An Autonomous Systems Number (ASN) is a unique number assigned to an Autonomous System (AS). ASN data is stored by Regional Internet Registries (RIRs). Usually, this data is used to look up where to route traffic to the correct network, for instance with the BGP protocol. However, ASN data also provides valuable information that is used to identify the organization controlling a set of IP addresses.
There are currently about 89,000 ASNs, managing over 217,000 IPv4 prefixes and 53,000 IPv6 prefixes.
What organizations use ASNs?
Internet Service Providers
The most well-known users of ASNs are Internet Service Providers (ISPs), such as AT&T, Free, Orange, SFR or Telefónica. They own blocks of IP addresses allocated by RIRs, which they then allocate to individual users. For instance, your home Internet's IP address is part of a larger block of IPs. Concretely, customers from the French ISP SFR have an IP within the ASN 8228, which has a route, or CIDR block, of 78.112.0.0/12, meaning the IPs range from 78.112.0.0 to 78.127.255.255.
Hosting Providers
Hosting Providers, such as AWS, Azure, Google Cloud, and Oracle Cloud, need a lot of IP addresses for allocation to their customer's servers and services. When you launch a server with a public IP, just like your home Internet box, the server is given an IP address from a larger pool. AWS is such a large provider that, based on their public list of IP ranges manages about 110M addresses, which is approximately 3% of the total IPv4 addressing space.
And many more!
The list of organizations who use ASNs could go on for ages. Anyone who needs a large block of IP addresses could use them. Other notable organizations include Apple, Cloudflare or Netflix, but they're also used by smaller companies to keep all their office networks within the same IP range, which can help with security.
Why are ASNs useful?
ASNs are essential to the operation of the Internet, but most people don't need to understand how internals work. However, ASNs can still be incredibly useful as they associate a block of IP addresses with an organization, which means we can look up organization information by IP address.
Who is accessing my website?
One of the most common use case for ASN data is to find out where your visitors are coming from. Along with geolocation data, many popular analytics tools will show which ISP or organizations are accessing your website. This kind of information is powered by ASN data.
Could this IP address be malicious?
ASN data also helps to identify malicious IP addresses. For example, if there is an abnormally high number of login attempts, we can look up data about the IP addresses making those requests. If the IPs are from ASNs associated with hosting providers, they're likely trying to gain access to your users' accounts! Additional information, such as Ipregistry's threat API and location data can further help.
Who is serving this website?
Using a DNS lookup, you can find the IP addresses serving a given website. This can help to find the hosting provider and might indicate if the site is malicious. The IP addresses can be found using an online tool, like dnslookup.org or the dig command on Unix systems, for example, dig +short ipregistry.co.
How can I look up ASNs?
There are many different ways to look up ASN data by IP address. We will explore 5 different options, each with different pros and cons. To give a consistent example, we will be testing an IP address associated with the domain cloudflare.com, namely 104.16.132.229.
Whois
Whois is a utility tool which can look up the data associated with a domain or IP address. It can be used on the command line in Unix or Windows-based systems.
$ whois 104.16.132.229
NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://rdap.arin.net/registry/ip/104.16.0.0
OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2019-09-25
...By default, your whois request will reach IANA to find which RIR to query for detailed information. In the case of Cloudflare, it uses ARIN. Based on the response, we can immediately see that Cloudflare owns the IP address, and has done since 2010.
The ASN associated with the IP is after OriginAS, namely AS13335.
Cymru
Cymru provides an easy-to-use whois compatible API. This means you can switch the whois host to whois.cymru.com and use it to look up any IP addresses.
$ whois -h whois.cymru.com 104.16.132.229
AS | IP | AS Name
13335 | 104.16.132.229 | CLOUDFLARENET, USThe output is short and structured. Unfortunately, it is very limited and missing a lot of useful information. Let's look at PeeringDB and CAIDA to enrich the data.
PeeringDB
PeeringDB is the go-to solution for ASN-owners to decide which ASNs to peer with. When an ASN is peered with another, it allows both networks to exchange traffic between each other. In Cloudflare's case, they encourage ISPs to peer with them to deliver Cloudflare content directly to customers. For our use-case, this means they have a very detailed database of the organizations that operate each ASN, along with their relationships with each other.
PeeringDB has no functionality to look up ASN data by IP address, but as we already know the ASN for 104.16.132.229 is 13335, you can look up all the peering information about this IP at https://www.peeringdb.com/asn/13335. PeeringDB also provides an API. This way you can access this data programmatically. Unfortunately, there is no dedicated ASN API. First, you will need to find out the Network ID, which can only be found by searching for the ASN:
$ curl --write-out "%{redirect_url}\n" "https://www.peeringdb.com/search?q=AS13335"
https://www.peeringdb.com/net/4224You can then add /api to the start of the URL path to get the JSON API endpoint:
$ curl https://www.peeringdb.com/api/net/4224
{"data": [{"id": 4224, "org_id": 4715, "org": {"id": 4715, "name": "Cloudflare", "website": "https://www.cloudflare.com/", ...CAIDA
CAIDA provides a few tools and services associated with IP addresses, BGP and ASN data. AS Rank is the most relevant for this article. It's a tool that allows searching by ASN and to rank them by the number of IPs that can be reached by following customer links.
Like PeeringDB, we can't search by IP address, but we can do a search by ASN. The results for AS13335 show it, at the time of writing, to be ranked 520. The top ranked ASN is 3356, owned by Level 3, which is connected to about 75% of all IPs.
AS Rank’s data is available via an API supporting GraphQL and REST, thus allowing flexible queries. The REST API returns all their data associated with an ASN with a simple GET request.
$ curl https://api.asrank.caida.org/v2/restful/asns/13335{
"data": {
"asn": {
"rank": 520,
"asn": "13335",
"asnName": "CLOUDFLARENET",
"source": "ARIN",
"cliqueMember": true,
"seen": true,
"ixp": null,
"longitude": -119.804888133626,
"latitude": 41.8345179323921,
"organization": {
"orgId": "e62eae750a"
},
"cone": {
"numberAsns": 66,
"numberPrefixes": 3082,
"numberAddresses": 8383233
},
"country": {
"iso": "US"
},
"asnDegree": {
"total": 548,
"customer": 65,
"peer": 373,
"provider": 110
}
}
}
}Ipregistry
The Ipregistry ASN API is easy-to-use and works with a simple HTTP request. You can look up a huge amount of information associated with an IP address, and it even enriches the ASN data with a usage type, helping to understand whether the ASN is allocated to an organization, ISP, hosting provider, or something else.
Using the Cloudflare IP from the beginning, a request would look as follows:
curl https://api.ipregistry.co/104.16.132.229?fields=connection&key=YOUR_API_KEY{
"connection": {
"asn": 13335,
"domain": "cloudflare.com",
"organization": "CloudFlare Inc.",
"route": "104.16.128.0/20",
"type": "cdn"
}
}The benefit of using the Ipregistry's API is that you can retrieve ASN data along with location data, security data, and more in a single request that is affordable.
Conclusions
ASN data is essential for the Internet to work, but most people have no idea about BGP routing, ASN, or RIRs. Despite their obscurity, ASN data has great value. It helps identify the organization associated with an IP address, showing where website traffic is coming from and helping to identify malicious traffic. There are many tools and providers to look up ASN data, each with its own pros and cons. As a consequence, it is recommended to try out the options and to choose the solution that best fits your needs. We are confident you will love Ipregistry!