A Leader’s Guide to Securing Your Digital Address Space

Executive Summary: What You Need to Know

Why Should a ‘Technical’ Topic Like RPKI Matter to Business Leaders?

Imagine waking up to discover your company’s website is unreachable, your email is down, and customer data is potentially being intercepted – all because someone has effectively “stolen” your digital address. This nightmare scenario happens more frequently than you might think, and it’s precisely what Resource Public Key Infrastructure (RPKI) is designed to prevent.

In simple terms, RPKI is like a digital property deed and security system for your organization’s IP addresses. It verifies that your company is the legitimate owner of specific IP addresses and prevents others from fraudulently using them. Without this protection, your digital assets are vulnerable to hijacking, potentially leading to service disruptions, data theft, and significant reputational damage.

The stakes are particularly high today. As a leader at InterLIR, I’ve witnessed firsthand how IP address management has transformed from a purely technical concern into a critical business asset requiring executive attention. With IPv4 addresses becoming increasingly scarce and valuable (there are only 4.3 billion possible combinations, all of which have been allocated), securing these digital assets is now as important as protecting your physical infrastructure or intellectual property.

The business implications extend far beyond your IT department. Routing security affects your ability to maintain consistent service delivery, protect customer data, comply with emerging regulations, and maintain trust in your brand. In an era where digital presence is synonymous with business existence, RPKI represents a fundamental security layer that business leaders can no longer afford to ignore.

In this guide, I will break down what RPKI is in simple terms, explain why managing it correctly is critical for your business, and provide a clear roadmap for making smart decisions about implementing this security framework – even if you don’t have a technical background.

Where Did These Digital Addresses Come From, and Why Are They Scarce?

Let me take you back to the early days of the internet. In the 1980s, when the internet was primarily an academic and military network, IP addresses were distributed freely with little concern for scarcity. It was like a small town with plenty of street addresses to go around. Organizations could request large blocks of addresses with minimal justification, and the administrators of this system (which would later become Regional Internet Registries like RIPE NCC) happily obliged.

From Small Town to Global Megacity

As the internet grew from a niche network to the backbone of global commerce, the situation changed dramatically. The IPv4 addressing system, with its limit of approximately 4.3 billion addresses, suddenly seemed inadequate for a world where not just computers but phones, cars, refrigerators, and countless other devices needed to connect. It’s similar to how a growing city might run out of telephone numbers or street addresses and need to create a new system.

This scarcity transformed IP addresses from simple technical identifiers into valuable business assets. At InterLIR, we’ve seen the market value of IPv4 addresses increase substantially, with prices rising from around $15 per address in 2015 to $27-50 in recent years. Organizations now lease, buy, and sell these addresses like real estate, and entire businesses (including ours) have emerged to facilitate this marketplace.

This shift from abundance to scarcity created a high-stakes market with hidden risks for unprepared businesses. When something becomes valuable, it also becomes a target. Just as valuable real estate attracts fraudsters and thieves, valuable IP address space attracts malicious actors who attempt to “steal” or “squat on” these digital addresses through a practice called BGP hijacking.

The challenge is that the original internet routing system (Border Gateway Protocol or BGP) was designed with trust as a fundamental assumption. It’s as if the early internet was built as a small town where everyone knew each other, but it now operates as a massive global city where trust alone is insufficient. RPKI emerged as a solution to this problem – a way to verify ownership and prevent unauthorized use of these increasingly valuable digital assets.

How Can a Business Safely Secure and Manage Its Digital Address Space?

Implementing RPKI protection for your organization’s IP addresses is comparable to securing a valuable property. It requires a systematic approach that verifies ownership, establishes proper documentation, and ensures secure transactions. Let me walk you through how this works in practical terms.

Step 1: Checking the Address Space’s History (The ‘Carfax’ Report)

Before implementing RPKI or acquiring new IP addresses, it’s crucial to understand their history. At InterLIR, we perform comprehensive background checks on all IP addresses in our marketplace. This includes verifying whether the addresses have been used for spam, are on blacklists, or have been associated with malicious activities. This step is similar to checking a used car’s history report before purchase – you want to ensure you’re not inheriting someone else’s problems.

For your existing IP addresses, this means working with your technical team or a specialized provider to verify the reputation and status of your address space. Clean IP addresses are essential for business operations, as addresses with poor reputations can lead to email delivery problems, website access issues, and other business disruptions.

Step 2: Verifying Legal Ownership (The ‘Property Deed’)

RPKI creates a cryptographically verifiable chain of ownership for IP addresses, similar to how property deeds establish real estate ownership. This process involves working with your Regional Internet Registry (RIR) – organizations like RIPE NCC, ARIN, or APNIC that manage IP address allocation for different regions of the world.

The verification process creates what’s called a Route Origin Authorization (ROA) – essentially a digital certificate that proves your organization is the legitimate holder of specific IP addresses and authorizes particular networks (identified by Autonomous System Numbers or ASNs) to announce these addresses. This prevents unauthorized parties from claiming your address space in the global routing system.

Step 3: Ensuring Secure Implementation (The ‘Security System’)

Once ownership is verified, you need to implement the technical aspects of RPKI. This is where services like RIPE NCC’s “Publish in Parent” become valuable. This service allows organizations to maintain control over their RPKI certificates while leveraging the RIR’s infrastructure for publication – reducing technical complexity without sacrificing security.

There are two primary approaches to implementing RPKI:

For most businesses, the middle option provides an optimal balance of control and simplicity. It’s like having your own security system but contracting with a security company to monitor and respond to alerts.

What is the True Business Cost of Getting IP Security Wrong?

When evaluating RPKI implementation, many organizations focus solely on the direct costs of the service. However, this narrow view fails to account for the substantial business risks of inadequate IP address security. Let me frame this in terms of business impact rather than technical details.

The Hidden Costs of Inadequate IP Security

Justifying Investment in Quality IP Security

Implementing RPKI through services like “Publish in Parent” represents a minimal investment compared to the potential costs of an incident. At InterLIR, we’ve seen organizations experience significant business disruptions due to routing security issues that could have been prevented with proper RPKI implementation.

Consider this real-world example: A mid-sized e-commerce company experienced a 12-hour routing hijack that made their website and payment processing systems unreachable. The direct revenue loss exceeded $150,000, but the long-term impact on customer trust was even more significant. Post-incident analysis revealed that implementing RPKI would have cost less than $5,000 annually – a 30x return on investment just from preventing this single incident.

The business case for RPKI implementation isn’t about technical compliance – it’s about business continuity, revenue protection, and brand preservation. When viewed through this lens, the investment becomes not just justifiable but essential.

For organizations leasing or purchasing IP addresses (as many InterLIR clients do), ensuring proper RPKI implementation is even more critical. These addresses represent significant investments that must be protected. Just as you would insure a new office building, you should secure your digital address space with appropriate protections.

What is the Smart Leader’s Roadmap for RPKI Implementation?

As routing security continues to evolve, business leaders need a clear path forward. Let me outline both the emerging trends and a practical action plan for implementing RPKI in your organization.

What’s Next for Digital Address Security?

At InterLIR, we’re closely monitoring these developments to ensure our clients’ IP address assets remain secure and compliant with evolving standards. The RIPE NCC’s planned expansion to support additional RPKI object types after 2025 represents an important advancement in routing security that forward-thinking organizations should prepare for.

A Leader’s 90-Day Action Plan

1️⃣ Assess your current posture – Ask your technical team about your organization’s current RPKI implementation status and any routing security incidents in the past 24 months

2️⃣ Inventory your digital assets – Create a comprehensive inventory of your organization’s IP addresses, including those acquired through various means (direct allocation, transfer, or lease)

3️⃣ Evaluate implementation options – Determine whether a Hosted CA, Delegated CA with Publish in Parent, or Fully Delegated CA best suits your organization’s needs and capabilities

4️⃣ Allocate resources – Budget for implementation costs, which are typically minimal compared to the value of the assets being protected

5️⃣ Implement and verify – Work with your technical team or a specialized provider like InterLIR to implement RPKI and verify its correct operation

For organizations with limited technical resources, services like RIPE NCC’s “Publish in Parent” offer an excellent balance of security and simplicity. At InterLIR, we help clients navigate these options and implement the most appropriate solution for their specific needs.

Remember that RPKI implementation is not a one-time project but an ongoing security practice. As your IP address holdings change through acquisition, lease, or reallocation, your RPKI implementation must be updated accordingly. Building this into your standard operating procedures ensures continuous protection.

The most successful organizations view IP address security not as a technical checkbox but as a fundamental business practice – similar to financial controls or physical security measures. By elevating RPKI implementation to this level of importance, you protect not just your technical infrastructure but your business continuity and brand reputation.

RPKI: A Leader’s Guide to Securing Your Network’s Digital Highways

Executive Summary: What You Need to Know

Why Should Business Leaders Care About “Technical” Topics Like RPKI?

Imagine waking up to discover that your company’s website is unreachable, customer emails are bouncing, and your cloud services are inaccessible. Your technical team informs you that someone has “hijacked” your internet traffic. This isn’t a hypothetical scenario – it happens regularly to organizations of all sizes when they haven’t properly secured their digital addresses.

In simple terms, RPKI (Resource Public Key Infrastructure) is like a digital deed system for your internet addresses. It proves you’re the legitimate owner of your IP addresses and prevents others from impersonating your network on the internet. Without this protection, your digital presence exists in a surprisingly vulnerable state.

As Customer Account Manager at InterLIR, I’ve seen firsthand how organizations struggle with the consequences of routing security incidents. Our clients – from cybersecurity firms to hosting providers to gaming companies – increasingly recognize that securing their IP addresses isn’t just a technical concern but a fundamental business requirement.

The internet was built on a foundation of trust, but that trust is increasingly exploited. When Pakistan accidentally blocked YouTube globally in 2008 by announcing YouTube’s IP addresses as their own, it exposed a fundamental flaw in internet routing. Today, similar incidents continue to occur, sometimes accidentally, but often as deliberate attacks.

In this guide, I will break down what RPKI is in straightforward terms, explain why implementing it is critical for your business continuity, and provide a clear roadmap for making smart decisions about securing your organization’s internet presence. You don’t need to understand the technical details – you just need to know why it matters and what actions to take.

How Did We End Up With Such Vulnerable Digital Highways?

To understand why RPKI matters, let’s look at how we arrived at our current situation. The internet wasn’t originally designed with security as a primary concern – it was built on trust between a small community of academic and research institutions.

When the internet was young, announcing which IP addresses belonged to your network was a simple, trust-based system. It was like a small town where everyone knew each other, and nobody locked their doors. The Border Gateway Protocol (BGP), which controls how traffic is routed across the internet, was designed in this trusting environment.

From Small Community to Global Infrastructure

As the internet grew from a research network to global critical infrastructure, that trust model became increasingly problematic. Today, the internet connects billions of devices across millions of networks operated by countless organizations worldwide. Yet remarkably, the core routing system still largely operates on the honor system.

This creates a fundamental security challenge: any network can claim to be the legitimate destination for any IP address, and there’s no built-in way to verify these claims. It’s as if anyone could claim ownership of your business’s physical location simply by putting up a sign with your company name.

At InterLIR, we’ve helped clients who discovered their IP addresses were being announced by unauthorized entities, resulting in their traffic being diverted. In one case, a hosting provider only discovered the problem after customers complained about intermittent service issues – by which time sensitive data had already been exposed.

The consequences of this vulnerability extend far beyond technical inconvenience. When your traffic is hijacked, attackers can:

RPKI was developed to address this fundamental security gap by creating a cryptographic system to verify who has the right to announce specific IP addresses. It’s the digital equivalent of securing property deeds in a tamper-proof registry.

What Exactly Is RPKI and How Does It Protect My Business?

When I explain RPKI to our clients at InterLIR, I start with a simple analogy: RPKI is like a system of digital property deeds and verification certificates for your internet addresses. Let me break this down into practical terms that matter for your business.

The Building Blocks of RPKI Protection

RPKI consists of three key components that work together to secure your network:

Here’s how this works in practice: Your organization creates ROAs for your IP addresses through your Regional Internet Registry (RIR). These ROAs cryptographically prove you’re authorized to use those addresses. Other networks then check route announcements against these ROAs before accepting traffic destined for your addresses.

The Three States of Route Validation

When other networks validate your route announcements, they classify them into three states:

At InterLIR, we’ve seen a significant shift in how organizations approach RPKI. Just two years ago, many of our clients viewed it as optional. Today, it’s becoming a standard business requirement as major networks increasingly filter invalid routes.

For example, one of our clients, a gaming company with IP addresses in multiple regions, initially resisted implementing RPKI due to perceived complexity. After experiencing a route hijacking incident that took their services offline for several hours, they quickly changed their approach. The business impact – lost revenue, customer complaints, and emergency response costs – far outweighed the modest effort required to implement RPKI.

Two Implementation Approaches: Hosted vs. Delegated

There are two ways to implement RPKI, each with different levels of complexity and control:

For most of our clients at InterLIR, I recommend starting with Hosted RPKI. It provides the security benefits with minimal operational overhead. You can always transition to Delegated RPKI later if your specific requirements demand it.

What Is the True Business Cost of Ignoring RPKI?

When discussing RPKI with clients, the question of ROI inevitably arises. Let me frame this in terms that matter to business leaders rather than just technical teams.

The Hidden Costs of Routing Insecurity

One of our clients, a SaaS provider with customers across Europe, experienced this firsthand. Their traffic was hijacked for nearly four hours before they detected the issue. The incident resulted in approximately €30,000 in lost revenue, required emergency response from their technical team (including overnight hours), and prompted an expensive security audit to determine if data had been compromised.

The Competitive Disadvantage of Inaction

Beyond direct costs, there’s an emerging competitive disadvantage to ignoring RPKI. Major networks and content providers are increasingly implementing strict route validation, meaning they will reject invalid routes. If your organization hasn’t properly implemented RPKI, your services may become unreachable to customers using these networks.

This trend is accelerating. At InterLIR, we’ve observed that RPKI adoption has grown from covering roughly 20% of the IPv4 address space in 2020 to over 40% today. Major cloud providers and content delivery networks are leading this charge, with some already implementing filtering of invalid routes.

The business reality is simple: implementing RPKI is transitioning from a security best practice to a basic requirement for internet connectivity. Organizations that delay implementation face increasing risk of service disruptions as the internet ecosystem evolves.

Justifying the Investment

Compared to the potential costs of routing incidents, implementing RPKI requires minimal investment:

When I discuss this with clients, I frame RPKI not as a cost but as an insurance policy that protects their digital infrastructure. The return on this modest investment becomes clear when compared to the potential costs of a single routing incident.

What Is the Smart Leader’s Roadmap for Implementing RPKI?

Based on our experience helping organizations implement RPKI at InterLIR, I’ve developed a straightforward roadmap that business leaders can follow. This approach balances security improvements with operational practicality.

Phase 1: Preparation and Planning

1️⃣ Inventory your IP resources – Compile a complete list of all IP address blocks your organization owns or uses, including which RIR they’re registered with.

2️⃣ Document your BGP announcements – Work with your technical team to document exactly which IP prefixes you announce and through which ASNs (Autonomous System Numbers).

3️⃣ Identify stakeholders – Determine who needs to be involved in the implementation process, typically including network operations, security teams, and service providers.

This preparation phase is crucial for a smooth implementation. At InterLIR, we often help clients with this inventory process, as many organizations discover they have incomplete records of their IP resources.

Phase 2: ROA Creation and Testing

1️⃣ Start with Hosted RPKI – Unless you have specific requirements for Delegated RPKI, begin with the simpler Hosted option through your RIR.

2️⃣ Create precise ROAs – Follow the “exact match principle” by creating ROAs that precisely match your actual BGP announcements.

3️⃣ Use caution with maxLength – Set the maxLength field to match exactly what you announce to avoid creating security vulnerabilities.

4️⃣ Verify your ROAs – Use public validation tools to confirm your ROAs are correctly published and match your announcements.

A common mistake we see is organizations creating overly permissive ROAs with broad maxLength values. This creates security vulnerabilities that can be exploited. For example, if you announce a /24 prefix but set a maxLength of /28, attackers could potentially announce more specific prefixes (like a /28) that would be considered valid under your ROA.

Phase 3: Implementing Route Origin Validation (ROV)

Once your ROAs are in place, you can begin validating incoming route announcements from others. This should be implemented in stages:

1️⃣ Monitor mode – Begin by simply logging the validation status of routes without taking action. This helps you understand the potential impact of filtering.

2️⃣ Preference adjustment – Modify your routing preferences to favor valid routes over unknown ones, while still accepting both.

3️⃣ Invalid route filtering – Once comfortable with the process, begin rejecting invalid routes. This is the full security benefit of RPKI.

This gradual approach minimizes the risk of service disruptions. One of our clients, a hosting provider, discovered during their monitoring phase that several of their upstream providers had invalid route announcements. By identifying these issues before implementing filtering, they avoided potential connectivity problems.

Future-Proofing Your Implementation

As RPKI adoption continues to grow, consider these forward-looking steps:

Anycast Routing: A Leader’s Guide to Optimizing Global Network Performance

Executive Summary: What You Need to Know

Why Should Business Leaders Care About a ‘Technical’ Topic Like Anycast Routing?

Imagine your business has just launched a new application that needs to serve customers across Europe, Asia, and the Americas. Your development team has built an excellent product, but users in certain regions are complaining about slow response times. Your CTO mentions something about “network latency” and suggests implementing “anycast routing” as a solution. As you nod politely, you wonder: what exactly is anycast, and why should it matter to your bottom line?

In simple terms, anycast routing is like having identical stores in multiple cities, all with the same phone number. When customers call that number, they’re automatically connected to the nearest location without having to know which specific store they’re reaching. This creates a seamless experience regardless of where your customers are located.

For businesses operating globally, anycast routing isn’t just a technical detail-it’s a strategic advantage. When implemented correctly, it can dramatically improve user experience by reducing latency (the delay before data transfer begins), enhance reliability by providing built-in redundancy, and strengthen security by distributing potential attacks across multiple locations. When implemented poorly, it can waste significant resources while failing to deliver these benefits.

The challenge many organizations face is determining exactly where to place these “identical stores” (or servers) around the world. With hundreds of potential locations available through infrastructure providers, selecting the optimal configuration has traditionally been a costly, time-consuming process of trial and error. This is where data-driven approaches like Autocast are revolutionizing how businesses deploy global network infrastructure.

In this guide, I will break down what anycast routing is in business terms, explain why optimizing it correctly is critical for your global operations, and provide a clear framework for making strategic decisions about your network infrastructure without getting lost in technical jargon.

What Is Anycast Routing and Why Does It Matter to Your Global Business?

Let’s start with a simple analogy. Traditional internet routing (called unicast) is like having a single store with a unique address. If customers from around the world want to visit, they all have to travel to that one location-creating long journeys for those who are far away. Anycast, by contrast, allows you to place identical stores in multiple locations worldwide, all sharing the same address. The internet’s routing system automatically directs customers to whichever location is “closest” in network terms.

The Business Benefits of Anycast

From a business perspective, anycast offers four critical advantages:

The Hidden Business Challenge

While anycast technology itself is well-established, the strategic challenge lies in deployment optimization. At InterLIR, we’ve observed many organizations taking one of two problematic approaches:

Both approaches overlook a critical insight: geographic distance often correlates poorly with network latency. In our work with global IP resource management, we’ve seen cases where servers in different continents provide better connectivity than ones in neighboring countries due to how internet backbone networks are constructed.

This disconnect between physical geography and network topology creates a complex optimization problem that has traditionally been solved through expensive trial and error-until now.

How Has Anycast Deployment Traditionally Been Approached?

To understand the significance of new data-driven approaches to anycast optimization, we need to examine how organizations have traditionally tackled this challenge. In my experience supporting clients with global IP resource management at InterLIR, I’ve observed three common approaches:

The Geographic Distribution Strategy

The most intuitive approach has been to select anycast locations based on geographic distribution. A typical deployment might include:

This approach seems logical but suffers from a fundamental flaw: geographic proximity is a surprisingly poor predictor of network performance. Studies show the correlation between geographic distance and network latency is only around 0.45-barely better than random chance. This is because internet traffic doesn’t travel “as the crow flies” but follows specific backbone routes that may take circuitous paths.

The Maximum Coverage Approach

Some organizations, particularly those with substantial budgets, have taken the “deploy everywhere” approach-establishing presence in as many locations as possible. While this maximizes coverage, it creates several business problems:

The Iterative Testing Approach

The most rigorous traditional method involves deploying a baseline anycast configuration, measuring performance, making adjustments, and repeating. While this can eventually yield good results, it’s:

In my role supporting clients with IP resource management, I’ve seen organizations spend months and significant resources on this process, often settling for “good enough” rather than truly optimal configurations due to these constraints.

What Makes Data-Driven Anycast Optimization a Game-Changer?

The emergence of data-driven approaches like Autocast represents a fundamental shift in how businesses can approach global network optimization. Rather than relying on intuition or exhaustive testing, these methodologies use predictive modeling to identify optimal configurations before deployment. Let me explain why this matters to your business.

The Core Innovation: Prediction Without Deployment

The breakthrough insight behind Autocast and similar approaches is remarkably straightforward: you can predict anycast performance using unicast measurements. In simpler terms, by measuring how long it takes for data to travel from potential server locations to your users, you can mathematically model how an anycast deployment would perform without actually implementing it.

This approach rests on two key assumptions:

While these assumptions aren’t perfect, real-world testing has shown they’re accurate enough to predict anycast performance with millisecond precision in most cases.

The Business Value Proposition

For business leaders, the value of this approach translates directly to the bottom line:

In practical terms, this means your organization can deploy global infrastructure that delivers better performance at lower cost, with less risk and faster time-to-market than competitors using traditional approaches.

Real-World Results

The effectiveness of data-driven anycast optimization has been demonstrated in production environments. For example, SIDN (the .nl domain registry) found that:

At InterLIR, we’ve observed similar patterns when helping clients optimize their global IP resource utilization. Organizations that take a data-driven approach to anycast deployment consistently achieve better performance-to-cost ratios than those relying on traditional methods.

What is the True Business Cost of Getting Anycast Wrong?

To fully appreciate the value of optimized anycast deployment, it’s important to understand the business implications of suboptimal configurations. These costs extend far beyond the direct expenses of infrastructure.

The Hidden Costs of Poor Anycast Implementation

Let me share a case study from our experience at InterLIR. A client in the cybersecurity sector initially deployed anycast using the traditional geographic approach, with locations in New York, London, Singapore, and Sydney. Despite this seemingly logical distribution, their customers in Brazil and parts of Eastern Europe experienced latency nearly double what competitors offered.

After applying data-driven optimization techniques, we discovered that adding a single PoP in Miami and another in Frankfurt-while actually removing Sydney-would reduce global average latency by 22% while cutting infrastructure costs by 20%. The business impact was immediate: customer complaints decreased, retention improved, and operational costs declined simultaneously.

Quantifying the Business Impact

While specific numbers vary by industry, research provides some benchmarks for understanding the business impact of network performance:

For global businesses, these performance impacts compound across markets. A suboptimal anycast configuration might create acceptable performance in primary markets while severely disadvantaging secondary markets-effectively conceding those territories to competitors with better network optimization.

The Opportunity Cost of Traditional Approaches

Beyond direct performance impacts, traditional anycast optimization approaches incur significant opportunity costs:

AS-SET Monitoring: A Leader’s Guide to Internet Routing Security

Executive Summary: What You Need to Know

Why Should a ‘Technical’ Topic Like AS-SETs Matter to Business Leaders?

Imagine waking up to discover your company’s online services are completely unreachable. Your e-commerce platform is down, customer support channels are offline, and remote employees can’t access critical systems. The culprit? Not a sophisticated cyber attack, but a routing mishap that could have been prevented with proper AS-SET management.

In simple terms, AS-SETs are like the digital address verification system for your business online. They determine if your internet traffic reaches its intended destination and whether others can trust the digital pathways to your services. When properly maintained, they’re invisible guardians of your connectivity. When neglected, they become single points of failure that can take your entire digital presence offline.

As CEO of InterLIR, a specialized IPv4 address marketplace, I’ve witnessed firsthand how routing security issues can devastate businesses. In today’s digital economy, network reliability isn’t just an IT concern-it’s a fundamental business continuity issue that directly impacts revenue, customer trust, and operational stability.

The global internet routing system operates on a surprisingly fragile trust model. Your business depends on thousands of network operators worldwide correctly configuring their systems to route traffic appropriately. AS-SETs are the primary mechanism that prevents chaos in this ecosystem, acting as the guardrails that keep traffic flowing properly.

In this guide, I will break down what AS-SETs are in simple terms, explain why managing them correctly is critical for your business, and provide a clear roadmap for making smart decisions about this essential component of your digital infrastructure. Let’s start by understanding how these digital address systems evolved and why they’ve become so valuable.

Where Did These Digital Trust Mechanisms Come From, and Why Are They So Important?

The internet wasn’t always the complex, interconnected system we know today. In its early days, it resembled a small town where everyone knew each other, and trust was implicit. Network operators could simply call one another on the phone to verify routing information or resolve issues. As a business leader, think of this era as similar to running a small local shop where you personally knew every supplier and customer.

From Small Community to Global Marketplace

As the internet expanded exponentially, this informal trust system became unsustainable. The equivalent of a global city emerged, with millions of digital “addresses” (IP addresses) and thousands of networks (Autonomous Systems or ASes) needing to communicate reliably. This growth created an urgent need for a structured way to verify which networks could legitimately announce which routes.

This is where AS-SETs entered the picture. An AS-SET is essentially a declaration that says, “These are my legitimate customers, and I vouch for their traffic.” It’s similar to how a bank might verify your identity before allowing you to open an account or how a property deed establishes legitimate ownership.

This shift from a small, trust-based community to a massive global system created a high-stakes environment where routing mistakes or malicious actions can have immediate, far-reaching consequences. For business leaders, understanding AS-SETs isn’t about grasping technical minutiae-it’s about recognizing a fundamental business risk that can affect your entire operation.

At InterLIR, we’ve built our business around helping companies secure and manage their IP address resources. I’ve observed that companies with robust AS-SET management rarely experience the catastrophic outages that plague those who neglect this critical infrastructure component. The difference isn’t just technical competence-it’s strategic risk management.

The Business Value of Proper Routing Hygiene

Think of AS-SETs as the digital equivalent of property deeds and building permits. When properly maintained, they ensure that your digital assets (IP addresses) are recognized as legitimately yours across the global internet. This legitimacy is what allows your customers to reach your services, your employees to access your systems, and your business to maintain its online presence.

The business value becomes clear when you consider the alternative: without proper AS-SET management, your network is vulnerable to route leaks and hijacks that can redirect your traffic to unintended destinations, potentially exposing sensitive data or simply making your services unreachable.

How Can a Business Protect Itself from Routing Security Threats?

Protecting your business from routing security threats requires understanding the verification framework that AS-SETs provide. Think of this as your “due diligence checklist” for ensuring your digital pathways remain secure and reliable.

Step 1: Understanding Your Digital Address Verification (The ‘Property Deed’)

Just as you would verify the deed before purchasing property, you need to ensure your network’s AS-SET information is accurate and properly maintained. This means knowing which Internet Routing Registry (IRR) objects represent your network and confirming they correctly reflect your business relationships.

At InterLIR, when we help businesses acquire IPv4 addresses, we emphasize the importance of proper documentation in routing registries. This isn’t just paperwork-it’s the foundation of your network’s security and reliability. Without it, you’re essentially operating without clear title to your digital property.

Step 2: Implementing Proper Filtering (The ‘Security System’)

Once you understand your AS-SET information, you need to implement proper filtering based on this data. This is like installing a security system that only allows authorized visitors into your building. In networking terms, it means configuring your routers to accept only legitimate route announcements and reject everything else.

This filtering is critical because it prevents your network from accidentally propagating incorrect routing information, which could contribute to larger internet outages. It also protects you from accepting invalid routes that could redirect your traffic through unauthorized networks.

Step 3: Regular Monitoring and Maintenance (The ‘Ongoing Inspection’)

Just as you would regularly inspect and maintain your physical infrastructure, you need to monitor and update your AS-SET information. This includes verifying that all included ASNs (Autonomous System Numbers) are legitimate customers or appropriately related networks, and promptly removing any that are no longer valid.

New tools like Cloudflare Radar’s AS-SET monitoring capabilities make this process more accessible, allowing you to visualize your AS-SET relationships and identify potential issues before they cause problems.

What is the True Business Cost of Getting AS-SET Management Wrong?

The technical nature of AS-SETs often obscures their profound business impact. Let me frame this in terms that resonate with executive leadership and business stakeholders.

The Hidden Costs of Inadequate Routing Security

At InterLIR, we’ve worked with clients who initially viewed IP address management and routing security as purely technical concerns. After experiencing the business impact of routing incidents, they quickly recognized these as strategic business issues requiring executive attention and investment.

The Business Case for Quality AS-SET Management

Investing in proper AS-SET management isn’t a technical expense-it’s business insurance that protects your digital operations. Consider this real-world example: One of our clients, a mid-sized e-commerce platform, experienced a 6-hour outage due to a route leak that could have been prevented with proper AS-SET filtering. The incident cost them approximately €75,000 in lost transactions and required emergency IT support costing an additional €15,000.

By comparison, implementing proper AS-SET management and monitoring would have cost less than €10,000 annually. The ROI for routing security isn’t just positive-it’s overwhelming when you consider the potential costs of failure.

For businesses that depend on digital channels-which today means virtually every business-routing security should be viewed as a fundamental component of business continuity planning, not an obscure technical detail.

What is the Smart Leader’s Roadmap for AS-SET Security?

As business leaders navigate the complex landscape of network security, a clear roadmap for AS-SET management is essential. Here’s my strategic guidance based on years of experience in the IP address marketplace and routing security field.

The Evolving Landscape of Routing Security

At InterLIR, we’re actively helping our clients navigate this transition by ensuring their IP address resources are properly documented and secured. The businesses that adapt quickly gain a competitive advantage in terms of reliability and security.

A Leader’s 90-Day Action Plan

1️⃣ Assess Your Current Posture – Ask your technical team to provide a clear assessment of your AS-SET management practices. Key questions include: Are we using hierarchical AS-SETs? How frequently are they audited? What filtering is in place to prevent route leaks?

2️⃣ Quantify Your Risk Exposure – Calculate the potential business impact of a routing incident. Consider direct revenue loss from downtime, customer support costs, and reputation damage. This creates a clear business case for investment.

3️⃣ Implement Basic Protections – Even if you can’t overhaul your entire routing security posture immediately, implement the most critical protections: hierarchical AS-SETs, basic filtering, and regular monitoring.

4️⃣ Develop a Monitoring Strategy – Establish regular reviews of your AS-SET information and routing announcements. Leverage free tools like Cloudflare Radar to gain visibility without significant investment.

5️⃣ Create an Incident Response Plan – Develop a clear protocol for responding to routing incidents, including communication templates, technical response procedures, and post-incident analysis.

This approach balances immediate security improvements with longer-term strategic planning. It acknowledges the reality that most businesses can’t transform their routing security overnight but can take meaningful steps to reduce risk.

The most successful digital businesses aren’t necessarily those with the most advanced technology-they’re the ones that effectively manage the risks inherent in their digital infrastructure. AS-SET management is a perfect example of how seemingly technical details can have profound business implications.

Building a Culture of Routing Hygiene

Beyond specific technical measures, business leaders should foster a culture that recognizes the importance of routing hygiene. This means including routing security in risk assessments, allocating appropriate resources for management and monitoring, and ensuring that technical teams understand the business impact of their work in this area.

At InterLIR, we’ve observed that organizations with strong executive support for routing security initiatives implement more effective protections and respond more quickly to emerging threats. This isn’t just correlation-it’s causation. When leadership recognizes the business value of routing security, the entire organization aligns around this priority.