Differences

This shows you the differences between two versions of the page.

--- who_is_using_this_ip_address [2014/02/09 14:15] – [Who is Using This IP Address?] samer
+++ who_is_using_this_ip_address [2014/02/15 23:31] (current) – samer
@@ Line 18: / Line 18: @@
 An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement, with the first AS being the origin AS for the IP prefix! Therefore, the problem boils down to parsing the BGP routing information, matching the IP address or prefix, and then extracting the origin AS from the AS-PATH attribute. Such process is obviously optimal when the router has a global view of the Internet: this is the case for routers participating in the Default Free Zone (DFZ) where the BGP tables contain //all the prefixes// announced in the Internet. As of 2014, these routers have around 500 000 active BGP entries according to the latest statistics.
-[{{ :bgp-table.png?direct&600 | Figure 1. Active BGP entries}}]
+[{{ :bgp-table.png?direct&400 | Figure 1. Active BGP entries}}]
 However, having access to a DFZ BGP router is not easy in practice. Alternatively, it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on www.routeserver.org). Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet.
@@ Line 45: / Line 45: @@
 	      Community: 15290:3356 15290:64995 15290:65050 15290:65506
-Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of prefixes that you want to analyse with a script. Fortunately, RIPE NCC and Team Cymru have already answered these questions: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command but you get BGP-based results.
+Despite its availability, this method remains cumbersome, especially if you want to quickly look up something or if you have a large number of prefixes that you want to analyse with a script. Fortunately, RIPE NCC and Team Cymru have already answered these requirements: they provide solutions that combine the versatility of the whois protocol with the accuracy of the BGP information. In other words, you keep on using the legacy whois command but you get BGP-based results.
 ==== -- Team Cymru whois Server ====
@@ Line 68: / Line 68: @@
 ==== -- Riswhois Server ====
-RIPE NCC implements a similar whois service named RISwhois by providing a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs) at different [[http://www.ripe.net/data-tools/stats/ris/ris-peering-policy | locations]] in the world. Given an IPv4 or IPv6 prefix, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
+RIPE NCC implements a similar whois service named RISwhois. This service provides a higher level view over the most recently collected set of routing tables from the Remote Route Collectors (RRCs) at different [[http://www.ripe.net/data-tools/stats/ris/ris-peering-policy | locations]] in the world. Given an IPv4 or IPv6 prefix, RISwhois will tell which prefixes and origin ASes on which RRCs match that particular IP.
 <WRAP info>
@@ Line 74: / Line 74: @@
 </WRAP>
-In the following, a simple example shows the output of a Riswhois query: ''203.178.141.194'' is originated by AS ''2500'' as seen by 16 RRCs.
+In the following, a simple example shows the output of a Riswhois query: as seen by 16 RRCs, the IP address ''203.178.141.194'' is originated by AS ''2500''.
 <code>
@@ Line 131: / Line 131: @@
 </code>
-Here is a typical line in the dumped file, where you can see the prefix ''148.60.0.0/16'' and the AS-PATH ending by the originating AS ''2200''.
+Here is a typical line in the dumped file, where you can see the prefix ''148.60.0.0/16'' and the AS-PATH ending by the originating AS ''2200'':
 <code>
 TABLE_DUMP2|1389513606|B|85.132.60.10|29049|148.60.0.0/16|29049 1273 2200|IGP|85