February 8, 2026

Capital letters, capital costs

Article URL →HN comments →

Running Your Own As: BGP on FreeBSD with FRR, GRE Tunnels, and Policy Routing

DIY internet identity: cool flex, sticker shock, and the capitalization police

TLDR: A guide shows you can run your own internet identity (an AS) from a single FreeBSD box with tunnels. The crowd loves the flex but balks at $10k IPv4, monthly registry fees, and IPv6 gatekeeping, while others tout cheaper “light” setups—freedom comes with a price.

Running your own Autonomous System—aka your own internet identity—sounds like ISP-only territory, but this guide shows you can DIY it from a single FreeBSD box using FRR and tunnels. You get an AS number (your internet passport), a block of IPv6 addresses, do some crypto paperwork with RPKI, plug into upstream carriers, and watch your addresses echo across global “looking glasses.” It’s nerd nirvana, with real-world bragging rights.

Then the comments turned into a variety show. First up, the capitalization police: tw04 demanded the title fix “AS,” because grammar matters even when you’re wiring the internet. The biggest drama? Money. DarkFuture dropped a reality bomb: an IPv4 “Class C” can cost around $10,000, plus ongoing RIPE NCC sponsorship fees—cue the “used car vs. IP block” memes. candiddevmike brought the mood down for IPv6 dreamers, griping that you still need to be “multihomed” (multiple providers) and heavy usage, not just a savvy netizen, which felt like gatekeeping to many. Meanwhile, practical folks like rmoriz flexed a budget “light” setup: no public AS, WireGuard tunnels, and announcements via a VPS—more “DIY vanlife” than full-on mansion.

Between flexes and fees, the vibe was clear: owning your address space is cool, complicated, and not cheap. But if you can swing it, it’s independence from provider lock-in—and proof you can actually route with the big kids, with or without FRR.

Key Points

  • Individuals can run their own AS and announce an IPv6 prefix from a single VM using FreeBSD and FRR.
  • Resources are obtained via RIPE NCC through a sponsoring LIR, including an AS number and IPv6 prefix, RIPE DB objects, and RPKI ROAs.
  • Upstream connectivity is established with providers (e.g., iFog and Lagrange) to carry BGP sessions and propagate routes.
  • The architecture uses GRE for upstream connectivity and GIF (proto 41) tunnels to distribute subnets to downstream servers.
  • Policy routing solves the challenge of servers needing to operate with two IPv6 address spaces simultaneously.

Hottest takes

"Not to nitpick, but the title should have AS capitalized" — tw04
"an IPv4 C-class costs around $10,000" — DarkFuture
"you need to be a multihomed individual with tons of usage" — candiddevmike

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.