Border Gateway Protocol Autonomous System Number (BGP ASN) is an authoritative source for attributing IP assets to companies. Indirectly owned IP assets (owned by a third party) are attributed to a company through ASN attribution.
ASN attribution issues are based on inherited risk. An ASN owner becomes responsible for IP space activity within the ASN. An opposing company using your ASN could have a vulnerable asset that’s being routed by your company’s BGP.
How to remove indirectly owned ASN attributions:
If the activity is questioned by the upstream Internet Service Provider (ISP) and questionable activity is detected and not mitigated, the ASN internet links can be cut by the upstream provider. Everyone becomes non-routable with the ASN.
Example Scenario:
Black Hills Technologies is a datacenter services provider that owns IP addresses and an ASN. Black Hills Technologies has a global customer base who use their services to operate their own solutions. The Black Hills Technologies ASN is used to announce customer IP addresses.
For upstream bandwidth providers, Black Hills Technologies takes on direct responsibility for the IP assets. In order to shift responsibility, a company needs to encourage customers to register their own ASN and create Regional Internet Registry (RIR) routing objects via their own ASN.
Work with your partners whose IP addresses are being advertised in your BGP ASN, and then update your ASN by removing the IP addresses. The collaboration will help to ensure routability is maintained before IP addresses are removed from your ASN.
- January 20, 2022: Moved from “Policies & Procedures” to the “Network Map & Company Information” directory.
- August 27, 2018: Published.
Feedback
0 comments
Please sign in to leave a comment.