[sdnog] Can not get the real ASNs using traceroute -a
pokui at psg.com
Thu Sep 24 13:06:43 SAST 2020
Hi Sara, good question.
On 24 Sep 2020, at 13:36 EAT, Sara Alamin wrote:
> Hello sdnog community.
> hope you all are safe and well.
> Why when I do “traceroute -a” (-a option means get the ASN for
> each hop encountered) I don’t get the real ASNs for each hop? I
> thought this will check each IP address and which ASN this IP address
> belongs to, using WHOIS database.
> for example, I’ve done this test from my home’ network using
> CANAR ISP:
> 2 [AS37313] 126.96.36.199 (188.8.131.52) 15.779 ms 12.520 ms
> 16.434 ms
> why this happen? and how can be fixed?
So as you note, the code just looks at whois _routing_ entries which can
be missing or even wrong. By looking at the code, it uses whois.radb.net
by default. If you do a whois lookup using radb you get ….
~ ❯❯❯ whois -h whois.radb.net 184.108.40.206
descr: Proxy-registered route object
changed: ashwin.lalla at vodacom.co.za 20170620 #10:08:17Z
descr: CANAR via EMIX
notify: noc at emix.net.ae
changed: noc at emix.net.ae 20130919
So the code just picks the first proxy object and uses that. I haven’t
dug into details to figure out why that character from vodacom
registered that object or why but that’s how the ASNs got into
It’s a difficult problem to solve because the whois routing database
typically has wrong (or missing) entries. In those cases traceroute
output will be wrong. You could file a bug report with traceroute to say
they should try to pick right objects not proxy ones, but that again
still depends on what is in the whois database.
Team Cymru do maintain a whois server that tries to get the IP -> ASN
mapping right (ignoring the proxy objects) but ‘traceroute -A
whois.cymru.com’ doesn’t seem to be able to parse their output.
~ ❯❯❯ whois -h whois.cymru.com 220.127.116.11
AS | IP | AS Name
33788 | 18.104.22.168 | KANARTEL, SD
So you could request for support of the cymru output to the traceroute
devs or just use other lookup methods when you need ip->name resolution.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sdnog