Another new service I'd like to discuss is the TTM ip2asn service as presented at RIPE-46: http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-tt-as-tracero... I know of 4 other methods for doing ip2asn conversions (permission received from each to supply this info): -------------------------------------- From: robt@cymru.com We have one that is somewhat quick and really very dirty. :) I've shared it with a few folks, so I'll share it with the full list now. It depends on the Perl Cisco Telnet module and access to a BGP-savvy router. You will find it at the following URL: <http://www.cymru.com/Tools/getorgasn2.pl> It's not pretty, but it works. Feel free to modify it as you see fit, and you may share it with anyone. Comments welcome! Thanks, Rob, for Team Cymru. -- Rob Thomas -------------------------------------- From: j.green@ukerna.ac.uk First you need a source of routing information (http://archive.routeviews.org/) This then needs to be parsed. I either use parse_bgp_dump from CAIDA (and run "'sh ip bgp' format RIBs" through it), or use http://www.bugged.org/download/misc/bgpparser.c (after tweaking the defines to extract the correct fields) and pass "MRT format RIBs" through it. CAIDA merges multipleorigins into a generic entry, whereas bgpparser creates multiple entries. Either way you want a file with a.b.c.d/e AS ... a.b.c.d/e AS Then use something like Net::Patricia to lookup the AS for an IP address. The only slow thing seems to be reading in the file into memory (I guess you could daemonise it, or use a more parse efficient storage format it this matters). There is some scripts from a while back at http://kaizo.us/girona/bgp/ bgpparse.tar is the relevant bits out of CAIDA's larger package. aslookup.pl is very simple perl script route-table is a parsed version of the data from routeviews from June. Hope this helps John JANET-CERT ------------------------------------------- From: joe@oregon.uoregon.edu Because a number of people have expressed an interest in an IP->ASN DNS zone, if you're interested, the Routeviews project now has a test/static asn zone up that you can try, e.g.: % dig @archive.routeviews.org 13.142.223.128.asn.routeviews.org txt [snip] ;; ANSWER SECTION: 13.142.223.128.asn.routeviews.org. 86400 IN TXT "3582" [snip] % dig @archive.routeviews.org 109.131.229.169.asn.routeviews.org txt [snip] ;; ANSWER SECTION: 109.131.229.169.asn.routeviews.org. 86400 IN TXT "25" [snip] That was the original format. It now works as follows: % host -t txt 35.32.223.128.asn.routeviews.org 35.32.223.128.asn.routeviews.org text "3582" "128.223.0.0" "16" In addition to being able to get the stub ASN, a second zone will also let you get the AS path associated with a specific dotted quad. For example: % host -t txt 122.3.15.66.aspath.routeviews.org 122.3.15.66.aspath.routeviews.org text "2497 3356 1 189" "66.15.3.0" "24" 122.3.15.66.aspath.routeviews.org text "2497 3356 1" "66.15.0.0" "17" In parsing what's returned, be sure to plan to accomodate the possibility that you may get multiple records returned for a single query. Thanks, Joe St Sauver (joe@oregon.uoregon.edu) University of Oregon Computing Center ----------------------------------------------- From: gillsr@yahoo.com www.qorbit.net/code/ip2asn-v1.1.tar.gz ip2asn-coral.pl - very fast, uses Caida's Coral Reef package, requires route table dump. Initial load takes a bit to read route-file. ip2asn-server.pl - slower, requires a route-server, preferably one that supports 'show ip bgp $ip/32 shorter' syntax. --------------------------------------------- Can the RIPE NCC TTM group explain why such a service is needed when there are other packages available that do similar things? Slide #2 seems to state that you want a traceroute that includes the ASN. Slide #14 states "RIPE-NCC will set up an IP-AS mapping service with something like "traceroute -A". How will this be different than a standard traceroute from any Cisco router: TAU-gp1#trace www.cisco.com Translating "www.cisco.com"...domain server (128.139.6.1) [OK] Type escape sequence to abort. Tracing the route to www.cisco.com (198.133.219.25) 1 iucc.il1.il.geant.net (62.40.103.225) [AS 20965] 0 msec 0 msec 0 msec 2 il.nl1.nl.geant.net (62.40.96.117) [AS 20965] 68 msec 64 msec 68 msec 3 nl.de1.de.geant.net (62.40.96.101) [AS 20965] 72 msec 72 msec 72 msec 4 so-7-0-0.ar2.FRA2.gblx.net (208.48.23.145) [AS 3549] 72 msec 72 msec 72 msec 5 pos5-0-2488M.cr2.FRA2.gblx.net (67.17.65.53) [AS 3549] 72 msec 72 msec 72 msec 6 so0-0-0-2488M.cr2.LON3.gblx.net (67.17.64.38) [AS 3549] 84 msec 80 msec 80 msec 7 so7-0-0-2488M.ar2.LON3.gblx.net (67.17.66.30) [AS 3549] 88 msec 84 msec 80 msec 8 sl-bb21-lon-1-3.sprintlink.net (213.206.131.25) [AS 1239] 88 msec 88 msec 88 msec 9 sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69) [AS 1239] 164 msec 164 msec 164 msec 10 sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132) [AS 1239] 164 msec 164 msec 168 msec 11 sl-bb21-rly-15-1.sprintlink.net (144.232.20.120) [AS 1239] 168 msec 172 msec 164 msec 12 sl-bb23-rly-11-0.sprintlink.net (144.232.14.134) [AS 1239] 164 msec 176 msec 168 msec 13 sl-bb20-rly-9-0.sprintlink.net (144.232.14.117) [AS 1239] 176 msec 168 msec 172 msec 14 sl-bb25-sj-5-3.sprintlink.net (144.232.20.57) [AS 1239] 296 msec 228 msec 228 msec 15 sl-gw11-sj-10-0.sprintlink.net (144.232.3.134) [AS 1239] 232 msec 228 msec 232 msec 16 sl-ciscopsn2-11-0-0.sprintlink.net (144.228.44.14) [AS 1239] 220 msec 220 msec 224 msec 17 sjce-dirty-gw1.cisco.com (128.107.239.89) [AS 109] 228 msec 224 msec 224 msec 18 sjck-sdf-ciod-gw2.cisco.com (128.107.239.102) [AS 109] 228 msec 228 msec 228 msec 19 * www.cisco.com (198.133.219.25) [AS 109] 236 msec * Thanks, Hank