[sdnog] Can not get the real ASNs using traceroute -a

Patrick Okui pokui at psg.com
Thu Sep 24 13:06:43 SAST 2020 

Hi Sara, good question.

On 24 Sep 2020, at 13:36 EAT, Sara Alamin wrote:

> Hello sdnog community.
> hope you all are safe and well.
>
> Why when I do “traceroute -a”  (-a option means get the ASN  for 
> each hop encountered) I don’t get the real ASNs for each hop? I 
> thought this will check each IP address and which ASN this IP address 
> belongs to, using WHOIS database.
>
>  for example, I’ve done this test from my home’ network using 
> CANAR ISP:
>
>
>  2  [AS37313] 197.254.230.177 (197.254.230.177)  15.779 ms  12.520 ms  
> 16.434 ms

<snip>

>
> why this happen? and how can be fixed?


So as you note, the code just looks at whois _routing_ entries which can 
be missing or even wrong. By looking at the code, it uses whois.radb.net 
by default. If you do a whois lookup using radb you get ….

~~~
~ ❯❯❯ whois -h whois.radb.net 197.254.230.177
route:      197.254.224.0/19
descr:      Proxy-registered route object
origin:     AS37313
mnt-by:     MAINT-AS36994
changed:    ashwin.lalla at vodacom.co.za 20170620  #10:08:17Z
source:     RADB

route:      197.254.224.0/19
descr:      CANAR via EMIX
origin:     AS33788
notify:     noc at emix.net.ae
mnt-by:     MAINT-AS8966
changed:    noc at emix.net.ae 20130919
source:     RADB
~~~

So the code just picks the first proxy object and uses that. I haven’t 
dug into details to figure out why that character from vodacom 
registered that object or why but that’s how the ASNs got into 
traceroute.

It’s a difficult problem to solve because the whois routing database 
typically has wrong (or missing) entries. In those cases traceroute 
output will be wrong. You could file a bug report with traceroute to say 
they should try to pick right objects not proxy ones, but that again 
still depends on what is in the whois database.

Team Cymru do maintain a whois server that tries to get the IP -> ASN 
mapping right (ignoring the proxy objects) but ‘traceroute -A 
whois.cymru.com’ doesn’t seem to be able to parse their output.

~~~
~ ❯❯❯ whois -h whois.cymru.com 197.254.230.177                     
                                                                    ⏎
AS      | IP               | AS Name
33788   | 197.254.230.177  | KANARTEL, SD
~ ❯❯❯
~~~

So you could request for support of the cymru output to the traceroute 
devs or just use other lookup methods when you need ip->name resolution.

--
patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20200924/fbf79589/attachment.html>

More information about the sdnog mailing list