search

Intevation / intelmq-certbund-contact

IntelMQ expert bots to lookup contact information in a database (part of the intelmq-cb-mailgen solution).
GNU Affero General Public License v3.0
3 stars 2 forks source link

Extend RIPE import with route information #15

Open bernhard-herzog opened 3 years ago

bernhard-herzog commented 3 years ago

For the tuency project we want to extend the RIPE importer with routing information so that IP addresses can be mapped to related ASNs. In particular, we want to import the ripe route files (ripe.db.route.gz and ripe.db.route6.gz) which contain a mapping from network addresses to ASNs.

Overview

My plan for implementing this in intelmq-certbund-contact is

Data model

The table for this will likely be the following:

CREATE TABLE route_automatic (
    route_automatic_id SERIAL PRIMARY KEY,
    address CIDR NOT NULL,
    asn BIGINT NOT NULL,
    LIKE automatic_templ INCLUDING ALL,

    UNIQUE (address, asn, import_source)
);

The routing data from RIPE does have cases where an address is associated with multiple ASNs, so the UNIQUE constraint cannot be just (address, import_source) as one might perhaps expect.

Optional route import

Since not all users need the routing information, the actual import is optional and has to be explicitly activated by a command line flag.

The changes to the data model and e.g. the ripe_download script do not have top be optional, though. The ripe.db.inetnum.gz alone is much bigger than the route files so downloading the route files even if they're not needed should not be much of a problem in practice.

Also, having the route_automatic table in all databases makes dealing with future updates easier as there are fewer differences between the installiations that need to be taken into account.

bernhardreiter commented 3 years ago

the actual import is optional and has to be explicitly activated

If we put in the tables in any case, why not make it default to import it and use explicit deactivation?