I could probably whip something out in perl real quick, to fetch and extract the interesting tokens/symbols/whatever.
I think I know the output you want, but maybe paste a sample and what you want extracted. Also, what means would I have to get the data? CLI via telnet/ssh? snmp MIB? Gary >>> [EMAIL PROTECTED] 4/10/2006 4:26:24 PM >>> Hhmm... Next time I'll try to engage brain before typing, of course IP/AS mappings are unique to the BGP peer. It IS a dynamic protocol after all! Sounds like what is needed is some sort of perl script or some such thing that could run against a local router and build the AS-list.txt file so that it would be unique for that particular installation. Thinking Cisco, if it just pulled the most distant AS number out of the path shown on a "show ip bgp" command that would be hugely helpful; at least for those of us who aren't running sites with many differing BGP connections. I wish I was a programmer, I'd offer to help with it. Unfortunately I'm just a network guy, when I try to delve into attempts at writing code I just manage to get myself into trouble. If anyone has a script that does this already, or somebody with the ability can write it, I'll be more than happy to test and provide any assistance I possibly can. John _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Monday, April 10, 2006 8:21 AM To: [email protected] Subject: RE: [Ntop] AS-list.txt help Um... AS-list.txt.gz You are misreading the messages - AS works fine, within the limitations of the data it is given... which is crud. Why? (1) AS->IP data doesn't exist or isn't freely available to us. (2) Even what we can get isn't very good. (3) Trying to create it yourself will probably get you banned from various servers - because it's a nasty process. #2? Remember, each 'provider' of AS 'data' is seeing it from different points with different aggregation - there's no such thing as a master list. Nor is the mapping between AS' and IP very good. Read the line in the page @ cidr-report.org: "This report is generated from <http://bgp.potaroo.net/as4637> an analysis of theBGP routing table within AS4637 (Reach), and was produced at Mon Apr 10 23:47:17 2006 AEST." Unless you have the same ISP and are part of the same block, even that data (and it's one of the best sets) may not be very useful. Surprised? Think about it... Joe-Bob's Gas, Bait and Sandwich shop - with whom you are undertaking a major international franchise rollout - may just have a block of 32 delegated addresses from Billy-Bob's ISP and Fence Post company (AS9999). Even if Joe-Bob has an assigned AS number (AS10101) it's only used for internal BGP routing within the ISP. Billy-Bob won't report those 32 addresses via BGP to the world, but rather will aggregate things and report their whole 256 block. So - to the outside world, Joe-Bob's web server is part of Billy-Bob's AS9999 block, not Joe-Bob's AS10101... Different ISP, different mapping from IP address -> AS... For example, here's an old report about Reach: http://www.fixedorbit.com/AS/4/AS4637.htm, which shows 158 peers. One of those is Cisco's AS109 , which (http://www.fixedorbit.com/AS/0/AS109.htm) says has control of "Control of approx 425,973 IP addresses (0.04%) in 11 groups". Potential problem #1 search the AS database for 'Cisco' and you will find a bunch of other AS's which MIGHT be the same Cisco (or might just be a hit on the specific letters somewhere in the descriptions). So you can't say that AS109 == Cisco. Poke around the AS109 data and you'll see that Cisco has a bunch of peering relationships with tier 1 ISPs and so probably owns it's own address space. And so there's a decent likelyhood that your ISP has a BGP entry for AS109 -> Cisco. So any lookups you do on AS109 to figure out which IP addresses are in it is probably pretty good. Try querying AS109 from different top level registries: $ whois -h whois.ripe.net AS109 vs $ whois -h whois.arin.net AS109 The contact info is completely different! You can use nslookup, dig, et al to get an IP address for Cisco's web server, but you can't map that back to an AS from the normal (authoritative registries). You can though an alternative provider, e.g. $ whois -h whois.cymru.com $ whois -h whois.cymru.com 198.133.219.0/24 [Querying whois.cymru.com] [whois.cymru.com] AS | IP | Info | AS Name 109 | 198.133.219.0 | /24 | CISCO-EU-109 Cisco Systems Glo So that's one's pretty good. Try something in the Cable modem /8, and - Potential problem #2 - it's not so clear cut... There's no easy, automated way to do figure out the AS->IP mapping. Plus it's only as good as your data source's view of the Internet... The registries publish some of this data (e.g. ) but it's often aggregated. Some of the Tier1 ISPs used to put out updates or elaboration files (for example Cable & Wireless) but as the players get swapped around as pieces of bigger companies it's disappeared. So the C&W data is no longer available through Savvis. The deeper you dig the worse it gets... I've got scripts that recursively query the database to figure out each /24 or above's AS #, but run them and you'll get banned by the providers because it's an 'abusive' query of the database. (The Cable Modem blocks are especially nasty - these are /8s which are redelegated at the /18 or below level). Plus they run for days and frequently breakdown. We used to have a user (Anon E. Mouse) who provided us with updates. Since he's no longer doing this, we haven't updated the ntop file. Any takers? -----Burton _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John M. Livingston Sent: Friday, April 07, 2006 12:57 PM To: [email protected] Subject: [Ntop] AS-list.txt help Hi Everyone, I just installed the most recent version of NTOP on a FC3 linux system, and I'm having problems getting Autonomous Systems statistics. The AS-list.txt file wasn't included in the rpm for install, and I can't find the file-format anywhere. I've browsed a years worth of the archives for the mailing list as well as spent hours doing Yahoo! and Google searches but haven't found anything that helps. I've got the list of AS and IP blocks being advertised from www.cidr-report.org but I think that I need the file format to so NTOP can actually use it. My employer runs a pretty busy website and we have occasional significant bandwidth spikes which consume nearly all our available bandwidth. If I can get NTOP to show me the top 10 or top 20 AS numbers, I can re-route that traffic over another link and keep our website from crashing. If NTOP can't get me that info, is there any other freeware or open-source application that can? One thing I've seen doing my research are a few messages that indicate the AS functionality in NTOP doesn't work too well. Thanks, John Livingston [EMAIL PROTECTED] _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
