Demystifying AS0

Thumbnail for post.

Overview

Global BGP routing defines Autonomous System (AS) Number 0 as “special” to mark prefixes as unroutable. Resource certification (RPKI) has taken this concept further, using AS0 to signal prefixes which should not be routed, unless another ROA exists with a different AS, for the prefix in question. This means that AS0 can be used to do two things: 

  1. Exclude as-yet undeployed resources from global BGP, by creating an AS0 ROA signed by APNIC for the prefixes still held in reserve
  2. Confirm that specific resources are only to be used if an RPKI ROA exists, signed by the delegate.

In 2019, APNIC was requested to work on a system to deploy AS0 for all unassigned and unallocated resources under APNIC management as a policy proposal. Across 2019 and 2020 we deployed a standalone system to do this.

The course explores how AS0 works, how we deployed it, and how BGP speakers can interact with the APNIC AS0 ROA, and with their own use of AS0 for delegated resources.

Outline

This course covers the following topics:

  • What is AS0?
  • What is RPKI, and the “TAL” and ROAs? What is SLURM?
  • What is an AS0 ROA and how is it made?
  • What is the APNIC AS0 RPKI system, and the AS0 “TAL”?
  • How does the APNIC AS0 ROA relate to resources overall?
  • How does it differ from individual INR holders AS0 ROA?
  • How do I use a ROA? How do I use the AS0 ROA from APNIC
  • What about the other RIR, or NIR?
  • What does the future hold for RPKI and AS0?

Course Materials