The internet isn’t one network — it’s a network of networks. That phrase gets repeated a lot, but most people never get a clear answer to the obvious follow-up: how do those networks find each other? When a packet leaves your laptop bound for a server in Singapore, the routers along the way somehow agree on a path. They don’t have a global map. They have something better: autonomous systems, identified by ASNs — Autonomous System Numbers.
ASNs are the addresses of networks. Just like IP addresses identify individual machines, ASNs identify the organizations that own those machines. If you’ve ever looked at IP geolocation data and seen a field like “ASN 13335 — Cloudflare,” that’s an ASN telling you which network the address belongs to.
This post explains what an ASN actually is, how the system works in practice, and why anyone touching IP data ends up working with them sooner or later.
The 30-Second Definition
An autonomous system is a network — or a collection of networks — operated by a single administrative entity with a single, coherent routing policy. An ISP is an AS. A large cloud provider is an AS (often several). A university with its own IP allocation can be an AS. Approximately 100,000 autonomous systems are active on the global internet today.
Each AS is assigned a unique autonomous system number (ASN) by a Regional Internet Registry (RIR). When AS operators want to exchange traffic with other networks, they peer with them via BGP (Border Gateway Protocol), announcing “I am AS 13335 and I can deliver traffic to these IP prefixes.” Routers across the internet listen to those announcements and build a picture of which AS owns which addresses, and how to reach each AS.
That’s the system. Every IP address on the internet belongs to some AS. Every AS has an ASN. Every router knows enough about ASNs and prefixes to forward your packets toward the right destination.
A Concrete Example
Take Cloudflare’s well-known DNS resolver: 1.1.1.1. If you look this IP up in any IP lookup tool, you’ll see something like:
- IP: 1.1.1.1
- ASN: AS13335
- Org: Cloudflare, Inc.
- Country: US
The IP itself doesn’t tell you it’s Cloudflare’s. The ASN tells you that. The mapping from “IP → ASN → owning organization” is what makes IP data actually useful for things like fraud detection, geo-routing, and traffic analysis.
Some other ASNs you may have heard of without realizing it:
- AS15169 — Google
- AS32934 — Facebook / Meta
- AS16509 — Amazon AWS
- AS8075 — Microsoft
- AS7922 — Comcast (one of the largest residential ISPs in the US)
You can browse the ASN directory to look up any of these and see what IP ranges they announce.
How ASNs Are Assigned
ASNs are not assigned individually. They flow down through a hierarchy:
- IANA (Internet Assigned Numbers Authority) allocates large blocks of ASNs.
- RIRs (Regional Internet Registries) — five of them, each covering a region — distribute ASNs to their members:
- ARIN (North America)
- RIPE NCC (Europe, Middle East, Central Asia)
- APNIC (Asia-Pacific)
- LACNIC (Latin America)
- AFRINIC (Africa)
- Network operators apply to their regional RIR for an ASN, pay an annual fee, and receive one.
To get an ASN, you generally need to be multihomed — connecting to two or more other networks — because otherwise there’s no point. A network with only one upstream provider doesn’t need its own ASN; it can use a sub-allocation from its upstream’s address space.
ASNs come in two flavors:
- 16-bit ASNs: 0–65535. The original format. Mostly exhausted.
- 32-bit ASNs: 0–4,294,967,295. Introduced because 16-bit space ran out. Now the default for new allocations.
If you see a number above 65535, it’s a 32-bit ASN. The internet treats them identically, but some old equipment can struggle with them.
Why ASNs Matter for IP Geolocation
Here’s where it gets practical. An IP address by itself doesn’t tell you who owns it. To go from 1.1.1.1 to “Cloudflare” you need an extra layer of mapping. That layer is the ASN database.
Every IP geolocation API worth using has the ASN data baked in. When you query 1.1.1.1, the response includes both the geographic info (country, city, etc.) and the network info (ASN, organization). The geographic info comes from RIR-published location data and probe-based measurement. The ASN info comes from real-time BGP routing tables that the API provider mirrors.
This matters for at least three things:
1. Identifying hosting providers
If a user’s IP belongs to AWS (AS16509) or DigitalOcean (AS14061), that user is probably not at home. They’re either using a VPN, a cloud-hosted server, a CI runner, or some kind of automation. For fraud detection, this is a strong signal. For audience analytics, it usually means “filter this out.”
2. Identifying VPNs and proxies
Most commercial VPN providers operate their own ASNs (or rent from a handful of bulk VPS providers). If you maintain a list of ASNs associated with VPN services, you can flag connections from those ASNs at the edge of your application. Less false-positive prone than pure IP blacklists.
3. Network-level analytics
If your service has a free tier and a paid tier, you might find that a disproportionate share of free-tier abuse comes from a small number of ASNs (typically cheap VPS providers in specific regions). Aggregating logs by ASN — rather than individual IPs — surfaces these patterns much faster than IP-by-IP analysis.
BGP — The Glue
The protocol that makes ASNs functional is BGP (Border Gateway Protocol). BGP is the routing protocol that runs between autonomous systems. It’s how AS 13335 (Cloudflare) tells AS 15169 (Google) “if you want to reach 1.1.1.0/24, send the traffic via me.”
BGP isn’t doing optimal-path routing in any mathematical sense. It’s doing policy-based routing. Each AS announces what prefixes it owns and which neighbors it’s willing to accept traffic from. Each AS decides, based on its own policy (business relationships, transit agreements, peering arrangements), which path to use to reach each destination. The result is a global routing table that every internet-facing router shares — currently around 1 million IPv4 prefixes and several hundred thousand IPv6 prefixes.
The full BGP table is updated continuously. When a network operator brings up a new prefix, or a fiber cut takes a path offline, or a new peering relationship comes online, BGP announcements ripple outward across the internet, often within seconds. This is why traceroute results from the same source to the same destination can vary over time — the path is fluid.
Looking Up an ASN
Whether you have an IP and want to know the ASN, or you have an ASN and want to know the IPs it announces, the lookup is one query.
IP → ASN
Use any IP geolocation API (such as the Ip2Geo API) or a command-line tool:
whois -h whois.cymru.com " -v 1.1.1.1"That’ll return the ASN, the prefix the IP falls inside, the country, and the registry data.
ASN → IPs
To see what prefixes an ASN announces, the canonical source is the BGP table itself. Tools like bgp.tools (third-party) or the ASN-level data exposed by major providers can give you the full list. Inside our ASN directory, each ASN page lists the announced prefixes and the cities where the network operates.
ASN → Organization
The RIR WHOIS data has the organization details — name, contact email, country of registration. Note that the registration country and the operating country can be different (a US-registered AS can operate equipment all over the world).
Common Misconceptions
”An ASN is the same as an IP block.”
No. An ASN is a network. A network announces one or more IP blocks (prefixes). The relationship is many-to-many over time (prefixes can move between ASNs).
”The ASN tells you exactly where the user is.”
No. The ASN tells you which organization owns the address. That organization might operate equipment across multiple countries. For physical location, the geographic data layer is separate from the ASN.
”ASN numbers are sequential by creation date.”
Mostly, no. Numbers are allocated by RIRs in blocks, and within a block they can be assigned non-sequentially. Don’t infer anything from the numeric value of an ASN beyond “16-bit or 32-bit."
"Big ASN = big network.”
Sometimes. Some of the largest networks have low ASN numbers because they joined the internet early (Sprint was AS 1239, MIT was AS 3). Plenty of small university networks have low ASNs too. The size of a network is measured in announced prefixes and peering count, not the ASN number itself.
When You’ll Encounter ASNs
A short list of scenarios where ASN lookups come up:
- Fraud detection: flag traffic from cloud-provider ASNs (probably scraping or automation) and VPN ASNs (suspicious for high-value actions).
- Network engineering: confirm which AS is responsible for a routing anomaly, or look up a transit provider’s announcements.
- Compliance: know whether traffic is coming through a specific provider to satisfy data-residency rules.
- Security research: group attack traffic by network operator to spot coordinated activity.
- CDN selection: map your user base by ASN to figure out where it makes sense to deploy edge nodes.
Whether you’re hands-on with networks or just hands-on with the data, eventually you’ll need to know what AS a given IP belongs to. The lookup itself is a one-liner via the IP lookup tool or the API. The interesting work is what you do with it.
TL;DR
- ASN = the unique number assigned to an autonomous system (a network operating under a single administrative policy).
- Every IP on the internet belongs to some AS. Knowing the AS tells you the operator.
- BGP is how ASes announce their prefixes to each other; it’s the glue that makes inter-network routing work.
- IP → ASN is one of the most useful enrichments in any IP geolocation pipeline.
- Browse our ASN directory to look up specific networks, see their announced prefixes, and explore the operators behind the largest chunks of the internet.
If you’re just learning, the easiest way to internalize this is to take any IP you encounter today — your home IP, a cloud server IP, the IP of a service you use — and look up its ASN. Once you start noticing the same ASNs coming up over and over (AWS, Cloudflare, your own ISP), the mental model clicks.