BGP at Home: What Happens When You Peer with Your ISP

There is a particular kind of homelabber who is no longer satisfied with port forwarding and dynamic DNS. They want their own IP addresses — a block that belongs to them, that they can announce to the internet themselves, that doesn’t change when they switch ISP and doesn’t sit inside someone else’s allocation. They want, in short, to run BGP. I have done this, and I am here to tell you it is equal parts genuinely useful and gloriously over-engineered for a house.

BGP — the Border Gateway Protocol — is how the internet’s roughly hundred thousand independent networks tell each other “to reach these addresses, send traffic my way”. Each of those networks is an Autonomous System with a number (an ASN). When you “peer with your ISP” you stop being a customer who receives a leased address and become a tiny network announcing your own routes. Let’s talk about what that actually takes.

1 The paperwork is the hard part

The technical config is an afternoon. The bureaucracy is the project. To do this for real you need three things, all from a Regional Internet Registry (RIPE, ARIN, APNIC, etc.) usually via a sponsoring LIR:

• An ASN. Your network’s identity. You’ll be assigned something like AS213xxx.
• A provider-independent (PI) IP block. IPv4 is effectively exhausted, so realistically this means an IPv6 /48 (or /44). Getting PI IPv4 today is expensive and scarce; IPv6 is the sane path.
• A transit provider willing to peer with a hobbyist. This is the genuine blocker. Most consumer ISPs will not run BGP with you. You typically need a business circuit, or you tunnel BGP over a service like a hosted VPS with a provider who does offer transit and BGP sessions.

The honest version of “peering with your ISP” for most people is “peering with a friendly transit provider or a VPS host that supports BGP”, because your average residential ISP wants nothing to do with this.

2 The router config is almost anticlimactic

Once you have an ASN, a block, and an upstream willing to talk, the BGP itself is short. I use BIRD on a Linux box; FRR (FRRouting) is the other common choice. Here’s a minimal BIRD 2 config announcing an IPv6 /48 to one upstream:

# /etc/bird/bird.conf
router id 192.0.2.1;

define MY_ASN = 213000;
define MY_PREFIX = 2001:db8:dead::/48;

protocol device { }

protocol static {
    ipv6;
    route MY_PREFIX reject;   # pull-up route so we always have something to announce
}

protocol bgp upstream {
    local as MY_ASN;
    neighbor 2001:db8:ffff::1 as 64500;   # your transit provider's router + ASN
    ipv6 {
        import filter {
            accept;
        };
        export filter {
            if net = MY_PREFIX then accept;
            reject;
        };
    };
}

The export filter is the part you do not get wrong: it ensures you announce only your own prefix and never accidentally re-announce the full table back at your provider, which is the classic way to make the news for causing an outage.

Bring it up and check the session:

$ sudo birdc show protocols all upstream
upstream    BGP        ---        up     14:22:09    Established
  Description:    Transit to AS64500
  Routes:         920431 imported, 1 exported
  Route change stats: received  rejected ...
$ sudo birdc show route count
Total: 920431 of 920431 routes

If you accept a full table, “920431 imported” is the entire IPv6 internet sitting in your router’s RAM. You can also take a default-route-only feed if you don’t need the whole thing — and on a small box, you probably should.

3 RPKI, or how not to get filtered

Announcing a prefix is no longer enough; the network expects you to prove you’re allowed to. You create a Route Origin Authorisation (ROA) in your RIR portal stating “AS213000 is authorised to originate 2001:db8:dead::/48”. Without it, RPKI-validating upstreams (most large ones now) will treat your announcement as invalid and drop it. Set the ROA before you announce, then verify with a looking-glass that your prefix is valid.

4 What you actually get for all this

The benefits are real but specific:

• Provider independence. Change transit and your addresses come with you. No renumbering.
• Multi-homing. Announce to two upstreams and you have automatic failover at the IP layer.
• The reverse-DNS and abuse-contact authority that comes with owning a block — useful if you run mail.

And the costs: annual LIR/RIR fees, a transit arrangement that usually isn’t free, a router that can hold a routing table, and the standing responsibility to not fat-finger an announcement and leak routes.

5 Verdict

Is BGP at home worth it? For 99% of self-hosters, no — Tailscale, a VPS, and dynamic DNS solve every real problem you have for a fraction of the cost and risk. But if you want to genuinely understand how the internet routes, value never renumbering again, or run a small ISP-adjacent project, getting an IPv6 /48 and a real ASN is one of the most educational things you can do in networking. Just respect that the moment your prefix is live, a mistake in your export filter is no longer a homelab problem — it’s everyone’s problem. Filter ruthlessly, set your ROAs, and start with IPv6.