What is an ASN? Understanding Autonomous System Numbers and BGP Routing

If you've ever wondered how data packets find their way across the Internet, or how large networks maintain their routing independence, the answer lies in Autonomous System Numbers (ASNs) and the Border Gateway Protocol (BGP). These fundamental components of Internet infrastructure enable the global network of networks to function seamlessly.

This article explains what ASNs are, how they work within the BGP routing framework, and why they're essential for Internet Service Providers, hosting providers, enterprises, and content delivery networks.

What is an Autonomous System Number (ASN)?

An Autonomous System Number (ASN) is a globally unique identifier assigned to an autonomous system for use in BGP routing. But to understand ASNs fully, we first need to understand what an autonomous system is.

Defining an Autonomous System

An autonomous system (AS) is a collection of IP networks and routers under the control of a single organization that presents a common routing policy to the Internet. As defined in RFC 1930, an AS is:

"A connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy."

In simpler terms, an autonomous system represents a network or group of networks managed by a single administrative entity (such as an ISP, large enterprise, or hosting provider) that makes its own decisions about how to route traffic.

The Role of ASNs

ASNs serve as unique identifiers for these autonomous systems, similar to how phone numbers identify telephone lines or IP addresses identify devices on a network. When routers exchange routing information using BGP, they use ASNs to:

• Identify the origin of routing announcements
• Track routing paths across the Internet
• Implement routing policies based on AS relationships
• Prevent routing loops by detecting when a route passes through the same AS multiple times
• Enable traffic engineering and policy-based routing decisions

ASN Format and Numbering

ASNs come in two formats, defined in RFC 4271 and RFC 6793:

16-bit ASNs (Original Format):

• Range: 0 to 65,535
• Provides 65,536 total ASNs
• Public range: 1 to 64,511
• Private range: 64,512 to 65,534 (as defined in RFC 6996)
• Reserved: 0, 23456, 65,535

32-bit ASNs (Extended Format):

• Range: 0 to 4,294,967,295
• Provides over 4.2 billion total ASNs
• Public range: 0 to 4,199,999,999 and 4,200,000,000 to 4,294,967,294
• Private range: 4,200,000,000 to 4,294,967,294
• Reserved: Various ranges for documentation and special use

The expansion to 32-bit ASNs was necessary due to the exhaustion of 16-bit ASN space. Today, Regional Internet Registries (RIRs) typically assign 32-bit ASNs to new applicants, though 16-bit ASNs may still be assigned upon request for compatibility reasons.

ASN Notation:

• 16-bit ASNs: Written as a single number (e.g., AS64500)
• 32-bit ASNs: Can be written in "asplain" format (e.g., AS4200000000) or "asdot" format (e.g., AS1.0)

Public vs Private ASNs

Similar to IP address space, ASNs are divided into public and private ranges:

Public ASNs:

• Globally unique numbers assigned by RIRs
• Required for routing on the public Internet
• Registered in global routing databases
• Must be obtained through official RIR processes

Private ASNs:

• Reserved for internal use only
• Never announced on the public Internet
• Can be used for internal BGP configurations, testing, or private peering
• 16-bit private range: 64,512 to 65,534
• 32-bit private range: 4,200,000,000 to 4,294,967,294

Private ASNs are useful for:

• Testing BGP configurations in lab environments
• Internal iBGP routing within organizations
• MPLS VPN implementations
• Any scenario where routes never reach the global Internet

How BGP Routing Works

To understand how ASNs are used, we need to understand the Border Gateway Protocol (BGP), the routing protocol that powers the Internet.

BGP: The Internet's Routing Protocol

BGP is the standardized exterior gateway protocol used to exchange routing information between autonomous systems. Unlike interior gateway protocols (IGPs) like OSPF or EIGRP that operate within a single AS, BGP operates between autonomous systems, making routing decisions based on paths, network policies, and rule sets configured by network administrators.

BGP is defined in RFC 4271, with numerous extensions and updates in subsequent RFCs.

Key characteristics of BGP:

• Path-vector protocol: BGP maintains the entire path (sequence of ASNs) that routes traverse
• Policy-based routing: Administrators can implement complex routing policies based on business relationships
• Slow convergence: BGP prioritizes stability over rapid convergence
• TCP-based: Uses TCP port 179 for reliable communication between BGP peers
• Incremental updates: After initial exchange, only sends updates when routing changes occur

BGP Peering Relationships

BGP routers establish peering relationships (also called BGP sessions or neighbor relationships) with other BGP routers. There are two types of BGP peering:

1. eBGP (External BGP):

• Peering between routers in different autonomous systems
• Used to exchange routes between ASes
• Typically has TTL=1 (directly connected routers)
• Routes learned via eBGP have higher administrative distance (20 in Cisco IOS)

2. iBGP (Internal BGP):

• Peering between routers within the same autonomous system
• Used to distribute externally learned routes throughout the AS
• Can peer with non-directly connected routers
• Requires full mesh topology or route reflectors for proper operation
• Routes learned via iBGP have lower administrative distance (200 in Cisco IOS)

How BGP Uses ASNs

ASNs play a central role in BGP routing:

1. Route Origin Identification: When a network announces its IP prefixes via BGP, the announcement includes the origin ASN. This tells other networks which AS owns or is authorized to announce those prefixes.

Example:

Network: 203.0.113.0/24
Origin AS: AS64500

2. AS Path Attribute: As a BGP route advertisement propagates across the Internet, each AS it passes through prepends its ASN to the AS_PATH attribute. This creates a list of ASNs showing the path the route has taken.

Example path:

AS64500 → AS64501 → AS64502 → Destination

The AS_PATH serves multiple purposes:

• Loop prevention: If a router sees its own ASN in the path, it rejects the route
• Path selection: Shorter AS paths are typically preferred
• Traffic engineering: ASes can artificially lengthen paths using AS path prepending

3. BGP Decision Process: When BGP routers receive multiple paths to the same destination, they use a decision process to select the best path. While the complete process involves many factors, ASN-related attributes play key roles:

1. Highest Weight (Cisco-specific, local to router)
2. Highest Local Preference (within AS)
3. Locally originated routes
4. Shortest AS_PATH length ← ASN-based
5. Lowest origin type
6. Lowest MED (Multi-Exit Discriminator)
7. eBGP over iBGP
8. Lowest IGP metric to BGP next hop
9. Oldest route
10. Lowest neighbor router ID

4. Routing Policies Based on ASNs: Network operators implement routing policies using ASNs to control traffic flow:

AS-based filtering:

# Only accept routes from specific ASes
ip as-path access-list 10 permit ^64500$
ip as-path access-list 10 permit ^64501$

AS path prepending for traffic engineering:

# Make path less attractive by prepending own ASN multiple times
route-map PREPEND permit 10
 set as-path prepend 64500 64500 64500

BGP Route Advertisement Process

Here's how BGP routing works in practice:

Step 1: BGP Session Establishment Two BGP routers establish a TCP connection on port 179 and exchange OPEN messages containing their ASN, BGP version, and other parameters.

Step 2: Initial Route Exchange After session establishment, routers exchange their entire BGP routing table using UPDATE messages. Each route includes:

• Network prefix (e.g., 203.0.113.0/24)
• AS_PATH (sequence of ASNs the route has traversed)
• NEXT_HOP (IP address of next router)
• Various other BGP attributes (LOCAL_PREF, MED, COMMUNITY, etc.)

Step 3: Route Selection Each router runs the BGP decision process to select the best path to each destination, considering AS_PATH length and other factors.

Step 4: Route Installation Selected routes are installed in the router's routing table and forwarded to the router's forwarding table for packet forwarding.

Step 5: Incremental Updates After initial exchange, routers send UPDATE messages only when routing changes occur (new routes, withdrawn routes, or attribute changes).

Step 6: Keepalive Messages Routers exchange KEEPALIVE messages periodically (default: every 60 seconds) to maintain the BGP session.

Example: Route Advertisement Across Multiple ASes

Let's follow how a route announcement propagates across the Internet:

Scenario: AS64500 (an ISP) announces its customer network 203.0.113.0/24

At AS64500 (Origin):

Network: 203.0.113.0/24
AS_PATH: 64500
Origin: IGP
Next_Hop: 192.0.2.1

At AS64501 (Transit Provider 1): Receives announcement from AS64500, prepends its own ASN:

Network: 203.0.113.0/24
AS_PATH: 64501 64500
Origin: IGP
Next_Hop: 192.0.2.5

At AS64502 (Transit Provider 2): Receives announcement from AS64501:

Network: 203.0.113.0/24
AS_PATH: 64502 64501 64500
Origin: IGP
Next_Hop: 192.0.2.10

At AS64503 (Destination AS): May receive the same route via multiple paths and selects the best one based on the BGP decision process. Shorter AS_PATH is typically preferred.

BGP Communities and ASNs

BGP communities are another way ASNs are used in routing policy. A BGP community is a 32-bit attribute that can be attached to routes for policy-based routing. The format is typically ASN:Value (e.g., 64500:100).

Common community uses:

• Traffic engineering: Mark routes for specific treatment
• Geographic tagging: Indicate route origin region
• Customer routing policies: Signal special handling requirements
• Route filtering: Control route propagation

Well-known communities:

• NO_EXPORT (65535:65281): Don't advertise to eBGP peers
• NO_ADVERTISE (65535:65282): Don't advertise to any peer
• LOCAL_AS (65535:65283): Don't advertise outside local AS

Why Organizations Need ASNs

Understanding when and why organizations need ASNs is crucial for network planning:

Multi-homing Requirements

The most common reason to obtain an ASN is multi-homing: connecting to multiple upstream ISPs simultaneously.

Without an ASN (single-homed):

• Use provider-assigned IP space
• Routes announced by provider using their ASN
• Single point of failure if provider link fails
• No control over routing policies
• Limited traffic engineering capabilities

With an ASN (multi-homed):

• Can announce your own IP space via multiple providers
• Automatic failover if one provider fails
• Load balancing across multiple links
• Independent routing policies
• Better negotiating position with providers

Unique Routing Policies

Even without multi-homing, organizations may need an ASN if they have:

Complex peering arrangements:

• Direct peering with multiple networks
• Participation in Internet Exchange Points (IXPs)
• Content delivery network requirements

Traffic engineering needs:

• Granular control over inbound and outbound traffic
• Geographic load balancing
• Cost optimization through preferred paths

Anycast implementations:

• Same IP prefixes announced from multiple locations
• Geographic routing to nearest location

Business and Operational Benefits

Having your own ASN provides:

Network independence:

• Not tied to any single provider's infrastructure
• Easier provider migration
• Flexibility to change network architecture

Professional credibility:

• Demonstrates serious network operations capability
• Required for many peering relationships
• Shows commitment to infrastructure investment

Visibility and control:

• Complete visibility into global routing of your prefixes
• Ability to implement RPKI (Resource Public Key Infrastructure)
• Control over route filtering and security

ASN Allocation and Management

ASNs are allocated and managed by the five Regional Internet Registries (RIRs):

• RIPE NCC: Europe, Middle East, Central Asia
• ARIN: North America (USA, Canada, Caribbean)
• APNIC: Asia-Pacific region
• LACNIC: Latin America and Caribbean
• AFRINIC: African continent

Each RIR has specific policies for ASN allocation, typically requiring:

• Demonstrated need for unique routing policy
• Multi-homing configuration (two or more upstream providers)
• Technical justification for ASN requirement
• Organizational eligibility (legal business entity)

For complete details on the registration process, see our Complete Guide to ASN Registration.

ASN Security Considerations

As critical Internet infrastructure, ASNs require security considerations:

Route Hijacking

Route hijacking occurs when an AS announces IP prefixes it doesn't own. This can happen accidentally (misconfiguration) or maliciously (attempting to intercept traffic).

Example attack: AS64999 announces 203.0.113.0/24 even though it's owned by AS64500. If AS64999 announces a more specific prefix (203.0.113.0/25), it may attract traffic due to longest-prefix matching.

RPKI (Resource Public Key Infrastructure)

RPKI is a security framework that allows origin AS validation. Network operators create Route Origin Authorizations (ROAs) that cryptographically attest which ASN is authorized to announce specific IP prefixes.

RPKI validation states:

• Valid: Route matches a ROA
• Invalid: Route contradicts a ROA (wrong ASN or prefix too specific)
• Unknown: No ROA exists for the prefix

Implementing RPKI:

• Create ROAs for all your prefixes
• Validate routes received from peers
• Filter or deprioritize RPKI Invalid routes

IRR (Internet Routing Registry)

IRRs maintain databases of routing information including:

• route objects: Which ASN originates which prefixes
• aut-num objects: Routing policy for ASNs
• as-set objects: Groups of related ASNs

Maintaining accurate IRR records helps peers validate your routing announcements and build appropriate filters.

BGP Filtering Best Practices

Network operators should implement filtering to prevent routing issues:

Prefix filtering:

• Filter bogon prefixes (unallocated, private, documentation ranges)
• Implement maximum prefix length filters
• Accept only expected prefixes from customers

AS_PATH filtering:

• Filter private ASNs (64,512-65,534, 4,200,000,000-4,294,967,294)
• Implement AS_PATH length limits
• Prevent AS_PATH prepending abuse

RPKI validation:

• Validate BGP routes against ROAs
• Drop or deprioritize invalid routes

Real-World ASN Examples

Understanding how major networks use ASNs provides practical context:

Major Cloud Providers:

• Amazon Web Services: AS16509 (primary), plus multiple others
• Google: AS15169 (primary), AS36040, AS36384, and others
• Microsoft Azure: AS8075 (primary), plus regional ASNs
• Cloudflare: AS13335

Internet Service Providers:

• AT&T: AS7018
• Verizon: AS701
• Level 3 (now Lumen): AS3356
• Cogent: AS174

These large organizations often hold multiple ASNs for different regions, services, or business units, demonstrating how ASN infrastructure scales with organizational needs.

Common Misconceptions About ASNs

Misconception 1: "ASNs are only for large ISPs" Reality: Many medium and small organizations have ASNs for multi-homing or specialized routing needs. Even enterprises with mission-critical connectivity often obtain ASNs.

Misconception 2: "Private ASNs work for Internet routing" Reality: Private ASNs must never appear in public Internet routing tables. They're filtered by most ISPs and cause routing failures if announced publicly.

Misconception 3: "You need an ASN to have your own IP addresses" Reality: You can have Provider Independent (PI) IP space without an ASN. However, without an ASN, you cannot multi-home or control routing of those addresses yourself.

Misconception 4: "ASNs can be transferred or sold like IP addresses" Reality: Unlike IPv4 addresses, ASNs generally cannot be sold or transferred except in cases of mergers, acquisitions, or business reorganization. RIRs treat ASNs as public resources assigned based on need.

Misconception 5: "BGP is only for ASN holders" Reality: Organizations can run internal BGP (iBGP) without an ASN using private ASNs, or participate in BGP routing using provider ASNs. However, independent routing requires your own public ASN.

Using Via-Registry Services

Obtaining and managing an ASN involves complex technical and administrative requirements. Via-Registry.com simplifies this process:

• ASN registration assistance for all five RIRs
• Technical consultation on whether you need an ASN
• BGP configuration guidance for implementing your ASN
• Sponsoring LIR services if you don't want direct RIR membership
• Ongoing management of registry data and updates

Learn more about our ASN Registration Service or explore our Complete Guide to ASN Registration.

Frequently Asked Questions

Do I need an ASN if I only have one Internet connection?

Generally no. Single-homed networks typically use provider-assigned addressing and the provider's ASN for routing. However, you may need an ASN if you have unique routing requirements even with a single connection, such as participating in an Internet Exchange Point or implementing specific traffic engineering policies.

Can I use the same ASN in different regions?

Yes. ASNs are globally unique and work worldwide. If your organization operates in multiple geographic regions, you typically use the same ASN everywhere. The ASN is assigned by one RIR (usually where your headquarters is located) but is valid globally.

How do I find out what ASN an IP address belongs to?

You can use various tools and databases:

• WHOIS lookups: Query RIR databases for IP address ownership
• BGP looking glass services: Check routing information at various Internet vantage points
• Online tools: Services like Hurricane Electric's BGP Toolkit, IPinfo, or RIPEstat
• Command line: whois -h whois.radb.net 203.0.113.1

What happens if I accidentally announce someone else's IP space from my ASN?

This is called route hijacking and is a serious issue. Consequences include:

• Other networks may filter or reject your routes
• Possible suspension or revocation of your ASN by your RIR
• Legal liability for traffic interception
• Damage to your organization's reputation
• Potential RPKI invalid state causing route rejection

Always maintain accurate documentation of which prefixes you're authorized to announce.

Can I change my ASN after receiving it?

ASNs are generally assigned permanently to an organization. You cannot "change" your ASN to a different number except in rare circumstances. If you no longer need an ASN, you should return it to the RIR. If you need a different ASN, you would apply for a new one and eventually return the old one.

How long does an ASN remain valid?

ASNs remain valid as long as you maintain your RIR membership (or sponsoring LIR relationship) and continue to pay annual fees. If you stop paying fees or violate RIR policies, your ASN may be revoked. ASNs don't expire but require ongoing administrative maintenance.

Summary

Autonomous System Numbers (ASNs) are fundamental building blocks of Internet routing infrastructure:

• ASNs uniquely identify autonomous systems in BGP routing
• BGP uses ASNs for route origin identification, path tracking, loop prevention, and policy implementation
• Organizations need ASNs for multi-homing, unique routing policies, and network independence
• ASN formats include 16-bit (legacy) and 32-bit (current standard) numbers
• Security measures like RPKI and IRR help protect against routing attacks
• ASN allocation is managed by five Regional Internet Registries based on geographic region

Understanding ASNs and BGP routing is essential for anyone involved in Internet infrastructure, network engineering, or large-scale network operations.

Next Steps

Now that you understand what ASNs are and how they work, explore these related topics:

• Ready to register? Read our Complete Guide to ASN Registration
• Compare RIR policies: See ASN Registration Requirements by RIR
• Understand costs: Review our Cost Breakdown: ASN Registration Fees
• Explore applications: Discover ASN Use Cases and Real-World Examples
• Prepare documentation: Learn How to Prepare Your ASN Justification