The RFC 1930 entitled Guidelines for creation of an AS defines an Autonomous System (AS) as:
a connected group of one or more IP prefixes run by one or more network operators that have a single and clearly defined routing policy.
Concretely, an Autonomous System is a collection of routers under common administrative control or organization defining routing policies for one or more blocks of IP addresses called IP prefixes. Such organizations include Internet Service Provider (ISP), universities, large companies, division of companies, or even a group of companies. For instance, Apple, Digital Ocean, Google, Microsoft, Comcast, Level3, Orange, or the MIT, all have and manage one or more Autonomous Systems.
The Internet is made possible by routing IP packets inside an AS but also between Autonomous Systems.
How is an Autonomous System identified?
Organizations that register for an Autonomous System are receiving a globally-unique Autonomous System Number (ASN). This number is used both in the exchange of exterior routing information (between neighboring AS) and as an identifier of the AS itself.
Originally, Autonomous System numbers were defined as 16-bit integers, which allowed for a maximum of 65,536 assignments. However, due to the exponential growth of the Internet, 32-bit AS numbers have been introduced in 2007, which now allows up to 4,294,967,295 ASNs. As of January 2020, there are about 85,000 ASNs assigned and in use.
AS numbers are usually written with the prefix AS (e.g.
AS191). Besides, like IP addresses, some AS numbers are reserved and private.
How to get an Autonomous System Number?
The assignation is managed by the Internet Assigned Numbers Authority (IANA). It is responsible for globally coordinating DNS Root, IP addressing, and other Internet protocol resources, including ASNs. However, the assignation is not directly made to organizations that request to create an AS. Instead, IANA assigns ASNs to Regional Internet Registries (RIRs) which are organizations that manage Internet number resources in a particular region of the world.
There exist five regional Internet registries:
- African Network Information Center (AFRINIC)
- American Registry for Internet Numbers (ARIN)
- Asia-Pacific Network Information Centre (APNIC)
- Latin American and Caribbean Network Information Centre (LACNIC)
- Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Obtaining an autonomous system number requires going through one of the five regional Internet registries. The procedure is clearly defined on respective RIR pages. For instance, hereafter is a link for the procedure from ARIN:
How are Autonomous Systems communicating?
An Autonomous System is responsible for routing traffic within itself. This is called intra-domain routing. Routers within an AS use an interior gateway protocol to route IP packets between nodes. Common interior gateway protocols include RIP, OSPF, IS-IS, EIGRP, as well as some proprietary protocols such as IGRP. However, intra-domain routing is not the sole purpose of an AS. To get traffic from a host in one AS to a host in another AS, the autonomous systems need to be connected. Most ASes do not share a direct link with each other, in which case data traffic may be routed through the networks of other ASes that agree to carry the traffic. Exterior routing is made possible via a common gossip protocol called Border Gateway Protocol (BGP).
BGP Routing Overview
Autonomous Systems can establish connections with existing ASes based on geographic locations but also various business interests. Once communications have been established, ASes report via BGP any network routes (i.e. IP prefixes expressed in CIDR form) they know about, along with the AS path through which to pass:
I'm AS1234, and I am the originator for 18.104.22.168/24. I can reach 22.214.171.124/8 with a cost of 3 hops via AS45,AS9763,AS194.
Any neighboring Autonomous Systems update their BGP routing table:
AS1234 is responsible for 126.96.36.199/24, and I can reach it with a cost of 1, and I can also reach 188.8.131.52/8 with a cost of 4 via AS1234,AS45,AS9763,AS194".
If there's a cheaper route to a network address, no changes will happen. This way, routing updates can propagate quite quickly across the Internet.
The Border Gateway Protocol is nice and lightweight, and updates are happening with reasonable frequency, as network connections come and go. However, it's entirely built on trust and as a consequence, some attacks occur from time to time:
Types of Autonomous Systems
The Internet is a graph of Autonomous Systems but most ASes are not connected with each other. They need to route their traffic through other ASes. Autonomous systems can be grouped into four categories or types, depending on their connectivity and policy.
Internet Exchange Point AS
A physical infrastructure through which ISPs or Content Delivery Networks (CDNs) exchange internet traffic between their networks (autonomous systems)
Multi-homed Autonomous System
A multi-homing AS is an Autonomous System that maintains connections to more than one other AS. This allows the AS to remain connected to the internet in the event of a complete failure of one of their connections. However, a multi-homed AS does not allow traffic from one AS to pass through on its way to another AS. A typical example is a network (an AS) that is connected to multiple ISP (that are ASes too) to improve the connection reliability.
Stub Autonomous System
A stub AS is connected only to one other AS. An example is a lower-tier ISP that gets its service from another ISP. Other specific examples include private interconnections in the financial and transportation sectors.
Transit Autonomous System
An AS that provides connections through itself to other networks is called a transit AS. An example is when an ISP (an AS) sells access to the Internet by agreeing to act as a router, carrying traffic from one AS and out to some other AS to which it has a link. The complete data path may involve multiple transit hops through different ASes. An AS will typically meter the traffic on each link and charge a transit fee. Depending on the policy, an organization in one AS may be charged for traffic even to the connected AS.
What can you learn from an Autonomous System?
Following the previous explanations, a given AS manages a set of IPv4 and IPv6 prefixes. It also maintains upstream and downstream connections with other ASes based on peer agreements. For a given IP address, it might be useful to know its routing prefix, aka the IP prefix to perform for instance filtering at a larger level in case of a distributed attack.
At Ipregistry, we return more than 65 data points (give a try with your IP address), and this keeps improving. Among others, every IP lookup return data about the Autonomous System managing the routing prefix associated with the IP that is considered. This includes the Autonomous System Number, the route using the CIDR notation, an organization or company name, the associated domain name, and even a usage type.
We also provide Enterprise solutions. You can get access to raw data sets and we can adapt to your needs and requirements so that our services fit what you need — we make the box fit around you, not the opposite!