BGP真伪验证

2 条评论 7,643 人阅读

在这个概念为王,一切靠炒的年代,“双线BGP接入”的IDC机房已经不多了,取而代之的是六线八线接入BGP。那么怎么样才能知道机房宣传的真伪呢?
我们可以通过其IP和AS号归属很简单的对比出来。现在拿阿里云来举个板栗。
最先把需要的工具装好
yum install jwhois traceroute -y

通过traceroute命令查询IP对应的AS号:

traceroute -A www.aliyun.com
traceroute to www.aliyun.com (140.205.34.13), 30 hops max, 60 byte packets
 1  116.238.48.1 (116.238.48.1) [AS4812]  22.628 ms  22.795 ms  22.781 ms
 2  124.74.217.153 (124.74.217.153) [AS4812]  7.497 ms 124.74.217.157 (124.74.217.157) [AS4812]  4.697 ms 124.74.217.153 (124.74.217.153) [AS4812]  7.863 ms
 3  101.95.207.242 (101.95.207.242) [AS4812]  8.657 ms *  8.586 ms
 4  101.95.208.6 (101.95.208.6) [AS4812]  8.138 ms * 101.95.208.86 (101.95.208.86) [AS4812]  6.654 ms
 5  180.163.38.30 (180.163.38.30) [AS4812]  5.546 ms  5.932 ms 180.163.38.82 (180.163.38.82) [AS4812]  4.951 ms
 6  * * *
 7  116.251.66.21 (116.251.66.21) [AS45102]  174.297 ms * 116.251.66.29 (116.251.66.29) [AS45102]  193.299 ms

此时,我们拿到阿里云的一个AS号45102.

然后,我们通过whois命令查询IP归属。(whois命令在国内的机器上无效,无法连接whois.radb.net)

 whois 116.251.66.21
[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '116.251.64.0 - 116.251.127.255'

inetnum:        116.251.64.0 - 116.251.127.255
netname:        Taobao
descr:          Zhejiang Taobao Network Co.,Ltd
descr:          2nd floor, Westlake International technology Building
descr:          391Wener Road, Hangzhou, China
country:        CN
admin-c:        ZM678-AP
tech-c:         ZM877-AP
tech-c:         ZM876-AP
mnt-by:         MAINT-CNNIC-AP
mnt-lower:      MAINT-CNNIC-AP
mnt-routes:     MAINT-CNNIC-AP
mnt-irt:        IRT-CNNIC-CN
status:         ALLOCATED PORTABLE
changed:        hm-changed@apnic.net 20110121
source:         APNIC

irt:            IRT-CNNIC-CN
address:        Beijing, China
e-mail:         ipas@cnnic.cn
abuse-mailbox:  ipas@cnnic.cn
admin-c:        IP50-AP
tech-c:         IP50-AP
auth:           # Filtered
remarks:        Please note that CNNIC is not an ISP and is not
remarks:        empowered to investigate complaints of network abuse.
remarks:        Please contact the tech-c or admin-c of the network.
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.cn 20110428
source:         APNIC

person:         Shuo Yu
address:        5F, Builing D, the West Lake International Plaza of S&T
address:        No.391 Wen'er Road, Hangzhou City
address:        Zhejiang, China, 310099
country:        CN
phone:          +86-0571-85022600
fax-no:         +86-0571-85022600
e-mail:         shuo.yus@alibaba-inc.com
e-mail:         shuo.yus@aliyun-inc.com
nic-hdl:        ZM678-AP
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.net 20110614
source:         APNIC

person:         security trouble
e-mail:         cloud-cc-sqcloud@list.alibaba-inc.com
address:        5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen’er Road
address:        Hangzhou, Zhejiang, China
phone:          +86-0571-85022600
country:        CN
mnt-by:         MAINT-CNNIC-AP
nic-hdl:        ZM876-AP
changed:        ipas@cnnic.cn 20130708
source:         APNIC

person:         Guowei Pan
address:        5F, Builing D, the West Lake International Plaza of S&T
address:        No.391 Wen'er Road, Hangzhou City
address:        Zhejiang, China, 310099
country:        CN
phone:          +86-0571-85022088-30763
fax-no:         +86-0571-85022600
e-mail:         guowei.pangw@alibaba-inc.com
nic-hdl:        ZM877-AP
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.net 20130709
source:         APNIC

% Information related to '116.251.64.0/18AS37963'

route:          116.251.64.0/18
descr:          Addresses from CNNIC
country:        CN
origin:         AS37963
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.cn 20160720
source:         APNIC

% Information related to '116.251.64.0/18AS45102'

route:          116.251.64.0/18
descr:          Zhejiang Taobao Network Co.,Ltd
country:        CN
origin:         AS45102
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.net.cn 20140319
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

再通过whois命令查询AS号归属

 whois as45102
[Querying whois.radb.net]
[whois.radb.net]
aut-num:        AS45102
as-name:        CNNIC-ALIBABA-CN-NET-AP
descr:          Alibaba (China) Technology Co., Ltd.
descr:          East Software Park, 99 Huaxing Rd. Hangzhou, China
country:        CN
import:         from AS4837
                action pref=100;
                accept ANY
import:         from AS4134
                action pref=100;
                accept ANY
import:         from AS37963
                action pref=100;
                accept ANY
export:         to AS4837
                announce  AS45102
export:         to AS4134
                announce  AS45102
export:         to AS37963
                announce  AS45102
admin-c:        ZM678-AP
tech-c:         ZM877-AP
tech-c:         ZM876-AP
mnt-routes:     MAINT-CNNIC-AP
mnt-by:         MAINT-CNNIC-AP
mnt-irt:        IRT-CNNIC-CN
changed:        ipas@cnnic.net.cn 20090831
source:         APNIC

对比两次whois结果,我们可以确认,这个IP和AS是同属阿里云所有,而且这个AS和4837(联通)、4134(电信)、37963(杭州阿里)三个AS建立了BGP连接。

最后,提供一个简单的方法来确认机房是不是多线BGP,拿到机房提供的测试机器后,直接用curl命令。

[root@disz ~]# curl ip.gs
当前 IP:120.77.153.122 来自:中国广东深圳 阿里云/电信/联通/移动/铁通/教育网

原创文章,转载请注明: 转载自笛声

本文链接地址: BGP真伪验证

2 条评论

  • 西枫里博客 2018年1月22日 回复

    第二个简便方法的结果是:no route to host 尴尬~

    • dige 2018年1月22日 回复 作者

      那是他人运营的一个网站,现在撤了。。

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

Copyright © 2015-2024 笛声博客 All Rights Reserved     浙ICP备15036123号-1