IP to ASN mapping algorithm

Asked 28/10, 2012 at 15:54 Answered 14/4, 2016 at 22:16

Is there no easy way to map a given IP adress to the corresponding ASN number? For example:

ping to find out the IP adress:

$ ping www.switch.ch
PING aslan.switch.ch (130.59.108.36) 56(84) bytes of data.

whois lookup for the ASN number:

$ whois -h whois.cymru.com -v 130.59.108.36
Warning: RIPE flags used with a traditional server.
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
559     | 130.59.108.36    | 130.59.0.0/16       | CH | ripencc  | 1993-09-22 | SWITCH SWITCH, Swiss Education and Research Network

So the mapping in this case would be 130.59.108.36 (IP)-> 559 (ASN). Easy. But what if I would like to create my own local mapping service with the public available information from the Regional Internet Registries? So, for the above example, it would be this list, right?

ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest

And to find the matching entrie is also not a problem:

ripencc|CH|ipv4|130.59.0.0|65536|19930922|assigned

But how do I get the ASN number from the line above?? How are those two informations linked together?

ripencc|EU|asn|559|1|19930901|allocated

Thanks in advance for a reply!

Ancier answered 28/10, 2012 at 15:54 Comment(0)

I explain how to do this here: https://www.quaxio.com/bgp/ (formerly at https://alokmenghrajani.github.io/bgp/)

It basically involves downloading a dump from a router and then using an efficient data representation to map an IP address to a netmask.

Persse answered 21/4, 2013 at 20:40 Comment(2)

Hi. So, just to get my fundamentals correct, your method provides an alternative to obtaining the same information, as provided by Maxmind (see the answer above)? Or is it qualitatively any different? Thanks – Treytri 13/12, 2014 at 18:51

Fundamentally, it's probably the same. It's less magic. I explain how to get the raw data. I explain how to process it. – Persse 15/12, 2014 at 4:15

I'd propose doing this based on MRT dumps collected from an actual BGP speaker.

There is this python library f.e. that can be used to easily parse MRT dumps: http://code.google.com/p/pyasn/

If you're not able to run your own BGP speaker, you can download dumps at http://archive.routeviews.org/

Make sure you checkout their other stuff too. They provide also DNS zonefiles that would enable you to do such lookups using a standard DNS server such as Bind or NSD: http://archive.routeviews.org/dnszones/

I hope that gets you started...

Tavie answered 21/11, 2012 at 3:31 Comment(1)

very nice! does the archive.routeviews also contains the historical mappings between ASN and company names? – Aurelie 28/6, 2018 at 12:17

I have made a tool that appends ASNs to HTTP log lines. I explain how to build the database off RIPE raw data and use it with binary search. Also, C code is ready for use. 1.6M look-ups in a few seconds on a regular virtual instance:

https://github.com/psvz/tirexASN

Hutt answered 14/4, 2016 at 22:16 Comment(0)

Recommended topics

Hot tags