Bring Your Own IP (BYOIP) address to IONOS Cloud

overview bring your own ip (byoip) and autonomous system number (byoasn) to the for greater control over your network architecture with byoip , you can register and manage your public ip address ranges (ipv4 or ipv6) elsewhere and bring them for use within to maintain ip reputation, simplify migration, retain ownership, and ensure consistent network identity across environments with byoasn support, you can allow your public ip addresses (which you brought using byoip) to be advertised on the internet using your asn instead of 's asn, thereby preserving your asn reputation, simplifying migration, and enabling seamless direct peering both features are ideal for organizations that manage large, distributed networks or require tight control over internet routing by combining byoip and byoasn, you gain the flexibility to operate your network logic within our infrastructure securely, reliably, and on your terms within 's infrastructure this documentation outlines the process for integrating your own ip address range into the platform through the ripe ncc https //access ripe net/ download the appropriate approval letter in the language of your choice complete and send the approval letter to the support https //docs ionos com/cloud/support/general information/contact information this tutorial outlines the necessary steps and requirements for preparing and submitting the letter target audience this tutorial is intended to help both developers and technical decision makers what you will learn by following this tutorial, you will learn how to integrate your own public ipv4 address range into the platform using byoip register and manage route objects and roas in the ripe ncc irr database configure rpki to secure your ip prefixes and asn announcements set up routing policies and peering relationships for byoip and byoasn meet all technical and documentation requirements for onboarding your ip addresses ensure compliance and security for your network resources within before you begin provide an ipv4 address range ipv6 is currently not supported each submitted subnet must be at least /24 (256 ip addresses minimum) smaller subnets are not eligible for onboarding you have the exclusive right to the provided ipv4 address range additionally, the ip block must never be announced on the internet at the time of your request or at any point afterward announcing the ip block prematurely can cause unintended anycast routing, potentially causing partial or full outages proper withdrawal of the prefix from all other internet announcements before this process is critical to maintain service stability key concepts ip prefix define blocks of ip addresses (prefixes) you want to advertise and route with byoip, you control how and where you use the ip prefixes border gateway protocol (bgp) use bgp to establish routing sessions between your asn and , enabling the dynamic exchange of routing information resource public key infrastructure (rpki) a security framework that uses cryptographic certificates to verify that an autonomous system (as) is authorized to announce specific ip prefixes, helping to prevent route hijacking and misconfigurations route origin authorization (roa) for secure global bgp routing, create roas to verify that your asn is authorised to announce specific ip prefixes routing policy specification language (rpsl) a standardized language used to describe routing policies in internet routing registry (irr) databases it defines how prefixes are announced, filtered, and propagated peering to optimize traffic flow, initiate direct routing relationships (peering) between your asn and or external networks route propagation control how your advertised routes spread within and across our network regions, influencing traffic paths and failover behaviour benefits byoip and byoasn offer unparalleled control and flexibility over your network infrastructure with these features, you can eliminate ip costs leverage your existing ip address ranges and asns without incurring additional leasing or rental fees, reducing operational expenses predictable traffic billing enjoy predictable billing for traffic to and from your byoip/byoasn addresses, with rates consistent with our platform managed ips, making it easier to manage your budget enhanced security automatically benefit from our built in ddos protection for all onboarded ips, with no extra configuration required, ensuring your network is secure and resilient rapid deployment get your byoip/byoasn resources up and running quickly, with onboarding and routing typically activated within five business days, so you can start using them immediately global reach deploy your byoip/byoasn across all our infrastructure locations worldwide, giving you the flexibility to reach your audience anywhere, anytime configuration requirements for byoip onboarding to ensure smooth onboarding to byoip, provide the following parameters customer identification specify your full name and associated contract number to ensure accurate account mapping ip prefix provide an ip prefix of /24 or larger prefixes smaller than /24 (example /25 ) violate bgp best practices and will be filtered by most internet routers data center preference indicate the desired data center for deployment to enable efficient resource allocation to view the list of currently available locations , see external network https //docs ionos com/cloud/support/general information/service catalog#external network regional internet registry (rir) database this guide provides instructions for ripe ncc if your addresses are registered with a different rir (example arin, apnic), the specific steps will differ however, the principles of creating route objects and roas remain the same execution to configure and secure your ip addresses and autonomous system numbers and fulfil the requirements specified in the approval letter, follow these steps register in the irr database log in to ripe lir https //access ripe net/ portal with your username and password info this will give you access to the various areas of the irr database where you can manage your ip address ranges, route objects, and resource public key infrastructure route origin authorizations (rpki roas) ripe lir portal note if you maintain multiple organizations, select the correct organization in the top right if you are not, you can continue to the next step create route objects navigate to the menu on the left and open ripe database > create an object select a route for ipv4 address and click create add the following information components description route add the prefix you would like to bring to origin as8560 is the autonomous system number (asn) of and will be used to originate the prefix on the internet add as8560 select submit to create the object result this action officially records 's authorization to announce the specified prefix in the global internet routing table create and update rpki roas info resource public key infrastructure (rpki) enhances routing security by cryptographically verifying that only authorized autonomous systems can announce specific ip prefixes this prevents route hijacking and unauthorized announcements requires all byoip and byoasn prefixes to be rpki validated navigate to the menu on the left and open rpki > roas and open the roas tab click create new roa warning if you have not used rpki before, you need to configure a certificate authority for more information on how to set up rpki using a managed certificate, refer to the ripe ncc documentation https //www ripe net/manage ips and asns/resource management/rpki/using a delegated certification authority/ make sure that the rpki roa is formatted correctly and contains all the necessary information by entering the following information components description example ip address range the ip address range must be listed correctly, including the start and end ip address 85 215 0 0/15 prefix length the maximum prefix length is /24 for ipv4 /24 origin as the origin as must be listed as as8560 for byoip as8560 click save and apply now to save the changes register in the irr database log in to ripe lir https //access ripe net/ portal with your username and password info this will give you access to the various areas of the irr database where you can manage your ip address ranges, route objects, and resource public key infrastructure route origin authorizations (rpki roas) ripe lir portal note if you maintain multiple organizations, select the correct organization in the top right if you are not, you can continue to the next step create route objects navigate to the menu on the left and open ripe database > create an object select a route for ipv4 address and click create add the following information components description route add the prefix you would like to bring to origin add your own asn select submit to create the object result this action officially records 's authorization to announce the specified prefix in the global internet routing table create and update rpki roas info rpki (resource public key infrastructure) enhances routing security by cryptographically verifying that only authorized autonomous systems can announce specific ip prefixes this prevents route hijacking and unauthorized announcements requires all byoip and byoasn prefixes to be rpki validated navigate to the menu on the left and open rpki > roas and open the roas tab click create new roa warning if you have not used rpki before, you need to configure a certificate authority for more information on how to set up rpki using a managed certificate, refer to the ripe ncc documentation https //www ripe net/manage ips and asns/resource management/rpki/using a delegated certification authority/ make sure that the rpki roa is formatted correctly and contains all the necessary information by entering the following information components description example ip address range the ip address range must be listed correctly, including the start and end ip addresses 85 215 0 0/15 prefix length the maximum prefix length is /24 for ipv4 /24 origin as your own autonomous system number (asn) for byoasn as8500 click save and apply now to save the changes update the rpsl guideline open the query database and search for your aut num object from the search results, select your object and click update object choose edit in text area to manually modify the object content update the aut num object to include the following configuration line export to as8560 announce \[your asn or route set] note replace \[your asn or route set] with your own asn example as65000 click modify to submit the updated object to publish your policy changes final result your ip addresses and asns are now properly configured, secured, and fully compliant with the approval letter requirements conclusion once the approval letter is received, it may take up to 5 business days for processing after that, the requested ip addresses will appear as a single ip block within ip management https //docs ionos com/cloud/network services/vdc networking/how tos/ip addresses#reserve an ipv4 address you can use this block to provision any service warning to prevent accidental loss, make sure the ip block is not deleted from the dcd or using the cloud api to release the ip adresses, contact the support https //docs ionos com/cloud/support/general information/contact information