My Account | Contact Us | +33 1 76 23 10 11 |
FR FR
Back to site

BGP concepts for customers

Understand BGP, ASN, IP prefixes, and announcements on the HolyCloud network for advanced customers.

~12 min read Advanced #bgp #network #asn #routing #datacenter

BGP concepts for customers

BGP (Border Gateway Protocol) is the routing protocol between autonomous systems on the Internet. HolyCloud customers with dedicated IPs, ASN, or multi-homing need basic understanding to work with network support.

Prerequisites

  • TCP/IP basics (IP, mask, gateway)
  • Offer or project requiring prefix announcement (often dedicated server, failover IP, enterprise connectivity)
  • Coordination with HolyCloud support for any real BGP session

This guide is educational: do not configure BGP without HolyCloud commercial and technical validation.

Autonomous System (AS) and ASN

An Autonomous System (AS) is a set of IP prefixes managed under one routing policy, identified by an ASN (e.g. AS12345).

| Element | Description |

|---------|-------------|

| ASN | Global number (16/32 bits) assigned by a RIR (RIPE, ARIN…) |

| eBGP | BGP between neighbor ASes (external) |

| iBGP | BGP within the same AS |

HolyCloud operates its own ASN; your prefixes may be announced via our AS to transit/peering.

IP prefix and aggregation

You announce prefixes (routable blocks), not isolated IPs except exceptions (/32):

  • 203.0.113.0/24 — 256 addresses
  • 2001:db8::/48 — typical enterprise IPv6 block

Aggregation reduces global table size: announce /24 rather than 256 /32 if you own them all.

BGP session: principles

[Your router] ----eBGP---- [HolyCloud edge router] ----> Internet

Parameters negotiated with the operator:

| Parameter | Example |

|-----------|---------|

| Peer IP | 10.0.0.1 / 10.0.0.2 (point-to-point link) |

| Local / remote ASN | Your ASN ↔ HolyCloud ASN |

| Multihop | Sometimes eBGP multihop if router not adjacent |

| MD5 password | Session authentication (optional) |

| Prefix-list / filter | What you are allowed to announce |

Announce only validated prefixes (RPKI ROA, IRR objects) — HolyCloud filters unauthorized announcements.

Useful BGP attributes

| Attribute | Customer usage |

|----------|--------------|

| AS-PATH | List of traversed ASes — prefer shorter paths |

| NEXT-HOP | Next-hop IP to reach the prefix |

| LOCAL_PREF | Inbound preference (operator side, inbound policy) |

| MED | Metric hint between AS pairs |

| COMMUNITIES | Tags for actions (e.g. no-export, blackhole) |

Example blackhole community (concept — exact value from HolyCloud during DDoS): announce attacked /32 with community → targeted null route.

RPKI and route security

RPKI ties a prefix to an authorized ASN via a ROA (Route Origin Authorization).

  • RPKI Valid: conforming announcement
  • Invalid: rejected by operators applying RPKI
  • Unknown: no ROA — filtering risk

Before announcing a prefix at HolyCloud, ensure IRR objects (RIPE Database) and ROA are up to date.

Failover IP and BGP

On some products, a failover IP switches between servers:

  • Without customer BGP: static routing or ARP/anycast on platform side
  • With BGP: you announce /32 or block from active server; withdraw on failure

HolyCloud support indicates the model for your offer.

Checks from a Linux VPS (read-only)

Route state (if Linux router with BGP installed by you — rare on simple VPS):

ip route show
ip -6 route show

Traceroute to your announced prefix:

traceroute 203.0.113.10
mtr -rwzc 50 203.0.113.10

RIPE registry (whois) — declared origin ASN:

whois -h whois.ripe.net 203.0.113.0/24

Common mistakes to avoid

  • Announcing a more specific prefix than authorized (internal route leak).
  • Split horizon: same prefix via two operators without coordination (black holes).
  • Forgetting reverse DNS and anti-spoof filters on outbound IPs.

HolyCloud process (summary)

  1. Commercial request (ASN, prefixes, bandwidth, SLA).
  2. LOA validation / IP assignment / ROA.
  3. Session provisioning on edge router (VLAN, peering IPs).
  4. Announcement tests in maintenance then production.
  5. Monitoring and emergency communities (DDoS).

Conceptual troubleshooting

| Symptom | Hint |

|----------|-------|

| Prefix not visible globally | Upstream filter; invalid ROA; session down |

| Asymmetric path | Different IN/OUT policies |

| Slow failover | BGP hold timer / prefix not withdrawn |

Need help?

For a BGP request, provide ASN, prefix list, dual-stack format, and technical contact. HolyCloud network support does not configure non-contractual sessions.