While doing research for a project, I had a need to understand a bit deeper how Internet Protocol (IP) addresses are routed on the world-wide Internet. The need came because I was running software that was interacting, over the Internet, with hosts that I didn’t know a priori, and weren’t using a protocol that securely mapped the remote hosts to some accredited business. An example of such a protocol is the secure hypertext transfer protocol (HTTPS) in which the remote host is validated securely to be the text name that you see in the browser address bar (e.g. https://www.wikipedia.com ).  So to who was my computer connecting and who was connecting to my computer in the absence of using such a secure protocol?

There are just north of 4 billion IP addresses in the version 4 of the Internet Protocol.  These addresses are contained within exactly one (at a given time), Autonomous System (AS) across the world.  An Autonomous System is a network managed by a given organization (business, government, education, etc) that contains within it a set of IP addresses. An AS communicates with other AS’s in the world essentially telling them “if you need to route any Internet traffic to any of these IP addresses, send them to the following servers”.  These “following servers” are servers maintained by that AS which will then route the traffic to the destination nodes with the AS.  This mechanism is the basic glue that puts the “inter” in the Internet; that is, it glues a set of independently managed and operated networks across the world.

There are around 50K AS’s in the world today.  These AS’s themselves are contained logically within, and managed by, five Regional Internet Registries (RIR’s). A RIR is an human-based organization that organizes and manage a set of IP addresses for a given region of the world.  These five RIR’s cover the entire world.  Here is a nice visual representation, along with links to the home pages of each of the RIR’s: https://www.arin.net/knowledge/rirs.html .  Here is another view which maps a country to RIR directly: https://www.nro.net/about-the-nro/list-of-country-codes-and-rirs-ordered-by-country-code/ .   Finally, this following list appears to the list of current known AS’s: ftp://ftp.arin.net/info/asn.txt , though I’m skeptical because it only lists around 26K entries.

Wrapping this up, if you want to run your own Internet Service Provider, you need to buy a set of publicly routable IP addresses (I hear the current price is around $13 each), go to your local RIR to request a AS number, and then start publishing to other AS routers where to route your newly-purchased IP addresses.

Now, back to my problem at hand. I have a collection of IP addresses about which I’d like to know more information.  I figured the first thing that would be helpful is from what AS do they originate.   The Americas-based RIR (ARIN) has a nice website that answers some of this, including the contact information associated with AS, for example, http://whois.arin.net/rest/ip/162.244.138.1

For interested readers, click on https://www.google.com/#q=ip+address to find the IP address that your computer is currently using to communicate and then try the whois.arin.net site above to find the AS that is currently managing that IP address.  You should see the business information of whomever you purchase your Internet service.  The query is a bit more informative when using an Internet service in an unknown place (i.e. a hotel in a remote land).

Now, for IP addresses that aren’t managed by ARIN (say 91.236.24.139, which is currently not managed via an AS within ARIN), notice that ARIN simply says the RIR that is managing it.  So, I’ve found I then need to go that RIR’s website to make the query.  Finally, there is a very handy Unix-based utility whois that does the same query.  So, whois 91.236.24.139 returns the business name and AS information when available.

I’ll wrap this post up with saying that I haven’t found a consistent way to get the AS of an IP address when the RIR is not ARIN.  In particular, a number of queries in the RIPE database (the RIR for Europe, Russia, Middle East) don’t always return the AS from whois or first level web queries, though sometimes it does. I leave it for a future project to find such a reliable mechanism.  For now, using the whois and then following up with more direct RIR queries gets me the data for which I’m looking.