What is an ASN (Autonomous System Number)?

What Is an Autonomous System?

An Autonomous System (AS) is a single organization or network that controls a group of IP addresses and presents a unified routing policy to the rest of the internet. Think of it as a "network of networks" — a self-governing block of the internet that manages its own internal routing and connects to other autonomous systems at defined points.

Every large network on the internet — ISPs, cloud providers, universities, major corporations, government agencies — operates one or more autonomous systems. Each AS is identified by a unique number called an Autonomous System Number (ASN).

To qualify as an autonomous system, an organization must:

  • Have a unique ASN assigned by a Regional Internet Registry (RIR)
  • Control at least one block of IP address space (IP prefix)
  • Run the Border Gateway Protocol (BGP) to exchange routing information with other ASes
  • Maintain a consistent routing policy — meaning all routers within the AS agree on how to route traffic

The concept of autonomous systems is fundamental to how the internet scales. Without ASNs and BGP, every router on the internet would need to know the path to every individual IP address — an impossible task given that the global routing table contains over 1 million prefixes. Instead, routers only need to know how to reach other autonomous systems, and each AS handles internal routing independently.

As of 2024, there are over 75,000 active autonomous systems in the global routing table, and the number continues to grow as more organizations seek direct control over their network connectivity.

Why ASNs Exist

The internet is not a single network — it is a network of networks. ASNs exist to solve the fundamental problem of inter-domain routing: how do thousands of independent networks, each with their own policies and infrastructure, agree on how to forward traffic to any destination?

The problem ASNs solve:

Imagine the internet without autonomous systems. Every router would need a complete map of every link and every network in the world. The routing table would contain millions of entries, updates would flood the entire internet with every change, and the system would collapse under its own complexity.

ASNs introduce hierarchy and abstraction:

  • Abstraction: An AS advertises its IP prefixes to the world as a single entity. Other ASes do not need to know the internal topology — they just need to know "to reach 203.0.113.0/24, send traffic to AS64500."
  • Policy: Each AS defines its own routing policy — which neighbors it peers with, what traffic it accepts, how it selects paths, and what it charges. ASNs make these policies explicit and enforceable.
  • Scalability: Instead of millions of individual routes, the global routing table consists of about 1 million prefixes aggregated by AS. Routers only need to maintain paths to roughly 75,000 autonomous systems rather than billions of individual hosts.
  • Autonomy: Each AS can change its internal routing without affecting the rest of the internet. A company can reorganize its internal network, add links, or change equipment — none of which requires any changes in the global routing table.
  • Accountability: ASNs provide a way to identify who is responsible for routing a particular block of addresses. This aids in troubleshooting, security (identifying the source of BGP hijacks), and business relationships (peering agreements).

The ASN system is administered by five Regional Internet Registries (RIRs):

RIRRegionCoverageWebsite
ARINNorth AmericaUSA, Canada, Caribbeanarin.net
RIPE NCCEurope/Middle East/Central AsiaEurope, Russia, Middle Eastripe.net
APNICAsia-PacificEast Asia, Southeast Asia, Oceaniaapnic.net
LACNICLatin America/CaribbeanCentral/South Americalacnic.net
AFRINICAfricaSub-Saharan Africaafrinic.net

How BGP Routing Works

The Border Gateway Protocol (BGP) is the routing protocol that makes inter-AS communication possible. It is the "glue" that holds the internet together — literally the protocol that determines how your traffic gets from your ISP to Google, Netflix, or any other destination on the internet.

BGP is a path-vector protocol. Instead of calculating shortest paths based on link costs (like OSPF or IS-IS), BGP advertises the complete AS-level path to each destination. This means every BGP router knows not just the next hop, but the entire sequence of autonomous systems that traffic will traverse.

How a BGP route advertisement works:

  1. AS 100 owns the IP prefix 198.51.100.0/24 and wants to make it reachable from the internet.
  2. AS 100 sends a BGP announcement to its neighbor AS 200: "I can reach 198.51.100.0/24. My path is [AS100]."
  3. AS 200 receives the announcement and adds it to its routing table. AS 200 then announces to its neighbor AS 300: "I can reach 198.51.100.0/24. My path is [AS200, AS100]."
  4. AS 300 receives this and announces: "I can reach 198.51.100.0/24. My path is [AS300, AS200, AS100]."
  5. This process continues until the route propagates across the entire internet.

BGP path selection: When a router receives multiple paths to the same prefix, it selects the "best" path based on a series of criteria (in typical order of priority):

  • Local preference: Network administrator's policy preference (highest wins)
  • Shortest AS path: Fewest autonomous systems in the path
  • Origin type: IGP (i) preferred over EGP (e) over Incomplete (?)
  • Lowest MED: Multi-Exit Discriminator from neighboring AS
  • eBGP over iBGP: External BGP routes preferred over internal
  • Lowest IGP metric: Closest exit point within the local AS
  • Oldest route: Stability preference
  • Lowest router ID: Tiebreaker

BGP relationships between ASes:

  • Peering (settlement-free): Two ASes agree to exchange traffic between their customers for free. Common between ISPs of similar size at Internet Exchange Points (IXPs).
  • Transit (paid): A smaller AS pays a larger AS to carry its traffic to the rest of the internet. The smaller AS is a "customer" of the larger AS.
  • Private Network Interconnect (PNI): A direct physical link between two ASes, bypassing an IXP. Used for high-volume traffic between large networks.

Public vs Private ASNs

Like IP addresses, ASNs come in public and private varieties.

Public ASNs are globally unique numbers assigned by RIRs to organizations that need to exchange routing information with other autonomous systems on the public internet. If you want your network to be reachable via BGP from the outside world, you need a public ASN.

Private ASNs are reserved for internal use within an organization. They are not advertised to the global internet and can be used freely within a private network — similar to how RFC 1918 IP addresses (10.0.0.0/8, etc.) are used for internal networks.

TypeRangeUsageWho Assigns
16-bit Public1 – 64,495 (excl. reserved)Internet-facing BGPRIRs (ARIN, RIPE, etc.)
16-bit Private64,512 – 65,534Internal BGP, iBGP confederationsSelf-assigned
32-bit Public65,536 – 4,199,999,999Internet-facing BGP (expanded)RIRs
32-bit Private4,200,000,000 – 4,294,967,294Internal BGP (expanded)Self-assigned

When to use private ASNs:

  • Large enterprises running BGP internally between multiple sites, but using a single public ASN to connect to the internet.
  • ISPs using confederations to subdivide their internal BGP domain into smaller administrative units.
  • Testing and development environments where BGP is being learned or configured.

Important: Private ASNs must be stripped from AS paths before route advertisements leave an organization's network. If a private ASN leaks into the global routing table, it will typically be filtered by other networks.

ASN Formats and Ranges

Originally, ASNs were 16-bit numbers, allowing for 65,536 possible values (0 through 65,535). With the rapid growth of the internet, this space was exhausted. In 2007, the IETF standardized 32-bit ASNs (RFC 4893), expanding the space to approximately 4.3 billion values.

ASN notation:

  • asdot notation: 32-bit ASNs written as two 16-bit numbers separated by a period. Example: 65536 is written as "1.0", 65537 as "1.1".
  • asplain notation: 32-bit ASNs written as a single decimal number. Example: 65536, 4200000000.

Both notations are used in practice. Most modern tools support both, but asplain (simple decimal) is more common in configuration files and documentation.

Reserved ASN ranges:

RangePurposeNotes
0ReservedUsed in BGP to indicate "no AS"
23456AS_TRANSPlaceholder for 32-bit ASNs in 16-bit BGP speakers
64,496 – 64,511Reserved for documentationUsed in examples (RFC 5398)
64,512 – 65,534Private use (16-bit)Not routed on public internet
65,535ReservedLast 16-bit value, not assignable
65,536 – 65,551Reserved for documentation32-bit documentation range
4,200,000,000 – 4,294,967,294Private use (32-bit)Not routed on public internet
4,294,967,295ReservedLast 32-bit value (all 1s)

How to Look Up ASNs

There are several ways to find the ASN associated with an IP address, a domain name, or an organization:

Command-line lookups:

  • whois -h whois.cymru.com [IP] — Returns the ASN, prefix, and owner for any IP address using Team Cymru's IP-to-ASN service.
  • dig +short [IP].asn.cymru.com TXT — DNS-based ASN lookup, useful in scripts.
  • traceroute — Some traceroute implementations show ASN information for each hop.

Web-based lookups:

  • bgp.tools — Excellent resource for ASN, prefix, and routing table queries. Shows peering relationships, upstream providers, and prefix announcements.
  • BGPView (bgpview.io) — ASN and prefix information with peering details and network topology.
  • Hurricane Electric BGP Toolkit (bgp.he.net) — Comprehensive ASN lookups with prefix lists, peers, and upstream/downstream relationships.
  • PeeringDB (peeringdb.com) — Database of networks, IXPs, and peering facilities. Useful for finding peering information for specific ASNs.
  • RIPEstat (stat.ripe.net) — Detailed ASN information from the RIPE NCC, including routing history and abuse contact data.

What you can learn from an ASN lookup:

  • Organization name and contact information
  • IP prefixes announced by the AS
  • Upstream providers (transit ASes)
  • Downstream customers
  • Peering partners and Internet Exchange Points
  • Country of registration
  • Routing incidents (BGP hijacks, leaks)

Major ASNs and Their Owners

Some ASNs are well-known because they belong to the largest networks on the internet. Here are some of the most significant autonomous systems:

ASNOrganizationTypeSignificance
AS15169GoogleContent/TransitOne of the largest networks; operates YouTube, Google Cloud
AS16509Amazon (AWS)CloudLargest cloud provider by market share
AS8075MicrosoftCloud/ContentAzure, Microsoft 365, LinkedIn
AS13335CloudflareCDN/SecurityHandles roughly 20% of all web traffic
AS2906NetflixContentSingle largest source of downstream internet traffic
AS714AppleContentiCloud, App Store, Apple services
AS32934Meta/FacebookContentFacebook, Instagram, WhatsApp
AS174Cogent CommunicationsTransitMajor Tier-1 backbone provider
AS3356Lumen (Level 3)TransitOne of the largest Tier-1 backbone networks
AS6939Hurricane ElectricTransitLargest IPv6 backbone, major peering network
AS1299Arelion (Telia)TransitMajor European Tier-1 carrier
AS4837China UnicomISPOne of China's three major ISPs
AS4134China TelecomISPLargest ISP in China by subscribers

Understanding AS tiers:

  • Tier 1 networks (AS174, AS3356, AS1299, AS6461, etc.) can reach every destination on the internet without purchasing transit. They peer with each other via settlement-free interconnection and sell transit to Tier 2 and Tier 3 networks.
  • Tier 2 networks are large regional or national ISPs that purchase transit from Tier 1 providers but also peer directly with other networks. Examples include Comcast (AS7922), Charter (AS20115), and BT (AS2856).
  • Tier 3 networks are smaller ISPs and enterprises that purchase all their transit from upstream providers and do not sell transit to others.

Content networks like Google, Netflix, and Cloudflare are unique — they are not traditional ISPs, but they operate massive networks that peer directly with ISPs worldwide to deliver content as close to end users as possible. Netflix alone accounts for roughly 15% of global internet traffic.

How ISPs Use ASNs

ISPs are the primary users of the ASN system. Every ISP that offers BGP connectivity operates at least one autonomous system, and large ISPs often operate multiple ASes for different regions, services, or business units.

ISP peering and transit relationships:

When you connect to a website, your traffic typically traverses multiple autonomous systems. The path your traffic takes depends on peering and transit agreements between ISPs:

  1. Your ISP (e.g., AS7922 Comcast) receives your request.
  2. If the destination is on a network your ISP peers with directly, traffic goes straight there (shortest path).
  3. If not, your ISP forwards the traffic to its transit provider (e.g., AS3356 Lumen).
  4. The transit provider routes it toward the destination, possibly through additional transit or peering connections.

Internet Exchange Points (IXPs) are physical locations where multiple ASes connect to exchange traffic directly. Major IXPs include:

IXPLocationConnected ASesPeak Traffic
DE-CIX FrankfurtFrankfurt, Germany1,100+14+ Tbps
AMS-IXAmsterdam, Netherlands900+12+ Tbps
LINXLondon, UK950+8+ Tbps
IX.br (PTT.br)Sao Paulo, Brazil2,600+30+ Tbps
JPNAPTokyo, Japan250+3+ Tbps

How your ISP determines your routing:

  • BGP communities: ISPs use BGP communities (tags) to classify routes by origin, type, and policy. This allows fine-grained control over how traffic is routed.
  • Prefix filtering: ISPs filter route advertisements to prevent accepting invalid or hijacked prefixes. RPKI (Resource Public Key Infrastructure) is increasingly used to validate BGP announcements.
  • Traffic engineering: ISPs manipulate BGP attributes (local preference, MED, AS path prepending) to influence which paths traffic takes, balancing load across links and managing costs.
  • Customer vs peer vs transit: ISPs typically prefer customer routes over peer routes over transit routes, because customer traffic generates revenue while transit traffic costs money.

BGP security concerns:

BGP was designed in an era of trust, and it has significant security vulnerabilities:

  • BGP hijacking: An AS announces prefixes it does not own, redirecting traffic meant for another network. This has been used for censorship, surveillance, and traffic interception.
  • BGP leaks: An AS unintentionally propagates routes it should not, causing traffic to take unintended paths. The 2018 Google-to-China Telecom incident affected services worldwide.
  • Prefix deaggregation: Advertising many small prefixes instead of one large one, consuming router memory and processing resources.

RPKI and BGP security: The Resource Public Key Infrastructure (RPKI) is being deployed to address these issues. RPKI allows prefix holders to create cryptographic certificates authorizing specific ASes to announce their prefixes. Networks that implement Route Origin Validation (ROV) can reject invalid BGP announcements, preventing hijacks and leaks. As of 2024, approximately 50% of global prefixes have valid RPKI attestations, and adoption is accelerating.