You're viewing an archived page. It is no longer being updated.
RISwhois
IPv4/IPv6 Address to Origin Mapping
RISwhois complements the RIS tools by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs). Given an IPv4 or IPv6 address, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
RISwhois listens to the whois port (port 43) and outputs data in a format very similar to the route objects specified in RPSL. Thus applications which to date consult a routing registry, like whois.ra.net, can easily obtain more accurate IP to AS mappings by contacting the RISwhois server riswhois.ripe.net instead. For example, a study in the context of RIPE NCC's Test Traffic Measurements found 21% of a set of unique IPs unmatched when using the routing registry vs. only 1% unmatched when using RIS data.
Examples (IPv4):
whois -h riswhois.ripe.net 212.3.66.0/24
% This is RIPE NCC's Routing Information Service
% whois gateway to collected BGP Routing Tables
% IPv4 or IPv6 address to origin prefix match
%
% For more information visit http://www.ripe.net/ris/riswhois.html
route: 212.3.64.0/19
origin: AS8900
descr: Global One Hungary Internet and extranet provider network
lastupd-frst: 2004-03-11 19:19Z 193.203.0.7@rrc05
lastupd-last: 2004-03-11 19:19Z 193.203.0.7@rrc05
seen-at: rrc05
num-rispeers: 1
source: RISWHOIS
route: 212.3.66.0/24
origin: AS10282
descr: DIALIP-PR GLOBAL ONE
lastupd-frst: 2004-01-07 18:01Z 212.20.151.234@rrc00
lastupd-last: 2004-03-16 12:53Z 195.69.144.200@rrc03
seen-at: rrc00,rrc01,rrc02,rrc03,rrc04,rrc05,rrc06,rrc07,rrc10
num-rispeers: 41
source: RISWHOIS
The aggregate announcement is only seen on two of the Route Collectors, the more specific, announced by a different AS, is ubiquitous. The lastupd-frst
and lastupd-last
attributes provide information on the first and last "last-update" of the route in the current set of RRC peering sessions; next to the timestamp the IP address of the peer providing the update and the id of the collector are reported. The num-rispeers
field tells by how many of the RIS' peers the prefix was seen.
Example (IPv6):
whois -h riswhois.ripe.net 2001:610:240:0:193:0:0:202
% This is RIPE NCC's Routing Information Service
% whois gateway to collected BGP Routing Tables
% IPv4 or IPv6 address to origin prefix match
%
% For more information visit http://www.ripe.net/ris/riswhois.html
route6: 2001:610::/32
origin: AS1103
descr: SURFNET-NL SURFnet, The Netherlands
lastupd-frst: 2004-02-24 04:24Z 2001:628:4fe::1853@rrc05
lastupd-last: 2004-03-16 15:42Z 2001:628:4fe::5385@rrc05
seen-at: rrc01,rrc03,rrc05,rrc10
num-rispeers: 17
source: RISWHOIS
route6: 2001:610:240::/42
origin: AS3333
descr: RIPE-NCC-AS RIPE NCC
lastupd-frst: 2004-02-26 18:17Z 2001:7f8:4::cb9:1@rrc01
lastupd-last: 2004-03-16 15:42Z 2001:628:4fe::3257@rrc05
seen-at: rrc01,rrc03,rrc05,rrc10
num-rispeers: 7
source: RISWHOIS
RIPE NCC has been allocated a /42 by SURFnet and announces this at AMS-IX. Some of the NCC's peers propagate the prefix and RIS route collectors pick it up at LINX (London, rrc01), VIX (Vienna, rrc05) and MIX (Milan, rrc10).
Options
With a RIPE whois client (e.g ftp://ftp.ripe.net/tools/ripe-whois-latest.tar.gz) it is possible to pass options to RISwhois on the command line:
-M |
most specific match only |
-L |
report all matches, including less specific (default) |
-F |
short fast output, prefix and AS on one line |
-k |
request persistent connection (useful for bulk queries) |
Alternatively, one can use netcat to connect to the server and put the option (seperated by a space) in front of the address query.
Data source
The special keyword sources will show which RIB dumps (date & time in RFC 3339 format) from which RRCs are currently loaded into RISwhois.
whois -h riswhois.ripe.net sources
% This is RIPE NCC's Routing Information Service
% whois gateway to collected BGP Routing Tables
% IPv4 or IPv6 address to origin prefix match
%
% For more information visit http://www.ripe.net/ris/riswhois.html
rrc00 20040316 1600Z
rrc01 20040316 1600Z
rrc02 20040316 1600Z
rrc03 20040316 1600Z
rrc04 20040316 1600Z
rrc05 20040316 1600Z
rrc06 20040316 1600Z
rrc07 20040316 1600Z
rrc08 20040316 1600Z
rrc10 20040316 1600Z
Under normal circumstances the data are refreshed every 8 hours, with zero downtime for the users.