Virtually every address on the internet is connected with each other with a protocol called as the Border Gateway Protocol(BGP), which dynamically routes traffic on the internet to the closest network. This guide will show you how you can be part of the internet for the cheapest possible cost. This guide is intended for sysadmins and network engineers, as such will not attempt to explain intricacies involved.
There are various reasons why you may want to do this, including better control over traffic routing, cleaner IP range for things like running mail servers, more publicly routable IPs to use etc. So let’s get started!
Creating maintainer objects
Maintainer objects will help you to manage objects(AS numbers and IP blocks) that you will be acquiring.
For this you will need to create an account on one of the Regional Internet Registry(RIR) that you want the resources with, which should be the primary region that you will be using the resources in or the region where you live. Also some RIRs like RIPE will allow you to easily create an account to manage resources, while others like APNIC will need you pay a hefty annual fee just to manage resources; which can get annoying as you will need to ask your Local Internet Registry(LIR) to make changes if needed, instead of doing them yourself. The list of RIRs are:
- APNIC – Asia Pacific region.
- AFRINIC – Africa region.
- LACNIC – Latin America region.
- RIPE – Europe region.
- ARIN – North America region.
Note that some LIRs and IP leasing services won’t readily assign maintainers and would prefer to host the services themselves, which was fine for me as I didn’t have to update resources frequently.
Cost: Free.
Apply for an ASN
ASN(Autonomous system number) is an unique number given to IP networks on the internet, with the network having a clearly defined routing policy. You can do BGP with a private ASN and ask the upstream to filter out the ASN before announcing to upstream, but I decided to get my own so that I can be identifiable on the internet.
To get an ASN, you will need to be sponsored by a LIR. The LIR should be a member of one of the Regional Internet Registry(RIR) in which you intend to apply for. Do keep in mind that some RIRs may want you to be multi-homed(have more than one transits or be present in multiple regions).
The best way to get a list of LIRs which can sponsor you on the linked excel sheet or the follow this LowEndTalk thread. I would highly recommend getting IP space from the same company which offered sponsored your ASN request.
Make sure the WHOIS reflects the correct information, including your email ID. RADB has a nice WHOIS tool. This would be required later to setup BGP peering. Do note that it is better to get your resources from a reputed LIR, or better yet directly from the RIR if you will be using the IP space for anything professional.
Cost: Around 35 USD once. Could vary heavily depending on sponsoring LIR and region.
Lease IPv4/IPv6 space
You will need IP addresses that you can “announce” on the internet and hence claim to be yours. These can either be bought and transferred to you or you can lease them off an owner of the IP range. Since we are talking about doing BGP on a shoestring, leasing is the only model that works for us. Make sure the IP leasing service assigns the proper maintainer object or assigns proper ROAs, adds the correct WHOIS entry and rDNS.
You will need a minimum of /48 for IPv6 and /24 for IPv4. I ended up skipping IPv4 since it was way too cost prohibitive. Just one IPv4 address given by my host is enough for me.
Cost: Around 10-20 USD/year for a /48 IPv6 block, 60-70 USD/month for a /24 IPv4 block.
Select a transit/VPS provider
There is an awesome spreadsheet which lists all known VPS providers which will do BGP for you for free or for a nominal cost. Many of them are quite happy to do custom things that you may want like connection to an Internet Exchange(IXP) or BGP communities or announcements to selective upstreams. You can also buy IP transit directly for more industrial applications. I’ve heard Hurricane Electric even gives free IPv6 transit at certain locations. I couldn’t confirm if this is true.
Do keep in mind that you will need to have matching upstreams or control routing with BGP communities incase you are planning to do IP anycast. Also you will need enough memory to hold the full internet routing table if you are requesting one. Otherwise you could just ask for the default route.
The awesome thing about Vultr is that they do BGP for even the lowest plan and the whole process is very automated. First Root is recommended as well since they have attractive pricing and great support.
Cost: 5-10 USD/month depending on the resources you want.
Setting up BGP
To announce BGP, you will first need to validate your resources and write a Letter of Authorisation(LOA) to authorise that you own the resources and that you give the host permission to announce them.
This will depend on each particular host, but most hosts ask you to send a LOA from the email on the WHOIS for the resources. Something like this would work.
11 November 2018
To whom it may concern,
This letter serves as authorization for COMPANY NAME with ASXXXXX to announce the following IP address blocks:
2401:f9c0:1111::/48 – AS132383
As the owner of the subnet and ASN, I hereby declare that I’m authorized to represent and sign for this LOA.
Should you have questions about this request, email me at me@varupriolkar.com, or call: +91XXXXXXXXXX.
From,
Varun Priolkar
me@varunpriolkar.com
+91XXXXXXXXXX
After this, the host should setup BGP for you and give you details like which IP to connect to. You would also need to pick if you want the full BGP table or just the default route. Typically the default route should be fine.
To setup BGP, I installed bird and bird-bgp packages on Ubuntu. A basic setup should look like this. Vultr has a nice guide for configuring BGP.
router id 193.25.100.229;
filter out_filter {
if net = 2a0a:b707:1111::/48 then accept;
else reject;
}
protocol bgp froot
{
local as 132383;
source address 2001:67c:12a0:8010:0:0:0:2;
import filter all;
export filter out_filter;
graceful restart on;
neighbor 2001:67c:12a0:8010:0:0:0:1 as 41108;
next hop self;
}
protocol static
{
route 2a0a:b707:1111::/48 via 2001:67c:12a0:8010:0:0:0:2;
}
protocol device
{
scan time 5;
}
protocol kernel {
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
}Then all you have to do is run systemctl start bird/bird6. You will also need to open TCP/179 port on your firewall. There’s a useful guide on NLNOG website for setting up more BGP filters.
Confirming it all works
You will have to use looking glass from the transit providers to check if your prefix is getting propagated correctly. I used Hurricane Electric’s Looking Glass. You can also use Oregan Route Views project to get a more complete picture.
Hurrican Electric also has a nice BGP view tool through which you can check the route propagation.
Then all you have to do is simply assign an IP to an interface and see if it pings.
Reverse DNS
Reverse DNS zone will need to point to your name servers. You can either set this up yourself or host it on DNS providers like Amazon’s Route 53 or DNS Made Easy. Reverse DNS zone will be the IP in the inverted format followed by the appropriate suffix. For eg. for the IPv4 prefix 1.2.3.0/24 the reverse zone will be 3.2.1.in-addr.arpa. and for the IPv6 address 2401:f9c0:1111::/48 the zone will be 1.1.1.1.0.c.9.f.1.0.4.2.ip6.arpa. You will also need to configure the appropriate PTR record. For IPv4 address this will be 1.3.2.1.in-addr-arpa. for the IPv4 address 1.2.3.4 and 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.1.1.0.c.9.f.1.0.4.2.ip6.arpa. for the IPv6 address 2401:f9c0:1111::1. It is preferable that the reverse record matches the forward as well.
It can be difficult to set the reverse record for a huge range of IPv6 addresses. I found this project useful for that.
Cost: 1 USD per hosted zone on Route 53, free if you are self hosting.
Monitoring
BGPMon is really useful for this and free for monitoring upto five prefixes. It will also send you email alerts incase it notices any flaps/prefix withdrawal.
It also has a project called PeerMon which can allow you to peer with BGPMon routers and share your routes with it for it to detect any routing changes. I wouldn’t try it out because they had some capacity issues at the time of writing.
Cost: Free for upto 5 prefixes.
Total costs
To recap the total costs should be:
VM: 5-10 USD/month for VMs
IP blocks: 1-2 USD/month for IPv6 blocks, 60-70 USD for IPv6 blocks
ASN: 35 USD once.
rDNS hosting: 1-2 USD/month, free if self hosting.
Total: 35 USD once, 7-15 USD/month recurring for IPv6, 65-80 USD/month for IPv4.
Useful resources
- IP resources AIO thread on LowEndTalk
- Samir Jafferali’s blogpost on LinkedIn
- Nat Morris’ Anycast on a shoestring PPT from APRICOT 2015
- ip6.im recommend ISPs by William
- Spreadsheet of BGP VM providers
- Spreadsheet of list of LIR/IP leasing services
Hope you found this post useful. Don’t forget to subscribe, comment if you did. I’ll have more advanced BGP and internet related posts coming up, which includes IP anycast, BGP communities, building CDNs 🙂
Interesting post. Why didn’t you go for RIPE? APNIC is pretty expensive.
My RIR managed resources for me on APNIC so it was fine.
“After this, the host should setup BGP for you and give you details like which IP to connect to. ”
How long does Vultr take to do this?!
Hi Vineeth,
It took them about 3-4 days to approve mine.
Hi,
Nice write up!
Which RIR did you use to register ASN? I am looking at irinn prices and they are eye watering!
IRINN has other issues. They are govt bureaucrats and hard to deal with.
Wow this is so insane, thank you so much for this detailed write up !
Note there is a typo at the end, 60-70 USD for IPv6 blocks <– should be IPv4