Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: IP Guide – Info on IP addresses, Networks, and ASNs (ip.guide)
363 points by bswinnerton on Nov 24, 2023 | hide | past | favorite | 99 comments
Hey all, wanted to share my recent weekend hack project. I wanted to improve upon the existing space for looking up information about IP addresses and ASNs.

The backend is written in Rust and pulls BGP data every 8 hours from the RIPE RIS project to build up a routing table and also adds geolocation information. The frontend is using React and Tailwind.

Would love any feedback or suggestions on what to improve.




Feature request for any service like this: Let "me" know if it is a school, so I know that I am probably dealing with minors, a public environment and a firewall. Of course, you need to do the work (rDNS to start) to identify the schools.

I love the speed of the responses!


I work for IPinfo. We have higher level IP category information on our website for free.

We categorize ASN and companies/organizations based on 4 categories: ISP, Education, Hosting and Business. This ASN level categorization are done mainly from WHOIS and other public internet records.

We don't sub-categorize by schools, university, public research institutions, k-12 etc. The reason is accuracy. Even though I can understand the possible methods for doing this, the issue is that it can not be done reliably at scale.

As a data provider, from our end we hope to provide the highest possible accuracy and vouch for the service we provide. For this level of classification, we will generally request users to say what data they need from us, and we try to help them come to a solution that they have to build on their own. They can do whatever classification they want to do based on their personal level of tolerance for accuracy.


IPINFO.io has that info, but I too would like to have this information in a free service.


University's and post secondary educational institutions can have k12 schools attached especially if they study education or are isolated


Seems like schools should opt-in by submitting their IP address/range


Having a simple paragraph about RIPE, BGP and ARIN would be helpful (at least for me).

Is there any way at all to do this for IPv6?

Additional info that would be helpful would be if this is hosted by one of the big tech companies (i.e. is it on AWS, Azure, etc), though maybe that will show up in the network info?

If the IP is associated with hostnames that would be nice to know. Not sure how much of a one-stop shop you want to be :)


> Having a simple paragraph about RIPE, BGP and ARIN would be helpful (at least for me).

That's a great idea. I'll add a tooltip over some of the less obvious fields describing what they are.

> Is there any way at all to do this for IPv6?

Indeed! It's supported natively, so if you have an IPv6 address you should see it automatically. Here's an example <https://ip.guide/2600::>

> If the IP is associated with hostnames that would be nice to know.

I dig that idea, I'll have to think of the best way to pull that data while keeping the app stateless and fast.


> I dig that idea, I'll have to think of the best way to pull that data while keeping the app stateless and fast.

Reverse DNS lookups are usually pretty quick:

```shell

  > time dig +short -x 2600:dead::beef
  customer.my-isp.net.
  dig +short -x 2600:dead::beef  0.00s user 0.01s system 1% cpu 0.882 total
```


This might be useful to review:

https://news.ycombinator.com/formatdoc

"Text after a blank line that is indented by two or more spaces is reproduced verbatim. (This is intended for code.)"


Thanks.

I spend all day writing markdown and fenced blocks with type-hint is muscle memory at this point


Reverse DNS does not give you all the hostnames that can point to a particular IP address though.


Other than brute forcing, I don't think anything does — that's the beauty and the curse of a proper federated system :)


In fact, it might not even give you any names that point to an IP address, since it might be out of sync with the forward system, especially if the records are built by hand.


> Having a simple paragraph about RIPE, BGP and ARIN would be helpful (at least for me).

Same, I've always wondered how do websites like this get their information.


Great feedback, I'll add a little more to the site to describe how it all works. Until then...

At a 30,000ft view, the site works by building an in-memory routing table at boot time that has an entry for every route on the internet and which ASN (autonomous system number) announces it. From there, it stitches together data on the organization that the ASN belongs to, and geolocation data, and then exposes it in the API/UI. Under the hood it's using a treebitmap[1] data structure, which means that it can do _very_ fast lookups when given a particular ip address or ip address range.

Zooming in a little more, the main data source is MRT dumps from the RIPE RIS project[2]. There are a number of routers that RIPE (one of the 5 regional internet registries that hand out ASNs and IPs) that rely on network operators to share their view of every route on the internet. These routers are probably some of the most well-connected routers in the world. For the purposes of this service, MRT dumps are effectively a point-in-time snapshot of the routing table of that router. IP Guide parses that file, rebuilds it in memory, and attaches other relevant data to each IP range (also known as a "prefix").

This allows the service to stay fast and stateless, which was one of the main things I was trying to optimize for when building it.

[1]: https://blog.apnic.net/2021/06/04/storing-and-retrieving-ip-... [2]: https://ris.ripe.net/docs/10_routecollectors.html


Thanks !


Nice,

I currently do "curl ipinfo.io" which returns json, and seems to use a more accurate geo lookup (based on the hotel wifi I'm currently on). It doesn't report the network though, and the ASN is a string of asn and name, no org or country, so that's a bonus.

However

  curl ip.guide
just returns blank (there's a redirect). If you follow the redirect with -L the json isn't pretty-printed.


I work for IPinfo.

>the ASN is a string of asn and name, no org or country

Yeah detailed ASN information on the API level is available on paid tiers.

However, we have a free IP to ASN Country database that is updated daily and provides full accuracy. That database provides ASN, AS organization, and AS domain information.

I think the reason we don't have more ASN details on the API even though we provide more information for free in the database is because of the target audience and usability of the IP metadata.

Our API allows for tokenless API access for up to 1,000 request/day. There is no compromise with data accuracy. The goal is to be generally useful and extremely fast. Detailed ASN information is still freely accessible from the website, though. So, we have to balance out free API, free website information and paid API/database.

I have been reaching out to folks to adopt the free IP to Country ASN database, as it is free to use and provides full accuracy. If anyone wants to build a public API on top of the IPinfo free database that return more ASN information available there, they are more than welcome to that!


> Our API allows for tokenless API access for up to 1,000 request/day.

Thank you for this! Much appreciated!

I am sure there are tons of similar programs, but here is one I wrote:

https://github.com/jftuga/ipinfo

I added on a distance column.

Just yesterday, I added this: brew install jftuga/tap/ipinfo


The pleasure is all ours. Your tool is really awesome. I have bookmarked it. It addresses a very practical questions users have about distance calculation. Now I have the right tool to recommend to users.

Would it be possible to allow access token usage in the tool, please?


Yes. I would accept a PR for this.


Really appreciate it! Thank you very much. I will write a PR ASAP.


You'll have to follow the redirects since the site doesn't support HTTP, but just shipped pretty-printing.


Redirection from http to https is trivial on most http servers (nginx, apache, etc)


From where do you get your geolocation information? I've been using the free MaxMind GeoLite2 databases and the GeoIP2 Python API for this kind of thing, but for a lot of IP addresses that I'd like to map, I can only get down to the country (and even some of those seem suspect).

Is there any rate limit for queries?


To be fair, some IPs simply can't reasonably be mapped beyond the country level (even if MaxMind often tries).

For example in Germany some carriers just give you a random IP from a pool that is used for half the country, and will give you a new IP every 24 hours. How would you geolocate those with a downloadable database.


IP Guide is also using MaxMind, I'm not familiar with many other data sources for that kind of data. Are you seeing discrepancies?

No rate limits or auth for requests, but as mentioned below the api starts to load shed at 2k concurrent requests.


Thanks. Yeah, I was just hoping it might have access to some different data. I've seen no discrepancy. I tried one IP address that I've been trying to map, and I got the same answer.


Their city level data tends to be proprietary so maybe double check you’re ok in your use.


I have yet to see a geo-ip address for my IP that shows me even on the correct side of the country. I wouldn't trust this information as far as you can throw it ... and I've had this IP address for nearly 6 years now.


Can you check IPinfo.io, please? If we are showing any inaccuracy in your IP geolocation data for you, please reach out to us. We will fix that ASAP.


yeah, it's very wrong. Showing "vpn: true" (actually a regular residential connection), wrong city, region, postcode, etc. Just like every other service out there.

I don't see any way to report it though.


That is really surprising. For geolocation correction, we have a self reporting system: ipinfo.io/corrections

I forgot to add the link in my original comment. But as you mentioned we are showing VPN as true, that indicates a very interesting situation. Can you ping our support, please?

https://ipinfo.io/support

If you can also mention that, you came from HN, that will be fantastic. We will open an engineering ticket first thing Monday and look closely into this. The situation is unusual, and I am sorry about the inconvenience.


I'd also suggest filing a correction with MaxMind, which is where most modern geolocation data is derived: https://www.maxmind.com/en/geoip-location-correction.


Isn't there an alternative to MaxMind? Seems like a problem if they're the only useful source and they can change their license/fee to anything they want at any time.


In most cases, their database is entirely free as in free beer. You can't modify and contribute back to it, though (for somewhat obvious reasons). You can download a free local copy and purchase a more advanced version with more information. But if you need a simple lookup, the database is free, excellent, and is updated twice a week.

https://dev.maxmind.com/geoip/geolite2-free-geolocation-data


Submitted a support request. My email address is also in my profile, feel free to reach out directly. I can also open a wireguard configuration for you guys if you want to run some tests. I do see that my ipv6 prefix results in a correct location.


Thank you very much. I really appreciate you opening a ticket. We will look into it and keep you updated.


How big is the MaxMind database ?


About 80mb for the city level one


A few MBs


Nice! I love HTTP APIs like this with simple, user-friendly URLs like `https://${domain}/${query}`. Anyone know of a list of other services like this? wttr.in is one example I know of.


https://ifconfig.me


I made https://api.miip.co but no where near as complex


https://geolocation.microlink.io/


We do it for https://internetdb.shodan.io


https://ipdetective.io


Not exactly HTTP, but dns.toys


Have you thought about offering downloadable versions of to the database through MMDB, CSV, or JSON formats? This would enable users to utilize the database offline, similar to the setup provided by IPinfo.io for their free IP database.


Yeah, if you click on "bulk data" you'll see the two statically hosted CSVs for ASN and IP data. What else would you find useful in those datasets? It's quite easy to expand on them.


I suppose I was overly enthusiastic about the project and overlooked the bulk part . Thank you. Personally, I prefer to use local MMDB versions as they provide faster results and do not require network usage. Having knowledge about whether an IP is a proxy, VPN, data center, etc. is valuable to me, but I understand that it may vary depending on each project's requirements.


Without wishing to gazump on tuga's excellent project, you can get mmdb files for IPs and ASNs free for personal use from https://ipnetdb.com/ that will probably provide the data you want.

(Disclaimer: I work for the company that develops IPNetDB).


Countries.


The country code is the last portion of the networks CSV:

  $ curl -sL ip.guide/bulk/networks.csv | head -n 2
  prefix,asn,organization,country
  1.0.0.0/24,13335,"Cloudflare, Inc.",US


I meant something like de.csv to get a list of IP ranges in Germany.


I love the API and response times! I had a few questions:

Might you open-source this in the future?

Were you already comfortable in Rust or is there a reason you selected Rust for this project i.e performance and so plans to offer this as commercial product?

How often are RIPE info and MaxMind data updated these days or is that the 8 hours?

Thanks for sharing!


> Will this be open-sourced?

I don't think there's a strong reason to keep it closed-source.

> Were you already comfortable in Rust or is there a reason you selected Rust for this project?

This was a big learning opportunity for me to learn Rust. I had done two small projects in Rust before this one.

> How often are RIPE info and MaxMind data updated these days?

The MRT dumps where it gets its BGP data are updated every 8 hours, and MaxMind appears to be updated twice a week.


Nice, I like how simple it is!

I provide a similar service but with more focus on bot/data center/VPN ip addresses.

https://ipdetective.io


Showing the start/ending address as part of the network would be helpful when looking up the network. That would avoid having to pull out a CIDR calculator when using this tool.


Great idea. This is rolling out right now.


Also like https://wasab.is

Yours is very cool by pulling BGP data every 8 hours though!


For some reason this site only sees my ipv4 addy. But ip.guide automatically returns IPv6.


Oh cool! Is this a fork of ifconfig.co?


Yes, seems like it!


I really like the webpage, informative and minimalistic. Can this be used to look up ip's trying to connect to my server, and then ban according to nationality? (As its only for me to connect, however that can be from hotels etc around my country - so a filter on nationality might be the next best thing to a list of IP's).


Great site and product! Congratulations on the launch.

I actually have a use case for this in my product Loginllama. I need to grab information about the IP addresses. I’m currently using a different API but don’t really like the product.

Is it rate limited or have any key authentication? My email is me at joshghent.com if you want to chat about this more.


Go for it! There's no formal rate limiting or auth, but it does start to load shed at 2k concurrent requests. It's stateless, so it's very easy to scale horizontally after that.

LoginLlama looks super helpful, what else would you like to see from IP Guide to help? Would a boolean attribute on whether or not the IP is a known tor exit node be helpful?


Alternatieve, fyi;

  curl -sS https://am.i.mullvad.net/json | jq


This mullvad thing is just another "what is my ip" service. His site lets you download the entire database locally, for free, and without registration.


How is this better than the api at stat.ripe.net?

https://stat.ripe.net/docs/


Very cool project, any plans to release its source ?

also s/Tailscale/Tailwind/


I do that every. single. time.


Love it - bookmarked!


Very nicely done. I like the simplicity of the page and interface.


Here's a powershell command -- let's add it to the docs!

    > (iwr ip.guide).Content | ConvertFrom-Json | Select-Object location


This is neat, Im currently passing some IP addresses to OpenAi for a crude version of this, but will try this out!


Awesome, bookmarked! Would it be possible to list all announced IP ranges for an AS?


Disclaimer: I work at BigDataCloud.

You can try our ASN lookup tool: https://www.bigdatacloud.com/asn-lookup/

It provide wide variety of data objects, and also provide map view where possible to showcase the active region of operation ( its a unique feature of the API), plus heaps of data. You can test the API for free and access all the data objects.

Any doubts or queries, please let me know.


You can use https://bgp.tools for that (e.g. https://bgp.tools/as/200676#prefixes)


Curious, is that your AS?


Yup


Disclaimer I work for IPinfo.

If you can download the free IPinfo IP to ASN database CSV file. You can run the following command to get the IP ranges of an ASN.

```

grep AS19551 asn.csv | ipinfo range2cidr | cut -f1 -d ','

```

You will need to install the IPinfo CLI to convert the IP range to their CIDR equivalent. I believe the range2cidr command is also available as a standalone binary as well.

After that, you might want to aggregate the IP ranges to bigger ranges. I have used this in the past for this:

https://github.com/job/aggregate6


Here's a simpler alternative with IP Guide that doesn't require a CLI:

  curl -sL ip.guide/AS19551 | jq .routes


I didn't know ipinfo had a cli, good to know, i'll have a Look. Thank you!

I'm currently using ipset, that does aggregation if I remember correctly, but aggregate6 looks good!


The CLI has a bunch of features. I highly recommend checking out the `help` output for the CLI. Personally, I use the `grepip`, `bulk`, and `summarize` commands on a daily basis.


Yes! Quite easily, but it requires thinking through the right API design. I'll see if I can work this in this weekend.


In addition to other tools, there's also https://bgp.he.net which has a page for announced prefixes. Sometimes it's useful to use multiple tools, as not everyone will see all announcements or process them the same.


At the moment, https://bgp.tools/ is my favourite goto for ASN/BGP-related information. They operate route collectors on quite a few internet exchanges, collecting BGP routing information from peers connected on those IXes, as well as route servers. They offer near-realtime insight in what prefixes are actually announced/visible, as well as prefixes that have been allocated, but are not announced.

There's even more under the hood, worth checking it out.


I like. I was just looking for an easy way to pull geoip in a bash script.


can you pls elaborate your tech stack and where do host ? 1 .rust ( what server or hand crafted ?)


For the backend, it's written in Rust using a few key crates: axum for the api, bgpkit-parser for parsing the MRT data, and reqwest for fetching data at boot.

The site is hosted on Neptune Networks, another side project of mine for people to learn and experiment with BGP.


feature request: date of cache entry.


It's not available from the API, but there is a "last updated" date when you view it in a browser. It's at most 8 hours old.


Is there a rate limit to the API ?


No rate limits or auth for requests, but as mentioned below the api starts to load shed at 2k concurrent requests.


love this, nice work :) so fast.


Check out http://bgp.tools for an alternative in the area.

Not affiliated, it’s just my current preferred.


My similar take on the idea: https://cloud-ips.s3-us-west-2.amazonaws.com/index.html

I wanted to see if I could do the lookup work client-side, and also include some more metadata about cloud provider's IPs (region, service, etc), not that it's really better, just a toy idea I had.


I go to myip.ms regularly and use the additional info it offers such as owner ip block / ranges, the cidr, and hostname is sometimes helpful.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: