Network ASN : Why They’re Vital to Networking and Proxy Access
An autonomous system number (ASN) is a unique number that identifies an autonomous system. It enables autonomous systems to exchange exterior routing information with other neighbouring autonomous systems. The authority for the ASN is decentralized – every network is run independently and tells each other what IP addresses they know how to reach.
What is an ASN?
An ASN is the acronym for Autonomous System Number, which defines a unique numerical identifier that identifies networks or routers. The ASNs are assigned by organisations such as IANA and define how routing should be done within an autonomous system.
The best path will always be chosen based on well-known rules in order to avoid unstable traffic conditions during periods of increased congestion due to increased demand for bandwidth across the network.
An ASN is an address space used in the global routing table. It is a unique identifier for an autonomous system and it’s like your last name. The ASNs are ordered by data crossing from origin to destination, which means that the number of IP addresses in each route announcement will decrease as you move further down BGP path because they have been routed through different routers.
ASN: One way that regulators handle the vast amount of data communications happening over the internet through a set of devices with IP addresses.
BGP – Border Gateway Protocol
ASNs are used by a variety of routing protocols but perhaps the most important one is BGP – Border Gateway Protocol. It’s important to note that BGP can only compare routes between different autonomous systems, not with each other.
BGP is a routing protocol used for internet. BGP identifies the best route to send packets between networks and routers use this information to decide which packet will be sent where. In fact, BGP is the only protocol used to communicate between autonomous systems. It makes it possible to share routing information and route data packets efficiently, which is why ABGP is the only Border Gateway Protocol.
How Autonomous System Numbers Work
So we’ve learnt that an Autonomous System Number (ASN) is a unique identification number given to routing and internet service providers. It makes routing decisions with considerations of network admin rule sets and other guidance, such as the preferences for specific networks that are established by the company or organization that owns it.
When all devices on a network have an IP address, they can use this information to communicate with each other. They also assign ASNs so that they can route traffic between different networks without giving out their private IP addresses. It’s much easier to route situations like constantly changing IP addresses too.
Furthermore, Autonomous system numbers are used to route traffic through a single gateway point. To get an autonomous system number, the company or other party must petition the Internet Assigned Numbers Authority or IANA through one of five global Regional Internet Registries or RIRs that have been delegated by the US Department of Commerce.
While phone systems evolved and businesses started wanting to route all calls through a single network point, more people began using networks for information sharing instead. This led companies like Google and Amazon to invest in their own network infrastructure.
The autonomous system number is a unique identifier that provides for the provision of services to end nodes. Each ASN has an associated route, which can be used by its customers to send and receive data. This makes it easy to have many different devices connected with one central gateway or service provider, saving space on your network as well as needing fewer ports in order to connect these devices together.
How to get a Network ASN number
These numbers are issued by one of the regional internet registries depending on where you are located. They can be used by anyone who wants to start their own internet service provider or other type of network that requires ASN numbers for recognition. To qualify for an ASN number, a company must have multihomed networks across Europe – so they would need all of their resources together, wire them together, and give each workstation an internet protocol or IP address.
The five regional Internet registries are:
- African Network Information Center (AFRINIC)
- American Registry for Internet Numbers (ARIN)
- Asia-Pacific Network Information Centre (APNIC)
- Latin American and Caribbean Network Information Centre (LACNIC)
- Réseaux IP Européens Network Coordination Centre (RIPE NCC)
IANA and associated groups have moved from IPv4 to IPv6, which can help with the growth in demand. However, transitioning from IPv4 to IPv6 has not been completed yet so some countries are using a mix of both networks while others might still be on only one network.
What is the current APNIC policy for AS assignments?
Whoever or whatever applies for an ASN must have a contract with the RIPE NCC, which is the European or from the Middle Eastern, and certain Central Asian internet registry agencies. This allows them to distribute pipelines of online number resources from this registry to internet service providers.
An autonomous system is a network of networks that are administered by one entity. In the current APNIC policy, new ASs must be assigned from the Tier 1 list of ISPs. The Tier 2 and 3 lists can be used to provide redundancy for certain regions where there is a lack of available space on the Tier 1 list.
The AS allows for many different types of relationship between two networks; it’s not just limited to routing traffic and exchanging routes with other networks.
Different tiers of ISPs are established to make sure that a company or customer can find the ISP that is best suited for them.
Examples of Autonomous System Numbers
An autonomous system number is a unique identifier of the routing domain that is used to route traffic within an AS. They are assigned by organisation like the Internet Corporation for Assigned Names and Numbers (ICANN) based on the physical infrastructure of the Autonomous Systems. The numeric designations are now treated as four-byte identifiers, but APNIC did not make any distinction between two or four bytes when assigning them.
A public autonomous system number is only required if an AS is exchanging routing information with other autonomous systems on the public Internet.
Therefore, a Private AS Number can be used for routing purposes. The Autonomous System Numbers assigned by APNIC and NIR are only available to the private networks that have been granted this privilege. It is important to note that these numbers cannot be given out as they are reserved exclusively for use by those organizations who purchase them from the registry operators themselves
The range of autonomous system numbers start at 64512 65534 from 16 bit registry and 4200000000 4294967294 from 32 bit registry. These numbers are contiguous blocks of 1023 or 94,967,295 to be used by private networks for routing purposes only
AS Numbers are an important part of the routing process. ASN numbers help to identify where networks exist and determine which routers can be used by other networks to send traffic. If you’re not using a number that came from a LIR, then it’s possible for your network to become unreachable, so make sure you check with them before starting up or changing your network!
Proxies – Blocking, Filtering and Blacklisted ASNs
Generally this isn’t something most network administrators will do lightly. Remember this isn’t just like blocking a range or subnet – an ASN is usually much, much bigger. If a website blocks a particular ASN then it runs the risk of blocking lots of it’s own customers.
It does happen though and some companies run risk analysis on ASNs visiting their servers. If the risk/reward balance is wrong then it obviously makes sense to block that ASN to protect finite network resources.
For example if 90% of the spam/hack traffic comes from a particular ASN then it makes sense for a company to just block it completely. If your proxy is using the same ASN then it becomes effectively useless for accessing that site.
Blocking Countries by Network ASN
Generally you can’t block entire countries by a single ASN at least with the larger ones. However you can generally restrict most traffic from a country by restricting access to the large Telecom providers serving that country.
Some of the largest ASNs are Chinanet and the China169 Backbone. These two Chinese ASNs, operated by China Telecommunications Company and China Unicom both state-owned entities. They are unusual in size and also carry a huge amount of risky traffic too. In fact there’s well over 150 million IP addresses covered within those two ASNs – AS4134412 and AS4837
Not surprisingly many network administrators are keen to block these because it has little commercial impact and reduces the threat to their infrastructure too. However the huge numbers involved move the decision from the IT department to a corporate one.
Blocking huge ASNs like this can cause problems especially for larger organisations. Not only are bad IP addresses blocked or blacklisted but good ones too. You’ll find emails bouncing and applications being inaccessible for example.
Datacenter Proxy ASN Problems
As mentioned generally it’s a bit risky to start blocking ASNs as they’re just too big. However it’s increasingly used as a source of information plus there are plenty of blacklists of ASNs available online.
Often you’ll find ASNs blocked that host popular VPNs and proxies. You’ll normally get some sort of warning like this –
There’s not much more you can do if this happens. If you’re using a proxy then it’s ASN has been blocked so it’s pretty much useless for accessing that site. It’s likely that any other IP addresses from that provider has a high chance of being blocked too especially in the same IP ranges.
Most proxies have very ‘blockable’ ASNs as their IP addresses are normally from places like commercial hosting companies. Many websites will happily block these as they are unlikely to be customer IP addresses. Which is why datacenter proxies are becoming increasingly useless for all sorts of online activities.
Residential Proxies Have Safest ASNs
If I look up the ASN of my current IP address from my home address it shows – AS5089. This is the ASN of Virgin Media limited a large ISP owned by Mr Richard Branson in the United Kingdom. No website in it’s right mind would block an ASN like this as instantly millions of home users would be instantly blocked from their site. You can look up your own current ASN on this great site here – https://asn.ipinfo.app/ – it’s under development so new features are being added.
The point is that an ASN from an ISP is about the safest one you can have. Which is why residential proxies are so valuable, not only are they implicitly trusted they’re also virtually impossible to block using any sort of ASN basis. Want to make money online with a proxy – these are the ones you need.
Residential Proxies = Residential IPs = ISP ASN
You will not get blocked if your ASN is registered to an ISP like all residential proxies should be ! Which is why they’re considered premium and the best proxies you can buy, they’re virtually impossible to block. Also remember it’s often not just a case of being blocked, many websites especially e-commerce analyse a sort of trust score to connections.
You’ll be much more trusted arriving from a residential proxy than any other sort. The latest advancement in this area is residential proxies with private static IP addresses – known as ISP proxies.
The Problem with Most VPNS and Datacenter Proxies
Despite the risks some websites will block huge numbers of ASNs in order to filter out specific types of traffic. One of the most aggressive examples of this is within the media sector especially companies like Netflix.
Most of the online media sites are in a constant battle to restrict access to their domestic customers. Mostly this is due to copyright restrictions which restrict access to overseas viewers. Millions of people around the world use VPNs and proxies to bypass these blocks.
However obviously a company like Netflix has a global market so it can’t simply select specific country ASNs or it would end up causing chaos for it’s customers. What it did do was to only allow access to ISP based ASNs around the world. Effectively blocking every single commercial IP address from accessing the site and only allowing home users (and mobile ones) from watching. Every VPN and virtually every proxy was blocked from accessing the media site almost instantly simply because of their ASN. The only ones that worked where proxies with residential IPs, those with mobile IPs and some of the private VPNs too.