Configuring Your ASN: Understanding the Basics and Moving Forward (Part-2)

Now that you have your ASN, IPv4, and IPv6 addresses, it’s time to familiarize yourself with some fundamental terms and concepts that are crucial for configuration and moving forward. While there is much to learn, understanding these basics will set a strong foundation.

Setting Up Roles and Contact Information

When you acquire an ASN, you’ll be required to create specific roles for Network Operations, Abuse, and IT/Administrative functions. It is advisable to set up dedicated mailboxes for these roles rather than using generic ones like abuse@yourdomain.tld or admin@yourdomain.tld. These generic mailboxes are often used by internal mail servers or mail providers (e.g., Google Workspace), so instead, consider using addresses like compliance@yourdomain.tld, it@yourdomain.tld, and noc@yourdomain.tld.

Important Note:

• Do not share any personal information when creating these role accounts.
• Use a dedicated phone number for your ASN and IP prefixes for WHOIS lookup purposes.

Once these roles and contact details are set up, they will be tagged to your ASN and prefixes.

Key Terminology and Definitions

aut-num (autonomous system number):

• This represents your AS information. Most RIRs will automatically create this for you, but some, like ARIN, may require you to create an aut-num object manually. In this object, you can define attributes such as:
• descr: A description, typically your organization name or any identifier you want to display in WHOIS data.
• mnt-by: Specifies who is responsible for maintaining the resource.
• mnt-irt: Specifies the incident response team. This indicates who to contact for security incidents related to your network.
• mnt-routes: Specifies who is responsible for maintaining the routing information.

as-set:

• An AS set allows you to manage and optimize your routes, especially when dealing with multiple upstream or downstream providers. When you have multiple connections, you need to define import and export policies (import, export, mp-import, mp-export). Managing these individually can be chaotic, but an AS set groups them together, simplifying the process.

inetnum/inet6num:

• These objects define IPv4 (inetnum) and IPv6 (inet6num) address allocations.
• inetnum: This object represents a range of IPv4 addresses.
• inet6num: This object represents a range of IPv6 addresses.

mnt-routes:

• This attribute indicates who is responsible for maintaining the routing information for your IP addresses. It ensures that routing policies are correctly managed and maintained.

mnt-irt:

• The mnt-irt attribute designates the Incident Response Team for your network. This team handles security incidents and is the point of contact for abuse reports and security issues related to your IP space.

geofeed:

• Adding a geofeed is recommended to provide geographical information about your IP prefixes. This data helps various services, including geolocation services, to accurately place your IP addresses.

RPKI (Resource Public Key Infrastructure):

• RPKI is a framework designed to secure the internet’s routing infrastructure. It helps prevent route hijacking and ensures the authenticity of the IP prefixes.

ROA (Route Origin Authorization):

• ROA is a critical component of RPKI. It specifies which ASNs are authorized to originate your IP prefixes. Setting up ROAs helps secure your IP space by preventing unauthorized usage.

IRR (Internet Routing Registry):

• When creating ROAs, you need to register your routing information in the IRR. This registry holds data that network operators use to configure their routers and filter BGP announcements, ensuring that your routes are correctly propagated and secured.

Moving Forward

With these fundamental concepts and configurations in place, you are now equipped to proceed with the technical setup and fine-tuning of your network. In the next part of this guide, we will dive deeper into the specifics of network configuration, BGP (Border Gateway Protocol) setup, and best practices for maintaining and optimizing your internet presence.

Stay tuned for detailed instructions on these advanced topics as you continue your journey to establishing your online identity.