Becoming Your Own ISP, Just for Fun

When moving into a new house, it’s important to arrange for the connection of basic utilities. Electricity, water, and gas are simple enough, and then it’s generally fairly easy to set up a connection to an ISP for your internet connection. A router plugs into a phone line, or maybe a fiber connection and lovely packets start flowing out of the wall. But if you’re connected to the internet through an ISP, how is the ISP connected? [Kenneth] answers this in the form of an amusing tale.

It was during the purchase of data centre rack space that [Kenneth]’s challenge was laid down by a friend. Rather then simply rely on the connection provided by the data centre, they would instead rely on forging their own connection to the ‘net, essentially becoming their own Internet Service Provider.

This is known as creating an Autonomous System. To do this involves several challenges, the first of which is understanding just how things work at this level of networking. [Kenneth] explains the vagaries of the Border Gateway Protocol, and why its neccessary to secure your own address space. There’s also an amusing discussion on the routing hardware required for such a feat and why [Kenneth]’s setup may fall over within the next two years or so.

It’s not for the faint hearted, and takes a fair bit of paperwork, but [Kenneth] has provided an excellent guide to the process if you really, really just need to own your own corner of the internet. That said, there are other networking tricks to cut your teeth on if you’d like a simpler challenge, like tunneling IP over ICMP.

 

44 thoughts on “Becoming Your Own ISP, Just for Fun

  1. Much noodle baking later and I understand maybe 1% of that. It was however interesting and leaves me with a question.

    As an “ordinary” internet user is it a sensible question to ask an ISP how many BGP routers they run so I can maybe evaluate how well it will work when parts of the Internet get clogged or break down?

    1. I don’t know about asking, but certainly is sensible information to want and obtain.
      Fortunately it is something you can lookup on your own too.
      Try a search on the ISP name and append the term “bgp looking glass” to see if they have their LG servers public. If so that would give you the list you are looking for.
      Alternately a search on the ISP name and appending “AS Number” should let you determine their ASN(s), which you can then search for in any other ISPs looking glass servers to get a similar list.

    2. I don’t think it makes much sense to ask how many BGP routers they have. There are so many other factors that affect uptime that the specific number of BGP routers isn’t the best metric. Just make sure they’re multi-homed (i.e. they have more than one uplink) – and most are. The other factors include BGP update frequency, transport resilience, BGP config (affecting hysteresis and route flapping).. many factors.
      Regarding “getting clogged”, aka congestion – the number of BGP routers has no effect on the delivered QoS.

      You could simply ask about measured uptime and where and to whom they peer.

    3. No ISP is going to actually tell you how many BGP routers they run. Not because they don’t like you or anything, but because that’s a trade secret. You’re just as likely to get an answer from Microsoft if you ask them for the source code to Windows… Unless you have some serious agreement on why you need that information, they’re not going to tell you. Not a chance. Not to mention that the number changes constantly.

      1. Finding out the peerings of an ISP is not difficult. You can use any BGP looking glass to research that. Many (professional) ISPs will tell you if you ask, to show that their network is well connected.

    1. Yes. Dial up days my next door neighbor had multiple fractional T1 pulled into the house and set himself up as a small dial-up ISP. Phone Co put the box at edge of my yard, still have to mow around it to this day. Equipment took up a small bedroom. I begged but would NOT let me pull a cable over as a direct wired customer. He did ok and made enough that did not have to have a job. Went belly-up when DSL came along. Thanks for the memories.

    1. Technically, you can. You become what is commonly referred to as a WISP. Legally allowed to though, no. Your subscription will have clauses that forbid you to resell bandwidth, and well, your service is going to suck either way which I think you’re well aware of. Point is, you can technically become an ISP with essentially nothing. But what you use will determine the legality and quality of your service.

      1. Well GNS3 allows you to emulate Cisco equipment, and run VMs (Virtual Box, Qemu and I think the others). You can emulate different network technologies, like T1 and Ethernet. I know you can’t do voice T1’s, and I don’t think I’ve seen any SONET stuff. Also you can connect your virtual networking stuff to the “cloud” for real internet access.

        Just head over to https://www.gns3.com/ — it’s OSS and free (I did back them on Kick Starter to help them out with getting V2 out, since I loved V1 so much).

        1. Thanks.
          Yes, I knew GNS3. What I wanted to know is how to replicate an ISP on it.
          What I do in class is putting a BGP-enabled Quagga VM to show what AS are in a very basic manner but I don’t know if there are other more “sophisticated”/”realistic” tricks
          Thanks anyway

  2. 6500 – Hope he recarved the TCAM allocations from the default!

    On a serious note; “having a go” on “the internet” isn’t cool. It’s dangerous and annoying for the rest of us network operators when people route leak, prefix hijack or even try to write their own BGP stack and trigger bugs because they don’t know what they’re doing.

    Route leaking isn’t funny either and yes upstreams should have filtering (be that static prefix lists, autogenerated prefix lists from radb, rpki or at least a max prefix limit of some kind) but you’ll regularly hear, that’s often not the case.

    1. Well, BGP is a policy based routing protocol for a reason. While route hijacking does happen every now and then, it’s not as easy nowadays, because most ISPs have very strict policies set up for their BGP. I even do so within “my” – my employers – AS.

      1. Very much so; the problem being that those policies are still written by people and often generated from imperfect information.

        RPKI is the solution to hijacks but it’s simply not widely adopted yet.

        My policy for downstream transit customers is tight exactly for this reason; but not all are – as indicated in this article when the upstream provider accepted the full v6 table leak.

        I’m a network operator for an ISP and can say not every Tier1 is as strict as they could or in fact should be.

        The “internet” as we know it is still far more trust based than the majority of people realise.

        1. It was a full IPv6 table leak just to one of my peers, so only to another single rack AS which ignored all of them since it was getting all the same routes from HE without going through my AS.

        2. “The “internet” as we know it is still far more trust based than the majority of people realise.”

          An amateur creating slightly more work for your “professional” peers with a mistake and forcing them to improve seems to me much better than an attacker doing it, because the attacker will be sneaky about it and they might never even know.

    2. That doesn’t sound like an attitude that will bring in any new players and/or foster the innovation that might come with them.

      Today’s internet is great but do we really want our children, grandchildren and beyond to keep plugging on with the same technology as we use today?

  3. Running ISP for your own or R&D is not that complex. You can do with a few routers with right protocol (BGP) support and a group of live IP addresses. Even a small router box like Mikrotik RouterBoard can do the jobs. Like ellisgal said, you can even do this right emulation on GNS3. The question remains is how much performance do you need and what horse power do you have. And what types of service do you expected. It is a trade off.

    Then, what type of tier would you expected. Most of all ISP are tier-3. If you want really tier-3 IPS grade, legally- you must apply/have a license in some class (mostly 3 classes on type of services). Then, you must apply/buy AS numbers and IP from your Internet Assigned Numbers Authority (IANA). This is not technically, without it , you never be called real ISP.
    Additionally, what type of access you are offering for your clients? from cable to WiFi,,, broadband FTTH, its depend.

    And last, someone asked ruining ISP through Iphone. Huh, it is not a joke. I believe some phone with right protocol support can definitely do it. I remembered in dial-up age of my first ISP jobs, my BGP peering router is cisco-2600, with RM7061A 240MHz processor + 256M RAM. :3 I am not kidding.

    1. Also you can also buy lesser routers (that cant handel full routes), and just request a reduced bgp route from most providers, you will get slitley less optimimal routing but it does work. You just have to be aweae you get a defualt route advertized they need to be set top failover in the event an backbone isp has an isue.

  4. I worked the new NOC for a now defunct Bell breakaway’s new DSL system in the 90s. We ended up getting tools to mess with this stuff despite the big kids at the network mostly trying to keep our grubby hands away from anything we could accidentally break a good % of the net in the western US with.
    A fun office not at the corporate HQ for some reason.
    Such a weird, talented, and very international crew, we had an indigenous Indian fighter jet program supervisor, the former commander of Soviet civilian reentry command, an old USAF nuclear ordinance disposal expert, several H1B PhDs. I wonder if anyone here will remember mix vodka with your drink tuesdays, or the solstice where our manager handed out a whole blotter of acid to anyone who wanted? I recall a coven of witches meeting in one cubicle to experimentally try to magic some network problem, there was money laid down on both sides. We hacked the prox-card security system to not unlock the first few tries for certain classes to give us a minute or so to hide our screwing off if an important manager showed up in person. Or the time when we fell behind on Y2K stuff and the lead of that project was found in the bathroom at 3am passed out on smack with a needle in his arm. Hacking with satellites, hacking anything we could get our hands on, and inside a real telecom network while there was a lull in work. I learned so much, but so damn stressful at the same time as I think we all knew we were totally disposable.
    Good times….
    The location was sold and team was mostly laid off in ’01 with a few managers and techs transferred to HQ out of state. I had already left to find a sane job.

  5. I was hoping this article would be about becoming your own ISP. Ahem.

    Folks on our block actually did this in 2008 after giving up on the wretched scam fon.com wifi-selling hotspot concept. Three of our neighbors provided sub-100Mbps cablemodem or DSL links, which were pooled together (we tried Astaro and Smoothwall) to provide faster downloads (under the right circumstances) and fail-over. Members who provided bandwidth received credit for the traffic and a pooled link. Four other neighbors bought bandwidth from us, and we either beamed it to them as wifi or ran an Ethernet cable along the fences to them.

    Members were placed on separate subnets for privacy, typically provided with a Linksys running DD-WRT. At the pooling point, a media server gave everyone access to a library of music and movies. Email and web hosting was managed with Webmin. There was a private forum and community home page. Web GUI access to an instance of Transmission made it easy to download more stuff for the library. Music files were played at random on our own Icecast station. We offered incoming VPN, remote VPN relay and our own anonymous browsing portal. Not all of these services were permanent features, but they were all accomplished at one point or another and could have been permanent.

    Our renagade ISP really shone once our first Google Fiber connection was added, but it also died shortly afterward because we’d all ordered GF and broke off to be good little consumers like the corporations want us to be. :)

    1. Yeah, both that “being your own ISP” and this one are only each half of the deally, the full bit is getting your datacenter upstream server peered etc, and then getting it out to the real world, like your premises, by a high speed link so you can then distribute it (hyper) locally.

  6. Paying 550$ for the AS number was not really needed for an experiment. Plenty of LIRs will sponsor you a RIPE one for a small one off fee (10-100$). Note that RIPE does not charge anything for registering an AS, unlike ARIN, you just need to be a member (something like 2k€ signup and 1k€ yearly or so). Thus, an already registered LIR can cheaply resell them. The RIPE AS should be deployed in a RIPE area, but a cheap EU based VPS can solve that. This RIPE AS will typically come with some IPv6 space for free (/45 or so).

    Obtaining IPv4 address space is much more expensive. Either you become a RIPE member and get a /22 (the last block you will EVER get directly assigned!) or you buy/hire it from someone. Expect to pay around 50€ per month for a virgin, never used, /24 block of addresses. Dirty addresses that have been used by cheap hosting companies are cheaper, but usually blacklisted in many places. ARIN addresses are more expensive. You can easily pay 150-200$ for a /24.

    1. PS: Another way of getting a new IPv4 block is registering a company in Africa and using it to get them from AfriNIC. AfriNIC has no limitations on where you can use the block, just from where you can register it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s