2008-06-22 bgp data and connections
by Vasil KolevSmall and useful thing, could get included in some of the courses:
Let’s say you’re interested in the connections of an ISP – how many different transit providers it uses. For this tools and data from the RIS project of RIPE are used.
The first thing needed is to download the dump of the whole BGP routing table of some peer of the RIS project from the rawdata archive – I’m using the data from LINX because there’s the biggest number of peers and the view should be the best possible (in theory this could be done with the data from all 15 places, but I felt lazy).
The second is libbgpupdate, to be able to understand the downloaded data. There’s a tool in the package, bgpdump, that can get the data from the rawdata stuff. Here’s one entry:
TIME: 06/01/08 07:59:54 TYPE: TABLE_DUMP_V2/IPV4_UNICAST PREFIX: 4.0.0.0/8 SEQUENCE: 2 FROM: 195.66.224.54 AS286 ORIGINATED: 05/29/08 03:29:13 ORIGIN: IGP ASPATH: 286 3549 3356 NEXT_HOP: 195.66.224.54 ATOMIC_AGGREGATE AGGREGATOR: AS3356 4.69.130.82
We’re interested in the ASPATH. So for 8866 (BTC) we run the following:
./bgpdump ~/bview.20080601.0759 |grep 'ASPATH.* 8866$' |sed 's/8866 8866/8866/g;s/8866 8866/8866/g ' |sed 's/.* \([0-9]*\) 8866$/AS\1/'|sort|uniq
So what this does is to filter all the ASPATHs that end with this AS, and to remove everything prepended and get the previous autonomous system. The result looks like this:
AS1299 AS3549 AS6453 AS702 AS8400 AS9050
If you add to it this
|xargs -n1 whois -h whois.ripe.net |grep as-name
the result will be this:
as-name: TELIANET as-name: GBLX as-name: GLOBEINTERNET as-name: AS702 as-name: TELEKOM-AS as-name: RTD
Of course, this isn’t perfect – it’s possible that in this exact moment some announcement might have been withdrawn, etc., but the check in two separate dates should give pretty decent information.