BGP Announced Prefixes: How the Internet Knows Where to Send Traffic

Every router on the Internet faces the same problem: a packet arrives, and the router needs to know where to send it next. Not eventually. Not approximately. Right now, for every packet, billions of times per second.

The answer lives in the global routing table—a massive, constantly shifting map of the Internet assembled from over a million individual announcements. Each announcement is an autonomous system saying: "I can reach these IP addresses. Send traffic for them to me."

These announcements are called BGP prefixes. They are the mechanism by which the Internet organizes itself.

Your ASN Is Who You Are. Your Prefixes Are What You Claim.

An autonomous system number (ASN) is your identity on the Internet. It says "I exist." But existence alone doesn't mean much. What matters is what address space you claim responsibility for.

When an organization receives an allocation of IP addresses from a Regional Internet Registry—say, the block 198.51.100.0/22—those addresses are just numbers on paper. They don't do anything yet. No router anywhere in the world knows they exist.

The moment that organization configures its BGP routers to announce 198.51.100.0/22, everything changes. That announcement propagates outward through BGP peering sessions, from neighbor to neighbor, until routers across the globe have an entry in their routing table: "To reach 198.51.100.0/22, send traffic toward AS64500."

This is how address space comes alive. A prefix announcement is an act of claiming territory in a shared global commons.

How Prefix Announcements Propagate

BGP routers don't discover routes on their own. They learn them from their neighbors, who learned them from their neighbors, forming a chain of trust that stretches across the Internet.

Here's what happens when AS64500 announces 198.51.100.0/22:

1. Origination. AS64500's border router tells its BGP neighbors: "I can reach 198.51.100.0/22." The AS path at this point contains a single entry: [64500]. This AS is the origin—the one claiming direct responsibility for this address space.

2. First hop. AS64500's upstream provider, AS3356, receives the announcement. It adds its own AS number to the front of the path, making it [3356, 64500], and forwards the announcement to its own neighbors. AS3356 is now a transit provider for this prefix—it doesn't own the addresses, but it's offering to carry traffic to them.

3. Propagation. Each AS that receives the announcement prepends its own number and forwards it further. Within seconds, the prefix appears in routing tables worldwide. The AS path grows longer with each hop: [174, 3356, 64500], then [2914, 174, 3356, 64500], and so on.

4. Path selection. When a router receives multiple paths to the same prefix—which happens constantly—it chooses the best one based on BGP's path selection algorithm. Shorter AS paths are generally preferred, but local policy, business relationships, and traffic engineering all influence the decision.

The speed is remarkable. Experimental measurements show that a newly announced prefix can reach 50% of the Internet within 10 seconds and achieve full global visibility in under 40 seconds¹. Your claim propagates at nearly the speed of trust.

Originating vs. Transiting a Prefix

This distinction matters more than it might seem.

Originating a prefix means you are the source. Your AS number appears at the rightmost position in the AS path—the end of the chain. You're saying: "These addresses are mine. Traffic for them terminates here."

Transiting a prefix means you're carrying someone else's announcement. Your AS number appears somewhere in the middle of the path. You're saying: "I don't own these addresses, but I'll forward traffic toward the AS that does."

Read any AS path from left to right, and you're reading the journey a packet would take. The leftmost AS is closest to the observer. The rightmost AS is the origin—the one that planted the flag.

A small business might originate two prefixes (its own address blocks) and transit zero. A major ISP might originate a few hundred prefixes of its own but transit tens of thousands of prefixes belonging to its customers and peers. The ratio of originated to transited prefixes tells you whether an AS is an endpoint or a thoroughfare.

What Prefix Counts Reveal

The number of prefixes an AS announces is a fingerprint. It reveals the organization's size, role, and complexity.

A small company or university might announce 1 to 5 prefixes. They have a modest address allocation, a simple network, and no need to carve their space into pieces. One prefix, one announcement, done.

A regional ISP might announce dozens to a few hundred prefixes—its own address space plus customer blocks it carries upstream. Each customer network it serves adds entries to the global routing table.

A large cloud provider announces thousands. Amazon Web Services (AS16509) originates over 13,000 IPv4 prefixes². Google (AS15169) announces thousands across its various autonomous systems. These organizations have address space scattered across dozens of data center regions, each needing its own routing announcements.

In December 2024, AWS announced over 1,000 new BGP prefixes in a single day, including "super-aggregate" prefixes—large blocks encompassing many smaller ones. This tripled their publicly routable IPv4 footprint from 49 million to 157 million addresses³. The reason? Security. By announcing these super-aggregates with RPKI signatures, AWS made it significantly harder for anyone to hijack their address space.

The U.S. Department of Defense quietly holds the record for the largest IPv4 announcement footprint in Internet history through AS749, covering vast swaths of address space allocated decades ago³.

The Routing Table: A Million Lines of Trust

As of January 2026, the global IPv4 routing table contains approximately 1,050,000 prefixes. The IPv6 table adds another 241,800. Together, roughly 77,900 active autonomous systems participate in this shared map of the Internet⁴.

That's over a million entries, and every router in the default-free zone—the core of the Internet where no default routes exist—must hold all of them simultaneously. Every prefix is a line item in the most consequential database on the planet. When you announce a new prefix, you're adding a line to a table stored in the memory of hundreds of thousands of routers worldwide.

This is why the networking community cares deeply about routing table size. Every entry consumes router memory and processing power. A million-entry table was once an engineering milestone that prompted real concern—in 2014, routers with 512K TCAM limits started crashing when the table exceeded their capacity.

Aggregation vs. Deaggregation: The Tension

Organizations face a constant tension between keeping the routing table small and maintaining control over their traffic.

Aggregation means announcing the fewest, largest prefixes possible. If you own 198.51.100.0/22 (a block of 1,024 addresses), you announce that single /22. Clean. Efficient. One entry in the global table.

Deaggregation means breaking that /22 into smaller pieces: four /24s, perhaps, each announced separately. Four entries in the global table instead of one. Multiply this by thousands of organizations, and the routing table bloats.

Why would anyone deaggregate? Usually traffic engineering. If your network connects to the Internet through two different providers, you might announce half your address space through each provider, steering inbound traffic across both links. You can't do that with a single aggregated prefix.

The cost is real. Deaggregated prefixes now account for more than half of the IPv4 routing table. Prefixes of /24, /23, and /22 together make up 84% of all entries⁴. If every organization aggregated perfectly, the routing table could shrink by roughly 20%⁵.

But "perfectly" ignores the legitimate engineering reasons organizations deaggregate. The tension has no clean resolution—it's a genuine tradeoff between global efficiency and local control.

When Announcements Go Wrong

BGP has no central authority. When you announce a prefix, the Internet believes you—not because it verified your claim, but because your neighbor chose to trust you, and their neighbor chose to trust them. The entire system runs on a handshake chain.

This is why prefix hijacking works.

On February 24, 2008, the Pakistani government ordered YouTube blocked within Pakistan. Pakistan Telecom (AS17557) complied by announcing 208.65.153.0/24—a more specific prefix than YouTube's legitimate 208.65.152.0/22⁶. BGP's own rules dictate that more specific prefixes win. Pakistan Telecom's upstream provider, PCCW (AS3491), accepted the announcement without validation and propagated it globally.

Within minutes, YouTube traffic worldwide was routing into Pakistan Telecom's network—and into a black hole. The system worked exactly as designed. Every router followed its rules correctly. The failure wasn't technical. It was the absence of verification.

YouTube's engineers responded by announcing their own /25 prefixes—even more specific than Pakistan's /24—to reclaim their traffic. The whole incident lasted about two hours⁶.

This is why RPKI (Resource Public Key Infrastructure) exists. RPKI lets organizations cryptographically sign their prefix announcements, creating Route Origin Authorizations (ROAs) that prove which AS is legitimately authorized to originate a given prefix. As of 2025, approximately 56% of global routes have valid ROAs⁷—significant progress, but it means 42% of the Internet's routing table still operates entirely on trust.

Reading the Map

Every prefix announcement is a statement about the Internet's structure. Look at what an organization announces and you can read its story:

A company announcing a single /24 is a small endpoint—a leaf on the tree. A transit provider announcing 50,000 prefixes is a trunk, carrying the weight of thousands of smaller networks. A cloud provider announcing prefixes from dozens of geographic regions is revealing the physical topology of its infrastructure.

The global routing table, taken as a whole, is a living map of how the Internet is organized—who connects to whom, who carries whose traffic, where address space is concentrated, and where it's fragmented. It changes constantly. Hundreds of prefixes appear and disappear every day⁴.

It's not designed. It's not planned. It emerges from 77,900 autonomous systems making independent decisions about what to announce and whom to trust. And somehow, a packet sent from a phone in São Paulo finds a server in Singapore in under 200 milliseconds.

That's what a million lines of trust can do.