IP to ASN Mapping: Technical Deep Dive into Geolocation and BGP Routing Data


2 views

At the core of internet routing lies the Border Gateway Protocol (BGP), which maintains the mapping between IP address blocks and Autonomous System Numbers (ASNs). Each ASN represents an independent network under single administrative control, typically belonging to ISPs, large enterprises, or cloud providers.

Several authoritative databases maintain this mapping information:

  • Internet Routing Registries (IRRs): Distributed databases containing routing policies
  • Route Views Project: Collects BGP routing tables from multiple vantage points
  • RIPE NCC: Maintains WHOIS data for European networks
  • ARIN: Handles North American IP allocations

Here's a Python example using the MaxMind GeoLite2 ASN database:


import maxminddb

with maxminddb.open_database('GeoLite2-ASN.mmdb') as reader:
    result = reader.get('8.8.8.8')
    print(f"ASN: {result['autonomous_system_number']}")
    print(f"Organization: {result['autonomous_system_organization']}")

While ASNs don't directly contain geographic information, these methods help determine approximate locations:

  • WHOIS registry data often includes address information
  • Network latency measurements from multiple points
  • DNS LOC records (rarely used)
  • Commercial geolocation databases

Developers working with network applications frequently use IP-ASN mapping for:

  • Content delivery network optimizations
  • Fraud detection systems
  • Network traffic analysis
  • Compliance with geographic restrictions

For real-time BGP route information, you can query looking glass servers:


import requests

def query_looking_glass(ip):
    url = f"https://lg.example.com/api?query={ip}"
    response = requests.get(url)
    return response.json()

result = query_looking_glass('1.1.1.1')
print(f"AS Path: {result['as_path']}")

At the internet's core, IP addresses map to Autonomous System Numbers (ASNs) through Border Gateway Protocol (BGP) routing tables. These mappings form the backbone of internet routing, where each ASN represents a network under single administrative control (typically an ISP, cloud provider, or large organization).

Three authoritative databases maintain IP-to-ASN mappings:

  • IANA: Assigns ASN blocks (16-bit and 32-bit)
  • RIRs (ARIN, RIPE, APNIC, etc.): Regional allocations
  • BGP Route Views: Real-world routing data

Here's Python code using the pyasn library with a precompiled ASN database:

import pyasn

# Initialize with downloaded ASN database
asndb = pyasn.pyasn('ipasn_db.dat')

# Single IP lookup
ip = '8.8.8.8'
asn, prefix = asndb.lookup(ip)
print(f"IP {ip} belongs to AS{asn} (prefix: {prefix})")

# Bulk lookup
ips = ['1.1.1.1', '9.9.9.9', '142.250.190.46']
results = [(ip, *asndb.lookup(ip)) for ip in ips]

While ASN-to-location mapping isn't standardized, these methods are commonly used:

  1. WHOIS records (often contains organization address)
  2. MaxMind GeoLite2 ASN database
  3. RIR registration data

Using bgpq3 CLI tool to query ASN prefixes:

# Install on Ubuntu
sudo apt install bgpq3

# Query AS15169 (Google)
bgpq3 -l google_v4 -4 -A -m 24 AS15169
# Outputs Cisco-style prefix list for AS15169's IPv4 /24 blocks

For teams preferring API services:

import requests

def get_asn_info(ip):
    response = requests.get(f"https://api.iptoasn.com/v1/as/ip/{ip}")
    return response.json()

# Example usage
print(get_asn_info('13.107.42.12'))  # Microsoft Azure IP