BGP for Internet Service Providers

Why your ISP needs well-configured BGP

BGP is the protocol that announces your ASN prefixes on the internet and receives routes from upstreams and peers. Misconfigured BGP leaks third-party routes, creates traffic loops and can pull you off the internet in seconds — and you only find out when a customer calls.

With proper BGP, you reduce transit costs by pulling CDN traffic directly through the IX and increase resilience with multiple upstreams.

Own ASN: when it makes sense and how it works

To peer directly at IX.br and announce your own prefixes, you need an ASN (Autonomous System Number) and a delegated IP block. We help prepare the technical documentation required for the LACNIC submission — the formal submission itself must be made by the ISP's technical admin, as it involves account credentials.

• We assess whether an own ASN makes sense for your current size
• We advise on minimum block sizes for IX.br participation
• We configure the border router to announce prefixes correctly
• We ensure no more-specific prefixes than necessary leak to the internet

Peering at IX.br

IX.br is Brazil's internet exchange point. Connecting to it reduces transit costs and improves latency to major content — Google, Cloudflare, Netflix and Meta are all there. The bandwidth cost difference can pay for the Rasys monthly plan within weeks.

• Sessions with IX.br route servers (automatic policy filtering)
• Curation of routes received via route servers to avoid accepting improper prefixes
• Bilateral sessions with strategic peers beyond the route servers
• Continuous monitoring of session state and number of prefixes received

Private peering with CDNs

Google, Netflix, Meta and Cloudflare offer free private peering to ISPs that meet minimum volume. This means YouTube, Netflix and Instagram traffic comes from your local cache instead of going through paid transit.

• Eligibility assessment per CDN (volume, location, equipment)
• Technical negotiation and configuration of the bilateral BGP session
• Validation that traffic is effectively routing through the peer and not transit
• Monitoring of announced prefixes and traffic volume per session

RPKI: a practical requirement in 2025

RPKI (Resource Public Key Infrastructure) validates that whoever is announcing a prefix is actually its owner. Without a registered ROA, your route can be rejected by peers that validate RPKI — which today includes most major operators.

• ROA registration at NIC.br's Stat (free, takes minutes)
• RPKI validator configuration on the border router
• Acceptance policy: invalid drop, unknown accept (safe conservative default)
• Monitoring of expiring ROAs before they cause problems

Upstream redundancy and traffic engineering

Depending on a single upstream is an operational risk. With two or more upstreams correctly configured with local-preference and communities, you define which exit you normally use and which is the fallback — no manual intervention needed in case of failure.

• Adding a second upstream without causing a flap on the first
• Traffic engineering communities to select exit path per destination
• BFD for fast session failure detection (50–300 ms instead of 180 s)
• Max-prefix as protection against an upstream leaking the wrong full table

How we work and how to get started

We work on a monthly plan — no one-off projects and no hourly-rate diagnostics. The first conversation is at no cost: we call, you share an AnyDesk session and show us the live network while we share observations. If it makes sense for both sides, we close the monthly plan and go from there.

Talk to us — initial conversation, no commitment. See also: BGP technical overview, Zabbix monitoring, BGP in the glossary.