Date created: Saturday, November 26, 2011 7:55:42 PM. Last modified: Monday, June 12, 2023 4:14:39 PM

AS & IP Lookup

BGPQ4

# Limit to a specific depth, i.e. the parent ASN only:
$ bgpq4 -L 1 AS-VOSTRON

#Query for AS-SET from a specific source
$ bgpq4 -h irr1-ber1-de.as5405.net -S RIPE -L 1 AS-VOSTRON
no ip prefix-list NN
ip prefix-list NN permit 89.21.224.0/19
ip prefix-list NN permit 134.0.64.0/21

$ bgpq4 -h irr1-ber1-de.as5405.net -S ARIN -L 1 AS-VOSTRON
no ip prefix-list NN
! generated prefix-list NN is empty
ip prefix-list NN deny 0.0.0.0/0

 

WHOIS

# There is a 1:N relationship between aut-num and as-set in IRR data.
# RIPE (for example) don't allow a search by AS number for the AS-SET:
# whois -h whois.ripe.net -T as-set -i members AS51551 # This Fails.
#
# One option is to get the maintainer of the ASN and search for AS-SETs with the same maintainer:
$ whois -h whois.ripe.net -T aut-num -r AS51551 | grep mnt-by | grep -v RIPE-NCC
mnt-by: MNT-UPDATA

$ whois -h whois.ripe.net -T as-set -r -i mnt-by MNT-UPDATA | grep as-set
as-set: AS-UPDATA
as-set: AS-exNMS

# If the network has a peeringDB entry, at the time of writing, PeeringDB only allows one AS-SET to be stored:
$ whois -h whois.peeringdb.com AS51551 | grep AS-SET
IRR AS-SET : RIPE::AS-UPDATA

# IRR Explorer shows all AS-SETs an AS belongs to:
https://irrexplorer.nlnog.net/api/sets/member-of/AS51551

# One can also reverse lookup AS numbers by maintainer:
$ whois -h rr.ntt.net -T aut-num -r -i mnt-by EQUINIX-MNT | grep aut-num | wc -l
37


# Search for an AS-SET from a specific source database:
$whois -h a.private.irr.mirror.net -s ARIN AS-GOOGLE
Warnung: RIPE-Flags wurden mit einem »traditionellen« Server verwendet.
% No entries found for the selected source(s).

$whois -h a.private.irr.mirror.net -s RIPE AS-GOOGLE
Warnung: RIPE-Flags wurden mit einem »traditionellen« Server verwendet.
as-set: AS-GOOGLE
tech-c: DUMY-RIPE
admin-c: DUMY-RIPE
mnt-by: IshmeetT_29-MNT
created: 2022-10-07T16:11:37Z
last-modified: 2022-10-07T16:11:37Z
source: RIPE

$whois -h a.private.irr.mirror.net -s RADB AS-GOOGLE
Warnung: RIPE-Flags wurden mit einem »traditionellen« Server verwendet.
as-set: AS-GOOGLE
descr: Google
members: AS11344
members: AS15169
members: AS6432
...
mnt-by: MAINT-AS15169
changed: radb-contact@google.com 20191204
source: RADB


# All downstream ASNs in the AS-SET
$ whois -h whois.ripe.net -T as-set AS-UPDATA | grep members
members:        AS51551
members:        AS47797
members:        AS199870
members:        AS201941
members:        AS196744
members:        AS44971
members:        AS44442
members:        AS49728

# Which AS announces a route
$ whois -h whois.ripe.net -T route 89.21.224.0/19 grep origin
origin:         AS41695

# Print all the IPv4 and IPv6 routes that *could* be announce by an ASN:
whois -h whois.ripe.net -T route,route6 -i origin 41695

# Print all the IPv4 and IPv6 routes thare *are* being announced by an ASN:
curl https://stat.ripe.net/data/announced-prefixes/data.json?resource=AS41695
curl https://bgpstuff.net/sourced?as=41695\&format=json

# Print all the IPv4 routes that *could* be announced by all the ASNs in the AS-SET
$ for ASN in `whois -h whois.ripe.net -T as-set AS-UPDATA | grep members`; do whois -h whois.ripe.net -T route -i origin $ASN | grep route: | awk '{print $2}'; done

# Print all the IPv6 routes that *could* be announced by all the ASNs in the AS-SET
$ for ASN in `whois -h whois.ripe.net -T as-set AS-UPDATA | grep members`; do whois -h whois.ripe.net -T route6 -i origin $ASN | grep route6: | awk '{print $2}'; done

# See what changed in an AS-SET using version history (not supported by all RIRs/IRR DBs): whois -h whois.ripe.net AS-VOSTRON --list-versions whois -h whois.ripe.net AS-VOSTRON --show-version 4
whois -h whois.ripe.net AS-VOSTRON --diff-versions 3:4

# Find the nameserver(s) for reverse DNS lookups of a downstream customer IP range: whois AS51551 | grep -A 4 HGFL remarks: HGFL import: from AS199870 accept ANY export: to AS199870 announce ANY remarks: -------------------------------- whois -h whois.ripe.net -T route -i origin AS199870 | grep route route: 46.16.0.0/21 whois -h whois.ripe.net -T domain 0.0.16.46.in-addr.arpa. | grep -v "%" domain: 0.16.46.in-addr.arpa nserver: ld4-sl1.hertsgfl.org.uk nserver: ld5-sl1.hertsgfl.org.uk nserver: ld4-sl2.hertsgfl.org.uk nserver: ld5-sl2.hertsgfl.org.uk

 

Level3 filtergen

# Check the IP prefix filters that Level3 builds automatically based off of IRR database data, for a specific AS number of AS-SET
$ whois -h filtergen.level3.net RIPE::AS51551
$ whois -h filtergen.level3.net RIPE::AS-UPDATA

# To specify multiple source DBs use "-searchpath"
$ whois -h filtergen.level3.net -- "-searchpath=RIPE;ARIN;APNIC;AFRINIC;LACNIC;RADB AS51551"

# By default filtergen responds with IPv4 prefixes only. Use "-v6" for v6 only or "-v4v6" for both: $ whois -h filtergen.level3.net "RIPE::AS51551 -v6" $ whois -h filtergen.level3.net "RIPE::AS51551 -v4v6"
# Use "-cp" to output a Cisco IOS style prefix filter. Use "-le=" to set a maximum size for matching prefixes. $ whois -h filtergen.level3.net "RIPE::AS51551 -cp -le=32"
15:54:45
!
! Cisco prefix list for policy RIPE::AS51551 =
! RIPE::AS51551
!
! Pre-aggregation prefix counts (IPv4,IPv6): 8, 0
ip prefix-list my-prefix-list seq 5 permit 46.16.0.0/21 le 32
ip prefix-list my-prefix-list seq 10 permit 46.183.192.0/21 le 32
ip prefix-list my-prefix-list seq 15 permit 82.203.32.0/19 le 32
ip prefix-list my-prefix-list seq 20 permit 82.203.64.0/18 le 32
ip prefix-list my-prefix-list seq 25 permit 185.26.16.0/22 le 32
ip prefix-list my-prefix-list seq 30 permit 185.137.192.0/22 le 32
ip prefix-list my-prefix-list seq 35 permit 185.137.196.0/22 le 32
ip prefix-list my-prefix-list seq 40 permit 195.190.22.0/24 le 32
ip prefix-list my-prefix-list seq 45 deny 0.0.0.0/0 le 32
# Help is supposedly available via "whois -h filtergen.level3.net help" but doesn't work from my non-Level3 connection?

# What do these two options do?
-recurseok
-warnonly

Misc

iplookup.sh

#!/bin/bash

echo "Seaching for $1"

# Find the RIR for this IP/Block and get the whois output
RIR=`whois -h whois.iana.org $1 | grep whois: | awk {'print $2'}`
if [ "$RIR" == "" ]
then

    #Sometimes need to grep for "refer:" here instead
    RIR=`whois -h whois.iana.org $1 | grep refer: | awk {'print $2'}`
    if [ "$RIR" == "" ]
    then
        echo "Couldn't find RIR"
        exit 1
    fi

fi

echo "RIR: $RIR"
WHOIS_INFO=`whois -h $RIR $1`


# Check if this is a legacy IP assignment
STATUS=`whois -h whois.iana.org $1 | grep status: | awk '{print $2}'`
if [ "$STATUS" == "LEGACY" ]
then
    echo "LEGACY ASSIGNMENT!"
fi

#  A little over the top I guess but the second line of each variable is to strip
#  out surrounding white space so the output is a little neater
range=`echo "$WHOIS_INFO" | grep inetnum: | awk -F ":" '{print $2}'`
range=`echo ${range#"${x%%[![:space:]]*}"}`
org=`echo "$WHOIS_INFO" | grep organisation: | awk -F ":" '{print $2}'`
org=`echo ${org#"${x%%[![:space:]]*}"}`
desc=`echo "$WHOIS_INFO" | grep -m 1 descr: | awk -F ":" '{print $2}'`
desc=`echo ${desc#"${x%%[![:space:]]*}"}`
net=`echo "$WHOIS_INFO" | grep -m 1 netname: | awk -F ":" '{print $2}'`
net=`echo ${net#"${x%%[![:space:]]*}"}`

if [ "$range" == "" ] && [ "$org" == "" ] && [ "$desc" == "" ] && [ "$net" == "" ]
then
    echo "NO INFO FOUND!"
    whois -h whois.iana.org $1 | grep -v ^# | grep -v ^$ | grep -v ^%
    exit 1
fi


echo "IP Range: $range"
echo "Organisation: $org"
echo "Description: $desc"
echo "Network Name: $net"

# Get the origin AS from the RIR
ORIGIN="`echo "$WHOIS_INFO" | grep -m 1 origin: | awk '{print $2}'`"
# Make sure an origin is given in the whois output
if [ "$ORIGIN" == "" ]
then
    echo "No origin in whois record"
    exit 1
fi

echo "Origin: $ORIGIN"


# Also get the AS name from the RIR
ASName=`whois -h $RIR $ORIGIN | grep -m 1 as-name: | awk '{print $2}'`
echo "AS Name: $ASName"

echo "Lookup AS exports? (y to accept)"
read answer
if [ "$answer" = "y" ]
then
    ./aslookup.sh $ORIGIN
fi

 

aslookup.sh

#!/bin/bash

echo "Seaching for $1"

#Sometimes need to grep for "refer:" here instead
RIR=`whois -h whois.iana.org $1 | grep whois: | awk {'print $2'}`
if [ "$RIR" == "" ]
then

    RIR=`whois -h whois.iana.org $1 | grep refer: | awk {'print $2'}`

    if [ "$RIR" == "" ]
    then
        echo "Couldn't find RIR"
        exit 1
    fi

fi

echo "RIR: $RIR"


#Try and grab the name of the AS given
Name=`whois -h $RIR $1 | grep as-name | awk {'print $2'}`
if [ "$Name" = "" ]
then

    #Different whois DBs and their users, use differnt tags
    Name=`whois -h $RIR $1 | grep "ASName:" | awk {'print $2'}`
    if [ "$Name" = "" ]
    then
        Name="Couldn't find name, did you put \"AS1234\" and not just \"1234\"?"
    fi

fi

echo -e "Name: $Name\n"


echo "AS exports:"
#Not everyone reliably publishes their export/import values

ASExports=`whois -h $RIR $1 | grep export | awk {'print $3'}`
if [ `echo "${#ASExports}"` -eq 0 ]
then
        echo "[no exports published in whois info]"
else
    for ASNum in $ASExports
    do
        AS_RIR=`whois -h whois.iana.org $ASNum | grep whois: | awk {'print $2'}`
        ASName=`whois -h $AS_RIR $ASNum | grep "as-name" | awk {'print $2'}`
        if [ "$ASName" = "" ]
        then
             ASName=`whois -h $AS_RIR $ASNum | grep "ASName:" $ASInfo | awk {'print $2'}`
        fi
        echo "$ASNum $ASName"
    done
fi

echo "AS imports:"
ASImports=`whois -h $RIR $1 | grep import | awk {'print $3'}`
if [ `echo "${#ASImports}"` -eq 0 ]
then
        echo "[no imports published in whois info]"
else
    for ASNum in $ASImports
    do
        AS_RIR=`whois -h whois.iana.org $ASNum | grep whois: | awk {'print $2'}`
        ASName=`whois -h $AS_RIR $ASNum | grep "as-name" | awk {'print $2'}`
        if [ "$ASName" = "" ]
        then
             ASName=`whois -h $AS_RIR $ASNum | grep "ASName:" $ASInfo | awk {'print $2'}`
        fi
        echo "$ASNum $ASName"
    done
fi