Original Article
Why Mobile Roaming Breaks IP Geolocation and How Prefix Classification Can Fix It | IPinfo.io
How Mobile Roaming Can Break IP Geolocation
We often get asked why a carrier IP geolocates to France one month and the UK the next. The answer: roaming traffic doesn’t follow static geolocation rules.
In July 2025, the IP prefix 139.28.84.0/24 geolocated to France. A few weeks later, the same prefix resolved to the United Kingdom. It’s registered to Telecom North America. None of these locations were necessarily wrong—this is what happens when roaming traffic meets static geolocation.
The Problem
- Roaming IPs can appear domestic, hiding a user’s true location.
- Prefixes may be shared across carriers or reused in different regions.
- Carrier-Grade NAT masks individual users behind shared public IPs.
- eSIM users may route traffic through VPNs or tunneling infrastructure.
All of these make accurate prefix attribution a prerequisite for reliable mobile geolocation.
How Roaming Works
Mobile Network Operators rely on the IP Packet Exchange (IPX) network for roaming.
IPX is a private carrier backbone that routes roaming traffic between Mobile Network Operators. When you roam internationally, your device connects to a visited network, but the traffic doesn’t go through the public internet. Instead, it flows through IPX—a tightly meshed private network operated by IPX Providers (IPX-Ps).
The IPX-P acts as an intermediary, managing peering relationships and enforcing roaming agreements between carriers. Depending on which IPX gateway your traffic exits through, your IP can geolocate to different countries—even if you’re physically in one location.
That’s why roaming prefixes are unstable for geolocation: the exit point depends on the IPX-P’s routing decisions, not your actual location.
There are three main architectures:
Home-Routed (HR): The home network assigns the IP. A German tourist in Spain still gets a German exit IP.
Local Breakout (LBO): The visited network assigns the IP. Traffic geolocates to the visited country but loses association with the home operator.
IPX Hub Breakout (IHBO): A third-party IPX provider assigns the IP based on nearby gateways. Geolocation depends on where that gateway sits.
Knowing which architecture is in play determines whether a prefix’s geolocation is trustworthy or misleading.
What We Found
We classified mobile prefixes globally using ground-truth signals from our mobile app (roaming and eSIM tags added in August 2025) and one month of global cellular observations from radio-monitoring applications.
Results:
- 258 roaming-only IPv4 prefixes are disproportionately likely to cause geolocation errors
- 1,480 “common” prefixes appear in both roaming and non-roaming traffic—where home-routing is most likely
- 303 IPv4 and 47 IPv6 prefixes identified as likely home-routed
- Nearly half (48.5%) of home-routed IPv4 prefixes are /24s—narrowly allocated pools tied to specific operator assignments
- 193 carrier or network operators observed operating in more than one country in a single month
Examples: Vodafone D2 GmbH operates across 10 countries near Germany’s borders. Digicel (Jamaica) Limited appears in 9 Caribbean countries. Domestic roaming also occurs—in India, users roaming between telecom circles see different MNCs despite staying in-country.
What This Means
Roaming-only prefixes are where geolocation breaks down most visibly. Without a roaming flag, any system would confidently assign a wrong location. By identifying which prefixes are roaming-only, which operators span multiple countries, and which roaming architecture is likely in use, we can flag these prefixes so downstream systems treat their geolocation as uncertain rather than authoritative.
Instead of returning a single confident (but wrong) location, systems can surface the uncertainty or fall back to other indicators.