Differences

This shows you the differences between two versions of the page.

--- who_is_using_this_ip_address [2014/02/08 22:47] – [2.2- Riswhois Server] samer
+++ who_is_using_this_ip_address [2014/02/09 00:31] – [2.2- Riswhois Server] samer
@@ Line 45: / Line 45: @@
 	      Community: 15290:3356 15290:64995 15290:65050 15290:65506
-Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script. Fortunately, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command but you get BGP-based results. Let us examine these solutions:
+Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of prefixes that you want to analyse with a script. Fortunately, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command but you get BGP-based results. Let us examine these solutions:
 ==== -- Team Cymru whois Server ====
-Team Cymru implements the ''whois.cymru.com'' server which provides the announcing AS number and name for any given IP address. The information in its database is based on the BGP feeds from 50+ BGP peers, and is updated at 4 hour intervals. Here is a simple example for using the cymru service:
+Team Cymru implements the ''whois.cymru.com'' server which provides the announcing AS number and name for any given IP prefix. The information in its database is based on the BGP feeds from 50+ BGP peers, and is updated at 4 hour intervals. Here is a simple example for using the cymru service:
 <code>
@@ Line 57: / Line 57: @@
 </code>
-and another example that demonstrates the possibility of sending multiple addresses in the same query:
+and another example that demonstrates the possibility of sending multiple prefixes in the same query:
 <code>
@@ Line 68: / Line 68: @@
 ==== -- Riswhois Server ====
-RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs). Given an IPv4 or IPv6 address, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
+RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs) at different [[http://www.ripe.net/data-tools/stats/ris/ris-peering-policy | locations]] in the world. Given an IPv4 or IPv6 prefix, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
 <WRAP info>
@@ Line 74: / Line 74: @@
 </WRAP>
-In the following, a simple example that shows the output of a riswhois query.
+In the following, a simple example shows the output of a Riswhois query: ''203.178.141.194'' is originated by AS ''2500'' as seen by 16 RRCs.
 <code>
-$ whois -h riswhois.ripe.net 217.70.180.132
+$ whois -h riswhois.ripe.net 203.178.141.194
+route:        203.178.128.0/17
+origin:       AS2500
+descr:        WIDE-BB WIDE Project
+lastupd-frst: 2014-01-23 12:42Z  202.249.2.185@rrc06
+lastupd-last: 2014-02-08 13:26Z  187.16.218.21@rrc15
+seen-at:      rrc00,rrc01,rrc03,rrc04,rrc05,rrc06,rrc07,rrc10,rrc11,rrc12,rrc13,rrc14,rrc15
+num-rispeers: 105
+source:       RISWHOIS
+</code>
+<WRAP round important>
+Due to BGP policies between ASes in the Internet, RRCs may receive different BGP information for the same IP prefix. Therefore, Riswhois provides multiple matchings for the IP prefix, as in the following example. In such cases, a longest prefix matching may help in choosing a single originating AS.
+</WRAP>
+<code>
+$ whois -h riswhois.ripe.net 217.70.184.1
 route:        217.0.0.0/8
 origin:       AS3303