Understanding Autonomous System Numbers (ASNs) and BGP Routing
Learn how the internet is connected underneath. Understand Autonomous System Numbers (ASNs), Border Gateway Protocol (BGP), and how data travels across global networks.
The Internet: A Network of Networks
When you connect to a website, your connection does not travel in a straight line. It hops across a complex, decentralized web of global networks. This web is composed of Autonomous Systems (ASs). An Autonomous System is a large network or group of networks with a unified routing policy, typically operated by an Internet Service Provider (ISP), a large enterprise, a university, or a government agency.
What is an Autonomous System Number (ASN)?
Every Autonomous System requires a unique identifier to participate in global routing. This identifier is the Autonomous System Number (ASN). Think of it like a country building a highway system—each country needs a unique country code to route international mail.
An ASN can be either public or private. Public ASNs are required to exchange routing information over the public internet, and they are assigned by Regional Internet Registries (RIRs) such as ARIN, RIPE, and APNIC.
- 16-bit ASNs: The original format, ranging from 1 to 65535.
- 32-bit ASNs: Introduced when 16-bit numbers began running out, ranging up to 4,294,967,295.
For instance, Google operates AS15169, while Cloudflare operates AS13335. If you use our IP Address Lookup tool, you can see the precise ASN associated with any public IP address you query.
BGP: The Glue of the Internet
If ASNs identify the networks, the Border Gateway Protocol (BGP) is the language they use to talk to each other. BGP is the routing protocol that allows these disparate Autonomous Systems to exchange reachability information.
BGP determines the most efficient path for data to travel. It does not select paths based solely on distance or speed; it relies heavily on policies established by network administrators. An ISP might configure its BGP routes to prefer a cheaper connection over a slightly faster one, or to route traffic specifically around a competitor.
BGP Peering and Transit
- Peering: Two ASNs agree to exchange traffic directly between their networks, usually free of charge. This is mutually beneficial as it saves both parties money by bypassing expensive transit providers.
- Transit: A smaller ASN pays a larger, "Tier 1" ASN to carry its traffic across the internet. Tier 1 networks (like AT&T, Lumen, and NTT) have global reach and peer with each other to connect the entire world.
Security Flaws in BGP: Route Leaks and Hijacking
BGP was designed in the early days of the internet, operating on a paradigm of complete trust. If an ASN announces, "I am the best route to Google's IP addresses," other networks historically believed it and sent their traffic there.
This trust model has led to significant security incidents where routing is improperly diverted. Whether accidental (a typo by a network engineer) or purposeful (an entity intercepting traffic), if a network incorrectly advertises a route, traffic can be diverted across the globe.
To combat this, the modern internet depends heavily on RPKI (Resource Public Key Infrastructure). RPKI acts like a cryptographic signature, confirming that an ASN is actually authorized to advertise a specific IP block. Use our security tools to regularly verify your infrastructure and ensure you are housed on clean, reputable ASNs.
