How to Register an ASN and Announce IPs

1. Basic Concepts

RIR: Regional Internet Registry

The allocation of ASN numbers and IP address resources follows a strict international management mechanism. Global internet resources are managed by five major Regional Internet Registries (RIRs):

AFRINIC: Responsible for the Africa region
ARIN: Responsible for the North America region
LACNIC: Responsible for the Latin America and Caribbean region
RIPE NCC: Responsible for Europe, the Middle East, and Central Asia
APNIC: Responsible for the Asia-Pacific region

LIR: Local Internet Registry

It is important to note that RIRs do not provide services directly to end-users but allocate resources through Local Internet Registries (LIRs). As member organizations of an RIR, LIRs must pay corresponding annual membership fees to maintain their status, which is generally not economical for individual users.

When choosing an RIR, RIPE NCC is widely recommended, mainly based on the following three considerations:

Cost-effectiveness: RIPE NCC's registration fees are relatively reasonable. In comparison, APNIC's basic fees are about 30% higher, and there are additional administrative costs.
System convenience: RIPE NCC provides a comprehensive online management system, allowing users to independently check progress, modify configurations, and perform other operations. Some of APNIC's processes still rely on email communication, which is relatively less efficient.
Policy stability: RIPE NCC's policy adjustments are moderate and predictable, which is a clear advantage compared to some other regional registries.

In summary, based on the analysis of available information, RIPE NCC is the ideal choice for individuals applying for an ASN, followed by APNIC or ARIN.

2. Preparing Materials

When applying for an ASN, you need to provide the following necessary documents to the LIR (using RIPE NCC registration as an example):

Identity Verification Documents

Corporate applicants: Valid business license or company registration certificate
Individual applicants: Valid government-issued identification document

Note: If the applicant is a minor, their legal guardian usually needs to provide written consent and fulfill corresponding guardianship responsibilities. All submitted documents must be authentic, valid, and must be originals or notarized copies.

Contact Information

Physical mailing address (for WHOIS database registration)
Technical operations contact email (NOC Email)
Abuse report contact email (Abuse Email)

Proof of Technical Requirements

A valid bill or contract from the last two months from a BGP service provider located within the European region
At least two confirmed BGP upstream providers

RIPE DB Account and Object Creation

1. Register for a RIPE NCC Access account

Open the RIPE DataBase registration interface to complete the registration. No need to elaborate further.

2. Create initial role and maintainer (mntner) objects

Open RIPE DB Create Role And MNT

A role object is an abstraction of a role performed by one or more people, for example, representing the department you use to handle network incidents.

A maintainer object is an abstraction of a maintainer, recording the maintainer's authentication information. Other objects are authorized for maintenance via the mnt-by attribute.

When creating role and maintainer objects via the link above, you need to fill in:

mntner: The identifier for the maintainer object, can contain uppercase and lowercase letters, numbers, and _-, for example: YOURNOC-MNT
role: The name of the role object, can contain uppercase and lowercase letters, numbers, and ][)(._"*@,&:!'+/-, for example: YOURCOMPANY NOC
address: The office address for this role
e-mail: The email contact address for this role

After filling it out, click the SUBMIT button, and a role and a mntner object will be created simultaneously.

The part in the red box in the figure is the primary key of the role object. You need to submit this to your LIR as the admin-c / tech-c / abuse-c for your AS.

3. Set up the abuse notification email

RIPE NCC will check the validity of this email, so it must be real and usable.

In the search box at the top of RIPE DB Query, fill in the primary key of the role object from the previous section and click the search button on the right. Next, click the 'Update object' button in the upper right corner of the search result to go to the modification page.

Click the + button to the right of the e-mail field to add an abuse-mailbox attribute to this role object.

In the abuse-mailbox field that appears, fill in the abuse notification email and click the SUBMIT button to save.

4. Create an organisation object

An organisation object is an abstraction of a company, non-profit group, or individual, and all other resources are related to this object. It is the starting point for managing data in the RIPE database.

When creating an organisation object via RIPE DB Create Organisation, you need to fill in:

mnt-by: Who manages it, defaults to auto-filling the identifier of the previously created mntner
organisation: The identifier for the organisation object, defaults to AUTO-1 which will be auto-generated by the system
org-name: The name of this organisation, must be one of the organization's full legal name or the individual's full name
address: The contact address for this organisation, must be one of the organization's legal address or the individual's residential address
e-mail: The email contact address for this organisation
abuse-c: The abuse notification contact for this organisation, must point to a role object with an abuse-mailbox attribute
mnt-ref: Who can reference this organisation. The pointed-to mntner can add objects that point to this organisation, i.e., who allocates resources for this organization. Ask your LIR for the specific value.

After filling it out, click the SUBMIT button. The identifier of the organisation object will be displayed in the upper middle of the page as organisation "ORG-EXAMPLE-RIPE" (red boxed part in the figure). You need to submit this to your LIR as the org for your AS.

4.1 What if I made a mistake just now? How to modify it?

When you find that you have written something wrong above, go to RIPE DB Query, search for the primary key of the object you need to correct, and click the 'Update object' button in the upper right corner to go to the modification page.

After entering the modification page, correct the content you need to modify and click the SUBMIT button to submit.

After completion, the RIPE database will show that you have modified the content, and the modification is complete.

5. Submit materials

You need to provide the following materials to your LIR:

Company registration certificate / Passport (or both sides of a Chinese resident ID card)
Proof of network activity within the RIPE NCC service region (e.g., a bill for a European VPS)
The active region (country) of the AS
as-name (AS name, e.g., CHINATELECOM-CORE-WAN-CN2)
org (Section 4, organisation object identifier)
admin-c (Section 2, role object primary key)
tech-c (Section 2, role object primary key)
abuse-c (Section 2, role object primary key)
mnt-by (Section 2, mntner object identifier)

3. PeeringDB Creation/Maintenance

1. What is PeeringDB?

PeeringDB is like the "social business card holder" of the internet world! Imagine if every network operator was a guest at a party, PeeringDB would be the roster that helps everyone get to know each other. Here, you can:

Tell others "Who I am" (Your network information)
Say "Where I live" (Your network facility locations)
Leave a "Contact method" (Technical contact information)
Show your "Willingness to make friends" (Peering policy)

Simply put, PeeringDB is a global database platform that helps network operators, data centers, and Internet Exchange Points (IXPs) discover each other and establish connections. It's like the LinkedIn of the network world, making it easier for everyone to find suitable network partners!

Summary: PeeringDB is an important platform for network operators to share network information and establish peering relationships, and it is an almost essential information repository for ASN holders.

2. Create a PeeringDB account

Go to PeeringDB Register to register an account. No need to elaborate further.

Note: When registering for PeeringDB, it is best to use the email of the role object you created in the RIPE DB.

3. Associate your ASN in PeeringDB

Go to the Organizations section in your PeeringDB Profile and enter your ASN and organization name to associate them.

已我自己的ASN举例

After successful association, you can find your organization in the drop-down menu in the upper right corner.

接上图

4. Correct information

In the image above, after clicking to enter your own organization, click the 'Edit' button in the upper right corner to enter the editing interface and supplement some information:

The largest input box in the upper left is the organization name, refer to the org-name in the RIPE database.

Alias (Optional): Other names/abbreviations for the organization

Long Name (Optional): The full name of the organization

Address 1 (Optional): The organization's address

Address 2 (Optional): The organization's address

Company Website Override: The organization's website address

Suite (Optional): The organization's suite number

Location (Optional): The specific location

Country and Region Code: The country and region code where the organization is located

放一张13335的例子

5. Add Network

Name: The name of the network

Website: The network's website address

IRR as-set/route-set object: The network's IRR as-set/route-set object (although this is a redundant statement)

Network Types (Optional): Network type

Traffic Levels: Inbound/Outbound rates

Traffic Ratios: Inbound/Outbound traffic ratio

Geographic Scope: The network's geographic scope

Unicast IPv4 / Multicast / IPv6: Check according to the actual situation

Policy URL: Peering policy URL

General Policy: Peering policy status

Contract Requirement: Whether peering requires a contract

Health Check: The network's status check

Finally, click 'Submit Network' to complete.

Because the PeeringDB interface has so many explanations... the IX part will be postponed for now.

4. Now you can finally start broadcasting your IP!

1. Find an upstream

Major carriers often have access points in colocation data centers. You can purchase colocation services from the data center, and then you should be able to directly contact the carrier to sign a contract to purchase bandwidth and IP transit services. However, due to the "special characteristics" of the domestic market, this whole set will only result in a sky-high bill ~~(Of course, if you are not short on money, just ignore what I said)~~.

But the good news is that many VPS providers offer BGP Session services, such as Vultr, BuyVM, etc. You can choose one of them as your upstream. These providers cost about 5-10 US dollars per month, which is a decent value for money.

You can also find more providers here BGP Services

2. Start announcing your IP address to the world

Before starting this step, you should verify your ASN and IP address block as required by the provider. Most providers open a ticket. This article uses Vultr as an example.

1. Get connection information

Directly open the following address Vultr BGP, fill in your ASN and IP address block. Vultr will send a verification code email to your Whois email. After verification, wait for Vultr staff to review (pay attention to replying to the ticket).

Vultr BGP

After the application is approved, open the VPS details, click the BGP tab, and you will get the following information:

At this point, you have the information for a BGP session with Vultr.

2. Configure Bird2

I am using Debian 12 as an example. Install Bird2 directly using APT: apt install bird2

My ASN is AS213605 and I want to announce 2a14:67c1:a020::/48

Taking Vultr as an example, the peer ASN given is 64515, the peer IP is 2001:19f0:ffff::1, our vps's own IPv6 address is 2001:19f0:5001:225f:5400:05ff:fe69:6776, and the MD5 password is 114514, so my configuration file is as follows:

代码段

log syslog all;

router id 114.514.111.222; # Public IPv4 address of the vps
define ASN=213605; # Your ASN
define OWNIPv6s=[2a14:67c1:a020::/48]; # Your IPv6 prefix

# The device protocol is necessary, otherwise BIRD won't automatically get info like network interfaces from the kernel, and the direct protocol will fail when finding the next hop
protocol device {}

# kernel protocol is for exporting routes to the kernel
protocol kernel {
    ipv6 {
        export all; # Import all IPv6 routes into the system routing table
    };
}

# static defines static routes
protocol static static_v6 {
    ipv6;
    route 2a14:67c1:a020::/48 via 2001:19f0:5001:225f:5400:05ff:fe69:6776;  # Announce this 2a14:7c0:4d00::/40 IP block, and change the ipv after via to your vps's ipv6
}

filter export_filter_v6 {
    if net ~ OWNIPv6s then accept; # If the prefix is included in OWNIPv6s, accept it
    reject; # Otherwise, reject all
}

filter import_filter_v6 {
    if net ~ [::/0] then reject; # If it's a default route, reject
    accept; # Accept all other routes
}

protocol bgp vultr {
    local as ASN; # Specify local AS
    source address 2001:19f0:5001:225f:5400:05ff:fe49:6493; # Specify local address
    multihop 2; # Set multihop, Vultr provides a value of 2
    neighbor 2001:19f0:ffff::1 as 64515; # Specify neighbor address and AS
    ipv6 { # Specify the protocol to run on this BGP neighbor
        import filter import_filter_v6; # Specify import filter
        export filter export_filter_v6; # Specify export filter
        export limit 10; # Limit the number of exported prefixes, adjust as needed, to prevent a misconfigured filter from blowing up the session
    };
    password "114514"; # If there is no password, just delete this line
    graceful restart; # Graceful restart, prevents route withdrawal and service interruption when restarting bird
}

You can directly modify my configuration file (it is recommended to read soha's tutorial first and then write it yourself). After modifying, write it to /etc/bird/bird.conf, and then apply the configuration: birdc c

You can run birdc show protocols all to view the status of all current protocols:

Shell

vultr    BGP        ---        up     2025-02-10    Established   
  BGP state:          Established
    Neighbor address: 2001:19f0:ffff::1
    Neighbor AS:      64515
    Local AS:         213605
    Neighbor ID:      45.76.40.105
    Local capabilities
      Multiprotocol
        AF announced: ipv6
      Route refresh
      Graceful restart
        Restart time: 120
        AF supported: ipv6
        AF preserved:
      4-octet AS numbers
      Enhanced refresh
      Long-lived graceful restart
    Neighbor capabilities
      Multiprotocol
        AF announced: ipv6
    D Route refresh
      Extended message
      Graceful restart
      4-octet AS numbers
      ADD-PATH
        RX: ipv6
        TX:
      Enhanced refresh
      Long-lived graceful restart
        LL stale time: 0
        AF supported:
        AF preserved: ipv6
      Hostname: ams510.vultr.com
    Session:          external multihop AS4
    Source address:   2001:19f0:5001:225f:5400:5ff:fe49:6493
    Hold timer:       142.836/180
    Keepalive timer:  38.528/60
  Channel ipv6
    State:          UP
    Table:          master6
    Preference:     100
    Input filter:   ACCEPT
    Output filter:  ACCEPT
  S Routes:         203065 imported, 2 exported, 203065 preferred
    Route change stats:     received   rejected   filtered    ignored   accepted
      Import updates:        8010300          0          0     204161    7806139
      Import withdraws:      4736940          0        ---        194    4736746
      Export updates:        7806141    7806139          0        ---          2
      Export withdraws:      4736746        ---        ---        ---          0
    BGP Next hop:   2001:19f0:5001:225f:5400:5ff:fe49:6493
    IGP IPv6 table: master6

The global propagation and convergence of the announced IP block will take some time. You can go do something else, or just go to sleep (if you are configuring this in the middle of the night).

After waiting for half an hour to an hour, you can open BGP Tools and enter your IP block to check the global propagation status.

传播完成!

3. Configure the network interface

We have now successfully announced 2a14:67c1:a020::/48.

At this time, global traffic to 2a14:67c1:a020::/48 is already being routed to our vps. However, our vps is currently configured to do nothing and just return 'unreachable'. We just need to make a small configuration on the vps to provide services to the world:

Bash

# Create a dummy interface
ip link add dev dummy0 type dummy
ip link set dummy0 up

# Assign a preferred IP address to it
ip addr add dev dummy0 2a14:67c1:a020::1

After completion, we can ping the 2a14:67c1:a020::1 address from our own computer.

5. Some By-products

1. ip6.arpa

1. What is ip6.arpa

ip6.arpa is the reverse resolution domain for IPV6. You can add PTR records to allow your IP address to be reverse resolved.

2. How to create ip6.arpa in the RIPE database and host it on CloudFlare

Open the RIPE Create Domain interface

Enter the IP block for which you need to create rDNS, for example, 2a14:67c1:b103::/48

You can see that RIPE now requires you to fill in 2 NS Servers. Here we will put two fake ones for now.

Now, you can see that RIPE has given the Reverse zones value as 4.0.1.b.1.c.7.6.4.1.a.2.ip6.arpa.

Now take this value and go to Cloudflare to add the domain. Finally, change the fake NS Servers we just filled in to CloudFlare's NS Servers.

At the same time, fill in admin-c / tech-c / zone-c with the primary key of the role object you created in the RIPE database (yes, the one you submitted to the LIR before).

Finally, as shown in the figure below, you can click submit.

After submitting, wait a moment, and the domain in CloudFlare will be activated.

6. Conclusion

Now your IP block is publicly accessible on the internet. Next, you can find more upstreams to play with Anycast, or pull this IP block to North Korea/Antarctica to achieve lighting up the globe (a tutorial might be released).