You'll need to become a member of one of the regional Internet route registries, like RIPE or ARIN. Then you can buy, say a /24, and transfer it into your RIPE/ARIN account. Now you have your own IPv4 range. And you can start for example start to use it for your own servers. To do so you need to "announce" this new /24 to the internet, using a protocol known as BGP. You can do that yourself, using a router, assuming you have an Autonomous system number (AS). You can get these via RIPE or ARIN as well. Or rely on your hosting provider to do that. For example AWS support "bring your own IP address". In that case they will announce the ip prefix in BGP for you, and you can assign your ec2 instances public IP's out of your range. Equinix Metal, (previously Packet), also makes it easy to do this.

Before you can "announce" a prefix, you need an ISP willing to peer with you.

BGP is a very insecure protocol. Most of its "security" are enforced by money and contract.

> BGP is a very insecure protocol.

Take a look at the state of RPKI. ROA validation is common these days, and ASPA validation will be common soon. You still need to manually validate that your peer truly represents the AS that they claim to, but if that's been done, ROA+ASPA validation prevents unauthorized announcements.

Absent RPKI, people have been filtering based on IRR for ages, which will not necessarily prevent unauthorized announcements, but will require an attacker to leave a paper trail when making one.

Thank you for this reply. I learned a lot from it.

> To do so you need to "announce" this new /24 to the internet, using a protocol known as BGP. You can do that yourself, using a router, assuming you have an Autonomous system number (AS).

Is this how BGP hijacking is done?

Technically, yes.

But good ISPs filter the prefixes their customers can announce to only those they actually own.

Then you have shitty providers that dont do it, and thats how you get BGP hijacking.

And you cant do this just from any connection, fyi.

You will need a datacenter, cloud host or residential ISP that actually allows you to peer with them and announce routes. This isnt a standard thing you get just by being a customer.

I actually went through this process with ARIN. So I can give you that perspective. It wasn't a big deal, the only minor concern I had was it felt like you're encouraged to sign up under a business entity. I had an LLC, so it was natural just to use that. I don't know what kind of vetting they do if you decide to use yourself as an organization though instead of a different legal entity.

You need to provide justification, and frankly it's not that big of a challenge to get a /22 which is what I got. As long as you can show how you would like to use them and over what time frame, they will allow you to go through with the acquisition. An ASN is not required to get any IP block. You can always associate your IPs with any ASN that you want so long as that ASN owner is cooperating with you. I went ahead and grabbed an ASN for ease but some ISPs will allow you to use their ASN.

You also do not have to purchase an IPv4 block from someone. You can go through the normal IPv4 request process, however the waitlist [1] is now over a year long for IPv4. However IPv6 are given out very quickly. IPs you acquire this way are "free" to acquire with your ARIN membership. Your membership dues are determined by the assets you hold, there is a fee schedule [2] and you need to pay it annually to maintain your membership and ASN/IP assignments.

I encourage anyone interested in understanding this process to go through it, it didn't take a ton of time nor did it cost a lot in the grand scheme of things. Being an ARIN member also entitles you to be a part of how IPs are governed in the region you acquired them in. They will occasionally send out surveys and you can vote on issues.

[1] https://www.arin.net/resources/guide/ipv4/waiting_list/

[2] https://www.arin.net/resources/fees/fee_schedule/

I'm curious if one were to be certain nation state and was happy being a completely isolated intranet, that they would just exit such arin or related associations and just create their own governing body of IP allocations? In such a case such an internet would be a completely separate internet right?

I wonder if sanctions may ever apply to the internet itself and we may see a break up of the internet into regional internet's.

And if we want to ensure global connectivity these associations would need to be completely independent and voluntary standard and such fees would be paid to an international standards body not beholden to any particular nation's whims?

What if nations started adding intercontinental NAT gateways acting as the entry and exit points between their national boundaries and the rest of the world.

North Korea supposedly has its own intranet with IPs in the 10.0.0.0/8 private range: https://en.wikipedia.org/wiki/Kwangmyong_(network)

I have no idea how they manage IP allocation internally there though.

They could just use CGNAT and could get pretty far on that alone. https://en.m.wikipedia.org/wiki/Carrier-grade_NAT

The big nations have already wargamed this scenario and have contingency plans in place.

IMO we'll see this happen in our lifetimes.

Could starlink be a way to maintain global connectivity in the face of government control? Would they try to jam satellite connections?

It's harder to jam Starlink than GPS because the signals are directional, but if a government doesn't want you using it, they can just make the dishes illegal and throw you in prison for having one.

Starlink is under USA jusrisdiction, as far as I know. I'm pretty sure there's no concept of "international waters" for communication satellites.

AFAIK Most of the traffic goes: subscriber <-> (single) satellite <-> local base station. And the latter operates under the rules of given country.

Is there a way to get a /24 block that I own and has been unused since the mid 90's routed without signing a new contract and paying the new ARIN fees?

You can not "own" a /24 block. And if your membership lapses, then your blocks are returned to the general pool.

It's possible that your block is a part of a legacy allocation, they are governed differently.

That's exactly why I don't want to sign a new agreement. I have never paid fees for my /24 block that I have held for 30 years.

> block that I own and has been unused since the mid 90's

This timeline suggests that it's still a legacy allocation. The new governance structure does not apply unless you sign an RSA or LRSA agreement with ARIN.

You'd be under the LSRA fee schedule.

https://www.arin.net/resources/fees/fee_schedule/#legacy-reg...

So you won't be subject to the new fee structure.

If you want to route then you will need an ASN and an ISP willing to announce them. So long as you are up on your LSRA dues I don't see how you won't be able to utilize them.

You don't need to sign an LRSA to use the prefix; there are some legacy holdouts still using their original prefixes without any agreement or fees with ARIN. Signing an LRSA will give you access to ARIN IRR/RPKI/rDNS/etc services, which can be quite useful, though.

I'm a holdout and have no desire to sign an LSRA.

I'd recommend creating an IRR route object for your prefix and ASN on AltDB (or finding a sponsor to do so on your behalf). Once you have that in place, you should be able to announce it without issues, without any ARIN involvement. Growing adoption of RPKI filtering may make this increasingly difficult in the future, though.

Thanks for the information.

1. You most likely can't. You typically need to prove to a numbering authority that you need that many IPs (minimum /24) for X reason and you will be multihomed (connected to two+ ISPs) by Y date.

2. You are assigned a BGP Autonomous System Number (ASN) as part of the process. The IPs are assigned to your ASN.

3. You sign a peering contract with ISPs and peer with them using BGP on your router. You use your ASN to announce your block to have traffic routed to/from your router.

One of the tragedies of IPv6, IMO, is not having a better/streamlined process for end users to get allocations without all the red tape. There's tons of space, let's pretend it's the 90s and give away IP blocks to whoever asks. Either require ISPs to give static allocations or make it easier for getting a personal block. No, prefix delegation is not good enough.

>One of the tragedies of IPv6, IMO, is not having a better/streamlined process for end users to get allocations without all the red tape. There's tons of space, let's pretend it's the 90s and give away IP blocks to whoever asks. Either require ISPs to give static allocations or make it easier for getting a personal block. No, prefix delegation is not good enough.

This is by design. If we let arbitrary routings of /64 blocks pollute the global routing table shit is going to go sideways as the rest of the net scales up and up. We made that mistake with IPv4 and the only reason our routers haven't gone thermonuclear keeping up with the announced routes is we literally ran out of address space.

We're not going to get the IPv6 equivalent of IPv4 /24s announced ever again. While minimum prefix lengths aren't hard enforced (yet), unless you have the means/reason to be multihomed using /48s you're pretty much going to be under the hierarchical routing of your transport or last mile provider.

Prefix delegation naturally follows physical hierarchy, keeping routing tables compact.

Mandating something like a static /56 (physical location locked) to be available at no extra cost if the customer asks for it, would work fine, though. I'd even accept requiring this only for contracts that allow more than one customer device to access the Internet simultaneously. Yes, a phone plan with two SIMs on one contract would already trigger this.

It's a little tricky - the more unique v6 allocations we have, the more complex routing gets, and the more resources it needs.

Having a ton of people/businesses with their own announced and unaggregatable /48s would add a lot of entries to routing tables.

> 1. You most likely can't. You typically need to prove to a numbering authority that you need that many IPs (minimum /24) for X reason and you will be multihomed (connected to two+ ISPs) by Y date.

If you're asking for a minimum sized range, you don't have to justify more than one ip. It's not super hard to find somewhere where you can be multihomed either, although it's unlikely to be at your home. (Maybe ask isn't exactly the right verb, assuming ARIN/RIPE are out of addresses, you're asking for them to process a transfer that you paid/will pay the current responsible party for)

There is still some anxiety about the size of the global routing table. Handing out IPv6 prefixes for free would make the growth much harder to control. (Not that there is much control beyond RIR membership fees.)

Also, there is no organization that can require anything of an ISP’s addressing plan. The IETF and the RIRs are associations, not governing bodies.

> Either require ISPs to give static allocations

Just buy service which does what you actually want - rather than insisting it should be mandatory which means everybody has to pay for it. I have static allocations (both IPv6 and, very small, IPv4) because I care. Most people don't care.

Speak to the local RIR[1]. They have varying requirements, but broadly you generally need to justify your use case, multi-home (for your own AS) and pay a yearly membership fee. After that, you need to speak to your ISP about either advertising it or peering with you - or going dark fibre if you're a real masochist.

Good luck, update us if you do it!

1. https://en.wikipedia.org/wiki/Regional_Internet_registry

Yeah usually you won't be able to buy one if you don't have your own AS

In my area, the AS is usually provided 'free' with your membership.