FreeTransit Learning Centre
A practical learning path for operating BGP safely before requesting public Internet number resources or a FreeTransit tunnel.
Learn before you apply
A public ASN, an IP prefix and a BGP session are production Internet resources. They are not a first BGP laboratory. A mistake can make your own network unreachable, leak routes learned from one provider to another, or announce address space that does not belong to you.
FreeTransit helps community networks obtain and use Internet number resources. We also expect applicants to understand the basic operational responsibility that comes with those resources. You do not need to be an expert, but you should be able to build, filter, verify and monitor a simple BGP setup before it is connected to a public network.
Recommended learning path
1. Learn IP routing and BGP fundamentals
Start with routing tables, longest-prefix matching, CIDR, IPv4 and IPv6 subnetting, static routes and the difference between an interior routing protocol and BGP.
Recommended starting courses:
- APNIC Academy — Routing Fundamentals — free, self-paced and suitable for beginners.
- APNIC Academy — Introduction to BGP — covers BGP concepts, messages, attributes, best-path selection and IPv4/IPv6 address families.
- DE-CIX Academy — training and webinars about BGP, peering and interconnection.
- DE-CIX BGP webinar series — a focused introduction to prefixes, autonomous systems and peering.
2. Build an isolated lab
Create at least three autonomous systems in a local virtual lab. Configure eBGP, explicit import and export policy, prefix filtering, max-prefix, local preference, AS-path prepending and communities. Deliberately create a route leak and confirm that your filters stop it.
Good lab resources:
- Open-source BGP configuration labs
- BGP lab source repository
- Containerlab FRRouting example
- FRRouting documentation
3. Practise in DN42
DN42 is a large private network that uses many of the same concepts as the public Internet. It is useful for learning peering, transit, route policy and operational coordination without announcing public address space.
DN42 is not a substitute for learning the basics. Its own getting-started guide assumes that you already understand networking, routing, BGP and a routing daemon such as FRRouting or BIRD. Build a local lab first, then use DN42 as the next stage.
4. Learn routing policy and registration
Before your first public announcement, understand the purpose of:
aut-num,route,route6andas-setobjects in an Internet Routing Registry;- RPSL as a description of intended routing policy;
- RPKI Route Origin Authorisations;
- ROA
maxLength; - ASPA provider authorisations;
- PeeringDB and accurate operational contact data.
Continue with:
5. Plan a controlled production change
Your first public BGP session should have:
- explicit inbound and outbound policy;
- an exact list of prefixes you intend to announce;
- an exact list of routes you expect to receive;
- a prefix limit;
- valid IRR and RPKI data;
- monitoring from outside your own network;
- working out-of-band access;
- a saved configuration and rollback procedure;
- a second person who can review the policy, where possible.
Readiness checklist
You should be able to answer all of these before requesting activation:
- What is the difference between eBGP and iBGP?
- Why does longest-prefix matching matter?
- What do
AS_PATH,NEXT_HOP,LOCAL_PREF,MEDand BGP communities do? - Which exact IPv4 and IPv6 prefixes will your router export?
- What prevents your router from exporting routes learned from another upstream?
- What happens if your router receives far more routes than expected?
- What is the difference between an IRR route object and an RPKI ROA?
- What does the ROA
maxLengthpermit? - Which ASNs are providers for your ASN, and should therefore appear in your ASPA?
- How will you detect an accidental withdrawal, hijack, RPKI-invalid announcement or route leak?
- How will you roll back the change if reachability fails?
Not being ready yet is normal. Use the following pages as a structured path rather than experimenting directly on the public Internet.