Re: BYOIP and AS prepend in AWS

[Tom Beecher via NANOG <nanog () lists nanog org>]

> how hard did you look? i got this detailed AI answer by just posting your
> question into google!
>  -mel beckman


Mel-

Thank you for providing another object lesson as to why "this is what AI
said" is exceptionally unhelpful.

On Mon, Jun 23, 2025 at 6:31 AM Mel Beckman via NANOG <nanog () lists nanog org>
wrote:

> how hard did you look? i got this detailed AI answer by just posting your
> question into google!
>  -mel beckman
>
> Understanding AWS Bring Your Own IP (BYOIP) and AS Path Prepending
> AWS BYOIP allows you to use your own public IPv4 addresses with AWS
> services like EC2, Global Accelerator, and Elastic IP Addresses (EIPs).
> This is particularly useful if you want to maintain brand consistency,
> simplify migration, or improve IP address reputation.
> BYOIP Process on AWS
>
>   1.  Prerequisites:
>      *   Your IP address range must be registered with a Regional Internet
> Registry (RIR) like ARIN, RIPE, or APNIC.
>      *   The address range should be registered to a business or
> institutional entity.
>      *   You need to provide proof of ownership and authorize Amazon to
> advertise the address range.
>      *   The addresses should have a clean history (not associated with
> malicious activity).
>      *   You must stop advertising the IP address range from other
> locations before advertising it through AWS.
>   2.  Authorization and Provisioning:
>      *   Create a ROA: Create a Route Origin Authorization (ROA) object
> with your RIR to authorize Amazon's ASNs (16509 and 14618) to advertise
> your IP range.
>      *   Generate an X.509 Certificate: Create a self-signed X.509
> certificate and add it to your RIR's RDAP record to link the IP range to
> your AWS account.
>      *   Create a Signed Message: Create a signed authorization message
> that includes your AWS account ID, IP address range, and an expiration date.
>      *   Provision with AWS CLI: Use the AWS CLI to provision the IP
> address range within a specific AWS region.
>      *   Wait for Provisioning: AWS will verify the IP range and approve
> the provisioning request.
>   3.  Advertising and Allocation:
>      *   Advertise the Range: Use the AWS CLI to advertise the IP address
> range through AWS.
>      *   Create Elastic IP Addresses: Allocate Elastic IP addresses from
> the provisioned IP address pool and associate them with your AWS resources.
>
> Using AS Path Prepending
> AS path prepending is a technique used in BGP (Border Gateway Protocol) to
> influence the inbound traffic routing to your network. It involves adding
> your own Autonomous System Number (ASN) multiple times to the AS path in
> BGP advertisements. This makes the path appear longer and less preferred to
> other BGP speakers, causing them to choose alternative routes.
> How to Use AS Path Prepending with AWS BYOIP:
>
>   1.  Bring your ASN to IPAM: You can now bring your own ASN to IPAM and
> associate it with your BYOIP CIDR.
>   2.  Associate with BYOIP CIDR: After provisioning your ASN, associate it
> with the BYOIP CIDR that you brought to AWS.
>   3.  Advertise with your ASN: When advertising the BYOIP CIDR, choose the
> ASN you brought to IPAM.
>
> Note: While AS path prepending can be useful for influencing traffic flow,
> using excessive prepending can have negative consequences, including
> suboptimal routing and increased risk of route hijacking. It is generally
> recommended to use BGP communities for traffic engineering when possible.
>
> On Jun 23, 2025, at 2:43 AM, Hank Nussbacher via NANOG <
> nanog () lists nanog org> wrote:
>
> Can someone explain to me how to BYOIP into AWS and use AS prepends?
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ZOARZWLKLI45KZ4QV5TXHJUUFKBYTNNB/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/7X4KJXMWHXDAC6CME5H7F5H7OUPHJND4/