Differences

This shows you the differences between two versions of the page.

--- who_is_using_this_ip_address [2014/01/11 15:16] – samer
+++ who_is_using_this_ip_address [2014/01/11 15:29] – [Using BGP Information] samer
@@ Line 1: / Line 1: @@
+====== Who is Using This IP Address? =====
 A frequent question that faces network administrators or application developers consists in identifying //who is using a specific public IP address//. This information can be utilized for instance to perform user localization and enable location-based services or user access control. In this context, a main technical challenge is to associate the IP address or prefix with its corresponding Autonomous System (AS).
@@ Line 15: / Line 16: @@
 An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, with the first AS being the origin AS for the IP prefix! Therefore, the problem boils down to parsing the BGP routing information, matching the IP address or prefix, and then extracting the origin AS from the AS-PATH attribute. Such process is obviously optimal when the router has a global view of the Internet: this is the case for routers participating in the Default Free Zone (DFZ) where the BGP tables contain *all the prefixes* announced in the Internet. As of 2014, these routers have around 500 000 active BGP entries according to the latest statistics.
-{% img center /images/bgp-table.png 650 'BGP table' 'Figure 1. BGP table' %}
+[{{ :bgp-table.png?direct&600 | Figure 1. Active BGP entries}}]
-However, having access to a DFZ BGP router is not easy in practice. Alternatively, it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on [routeserver.org](http://routeserver.org/)). Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet.
+However, having access to a DFZ BGP router is not easy in practice. Alternatively, it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on www.routeserver.org. Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet.
-Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/16. The output of the `show ip bgp command` shows the AS path "15290 3356 1273 2200" in the BGP announcements. Therefore, the first AS, *i.e.*, 2200 is the origin AS of the studied prefix.
+Let us try for example to log on the Allstream route server in Canada and identify the origin AS of 148.60.0.0/16. The output of the ''show ip bgp command'' shows the AS path "15290 3356 1273 2200" in the BGP announcements. Therefore, the first AS, //i.e.//, 2200 is the origin AS of the studied prefix.
 	$ telnet route-server.east.bb.allstream.net
@@ Line 42: / Line 43: @@
 	      Community: 15290:3356 15290:64995 15290:65050 15290:65506
-Despite its availabitlity, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script. Fortunatly, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command by you get BGP-based results. Let us examine these solutions:
+Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script. Fortunately, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command by you get BGP-based results. Let us examine these solutions:
 - Team Cymru implements the `whois.cymru.com` server
@@ Line 85: / Line 86: @@
-### A Do-It-Yourself BGP Query Service
+===== A Do-It-Yourself BGP Query Service =====
 Start by downloading multiple routing tables for routeviews or RIPE RIS servers. Transform these tables into parsable format bu using bgpdump. Use any scripting language to perform a best prefix match and output the origin AS of your desired IP prefix.