Private ASNs (RFC 6996)
You landed here because the AS number you looked up falls inside one of the two private-use ranges defined by RFC 6996. Private ASNs are not registered to any operator, are not globally unique, and must never appear in the default-free zone (the public BGP table). Because they are not routable, there is no authoritative record to look up and every occurrence of the same number belongs to a different network.
Where engineers actually see them
- BGP confederations. A single operator splits its AS into sub-confederations and uses private ASNs as the confederation IDs. The private numbers are stripped before announcements leave the confederation.
- Multi-site enterprises. Branch offices run iBGP with private ASNs and re-originate prefixes under the corporate public ASN at the edge.
- Downstream customer identifiers. Some ISPs allocate private ASNs to customers who do not need to multi-home and strip them at the transit boundary.
- Lab and test networks. Cisco VIRL, EVE-NG, GNS3 and Arista cEOS demos routinely use 65000–65534 for topology practice.
- Leaked announcements. Occasionally an operator forgets to filter private ASNs at the edge and the number briefly appears in RIS or RouteViews dumps. Those are router misconfigurations, not real networks.
Why ipctl can’t look them up
ipctl.io builds its ASN database from RIR delegated-stats files (ARIN, RIPE, APNIC, LACNIC, AFRINIC) and the live BGP tables from RIPE RIS and RouteViews. Private ASNs are never delegated by an RIR and are filtered out of the public BGP table before we ingest it, so there is nothing to display for a specific private number. If you want to reach the operator behind a private ASN you will need access to their internal routing documentation — the number alone is not enough.
Looking up a real ASN
If you meant to look up a public ASN (for example a customer’s transit provider or a suspicious origin you saw in a BGP looking glass), start from the ASN Lookup page or search directly for the number. Public 16-bit ASNs are in the range 1–64495; public 32-bit ASNs are 131072 and up.
Frequently asked questions
What are private ASNs used for?
Private ASNs are used inside BGP confederations, multi-site enterprise iBGP, downstream customer identification at ISPs, and lab/test networks. They are stripped before announcements leave the organisation's border.
Can a private ASN appear in the public BGP table?
No. Operators are required to strip private ASNs at every eBGP boundary. If you see one in a public BGP feed it is a route leak — someone's iBGP is bleeding into their eBGP sessions. Anti-bogon filters should catch it.
How many private ASNs are there?
1,023 in the 16-bit range (64512–65534) and 94,967,295 in the 32-bit range (4200000000–4294967294), for a combined total of 94,968,318 private ASNs.
What is the difference between private and documentation ASNs?
Private ASNs (RFC 6996) are for real internal BGP use inside production networks. Documentation ASNs (RFC 5398, ranges 64496–64511 and 65536–65551) exist only for use in books, RFCs, and training material — they should never appear in any BGP session, even an internal one.
Related reading
- Documentation ASNs (RFC 5398) — the 64496–64511 and 65536–65551 ranges reserved for examples and training material.
- Other reserved ASNs — AS0, AS23456 (AS_TRANS), AS65535, and the IANA unallocated pool.
- AS13335 (Cloudflare) — example of a real, publicly routed ASN.
- Global BGP Statistics — routing table size, RPKI coverage, and ASN counts.