|
|
 |
[ncc-services-wg] New service: ip2asn
- Date: Wed, 10 Sep 2003 10:19:22 +0200
Another new service I'd like to discuss is the TTM ip2asn service
as presented at RIPE-46:
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-tt-as-traceroutes.pdf
I know of 4 other methods for doing ip2asn conversions (permission received
from each to supply this info):
--------------------------------------
From: robt@localhost
We have one that is somewhat quick and really very dirty. :) I've
shared it with a few folks, so I'll share it with the full list now.
It depends on the Perl Cisco Telnet module and access to a BGP-savvy
router. You will find it at the following URL:
<http://www.cymru.com/Tools/getorgasn2.pl>
It's not pretty, but it works. Feel free to modify it as you see
fit, and you may share it with anyone. Comments welcome!
Thanks,
Rob, for Team Cymru.
--
Rob Thomas
--------------------------------------
From: j.green@localhost
First you need a source of routing information
(http://archive.routeviews.org/)
This then needs to be parsed. I either use parse_bgp_dump from CAIDA
(and run "'sh ip bgp' format RIBs" through it), or use
http://www.bugged.org/download/misc/bgpparser.c (after tweaking the
defines to extract the correct fields) and pass "MRT format RIBs"
through it. CAIDA merges multipleorigins into a generic entry, whereas
bgpparser creates multiple entries.
Either way you want a file with
a.b.c.d/e AS
...
a.b.c.d/e AS
Then use something like Net::Patricia to lookup the AS for an IP
address. The only slow thing seems to be reading in the file into
memory (I guess you could daemonise it, or use a more parse efficient
storage format it this matters).
There is some scripts from a while back at
http://kaizo.us/girona/bgp/
bgpparse.tar is the relevant bits out of CAIDA's larger package.
aslookup.pl is very simple perl script
route-table is a parsed version of the data from routeviews from June.
Hope this helps
John
JANET-CERT
-------------------------------------------
From: joe@localhost
Because a number of people have expressed an interest in
an IP->ASN DNS zone, if you're interested, the Routeviews project
now has a test/static asn zone up that you can try, e.g.:
% dig @archive.routeviews.org 13.142.223.128.asn.routeviews.org txt
[snip]
;; ANSWER SECTION:
13.142.223.128.asn.routeviews.org. 86400 IN TXT "3582"
[snip]
% dig @archive.routeviews.org 109.131.229.169.asn.routeviews.org txt
[snip]
;; ANSWER SECTION:
109.131.229.169.asn.routeviews.org. 86400 IN TXT "25"
[snip]
That was the original format. It now works as follows:
% host -t txt 35.32.223.128.asn.routeviews.org
35.32.223.128.asn.routeviews.org text "3582" "128.223.0.0" "16"
In addition to being able to get the stub ASN, a second zone will also
let you get the AS path associated with a specific dotted quad.
For example:
% host -t txt 122.3.15.66.aspath.routeviews.org
122.3.15.66.aspath.routeviews.org text "2497 3356 1 189" "66.15.3.0" "24"
122.3.15.66.aspath.routeviews.org text "2497 3356 1" "66.15.0.0" "17"
In parsing what's returned, be sure to plan to accomodate the possibility
that you may get multiple records returned for a single query.
Thanks,
Joe St Sauver (joe@localhost)
University of Oregon Computing Center
-----------------------------------------------
From: gillsr@localhost
www.qorbit.net/code/ip2asn-v1.1.tar.gz
ip2asn-coral.pl - very fast, uses Caida's Coral Reef package, requires
route table dump. Initial load takes a bit to read route-file.
ip2asn-server.pl - slower, requires a route-server, preferably one that
supports 'show ip bgp $ip/32 shorter' syntax.
---------------------------------------------
Can the RIPE NCC TTM group explain why such a service is needed when
there are other packages available that do similar things?
Slide #2 seems to state that you want a traceroute that includes the
ASN. Slide #14 states "RIPE-NCC will set up an IP-AS mapping service
with something like "traceroute -A". How will this be different than
a standard traceroute from any Cisco router:
TAU-gp1#trace www.cisco.com
Translating "www.cisco.com"...domain server (128.139.6.1) [OK]
Type escape sequence to abort.
Tracing the route to www.cisco.com (198.133.219.25)
1 iucc.il1.il.geant.net (62.40.103.225) [AS 20965] 0 msec 0 msec 0 msec
2 il.nl1.nl.geant.net (62.40.96.117) [AS 20965] 68 msec 64 msec 68 msec
3 nl.de1.de.geant.net (62.40.96.101) [AS 20965] 72 msec 72 msec 72 msec
4 so-7-0-0.ar2.FRA2.gblx.net (208.48.23.145) [AS 3549] 72 msec 72 msec
72 msec
5 pos5-0-2488M.cr2.FRA2.gblx.net (67.17.65.53) [AS 3549] 72 msec 72 msec
72 msec
6 so0-0-0-2488M.cr2.LON3.gblx.net (67.17.64.38) [AS 3549] 84 msec 80
msec 80 msec
7 so7-0-0-2488M.ar2.LON3.gblx.net (67.17.66.30) [AS 3549] 88 msec 84
msec 80 msec
8 sl-bb21-lon-1-3.sprintlink.net (213.206.131.25) [AS 1239] 88 msec 88
msec 88 msec
9 sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69) [AS 1239] 164 msec 164
msec 164 msec
10 sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132) [AS 1239] 164 msec
164 msec 168 msec
11 sl-bb21-rly-15-1.sprintlink.net (144.232.20.120) [AS 1239] 168 msec
172 msec 164 msec
12 sl-bb23-rly-11-0.sprintlink.net (144.232.14.134) [AS 1239] 164 msec
176 msec 168 msec
13 sl-bb20-rly-9-0.sprintlink.net (144.232.14.117) [AS 1239] 176 msec 168
msec 172 msec
14 sl-bb25-sj-5-3.sprintlink.net (144.232.20.57) [AS 1239] 296 msec 228
msec 228 msec
15 sl-gw11-sj-10-0.sprintlink.net (144.232.3.134) [AS 1239] 232 msec 228
msec 232 msec
16 sl-ciscopsn2-11-0-0.sprintlink.net (144.228.44.14) [AS 1239] 220 msec
220 msec 224 msec
17 sjce-dirty-gw1.cisco.com (128.107.239.89) [AS 109] 228 msec 224 msec
224 msec
18 sjck-sdf-ciod-gw2.cisco.com (128.107.239.102) [AS 109] 228 msec 228
msec 228 msec
19 *
www.cisco.com (198.133.219.25) [AS 109] 236 msec *
Thanks,
Hank
|
|
|
|
