CODEWITHSUNDEEP
bgp
user1780959
user1780959

Reputation:

IP to ASN mapping algorithm

Is there no easy way to map a given IP adress to the corresponding ASN number? For example:

ping to find out the IP adress:

$ ping www.switch.ch
PING aslan.switch.ch (130.59.108.36) 56(84) bytes of data.

whois lookup for the ASN number:

$ whois -h whois.cymru.com -v 130.59.108.36
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
559     | 130.59.108.36    | 130.59.0.0/16       | CH | ripencc  | 1993-09-22 | SWITCH SWITCH, Swiss Education and Research Network

So the mapping in this case would be 130.59.108.36 (IP)-> 559 (ASN). Easy. But what if I would like to create my own local mapping service with the public available information from the Regional Internet Registries? So, for the above example, it would be this list, right?

ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest

And to find the matching entrie is also not a problem:

ripencc|CH|ipv4|130.59.0.0|65536|19930922|assigned

But how do I get the ASN number from the line above?? How are those two informations linked together?

ripencc|EU|asn|559|1|19930901|allocated

Thanks in advance for a reply!

Upvotes: 10

Views: 13219

Answers (3)

Alok
Alok

Reputation: 3143

I explain how to do this here: https://www.quaxio.com/bgp/ (formerly at https://alokmenghrajani.github.io/bgp/)

It basically involves downloading a dump from a router and then using an efficient data representation to map an IP address to a netmask.

Upvotes: 11

wick
wick

Reputation: 2234

I have made a tool that appends ASNs to HTTP log lines. I explain how to build the database off RIPE raw data and use it with binary search. Also, C code is ready for use. 1.6M look-ups in a few seconds on a regular virtual instance:

https://github.com/psvz/tirexASN

Upvotes: 0

André Keller
André Keller

Reputation: 3199

I'd propose doing this based on MRT dumps collected from an actual BGP speaker.

There is this python library f.e. that can be used to easily parse MRT dumps: http://code.google.com/p/pyasn/

If you're not able to run your own BGP speaker, you can download dumps at http://archive.routeviews.org/

Make sure you checkout their other stuff too. They provide also DNS zonefiles that would enable you to do such lookups using a standard DNS server such as Bind or NSD: http://archive.routeviews.org/dnszones/

I hope that gets you started...

Upvotes: 3

Related Questions