Anycast IPv6 - YourSelf

Page content

How to Build your own AnyCast Network

you’re using anycast every day. all public resolvers (,, for example are anycast ip’s and hence, many servers distributed around the world which listen and announce the same ip address.

we can build a proof of concept, how to build such a network, for a few $.


AS Number

Anycast heavily depends on BGP. So, you need a own AS Number. I got my for 15 CHF/Year from You should also keep in mind that you will not get any IPv4 addresses without buying them for the market. So, your Setup will be based on IPv6 only.

Cloud Provider with BGP

We need the possibility to spin up Virtual Machines on different Locations around the World. You can go with the Big Players (AWS, GCP, Azure, …) and waste time and money with their complexity and Tools. Or you choice a small Provider without all the fancy stuff and you just get what you need.


You need a certain Knowhow about Networking, OpenBSD, Security … and this Blog will help you to get there …


Get your you Account on Vultr. I’m happy if you register via my Sponsor Link. I’ll get 10$ once which helps me to operate my Infrastructure for you

Build VM

you can build a VM via the Webpage, or you install “vultr-cli” for you OS and build it on the CLI. You also need an API Key.

export VULTR_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

curl "" \
  -X POST \
  -H "Authorization: Bearer ${VULTR_API_KEY}" \
  -H "Content-Type: application/json" \
  --data '{
  "region": "cdg",
  "plan": "vc2-1c-1gb",
  "label": "bgp-paris",
  "os_id": 2105,
  "backups": "disabled",
  "hostname": "bgp-paris"

Login & Patch

basic tasks

ssh -l root
pkg_add -Vu


create loopback with your ip (you got from RIPE …)

cat << 'EOF' > /etc/hostname.lo1
description "Loopback 1"
inet6 2a0e:97c0:0740::1/48

bring up the interface

sh /etc/netstart

bgp config

cat << 'EOF' > /etc/bgpd.conf

# define our own ASN as a macro

# global configuration
router-id YOUR-PUBLIC-IPV4

# list of networks that may be originated by our ASN
prefix-set mynetworks {

# define bogon prefixes which should not be part of the DFZ
prefix-set bogons {
        ::/8 or-longer                  # RFC 4291 IPv4-compatible, loopback, et al
        0100::/64 or-longer             # Discard-Only [RFC6666]
        2001:2::/48 or-longer           # BMWG [RFC5180]
        2001:10::/28 or-longer          # ORCHID [RFC4843]
        2001:db8::/32 or-longer         # docu range [RFC3849]
        2002::/16 or-longer             # 6to4 anycast relay [RFC7526]
        3ffe::/16 or-longer             # old 6bone
        fc00::/7 or-longer              # unique local unicast
        fe80::/10 or-longer             # link local unicast
        fec0::/10 or-longer             # old site local unicast
        ff00::/8 or-longer              # multicast

network prefix-set mynetworks set large-community $ASN:1:1

# upstream providers
group "upstreams" {
    remote-as               64515
    tcp md5sig password     YOUR-MD5-HASH
    multihop                2

    neighbor    { descr "Vultr4" }
    neighbor 2001:19f0:ffff::1  { descr "Vultr6" }

## rules section

allow       from group upstreams prefix ::/0
deny  quick from group upstreams prefix
allow to ebgp prefix-set mynetworks large-community $ASN:1:1
match from ebgp set { large-community delete $ASN:*:* }
match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
deny quick from any prefix-set bogons
deny from any max-as-len 100

replace YOUR-PUBLIC-IPV4 with your public ipv4 address (or any other address, i just must be unique within your AS Number !)

$ sed -i 's/YOUR-PUBLIC-IPV4/' /etc/bgpd.conf

replace your MD5 Hash you got from Vultr

$ sed -i 's/YOUR-MD5-HASH/xxxxxxxxxxxxxxxx/ /etc/bgpd.conf

Enable & Start BGP

rcctl enable bgpd
rcctl restart bgpd

Show BGP Neighbor

root@bgp-paris# bgpctl show sum
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
Vultr4                  64515          0          0     0 00:00:19 Connect
Vultr6                  64515          0          0     0 00:00:19 Connect

root@bgp-paris # bgpctl show sum
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
Vultr4                  64515          8          7     0 00:02:25      1
Vultr6                  64515          8          8     0 00:02:25      1

Show Outgoing Announcement

root@bgp-paris # bgpctl show ip bgp out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
       S = Stale, E = Error
origin validation state: N = not-found, V = valid, ! = invalid
aspa validation state: ? = unknown, V = valid, ! = invalid
origin: i = IGP, e = EGP, ? = Incomplete

flags  vs destination          gateway          lpref   med aspath origin
A*    N-? 2a0e:97c0:740::/48   2001:19f0:6801:80c:5400:4ff:fe68:8f0b   100     0 208260 i

TCPDump on your Range

and you should see some incoming traffic …

root@bgp-paris# tcpdump -n net 2a0e:97c0:740::/48
tcpdump: listening on vio0, link-type EN10MB
08:41:39.308613 2600:1f1e:46c:: > 2a0e:97c0:740::1: icmp6: echo request [flowlabel 0xf2153]
08:41:48.757507 2a0b:2e00:102:: > 2a0e:97c0:740::1.443: S 2702248522:2702248522(0) win 65535 <mss 1360,nop,wscale 6,nop,nop,timestamp 652969254 0,sackOK,eol> [flowlabel 0x70500]
08:41:58.848612 2001:470:1:84:: > 2a0e:97c0:740:1234::1.5900: S 4165758034:4165758034(0) win 65535
08:41:59.356166 2001:470:1:32:: > 2a0e:97c0:740:2::2.5900: S 1048268235:1048268235(0) win 65535
08:42:05.905360 2a0b:2e00:100:: > 2a0e:97c0:740::1.443: S 396612563:396612563(0) win 65535 <mss 1360,sackOK,eol> [flowlabel 0xc0000]
08:42:06.504671 2406:da11:820:: > 2a0e:97c0:740::1: icmp6: echo request [flowlabel 0xdf493]
08:42:07.714652 2a05:d011:795:: > 2a0e:97c0:740::1: icmp6: echo request [flowlabel 0x22074]
08:42:13.746368 2a05:d01c:ac2:: > 2a0e:97c0:740::1: icmp6: echo request [flowlabel 0xdc1e7]
08:42:14.690582 2a0b:2e00:102:: > 2a0e:97c0:740::1.443: SWE 3515533051:3515533051(0) win 65535 <mss 1360,nop,wscale 6,nop,nop,timestamp 3190648080 0,sackOK,eol> [flowlabel 0x80900]


that’s it basically. reproduce this step with other VM’s around the World. Setup a Webserver and you have your own, selfhosted and controlled Anycast Network


please let me know if you tried to reproduce or have any questions. i’m happy to help. Just write in the comments or Contact me.

Any Comments ?

sha256: 251d3f4c5b2ff32619270f6eb7646b23472521ee07c98d29cb43ca44fef6b21d