AWS Announces Super-aggregates, Massively Expands BGP Footprint

Of the newly originated prefixes from AWS’s AS16509, 19 of the new prefixes were IPv6 and the rest were IPv4. Despite the small number of new IPv6 routes, the size of the IPv6 footprint (as measured in unique IP addresses) grew by 25 times from 3.875 × 10^29 to 96.924 x 10^29, while the size of the IPv4 footprint grew by three times (from 49M to 157M).

In recent years, AWS has been stockpiling large amounts of IPv4 addresses, as this precious commodity has increased in value. In a blog post from 2020, Andree Toonk gave a good rundown on some of AWS’s major purchases including 18.128.0.0/9 from MIT, 3.0.0.0/8 from GE and 44.192.0.0/10 from AMPRnet.

Until now, AWS didn’t announce the unused portion of its massive IP address collection. By announcing these super-aggregate prefixes (large blocks of IP addresses that encompass numerous smaller prefixes), AWS potentially makes it more difficult for a third party to impersonate the public cloud behemoth as any illegitimate originations of this space will now constitute a BGP hijack. Also, since these new routes now have ROAs, hijacks would be RPKI-invalid and be rejected by ASes which have deployed RPKI ROV.

The move evokes the 2021 mystery surrounding AS8003, an ASN associated with a defunct Florida company that started announcing all of the formerly unused IPv4 address space belonging to the US Department of Defense. Later that year, the DoD quietly moved the address space to a formerly unused ASN, AS749, which continues to announce more IPv4 address space than anything else in the history of the internet.

Unlike the episode with the DoD, AWS thankfully announced these new routes from its flagship ASN, 16509, avoiding any unnecessary confusion. AS16509 is now the world’s second largest source of IPv4 address space — just after AS749 (the ASN formerly known as 8003).