Differences

This shows you the differences between two versions of the page.

--- who_is_using_this_ip_address [2014/02/09 00:23] – [2.2- Riswhois Server] samer
+++ who_is_using_this_ip_address [2014/02/09 00:31] – [2.2- Riswhois Server] samer
@@ Line 45: / Line 45: @@
 	      Community: 15290:3356 15290:64995 15290:65050 15290:65506
-Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script. Fortunately, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command but you get BGP-based results. Let us examine these solutions:
+Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of prefixes that you want to analyse with a script. Fortunately, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command but you get BGP-based results. Let us examine these solutions:
 ==== -- Team Cymru whois Server ====
-Team Cymru implements the ''whois.cymru.com'' server which provides the announcing AS number and name for any given IP address. The information in its database is based on the BGP feeds from 50+ BGP peers, and is updated at 4 hour intervals. Here is a simple example for using the cymru service:
+Team Cymru implements the ''whois.cymru.com'' server which provides the announcing AS number and name for any given IP prefix. The information in its database is based on the BGP feeds from 50+ BGP peers, and is updated at 4 hour intervals. Here is a simple example for using the cymru service:
 <code>
@@ Line 57: / Line 57: @@
 </code>
-and another example that demonstrates the possibility of sending multiple addresses in the same query:
+and another example that demonstrates the possibility of sending multiple prefixes in the same query:
 <code>
@@ Line 68: / Line 68: @@
 ==== -- Riswhois Server ====
-RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs) at different [[http://www.ripe.net/data-tools/stats/ris/ris-peering-policy | locations]] in the world. Given an IPv4 or IPv6 address, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
+RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs) at different [[http://www.ripe.net/data-tools/stats/ris/ris-peering-policy | locations]] in the world. Given an IPv4 or IPv6 prefix, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
 <WRAP info>
@@ Line 89: / Line 89: @@
 <WRAP round important>
-Note RRCs may receive different information for the same IP prefix.
+Due to BGP policies between ASes in the Internet, RRCs may receive different BGP information for the same IP prefix. Therefore, Riswhois provides multiple matchings for the IP prefix, as in the following example. In such cases, a longest prefix matching may help in choosing a single originating AS.
-that Riswhois may provide multiple matchings for IP addresses. In such case, RRCs
 </WRAP>