residential networks.
• Analytics — Understanding the real geographic distribution of your audience rather than the geographic distribution of ISP registration addresses.

For implementation details, see the IP Address Geolocation API and the IP Address Geolocation with Confidence Area API. To get started, read the getting started guide or create a free account.