Avi Load Balancer includes a geolocation database for identifying the origin of clients.

This is a fixed database based on the MaxMind IP-Country and IP-ASN data. The database is maintained on the Controllers and incorporates database updates when the Controllers are upgraded.

Usage

The geolocation data is used in many locations, including:

  • Client Logs

  • Policies, such as allowlists or denylists

  • Client Insights

  • Security Page DDoS Attacks

  • Tier 2 Objects, such as cache, compression, or logging eligibility



Note:

Client IP is subject to the option Use_True_Client_IP. Client IP might be equal to source IP from layer-3 header or the fetched IP from user-defined HTTP header.

There are various files within System-GeoDB as part of Geo DB implementation. For more granular control, you can use Geo dB in HTTP policies, network policies, and so on. For instance, in the region, there will be on city level instead of only on the country level.

The following are the file objects located in /var/lib/avi/geo_db/admin:

File Objects

Description

Version

System-LocationDB-File

Region, City, Latitude, Longitude

IPv4

System-CountryDB-File

Country, Continent Code, Name

IPv4

System_ISPDB-File

AS number, Name, ISP, Organization Name

IPv4

System-LocationDB_v6-File

IPv6

System-CountryDB_v6-File

IPv6

System-ISPDB_v6-File

IPv6
In these geo DB files, each supported column header is defined as a value of the GeoMappingAttribute that can be further used in the policies.

Example

The following is the snippet of System-CountryDB-File:



Country Code is defined as ATTRIBUTE_COUNTRY_CODE. Similarly, ISP Name in System_ISPDB-File can be referenced as ATTRIBUTE_ISP_NAME, and so on. These can be further used in policies as follows:



This is an example of an HTTP security policy.

Custom Geo DB Files

Along with the files mentioned above, the custom Geo DB files are supported for private IP addresses or other use cases. The Custom Geo DB files must follow one of the formats/ syntaxes shown as follows:

  • IP/prefix;ISP Name;Country Code;AS Number;Region Name;Custom 1;Custom 2​10.120.145.150/32;MYISP;US;100;Bangalore;user1;IT​

  • IP/prefix;Custom 1;5.5.5.10/24;SomeData

  • IP/prefix;Custom 1;Custom 2;Custom 3;Custom 4;Custom 5;Custom 6;Custom 7;Custom 8;Custom 9​10.120.145.150/32;Large;Number;Of;Custom;Columns;And;We;Support;It

Custom file can be uploaded in /var/lib/avi/other_files/<username>​ location using any application commands. The following is an instance of curl command,

curl -k --user <username> --location 'https://<controller-IP>/api/fileobject/upload' --header 'X-Avi-Version: 21.1.1' -F type=GEO_DB -F compressed=true -F 'file=@<path of the file>'
Note:

  • The argument -F type=GEO_DB specifies the filetype and is a mandatory field.

  • If the file is compressed with gzip (and therefore has the extension .csv.gz), then the additional argument -F compressed=true is required. If the file is not compressed, for instance, extension .csv, the argument -F compressed=true must be omitted.

User-defined Mapping

The grouping feature maps multiple Geo values to a single result. You can use it to group similar entities in a bucket and then reference it in policies or DataScript.

Example

You can map all APAC countries and do a match on “APAC mapping” in Security policy or group Embargo countries, and so on.



The following is the CLI example for Match option in HTTP Security Policy: