[ncc-services-wg] RE: New service: ip2asn

Hi Hank,

Just a quick word of clarification on the AS scripts:

1.  getorgasn2.pl is included inside ip2asn-v1.1.tar.gz.  The AS
conversion scripts include an ONLINE (route-server) and an OFFLINE (bgp
table dump) version.  There are three scripts in the tar.gz.

2.  RE: the e-mail From: j.green at ukerna.ac.uk, one of the scripts above
does exactly this using Caida's CoralReef package.

3.  RE: Slide #2, lft is a traceroute program for windows/unix that does
exactly this: maps IPs to AS numbers.  You can download it here:

http://www.mainnerve.com/lft/

Ex:
 
su-2.05b# lft -A 4.2.2.1

Tracing
_____________________________________________________________________.

TTL  LFT trace to vnsc-pri.sys.gtei.net (4.2.2.1):80/tcp
 1   [AS5102] gw-sbc.as23028.net (68.22.187.1) 20.4ms
 2   [AS5102] 65.42.139.41 20.0ms
 3   [AS5102] bb2-g5-0.chcgil.ameritech.net (67.38.101.116) 19.6ms
 4   [ASN?] sl-gw38-chi-13-0.sprintlink.net (160.81.109.237) 19.7ms
 5   [AS1239] sl-bb20-chi-4-0.sprintlink.net (144.232.26.129) 19.5ms
 6   [AS1239] sl-bb21-chi-8-0.sprintlink.net (144.232.26.78) 59.6ms
 7   [AS1239] sl-st20-chi-15-1.sprintlink.net (144.232.20.80) 19.4ms
 8   [AS3356] so-2-1-0.edge1.Chicago1.Level3.net (209.0.225.21) 20.0ms
 9   [AS3356] so-2-1-0.bbr1.Chicago1.level3.net (209.244.8.9) 20.0ms
10   [AS3356] so-1-0-0.bbr1.Atlanta1.level3.net (209.247.9.106) 40.4ms
11   [AS3356] pos8-0.hsa1.Atlanta1.Level3.net (209.247.9.166) 40.4ms
12   [AS3356] vlan521.public-msf1.Atlanta2.Level3.net (67.72.92.18)
40.4ms
**   [neglected] no reply packets received from TTLs 13 through 25
26   [prohibited] [AS3356] vlan521.public-msf1.Atlanta2.Level3.net
(67.72.92.18) 40.4/*ms

Cheers,
-- steve

-----Original Message-----
From: Hank Nussbacher [mailto:hank at att.net.il] 
Sent: Wednesday, September 10, 2003 3:19 AM
To: ncc-services-wg at ripe.net
Cc: robt at cymru.com; j.green at ukerna.ac.uk; joe at oregon.uoregon.edu;
gillsr at yahoo.com
Subject: New service: ip2asn

Another new service I'd like to discuss is the TTM ip2asn service
as presented at RIPE-46:
http://www.ripe.net/ripe/meetings/ripe-46/presentations/ripe46-tt-as-tra
ceroutes.pdf

I know of 4 other methods for doing ip2asn conversions (permission
received
from each to supply this info):

--------------------------------------
From: robt at cymru.com

We have one that is somewhat quick and really very dirty.  :)  I've
shared it with a few folks, so I'll share it with the full list now.
It depends on the Perl Cisco Telnet module and access to a BGP-savvy
router.  You will find it at the following URL:

    <http://www.cymru.com/Tools/getorgasn2.pl>

It's not pretty, but it works.  Feel free to modify it as you see
fit, and you may share it with anyone.  Comments welcome!

Thanks,
Rob, for Team Cymru.
-- 
Rob Thomas

--------------------------------------
From: j.green at ukerna.ac.uk

First you need a source of routing information
(http://archive.routeviews.org/)

This then needs to be parsed.  I either use parse_bgp_dump from CAIDA
(and run "'sh ip bgp' format RIBs" through it), or use
http://www.bugged.org/download/misc/bgpparser.c (after tweaking the
defines to extract the correct fields) and pass "MRT format RIBs"
through it.   CAIDA merges multipleorigins into a generic entry, whereas
bgpparser creates multiple entries.

Either way you want a file with

a.b.c.d/e AS
...
a.b.c.d/e AS

Then use something like Net::Patricia to lookup the AS for an IP
address.  The only slow thing seems to be reading in the file into
memory (I guess you could daemonise it, or use a more parse efficient
storage format it this matters).

There is some scripts from a while back at
http://kaizo.us/girona/bgp/

bgpparse.tar is the relevant bits out of CAIDA's larger package.
aslookup.pl is very simple perl script
route-table is a parsed version of the data from routeviews from June.

Hope this helps

John
JANET-CERT
-------------------------------------------
From: joe at oregon.uoregon.edu

Because a number of people have expressed an interest in
an IP->ASN DNS zone, if you're interested, the Routeviews project
now has a test/static asn zone up that you can try, e.g.:

% dig @archive.routeviews.org 13.142.223.128.asn.routeviews.org txt

[snip]
;; ANSWER SECTION:
13.142.223.128.asn.routeviews.org. 86400 IN TXT "3582"
[snip]

% dig @archive.routeviews.org 109.131.229.169.asn.routeviews.org txt

[snip]
;; ANSWER SECTION:
109.131.229.169.asn.routeviews.org. 86400 IN TXT "25"
[snip]

That was the original format.  It now works as follows:

% host -t txt 35.32.223.128.asn.routeviews.org
35.32.223.128.asn.routeviews.org text "3582" "128.223.0.0" "16"

In addition to being able to get the stub ASN, a second zone will also
let you get the AS path associated with a specific dotted quad.

For example:

% host -t txt 122.3.15.66.aspath.routeviews.org
122.3.15.66.aspath.routeviews.org text "2497 3356 1 189" "66.15.3.0"
"24"
122.3.15.66.aspath.routeviews.org text "2497 3356 1" "66.15.0.0" "17"

In parsing what's returned, be sure to plan to accomodate the
possibility
that you may get multiple records returned for a single query.

Thanks,

Joe St Sauver (joe at oregon.uoregon.edu)
University of Oregon Computing Center
-----------------------------------------------
From: gillsr at yahoo.com

www.qorbit.net/code/ip2asn-v1.1.tar.gz

ip2asn-coral.pl - very fast, uses Caida's Coral Reef package, requires
route table dump.  Initial load takes a bit to read route-file.

ip2asn-server.pl - slower, requires a route-server, preferably one that
supports 'show ip bgp $ip/32 shorter' syntax.

---------------------------------------------

Can the RIPE NCC TTM group explain why such a service is needed when
there are other packages available that do similar things?

Slide #2 seems to state that you want a traceroute that includes the
ASN. Slide #14 states "RIPE-NCC will set up an IP-AS mapping service
with something like "traceroute -A".  How will this be different than
a standard traceroute from any Cisco router:

TAU-gp1#trace www.cisco.com
Translating "www.cisco.com"...domain server (128.139.6.1) [OK]

Type escape sequence to abort.
Tracing the route to www.cisco.com (198.133.219.25)

   1 iucc.il1.il.geant.net (62.40.103.225) [AS 20965] 0 msec 0 msec 0
msec
   2 il.nl1.nl.geant.net (62.40.96.117) [AS 20965] 68 msec 64 msec 68
msec
   3 nl.de1.de.geant.net (62.40.96.101) [AS 20965] 72 msec 72 msec 72
msec
   4 so-7-0-0.ar2.FRA2.gblx.net (208.48.23.145) [AS 3549] 72 msec 72
msec 
72 msec
   5 pos5-0-2488M.cr2.FRA2.gblx.net (67.17.65.53) [AS 3549] 72 msec 72
msec 
72 msec
   6 so0-0-0-2488M.cr2.LON3.gblx.net (67.17.64.38) [AS 3549] 84 msec 80 
msec 80 msec
   7 so7-0-0-2488M.ar2.LON3.gblx.net (67.17.66.30) [AS 3549] 88 msec 84 
msec 80 msec
   8 sl-bb21-lon-1-3.sprintlink.net (213.206.131.25) [AS 1239] 88 msec
88 
msec 88 msec
   9 sl-bb21-tuk-10-0.sprintlink.net (144.232.19.69) [AS 1239] 164 msec
164 
msec 164 msec
  10 sl-bb20-tuk-15-0.sprintlink.net (144.232.20.132) [AS 1239] 164 msec

164 msec 168 msec
  11 sl-bb21-rly-15-1.sprintlink.net (144.232.20.120) [AS 1239] 168 msec

172 msec 164 msec
  12 sl-bb23-rly-11-0.sprintlink.net (144.232.14.134) [AS 1239] 164 msec

176 msec 168 msec
  13 sl-bb20-rly-9-0.sprintlink.net (144.232.14.117) [AS 1239] 176 msec
168 
msec 172 msec
  14 sl-bb25-sj-5-3.sprintlink.net (144.232.20.57) [AS 1239] 296 msec
228 
msec 228 msec
  15 sl-gw11-sj-10-0.sprintlink.net (144.232.3.134) [AS 1239] 232 msec
228 
msec 232 msec
  16 sl-ciscopsn2-11-0-0.sprintlink.net (144.228.44.14) [AS 1239] 220
msec 
220 msec 224 msec
  17 sjce-dirty-gw1.cisco.com (128.107.239.89) [AS 109] 228 msec 224
msec 
224 msec
  18 sjck-sdf-ciod-gw2.cisco.com (128.107.239.102) [AS 109] 228 msec 228

msec 228 msec
  19  *
     www.cisco.com (198.133.219.25) [AS 109] 236 msec *

Thanks,
Hank