Hi Hank, Just a quick word of clarification on the AS scripts: 1. getorgasn2.pl is included inside ip2asn-v1.1.tar.gz. The AS conversion scripts include an ONLINE (route-server) and an OFFLINE (bgp table dump) version. There are three scripts in the tar.gz. 2. RE: the e-mail From: j.green@ukerna.ac.uk, one of the scripts above does exactly this using Caida's CoralReef package. 3. RE: Slide #2, lft is a traceroute program for windows/unix that does exactly this: maps IPs to AS numbers. You can download it here: http://www.mainnerve.com/lft/ Ex: su-2.05b# lft -A 4.2.2.1 Tracing _____________________________________________________________________. TTL LFT trace to vnsc-pri.sys.gtei.net (4.2.2.1):80/tcp 1 [AS5102] gw-sbc.as23028.net (68.22.187.1) 20.4ms 2 [AS5102] 65.42.139.41 20.0ms 3 [AS5102] bb2-g5-0.chcgil.ameritech.net (67.38.101.116) 19.6ms 4 [ASN?] sl-gw38-chi-13-0.sprintlink.net (160.81.109.237) 19.7ms 5 [AS1239] sl-bb20-chi-4-0.sprintlink.net (144.232.26.129) 19.5ms 6 [AS1239] sl-bb21-chi-8-0.sprintlink.net (144.232.26.78) 59.6ms 7 [AS1239] sl-st20-chi-15-1.sprintlink.net (144.232.20.80) 19.4ms 8 [AS3356] so-2-1-0.edge1.Chicago1.Level3.net (209.0.225.21) 20.0ms 9 [AS3356] so-2-1-0.bbr1.Chicago1.level3.net (209.244.8.9) 20.0ms 10 [AS3356] so-1-0-0.bbr1.Atlanta1.level3.net (209.247.9.106) 40.4ms 11 [AS3356] pos8-0.hsa1.Atlanta1.Level3.net (209.247.9.166) 40.4ms 12 [AS3356] vlan521.public-msf1.Atlanta2.Level3.net (67.72.92.18) 40.4ms ** [neglected] no reply packets received from TTLs 13 through 25 26 [prohibited] [AS3356] vlan521.public-msf1.Atlanta2.Level3.net (67.72.92.18) 40.4/*ms Cheers, -- steve -----Original Message----- From: Hank Nussbacher [mailto:hank@att.net.il] Sent: Wednesday, September 10, 2003 3:19 AM To: ncc-services-wg@ripe.net Cc: robt@cymru.com; j.green@ukerna.ac.uk; joe@oregon.uoregon.edu; gillsr@yahoo.com Subject: New service: ip2asn Another new service I'd like to discuss is the TTM ip2asn service as presented at RIPE-46: http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-tt-as-tra ceroutes.pdf I know of 4 other methods for doing ip2asn conversions (permission received from each to supply this info): -------------------------------------- From: robt@cymru.com We have one that is somewhat quick and really very dirty. :) I've shared it with a few folks, so I'll share it with the full list now. It depends on the Perl Cisco Telnet module and access to a BGP-savvy router. You will find it at the following URL: <http://www.cymru.com/Tools/getorgasn2.pl> It's not pretty, but it works. Feel free to modify it as you see fit, and you may share it with anyone. Comments welcome! Thanks, Rob, for Team Cymru. -- Rob Thomas -------------------------------------- From: j.green@ukerna.ac.uk First you need a source of routing information (http://archive.routeviews.org/) This then needs to be parsed. I either use parse_bgp_dump from CAIDA (and run "'sh ip bgp' format RIBs" through it), or use http://www.bugged.org/download/misc/bgpparser.c (after tweaking the defines to extract the correct fields) and pass "MRT format RIBs" through it. CAIDA merges multipleorigins into a generic entry, whereas bgpparser creates multiple entries. Either way you want a file with a.b.c.d/e AS ... a.b.c.d/e AS Then use something like Net::Patricia to lookup the AS for an IP address. The only slow thing seems to be reading in the file into memory (I guess you could daemonise it, or use a more parse efficient storage format it this matters). There is some scripts from a while back at http://kaizo.us/girona/bgp/ bgpparse.tar is the relevant bits out of CAIDA's larger package. aslookup.pl is very simple perl script route-table is a parsed version of the data from routeviews from June. Hope this helps John JANET-CERT ------------------------------------------- From: joe@oregon.uoregon.edu Because a number of people have expressed an interest in an IP->ASN DNS zone, if you're interested, the Routeviews project now has a test/static asn zone up that you can try, e.g.: % dig @archive.routeviews.org 13.142.223.128.asn.routeviews.org txt [snip] ;; ANSWER SECTION: 13.142.223.128.asn.routeviews.org. 86400 IN TXT "3582" [snip] % dig @archive.routeviews.org 109.131.229.169.asn.routeviews.org txt [snip] ;; ANSWER SECTION: 109.131.229.169.asn.routeviews.org. 86400 IN TXT "25" [snip] That was the original format. It now works as follows: % host -t txt 35.32.223.128.asn.routeviews.org 35.32.223.128.asn.routeviews.org text "3582" "128.223.0.0" "16" In addition to being able to get the stub ASN, a second zone will also let you get the AS path associated with a specific dotted quad. For example: % host -t txt 122.3.15.66.aspath.routeviews.org 122.3.15.66.aspath.routeviews.org text "2497 3356 1 189" "66.15.3.0" "24" 122.3.15.66.aspath.routeviews.org text "2497 3356 1" "66.15.0.0" "17" In parsing what's returned, be sure to plan to accomodate the possibility that you may get multiple records returned for a single query. Thanks, Joe St Sauver (joe@oregon.uoregon.edu) University of Oregon Computing Center ----------------------------------------------- From: gillsr@yahoo.com www.qorbit.net/code/ip2asn-v1.1.tar.gz ip2asn-coral.pl - very fast, uses Caida's Coral Reef package, requires route table dump. Initial load takes a bit to read route-file. ip2asn-server.pl - slower, requires a route-server, preferably one that supports 'show ip bgp $ip/32 shorter' syntax. --------------------------------------------- Can the RIPE NCC TTM group explain why such a service is needed when there are other packages available that do similar things? Slide #2 seems to state that you want a traceroute that includes the ASN. Slide #14 states "RIPE-NCC will set up an IP-AS mapping service with something like "traceroute -A". How will this be different than a standard traceroute from any Cisco router: TAU-gp1#trace www.cisco.com Translating "www.cisco.com"...domain server (128.139.6.1) [OK] Type escape sequence to abort. Tracing the route to www.cisco.com (198.133.219.25) 1 iucc.il1.il.geant.net (62.40.103.225) [AS 20965] 0 msec 0 msec 0 msec 2 il.nl1.nl.geant.net (62.40.96.117) [AS 20965] 68 msec 64 msec 68 msec 3 nl.de1.de.geant.net (62.40.96.101) [AS 20965] 72 msec 72 msec 72 msec 4 so-7-0-0.ar2.FRA2.gblx.net (208.48.23.145) [AS 3549] 72 msec 72 msec 72 msec 5 pos5-0-2488M.cr2.FRA2.gblx.net (67.17.65.53) [AS 3549] 72 msec 72 msec 72 msec 6 so0-0-0-2488M.cr2.LON3.gblx.net (67.17.64.38) [AS 3549] 84 msec 80 msec 80 msec 7 so7-0-0-2488M.ar2.LON3.gblx.net (67.17.66.30) [AS 3549] 88 msec 84 msec 80 msec 8 sl-bb21-lon-1-3.sprintlink.net (213.206.131.25) [AS 1239] 88 msec 88 msec 88 msec 9 sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69) [AS 1239] 164 msec 164 msec 164 msec 10 sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132) [AS 1239] 164 msec 164 msec 168 msec 11 sl-bb21-rly-15-1.sprintlink.net (144.232.20.120) [AS 1239] 168 msec 172 msec 164 msec 12 sl-bb23-rly-11-0.sprintlink.net (144.232.14.134) [AS 1239] 164 msec 176 msec 168 msec 13 sl-bb20-rly-9-0.sprintlink.net (144.232.14.117) [AS 1239] 176 msec 168 msec 172 msec 14 sl-bb25-sj-5-3.sprintlink.net (144.232.20.57) [AS 1239] 296 msec 228 msec 228 msec 15 sl-gw11-sj-10-0.sprintlink.net (144.232.3.134) [AS 1239] 232 msec 228 msec 232 msec 16 sl-ciscopsn2-11-0-0.sprintlink.net (144.228.44.14) [AS 1239] 220 msec 220 msec 224 msec 17 sjce-dirty-gw1.cisco.com (128.107.239.89) [AS 109] 228 msec 224 msec 224 msec 18 sjck-sdf-ciod-gw2.cisco.com (128.107.239.102) [AS 109] 228 msec 228 msec 228 msec 19 * www.cisco.com (198.133.219.25) [AS 109] 236 msec * Thanks, Hank