This article describes my first ASN and IPv6 address block.
WARNING: All information in this article may be out of date. Therefore, you should not use this as official documentation, but only as a reference. To ensure accuracy, please check the date of the last update.
I came across an article[1] on another blogger's website in 2021 that inspired me to get my own ASN and IP address block. However, due to heavy school workload and DSE, I didn't have enough time to explore the topic at that time. Finally, in March 2023, I was able to achieve my goal. I want to thank those bloggers who wrote articles detailing the necessary steps and procedures that helped me accomplish this (links are provided in the footnote below).
Introduction
To get started, we must first understand the concepts behind all of this. Here are a few main keywords that we should be familiar with. You can also take a look at the useful links provided below[2].
However, if you are already familiar with all networking concepts, you may choose to skip the following information.
What is IPv6? What differes from IPv4?
IPv6 or IP version 6 is the next generation Internet protocol which will eventually replace the current protocol IPv4.
The primary difference is that IPv6 uses 128 bit addresses as compared to the 32 bit addresses used with IPv4. This means that there are more available IP addresses using IPv6 than are available with IPv4 alone.
For a very clear comparison, in IPv4 there is a total of 4,294,967,296 IP addresses. With IPv6, there is a total of 18,446,744,073,709,551,616 IP addresses in a single /64 allocation.
IPv4 vs IPv6 - Chiu Yau | This is Chiu Yau.
What is BGP?
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator.
BGP used for routing within an autonomous system is called Interior Border Gateway Protocol, Internal BGP (iBGP). In contrast, the Internet application of the protocol is called Exterior Border Gateway Protocol, External BGP (eBGP).
Border Gateway Protocol - Wikipedia
Routing
Routing is the process of selecting a path for traffic in a network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched telephone network (PSTN), and computer networks, such as the Internet.
In packet switching networks, routing is the higher-level decision making that directs network packets from their source toward their destination through intermediate network nodes by specific packet forwarding mechanisms. Packet forwarding is the transit of network packets from one network interface to another. Intermediate nodes are typically network hardware devices such as routers, gateways, firewalls, or switches. General-purpose computers also forward packets and perform routing, although they have no specially optimized hardware for the task.
The routing process usually directs forwarding on the basis of routing tables. Routing tables maintain a record of the routes to various network destinations. Routing tables may be specified by an administrator, learned by observing network traffic or built with the assistance of routing protocols.
Routing, in a narrower sense of the term, often refers to IP routing and is contrasted with bridging. IP routing assumes that network addresses are structured and that similar addresses imply proximity within the network. Structured addresses allow a single routing table entry to represent the route to a group of devices. In large networks, structured addressing (routing, in the narrow sense) outperforms unstructured addressing (bridging). Routing has become the dominant form of addressing on the Internet. Bridging is still widely used within local area networks.
Routing - Wikipedia
Route filtering
Route filtering is the process by which certain routes are not considered for inclusion in the local route database, or not advertised to one's neighbours. Route filtering is particularly important for the Border Gateway Protocol on the global Internet, where it is used for a variety of reasons. One way of doing route filtering with external-resources in practice is using Routing Policy Specification Language in combination with Internet Routing Registry databases.
Route filtering - Wikipedia
What is AS?
An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Local Internet Registries (LIRs) and end user organizations by their respective Regional Internet Registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use (and should therefore not be announced to the global Internet).
Autonomous system (Internet) - Wikipedia
Default-free zone
Default-free zone (DFZ) is the collection of all Internet autonomous systems (AS) that do not require a default route to route a packet to any destination. Conceptually, DFZ routers have a "complete" Border Gateway Protocol table, sometimes referred to as the Internet routing table, global routing table or global BGP table. However, internet routing changes rapidly and the widespread use of route filtering ensures that no router has a complete view of all routes. Any routing table created would look different from the perspective of different routers, even if a stable view could be achieved.
Default-free zone - Wikipedia
Register ASN
To register an ASN, you will need to work with either a Regional Internet Registry (RIR) or a Local Internet Registry (LIR).
What is RIR?
A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers.
The regional Internet registry system evolved, eventually dividing the responsibility for management to a registry for each of five regions of the world. The regional Internet registries are informally liaised through the unincorporated Number Resource Organization (NRO), which is a coordinating body to act on matters of global importance.
Regional Internet registry - Wikipedia
All RIR on the planet:
- AFRINIC (African Network Information Centre)
- APNIC (Asia Pacific Network Information Centre)
- ARIN (American Registry for Internet Numbers)
- LACNIC (Latin America and Caribbean Network Information Centre)
- RIPE NCC (Réseaux IP Européens Network Coordination Centre)
What is LIR?
A local Internet registry (LIR) is an organization that has been allocated a block of IP addresses by a RIR, and that assigns most parts of this block to its own customers. Most LIRs are Internet service providers, enterprises, or academic institutions. Membership in a regional Internet registry is required to become a LIR.
Regional Internet registry - Wikipedia
There are too many LIRs allocated by various RIRs, it is not possible to list all of them in this article.
What is the difference between RIRs and LIRs? Which one should I choose?
Regional Internet Registries (RIRs) are responsible for allocating IP address space and managing the network resources across whole continents or regions. However, due to the immense scale, it's challenging for an RIR to manage network allocation comprehensively and accurately in every corner of their respective territory. Consequently, Local Internet Registries (LIRs) are established by RIRs to assist in managing network allocation, thereby distributing the workload.
RIRs can be thought of as government-issued and permitted network allocation organizations, whereas LIRs are typically commercial network service companies or organizations.
To conduct any business with an RIR, you will need to become a member and pay a membership fee. The fee is typically around 1000 USD per year, although it may vary depending on the specific RIR. In addition, you will need to provide documentation such as company registration, financial reports, technical overviews, and validation of your ability to manage IP addresses, even if you don't have any IP address block resources yet.
For SMEs and individuals, working with an LIR may be the best option, as the requirements are typically less strict and the costs are lower than those associated with working directly with an RIR. In addition to providing ASN registration services, an LIR can also offer IP address block rental services. The cost of these services can vary widely depending on the region and your specific needs. Here is a link to a forum where LIRs provide different price quotes.
What information do I need to provide during the ASN registration with an LIR?
For individuals:
- Identity proof [Not disclosed]
- Note: Age below 18 will need guradian passport and signed aggrement. (depends on LIR)
- Personal information (Physical address, Email, Phone number) [Public]
- Emails (Contact, NOC, Abuse) [Public]
For companies:
- Company registration documents (official issued by the country that company is in) [Not disclosed]
- Company name [Public, for sure]
- Company address [Public]
- Company email [Public]
- Company contact person [Public]
- Personal information (Physical address, Email, Phone number) [Public]
- Emails (Contact, NOC, Abuse) [Public]
Choose a LIR
You should find the closest LIR to where you live or where your company operates. For example, if you live in Hong Kong, you should look for an LIR that is allocated by APNIC or is a member of APNIC.
However, it is recommended to work with an LIR that is allocated by RIPE NCC (Réseaux IP Européens Network Coordination Centre). This is because before and after the ASN registration, it is easier to manage database objects and IP address resources through the RIPE Database. With other RIRs, if you need to change any information, you may need to send them an email and wait for the changes to become effective.
In this article, we will use RIPE NCC as an example, as it is the organization that I have experience working with.
RIPE NCC
If you are registering for an ASN as an individual, the ASN name will typically be your own name.
If you prefer not to use your own name as the ASN name, you may need to register a company and use the company name instead. You should explore the process for registering a company in your location to find out more
In addition, you will need to provide proof that you have internet service provision in Europe. This can usually be demonstrated by having a VPS (Virtual Private Server) located in Europe and providing the invoice to the LIR. Note that the invoice must show the region and country where the VPS is located.
If you have met the requirements mentioned above, you are now ready to proceed to the next part.
Register RIPE account and related steps:
Object - person and maintainer pair
- RIPE NCC registration: https://access.ripe.net/registration
- Create database objects
- Confirm your email address, and login, then go to the homepage, click My Resources.
- Select "role and maintainer"
Direct link: Webupdates — RIPE Network Coordination Centre - Switch to person
- Fill in the blanks, you can click on the "?" to learn what you should fill in.
- mntner: Maintainer identifier, recommended format [YOURNAME]-MNT, i.e.: CHIUYAU-MNT
- role: Maintain name, Full name or whatever you like.
- address: Contact address
- phone: Phone number, format: +[countryCode].[number]
- After submit, you should get something like this:
The identifiers framed in red would be frequently used later on, capture or save this page can save you lot of time. - The object <person and maintainer pair> has been successfully created so far, next, let's create object <role>.
Object - role
- Create role object.
- Fill in the required blanks.
- role: same as the role as what you filled in the latter part (role and maintainer) object.
- address: same as the address as what you filled in the latter part (role and maintainer) object.
- email: Contact person email.
- nic-hdl: leave it as default.
- Before you submit, click on the "+" button next to e-mail:
- Add <abuse-mailbox> attribute to the object <role>:
- Finally, we have something like this:
- If you have something like I do, then click submit.
- Done. Remember to make a screenshot, these identifiers can be useful when you have to provide them to the LIR.
- <role>-<nic-hdl> = abuse-c
Object - organisation
- Create an Object --> select <organisation>
- Fill in the blanks, please be careful when filling this form.
- organisation: leave it as default.
- org-name: enter your name / your organisation(business) name, click "?" to see required format.
- org-type: remain unchanged.
- address: For natural person, fill in your address. For business/organisation: fill in your office address that appears on official documents related to your organisation.
- e-mail: your email.
- abuse-c: back to the last step of creating object <role>, the value of <nic-hdl> is what you need as mentioned above. Additionally, when entering your abuse email, you can simply use the same email address you provided earlier. The field will automatically search for a result in the RIPE database, so it's important to make sure that the search result accurately matches your abuse email. It is not recommended to manually enter the email address.
- mnt-ref: back to the last step of creating object <person and maintainer pair>, the identifiers of maintainer is what you need. It should be like : *****-MNT, i.e., CHIUYAU-MNT.
**Note that: It is possibly the LIR will ask you to fill their MNT identifier into this blank, you can type it here. Or, you can change it later when it is required.
- Clikc submit. You should see something like this:
Congratulations, you have successfully created all the required objects in the RIPE NCC database. It is important to save screenshots or record these identifiers for future reference. However, if you forget, you can still retrieve them by querying the RIPE NCC database.
Find and buy LIR services for ASN registration
You can LIR by searching keywords like <LIR>, <ASN register>, etc. on Google to find them.
Here is a provided link to some LIR service providers posting their pricing on a forum's thread, you can take a look.
Please be cautious of potential scams and fraudulent activities when working with providers mentioned in the above link. I cannot be held responsible for any issues that may arise from your interactions with these providers.
After purchasing LIR services, the provider will contact you to request required information, such as the RIPE NCC object identifiers or your personal details. It is normal for them to ask for identity proof, as this information needs to be given to the RIPE NCC and will not be disclosed publicly. However, it's important to be cautious of potential scammers who may use this as an opportunity to steal your personal information.
What's Next? What do I do after I have an ASN?
After providing you with your ASN, the LIR will usually offer some recommended documentation that provides step-by-step guidance. However, it's important to note that not all documentation is well-written and easy to understand. In addition to checking out the LIR's recommended links and documentation, you can also reach out to the communities listed below for further assistance:
Route48.org Discord
PeeringDB.com
Many providers use automated filtering based on information from PeeringDB pages. To avoid routing issues with these providers, it is important to register your ASN/Org on PeeringDB and keep the information up to date.
Go to PeeringDB.com, register an account and associate with your organization and ASN.
After you created an account and confirmed your email address associated with your account, you will see:
If the ASN's contact email matches with your registration email of PeeringDB, it will automatically approved your affiliations with your ASN and organization.
Next, click on the top right corner, then you can see your organization. Click it to update and modify it.
Footnote:
[1]
- 年轻人的第一个私人BGP(一) - 注册一个ASN | LovelyWei's 废纸篓 (hex.moe)
- 年轻人的第一个私人BGP(二) - 广播你的IP | LovelyWei's 废纸篓 (hex.moe)
- BGP (2) 在 Vultr 和 HE 使用自己的 IPV6 地址 - 131's Blog (yuzu.im)
- 年轻人的第一个 ASN - 宝硕博客 (baoshuo.ren)
- 初探 DN42 网络 - 宝硕博客 (baoshuo.ren)
[2]
- IPV6 to Binary Calculator (easycalculation.com)
- 矢澤にこ (ni-co.moe)
- IP广播: 在不借助你的ISP进行任何操作的情况下,广播(组播)你的IPv6 - 矢澤にこ (ni-co.moe)
- IP广播: 广播前的准备 - 矢澤にこ (ni-co.moe)
- IP 广播: 使用bird广播(组播)ipv6 - 矢澤にこ (ni-co.moe)
- Documenting IPv6 Assignments in the RIPE Database — RIPE Network Coordination Centre
- Hurricane Electric BGP Toolkit (he.net)
- RIPE Network Coordination Centre
- Baoshuo Network - Baoshuo (@renbaoshuo)
- BGP_example_1 · Wiki · labs / BIRD Internet Routing Daemon · GitLab (nic.cz)
- IPv6 Ping | IPv6 Now
- TraceRoute查询_专业精准的IP库服务商_IPIP
空空如也!