[ncc-services-wg] RE: New service: ip2asn
- Date: Wed, 10 Sep 2003 09:35:43 -0500
Hi Hank,
Just a quick word of clarification on the AS scripts:
1. getorgasn2.pl is included inside ip2asn-v1.1.tar.gz. The AS
conversion scripts include an ONLINE (route-server) and an OFFLINE (bgp
table dump) version. There are three scripts in the tar.gz.
2. RE: the e-mail From: j.green@localhost, one of the scripts above
does exactly this using Caida's CoralReef package.
3. RE: Slide #2, lft is a traceroute program for windows/unix that does
exactly this: maps IPs to AS numbers. You can download it here:
http://www.mainnerve.com/lft/
Ex:
su-2.05b# lft -A 4.2.2.1
Tracing
_____________________________________________________________________.
TTL LFT trace to vnsc-pri.sys.gtei.net (4.2.2.1):80/tcp
1 [AS5102] gw-sbc.as23028.net (68.22.187.1) 20.4ms
2 [AS5102] 65.42.139.41 20.0ms
3 [AS5102] bb2-g5-0.chcgil.ameritech.net (67.38.101.116) 19.6ms
4 [ASN?] sl-gw38-chi-13-0.sprintlink.net (160.81.109.237) 19.7ms
5 [AS1239] sl-bb20-chi-4-0.sprintlink.net (144.232.26.129) 19.5ms
6 [AS1239] sl-bb21-chi-8-0.sprintlink.net (144.232.26.78) 59.6ms
7 [AS1239] sl-st20-chi-15-1.sprintlink.net (144.232.20.80) 19.4ms
8 [AS3356] so-2-1-0.edge1.Chicago1.Level3.net (209.0.225.21) 20.0ms
9 [AS3356] so-2-1-0.bbr1.Chicago1.level3.net (209.244.8.9) 20.0ms
10 [AS3356] so-1-0-0.bbr1.Atlanta1.level3.net (209.247.9.106) 40.4ms
11 [AS3356] pos8-0.hsa1.Atlanta1.Level3.net (209.247.9.166) 40.4ms
12 [AS3356] vlan521.public-msf1.Atlanta2.Level3.net (67.72.92.18)
40.4ms
** [neglected] no reply packets received from TTLs 13 through 25
26 [prohibited] [AS3356] vlan521.public-msf1.Atlanta2.Level3.net
(67.72.92.18) 40.4/*ms
Cheers,
-- steve
-----Original Message-----
From: Hank Nussbacher [ ]
Sent: Wednesday, September 10, 2003 3:19 AM
Cc: robt@localhost j.green@localhost joe@localhost
gillsr@localhost
Subject: New service: ip2asn
Another new service I'd like to discuss is the TTM ip2asn service
as presented at RIPE-46:
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-tt-as-tra
ceroutes.pdf
I know of 4 other methods for doing ip2asn conversions (permission
received
from each to supply this info):
--------------------------------------
From: robt@localhost
We have one that is somewhat quick and really very dirty. :) I've
shared it with a few folks, so I'll share it with the full list now.
It depends on the Perl Cisco Telnet module and access to a BGP-savvy
router. You will find it at the following URL:
<http://www.cymru.com/Tools/getorgasn2.pl>
It's not pretty, but it works. Feel free to modify it as you see
fit, and you may share it with anyone. Comments welcome!
Thanks,
Rob, for Team Cymru.
--
Rob Thomas
--------------------------------------
From: j.green@localhost
First you need a source of routing information
(http://archive.routeviews.org/)
This then needs to be parsed. I either use parse_bgp_dump from CAIDA
(and run "'sh ip bgp' format RIBs" through it), or use
http://www.bugged.org/download/misc/bgpparser.c (after tweaking the
defines to extract the correct fields) and pass "MRT format RIBs"
through it. CAIDA merges multipleorigins into a generic entry, whereas
bgpparser creates multiple entries.
Either way you want a file with
a.b.c.d/e AS
...
a.b.c.d/e AS
Then use something like Net::Patricia to lookup the AS for an IP
address. The only slow thing seems to be reading in the file into
memory (I guess you could daemonise it, or use a more parse efficient
storage format it this matters).
There is some scripts from a while back at
http://kaizo.us/girona/bgp/
bgpparse.tar is the relevant bits out of CAIDA's larger package.
aslookup.pl is very simple perl script
route-table is a parsed version of the data from routeviews from June.
Hope this helps
John
JANET-CERT
-------------------------------------------
From: joe@localhost
Because a number of people have expressed an interest in
an IP->ASN DNS zone, if you're interested, the Routeviews project
now has a test/static asn zone up that you can try, e.g.:
% dig @archive.routeviews.org 13.142.223.128.asn.routeviews.org txt
[snip]
;; ANSWER SECTION:
13.142.223.128.asn.routeviews.org. 86400 IN TXT "3582"
[snip]
% dig @archive.routeviews.org 109.131.229.169.asn.routeviews.org txt
[snip]
;; ANSWER SECTION:
109.131.229.169.asn.routeviews.org. 86400 IN TXT "25"
[snip]
That was the original format. It now works as follows:
% host -t txt 35.32.223.128.asn.routeviews.org
35.32.223.128.asn.routeviews.org text "3582" "128.223.0.0" "16"
In addition to being able to get the stub ASN, a second zone will also
let you get the AS path associated with a specific dotted quad.
For example:
% host -t txt 122.3.15.66.aspath.routeviews.org
122.3.15.66.aspath.routeviews.org text "2497 3356 1 189" "66.15.3.0"
"24"
122.3.15.66.aspath.routeviews.org text "2497 3356 1" "66.15.0.0" "17"
In parsing what's returned, be sure to plan to accomodate the
possibility
that you may get multiple records returned for a single query.
Thanks,
Joe St Sauver (joe@localhost)
University of Oregon Computing Center
-----------------------------------------------
From: gillsr@localhost
www.qorbit.net/code/ip2asn-v1.1.tar.gz
ip2asn-coral.pl - very fast, uses Caida's Coral Reef package, requires
route table dump. Initial load takes a bit to read route-file.
ip2asn-server.pl - slower, requires a route-server, preferably one that
supports 'show ip bgp $ip/32 shorter' syntax.
---------------------------------------------
Can the RIPE NCC TTM group explain why such a service is needed when
there are other packages available that do similar things?
Slide #2 seems to state that you want a traceroute that includes the
ASN. Slide #14 states "RIPE-NCC will set up an IP-AS mapping service
with something like "traceroute -A". How will this be different than
a standard traceroute from any Cisco router:
TAU-gp1#trace www.cisco.com
Translating "www.cisco.com"...domain server (128.139.6.1) [OK]
Type escape sequence to abort.
Tracing the route to www.cisco.com (198.133.219.25)
1 iucc.il1.il.geant.net (62.40.103.225) [AS 20965] 0 msec 0 msec 0
msec
2 il.nl1.nl.geant.net (62.40.96.117) [AS 20965] 68 msec 64 msec 68
msec
3 nl.de1.de.geant.net (62.40.96.101) [AS 20965] 72 msec 72 msec 72
msec
4 so-7-0-0.ar2.FRA2.gblx.net (208.48.23.145) [AS 3549] 72 msec 72
msec
72 msec
5 pos5-0-2488M.cr2.FRA2.gblx.net (67.17.65.53) [AS 3549] 72 msec 72
msec
72 msec
6 so0-0-0-2488M.cr2.LON3.gblx.net (67.17.64.38) [AS 3549] 84 msec 80
msec 80 msec
7 so7-0-0-2488M.ar2.LON3.gblx.net (67.17.66.30) [AS 3549] 88 msec 84
msec 80 msec
8 sl-bb21-lon-1-3.sprintlink.net (213.206.131.25) [AS 1239] 88 msec
88
msec 88 msec
9 sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69) [AS 1239] 164 msec
164
msec 164 msec
10 sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132) [AS 1239] 164 msec
164 msec 168 msec
11 sl-bb21-rly-15-1.sprintlink.net (144.232.20.120) [AS 1239] 168 msec
172 msec 164 msec
12 sl-bb23-rly-11-0.sprintlink.net (144.232.14.134) [AS 1239] 164 msec
176 msec 168 msec
13 sl-bb20-rly-9-0.sprintlink.net (144.232.14.117) [AS 1239] 176 msec
168
msec 172 msec
14 sl-bb25-sj-5-3.sprintlink.net (144.232.20.57) [AS 1239] 296 msec
228
msec 228 msec
15 sl-gw11-sj-10-0.sprintlink.net (144.232.3.134) [AS 1239] 232 msec
228
msec 232 msec
16 sl-ciscopsn2-11-0-0.sprintlink.net (144.228.44.14) [AS 1239] 220
msec
220 msec 224 msec
17 sjce-dirty-gw1.cisco.com (128.107.239.89) [AS 109] 228 msec 224
msec
224 msec
18 sjck-sdf-ciod-gw2.cisco.com (128.107.239.102) [AS 109] 228 msec 228
msec 228 msec
19 *
www.cisco.com (198.133.219.25) [AS 109] 236 msec *
Thanks,
Hank
|
you are here: RIPE -> RIPE Maillists > Archives
