wikiroute

networking recipes

User Tools

Site Tools


who_is_using_this_ip_address

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
who_is_using_this_ip_address [2014/02/09 14:24]
samer [3.1- Basic Steps]
who_is_using_this_ip_address [2014/02/15 23:31] (current)
samer
Line 18: Line 18:
 An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement,​ with the first AS being the origin AS for the IP prefix! Therefore, the problem boils down to parsing the BGP routing information,​ matching the IP address or prefix, and then extracting the origin AS from the AS-PATH attribute. Such process is obviously optimal when the router has a global view of the Internet: this is the case for routers participating in the Default Free Zone (DFZ) where the BGP tables contain //all the prefixes// announced in the Internet. As of 2014, these routers have around 500 000 active BGP entries according to the latest statistics. An alternative method for identifying the AS that announces a specific IP prefix consists in studying the BGP routing information. Typically, each BGP speaking router stores in a BGP table the routing announcements received for each prefix together with some protocol attributes such as the AS-PATH. This attribute contains the list of ASes traversed by the BGP announcement,​ with the first AS being the origin AS for the IP prefix! Therefore, the problem boils down to parsing the BGP routing information,​ matching the IP address or prefix, and then extracting the origin AS from the AS-PATH attribute. Such process is obviously optimal when the router has a global view of the Internet: this is the case for routers participating in the Default Free Zone (DFZ) where the BGP tables contain //all the prefixes// announced in the Internet. As of 2014, these routers have around 500 000 active BGP entries according to the latest statistics.
  
-[{{ :​bgp-table.png?​direct&​600 | Figure 1. Active BGP entries}}]+[{{ :​bgp-table.png?​direct&​400 | Figure 1. Active BGP entries}}]
  
 However, having access to a DFZ BGP router is not easy in practice. Alternatively,​ it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on www.routeserver.org). Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet. However, having access to a DFZ BGP router is not easy in practice. Alternatively,​ it is possible to find similar routing information on looking glasses or route servers that are made public by network operators (see for example a list of servers on www.routeserver.org). Such devices are originally deployed in order to contribute to the monitoring or the tracking of BGP anomalies in the Internet.
who_is_using_this_ip_address.txt ยท Last modified: 2014/02/15 23:31 by samer