In the previous article, Introducing AS205126, I explained how I obtained my own Autonomous System Number (ASN) from the RIPE NCC. Now that I have my ASN, the next step is to announce my IP range to the internet. This article will guide you through the process of announcing your IP ranges using Border Gateway Protocol (BGP).
Setup your first router #
How will we do this? #
To announce IP ranges, we need to find a BGP-capable router. In my case, I will use a VPS that supports BGP. There are some providers that offer BGP VPS, you can find a list of them here.
As I live in Paris, France, I chose VirtuaCloud, a French provider that offers BGP VPS with upstream. The pros with this provider are that with them I only have 2 BGP hop for Telia and HE.net, 3 BGP hop for the ¾ of French residential ISPs and they push my prefixes to FranceIX route server. Even with a non peered residential ISP I manage to only have ~5ms (or even lower) RTT. Also, I have unlimited bandwidth with VirtuaCloud. However, the cons is that they don’t give a full Gbit port, on the paper it is 100Mbit/s, but in practice I can reach up to 300Mbit/s with good conditions.
Installation #
To announce the IP range, we need to install a BGP daemon on the router, and a helper to help me to configure the daemon. For the daemon, I went for BIRD 2, and for the helper I chose Pathvector. With pathvector, you just need to edit a yaml file, apply the yaml and it will generate the BIRD configuration for you.
Since now, I will assume you have a VPS with Debian, that you have root access, and you are renting the VPS from VirtuaCloud.
Before starting, make sure your server is up to date:
apt update && apt upgrade -yInstall the daemon and helper #
In this step I encountered an issue with the pathvector repository, where I had an GPG key error. You can find the package file on the project repository: natesales/pathvector.
sudo apt install bird2 -y
wget https://github.com/natesales/pathvector/releases/download/v6.3.2/pathvector-6.3.2-linux-amd64.deb
sudo dpkg -i pathvector-6.3.2-linux-amd64.deb
sudo systemctl enable --now birdConfiguration #
Since BIRD and Pathvector are now installed, we can start the configuration.
The file must be /etc/pathvector.yml, I obviously took the example configuration from the Pathvector documentation to go faster, but the example lacks some security hardening.
After adding some parameters, editing the ASN, IPs, and so on, here is my final configuration:
asn: <your ASN without the AS>
router-id: <your VPS IPv4 address>
source6: <your VPS IPv6 address>
bgpq-args: -S AFRINIC,APNIC,ARIN,LACNIC,RIPE
irr-server: rr.ntt.net
irr-query-timeout: 300
rtr-server: rtr.rpki.cloudflare.com:8282
kernel:
learn: true
export: true
prefixes:
- <your prefix you want to announce>
- <your second prefix you want to announce, if any>
- <...>
templates:
upstream:
multihop: true
allow-local-as: false
announce: [ "<your ASN without the AS>:0:15" ]
remove-all-communities: <your ASN without the AS>
local-pref: 80
add-on-import: [ "<your ASN without the AS>:0:12" ]
import-limit6: 300000
enforce-peer-nexthop: false
ibgp:
multihop: true
import-limit6: 300000
filter-bogon-routes: false
filter-bogon-asns: false
enforce-first-as: false
rs:
filter-transit-asns: true
auto-import-limits: true
enforce-peer-nexthop: false
enforce-first-as: false
announce: [ "<your ASN without the AS>:0:15" ]
remove-all-communities: <your ASN without the AS>
local-pref: 90
add-on-import: [ "<your ASN without the AS>:0:13" ]
peers:
VirtuaCloud:
asn: 35661
template: upstream
password: <if they gave you a session password, otherwise remove that line>
neighbors:
- <neighbor's ip>This file is a minimal configuration of pathvector with RPKI check.
You can also see the announce and add-on-import instruction, those two lines are optional, but can be useful in case of you have downstream (you provide internet to your peer), and we call that BGP communities.
This configuration does not play with communities.
Now you have saved the file, you can apply the configuration with: pathvector generate; it will reconfigure BIRD for you.
I had an issue here where my sessions were stuck in Start state. There were some issues: I forgot to create a route in the kernel as requested by my provider. When multihop enabled, pathvector will set the multihop to 255, my provider ask for 5 hops max. So I had to edit manually the peer file to set the multihop to 5. Bird was rejecting route because of the route IP was not equals to the neighbor’s IP. That case is normal for my provider.
Router interface #
I created a systemd service to create my IP interface and the missing route described above, by creating a file in /etc/systemd/system/dummy-interface.service.
The dummy interface is used to attach an IP address to the router with an IP I announce, so now I can connect to my router with that IP.
[Unit]
Description=Setup dummy for LeoTelecom
Wants=network-online.target
After=network-online.target
Before=bird.service
[Service]
Type=oneshot
ExecStartPre=/usr/bin/ip link add dummy1 type dummy
ExecStartPre=/usr/bin/ip link set dev dummy1 up
ExecStartPre=/usr/bin/ip -6 addr add dev dummy1 YOUR_IP_RANGE::1/48
ExecStartPre=/usr/bin/ip -6 route add <neighbor's ip>:1/128 via fe80::1 dev eth0
ExecStartPre=/usr/bin/ip -6 route add <neighbor's ip>:2/128 via fe80::1 dev eth0
ExecStartPre=/usr/bin/ip -6 route add <neighbor's range>::/48 via fe80::1 dev eth0
ExecStart=/usr/bin/ip link set dummy1 up
ExecStopPost=/usr/bin/ip link set dummy1 down
ExecStopPost=/usr/bin/ip link del dev dummy1
RemainAfterExit=yes
[Install]
WantedBy=multi-user.targetTo enable the interface on machine boot, execute:
sudo systemctl daemon-reload
sudo systemctl enable --now dummy-interfaceVerification #
Now you see the routes from your provider in your kernel route table: ip -6 r. The command pathvector status can give you useful insight:
# pathvector status
PEER AS NEIGHBOR STATE IN OUT SINCE INFO
static6 - - up 1 0 2025-08-26 14:33:55
default4 - - up 1 0 2025-08-26 14:33:55
default6 - - up 1 0 2025-08-26 14:33:55
device1 - - up 2 0 2025-08-26 14:33:55
kernel1 - - up 1 4 2025-08-26 14:33:55
kernel2 - - up 5 223392 2025-08-26 14:33:55
null4 - - up 1 0 2025-08-26 14:33:55
null6 - - up 1 0 2025-08-26 14:33:55
rpki1 - - up 589749 0 2025-08-26 14:38:25 Established
VirtuaCloud 35661 YOUR_PROVIDER_RS up 223386 1 2025-08-26 14:33:58 Established
VirtuaCloud 35661 YOUR_PROVIDER_RS up 223379 1 2025-08-26 14:33:58 EstablishedThe logs are stored in journalctl -u bird. Before Tier 1 ISPs see your IP range, it can take around 24 hours for them to refresh their IRR and RPKI data (if you configured RPKI), so your announcement may be ignored at first. To see near real-time visibility (with delays from a few minutes to a few hours), bgp.tools is a wonderful website to check.
Next steps #
Now that you have announced your IP range and it is seen by anyone on the internet, you might want to route some IPs to your homelab. In the next article, I will explain how I route some IPs to my homelab using wireguard and PFSense.