Autonomous System Numbers (ASNs)

The Internet is not a network.

This is the most important thing to understand about how the global Internet actually works, and almost nobody says it plainly: the Internet is not a single network that someone built and everyone connects to. It is thousands of independent networks, owned and operated by different organizations all over the world, that have agreed to exchange traffic with each other.

Your ISP runs a network. Google runs a network. The university down the street runs a network. A bank in Frankfurt runs a network. A cloud provider in Tokyo runs a network. Each of these networks makes its own decisions about how to route traffic internally, what equipment to buy, and how to connect to its neighbors.

The Internet is what happens when all of these networks talk to each other.

And the first thing any network needs, before it can participate in that conversation, is a name. That name is an Autonomous System Number — an ASN.

What Is an Autonomous System?

An autonomous system (AS) is a network, or a collection of networks, under a single administrative authority with a unified routing policy¹. The word "autonomous" is doing real work here. It means this network governs itself. It makes its own routing decisions. It decides who to connect to and what traffic to accept.

AT&T operates an autonomous system (AS7018). So does Google (AS15169)². So does Comcast (AS7922)³. So does Cloudflare (AS13335)⁴. So does the small regional ISP serving a town of 30,000 people. Each one is a sovereign entity in the global routing system, and each one has an ASN — a number that uniquely identifies it to every other autonomous system on the Internet.

As of 2025, there are roughly 120,000 allocated ASNs worldwide, with over 80,000 actively advertising routes in the global routing table⁵. That means over 80,000 independently operated networks are participating in the real-time conversation that is the Internet.

Why the Internet Needs ASNs

Imagine trying to give directions in a city with no street names. You could describe every turn — "go past the red house, take a left at the oak tree" — but it would be impossibly fragile. One new building changes everything.

ASNs solve this problem at a global scale.

Without ASNs, routers would need to know the specific path to every individual IP address on the Internet. With over a billion routable addresses, that's not just impractical — it's impossible. Instead, routers think in terms of autonomous systems. They don't need to know that 142.250.80.46 is a specific Google server in a specific data center. They need to know that the 142.250.0.0/15 address block belongs to AS15169 (Google), and that there are three different paths to reach AS15169 from here.

ASNs collapse billions of addresses into tens of thousands of networks. Routers stop thinking about destinations and start thinking about neighbors.

How ASNs Get Assigned

You don't just pick an ASN. The numbering system is coordinated globally through a hierarchy that starts at the Internet Assigned Numbers Authority (IANA) and flows down through five Regional Internet Registries (RIRs), each responsible for a different part of the world⁶:

IANA allocates ASNs to the RIRs in blocks of 1,024⁷. The RIRs then assign individual ASNs to organizations that need them — ISPs, cloud providers, large enterprises, universities, and anyone else operating a network that participates in global routing.

Getting an ASN requires justification. You need to demonstrate that you operate a multihomed network (connected to more than one upstream provider) or have a legitimate technical need for a unique routing policy. You can't just request one because it sounds cool.

16-Bit and 32-Bit ASNs

The original ASN format was a 16-bit number, which means it could represent values from 0 to 65,535. That seemed like plenty in the early days of the Internet. Sixty-five thousand autonomous systems? Who would ever need more than that?

Everyone, as it turns out.

By the mid-2000s, the 16-bit ASN pool was running low. The Internet Engineering Task Force (IETF) published RFC 4893 in 2007, extending ASNs to 32 bits⁸. This expanded the available pool from about 65,000 to over 4.2 billion — enough to last a while.

The transition required care. Older routers that only understood 16-bit ASNs couldn't process the new 32-bit numbers. To handle this, IANA reserved the special ASN 23456 (called AS_TRANS) as a stand-in⁹. When a router that understands 32-bit ASNs needs to communicate with one that doesn't, it substitutes 23456 for the real number. The older router sees a valid 16-bit ASN, processes the route normally, and nobody crashes. It's a translation layer built into the numbering scheme itself.

Today, all five RIRs assign 32-bit ASNs by default. The 16-bit range is still valid and still in heavy use — every major network that got its ASN before 2007 still uses its original number — but the future belongs to the larger space.

Public and Private ASNs

Not every autonomous system needs to be visible to the entire Internet. RFC 6996 reserves a range of ASNs for private use¹⁰:

• 16-bit private range: 64,512 – 65,534
• 32-bit private range: 4,200,000,000 – 4,294,967,294

These work like private IP addresses (192.168.x.x). An organization can use them internally — for example, a data center operator running BGP between racks — without coordinating with anyone. But private ASNs must be stripped from routing announcements before they reach the public Internet. If you see a private ASN in a global route, something has gone wrong.

How BGP Uses ASNs

ASNs exist to serve one protocol: the Border Gateway Protocol (BGP)¹¹. BGP is how autonomous systems tell each other what they can reach.

Here's what actually happens. When your ISP (say, AS7922 — Comcast) connects to a transit provider, it announces: "I can reach these IP address blocks." The transit provider takes that announcement, prepends its own ASN to the path, and passes the announcement to its peers. Those peers do the same. The announcement ripples outward across the Internet, accumulating ASNs as it goes.

The result is an AS path — a trail of breadcrumbs showing every network a packet would cross to reach its destination. If Google (AS15169) announces its addresses, and the announcement passes through three intermediate networks before reaching your ISP, the AS path might look like:

AS7922 → AS3356 → AS1299 → AS15169

Your ISP reads this as: "To reach Google, I send traffic to AS3356, which sends it to AS1299, which delivers it to AS15169." Four autonomous systems, four independent networks, cooperating to move your search query from your laptop to a Google server and back.

Loop Prevention

The AS path does double duty. Beyond showing the route, it prevents loops. When a router receives a route announcement, it checks the AS path. If it sees its own ASN already in the list, it discards the announcement¹². The logic is simple: if I'm already in this path, accepting it would create a circle. Traffic would loop forever, going nowhere.

This is elegant because it's passive. No network needs to coordinate with any other network to prevent loops. Every network just checks for its own name in the path. If it's there, walk away.

Route Selection

When a network receives multiple routes to the same destination — which happens constantly — it has to choose. BGP considers several factors, but the AS path length is one of the most important. Shorter paths are generally preferred. Fewer networks to cross means fewer potential failure points, lower latency, and (usually) better performance.

This is why AS path prepending exists. A network that wants to discourage traffic on a particular link can artificially lengthen the AS path by repeating its own ASN multiple times. If Comcast sees two paths to Google — one that's three ASNs long and another that's six — it takes the shorter one. The longer path isn't broken; it's just less attractive. Prepending is how networks steer traffic without picking up the phone.

The Real-World Structure

Autonomous systems aren't abstract concepts. They map directly to the organizations that build and operate the physical Internet:

Internet Service Providers run the networks that connect homes and businesses. Comcast (AS7922), AT&T (AS7018), Deutsche Telekom (AS3320) — each operates its own autonomous system with its own routing policy and its own physical infrastructure.

Cloud Providers operate massive autonomous systems that host the services people use every day. Amazon Web Services (AS16509), Google Cloud (AS15169 and others), and Microsoft Azure (AS8075) each run globally distributed networks with their own ASNs.

Content Delivery Networks like Cloudflare (AS13335) and Akamai (AS20940) operate autonomous systems positioned close to end users, caching and delivering content with minimal latency.

Enterprises and Universities that need direct control over their routing — large banks, research institutions, multinational corporations — operate their own autonomous systems too.

Internet Exchange Points are the physical buildings where autonomous systems meet to exchange traffic directly, rather than paying a third party to carry it. The world's largest IXPs — DE-CIX in Frankfurt, AMS-IX in Amsterdam, LINX in London — are where hundreds of autonomous systems peer with each other.

This is the real topology of the Internet. Not a cloud. Not a web. A constellation of independently operated networks, each identified by its ASN, exchanging traffic at thousands of interconnection points around the world.

The Trust Problem

Here's what's genuinely strange about all of this: BGP is built on trust.

When an autonomous system announces "I can reach these addresses," the neighboring networks believe it. There is no cryptographic proof. No central authority verifying claims. The announcement propagates across the Internet, and within minutes, traffic starts flowing based on nothing more than one network's word.

This mostly works because the operators know each other, have contracts, and have economic incentives to play fair. But sometimes it goes catastrophically wrong.

In 2008, Pakistan Telecom (AS17557) announced routes to YouTube's IP addresses while trying to block YouTube domestically. The announcement leaked to the global Internet. Within minutes, YouTube traffic worldwide was being routed to Pakistan, where it hit a dead end¹³. YouTube was effectively offline for much of the world — not because of a hack, but because BGP trusted a false announcement.

In 2018, traffic destined for Google was rerouted through Nigeria and Russia due to a BGP leak from a Nigerian ISP¹⁴. In 2019, a Swiss data center accidentally rerouted traffic for large chunks of European networks through China Telecom¹⁵.

These incidents aren't exotic edge cases. They're the predictable consequence of a global routing system that was designed for a small, trusted community of network operators and now serves an Internet of 80,000+ autonomous systems that don't all know or trust each other.

Resource Public Key Infrastructure (RPKI) is a cryptographic framework being deployed to fix this¹⁶. It allows autonomous systems to cryptographically sign their route announcements, so neighbors can verify that the AS claiming to own an address block actually does. Adoption is growing, but it's far from universal. The Internet's trust model is being upgraded while the Internet is running — like replacing the engine on a plane mid-flight.

What This Means

The Internet works because thousands of independent organizations decided to cooperate. Not because someone forced them. Not because there's a master plan. Because connecting to other networks makes your own network more valuable, and making your network more valuable is good business.

ASNs are the identifiers that make this cooperation possible. They let networks announce who they are, what they can reach, and how to get there. They let routers choose paths, prevent loops, and make decisions about where to send traffic — all in milliseconds, billions of times a day.

The next time your browser loads a page, the packets might cross five or six autonomous systems. Each one is an independent network, with its own equipment, its own staff, its own routing policy, and its own ASN. None of them planned this together. The page loads anyway.

That's the Internet. Not a network. An agreement between networks.