Certified engineers • MANRS participant • 24/7 NOC

BGP Network Services

Design, deployment and operation of BGP for your ASN, from the first session with your upstream to multi-transit, multi-IX, RPKI-enforcing production networks. Delivered by engineers credentialed by RIPE NCC in LIR operations, BGP Operations & Security, Advanced IPv6 and RIPE Database administration, with verifiable badges on every operator.

Discuss your BGP project What we do
Engagement models
  • Project-based: fixed scope (multi-homing, RPKI deployment, IX onboarding)
  • Retainer: monthly hours pool for ongoing BGP operations
  • 24/7 NOC: full outsourced BGP monitoring and incident response
Every engagement is quoted on scope. Send us a short brief and we return a fixed-fee proposal within three business days.

What we deliver

Pick a project, pick a retainer, or hand us the whole BGP operation. Every engagement is quoted on scope.

Multi-homing design

Two-transit, three-transit and hybrid transit+peering designs. Failover sizing, AS-path preferences, local-pref, MED strategies for balanced or cost-optimised traffic.

Prefix filters & policy

IRR-based prefix-list generation, max-prefix limits, private ASN stripping, bogon filtering, leak protection. Policies that survive the next "oh no, we leaked everything" headline.

RPKI deployment

Delegated or hosted CA, ROA signing, validator deployment (Routinator, Fort, StayRTR), RTR sessions to your routers, alerts on ROA drift.

MANRS onboarding

Four-action compliance: prefix filtering, anti-spoofing, coordination, global validation. We prepare the evidence, submit the application and help you stay compliant.

IX onboarding

Port provisioning at DSIX, DE-CIX, AMS-IX, France-IX, LINX, etc. PeeringDB record setup, bilateral peering outreach, route server sessions.

Traffic engineering

AS-path prepending strategies, community tagging, selective de-aggregation, time-of-day policies, anycast planning, ECMP and BGP-PIC optimisations.

24/7 NOC & monitoring

BMP-based route monitoring, RPKI drift alerts, prefix hijack detection, looking glass access, incident playbooks, out-of-hours call escalation.

Vendor support

Cisco IOS/IOS-XE/NX-OS, Juniper Junos, Arista EOS, MikroTik RouterOS v6 & v7, VyOS, BIRD 2.x, FRRouting. Config snippets, audits, migrations.

Incident response & forensics

Route-leak and hijack triage, coordination with upstream NOCs and the global BGP community, RIPE Atlas and looking-glass correlation, written post-mortem with corrective actions and remediation timelines.

Professional Certifications

Our team consists of RIPE NCC certified professionals, with expertise in IPv6 network design, BGP security, RIPE Database management, and Local Internet Registry operations. We provide reliable, high-quality services to help organizations plan, implement, and secure their networks according to globally recognized best practices.

Local Internet Registry

Local Internet Registry

Proficient in managing Internet number resources, including requests, distributions, registrations, and stakeholder coordination.

Verify Certification
IPv6 Fundamentals Analyst

IPv6 Fundamentals

Certified to plan and implement IPv6 networks, calculate subnets, create addressing plans, and transition from IPv4 to IPv6.

Verify Certification
RIPE Database

RIPE Database

Certified in RIPE Database operations, including searching, interpreting, updating, and managing IP assignments and routing policies.

Verify Certification
BGP Security

BGP Security

Qualified to assess BGP security risks, implement route validation with RPKI, and secure Internet routing against hijacks and leaks.

Verify Certification
IPv6 Security Expert

IPv6 Security

Expert in designing secure IPv6 networks, analyzing threats, and applying advanced strategies to protect against emerging vulnerabilities.

Verify Certification

BGP Services FAQ

Common questions about our BGP consulting and operations.

Do I need my own ASN to hire you?
Not to talk to us. If you already have an ASN, we go straight to design and implementation. If you do not, we start with the ASN Registration bundle and roll the BGP design into the same engagement.
Which router platforms do you support?
Cisco IOS, IOS-XE and NX-OS; Juniper Junos; Arista EOS; MikroTik RouterOS v6 and v7; VyOS; BIRD 2.x; FRRouting. If your platform is not listed, ask, we have probably touched it. For hardware-specific optimisations (BGP-PIC, ECMP, FIB scaling) we have deep experience on Cisco Nexus and MikroTik CCR.
Can you work with our existing NOC team?
Yes, that is the norm. Most engagements are co-managed: we own the BGP-specific work, your NOC owns the day-to-day network. We publish a clear RACI at onboarding and run joint retros after major changes.
Do you take 24/7 pager duty on our behalf?
On a managed contract, yes. Our NOC holds the pager for BGP-impacting events (session flaps, RPKI invalidity, prefix hijacks) and follows an escalation runbook agreed with you. Non-BGP incidents we triage and forward to the right contact.
How fast can you respond to a BGP emergency?
For managed customers on our 24/7 tier, typical ack time is under 15 minutes for critical events. We can join a bridge within 30 minutes, push config changes via the runbook, and file RFO documentation within 48 hours.
Can you audit our existing BGP configuration?
Yes. A one-time audit covers: prefix filters, max-prefix limits, RPKI signing status, as-set consistency, IRR registration accuracy, community schema hygiene, fallback design. Delivered as a report with prioritised recommendations and config deltas.
Do you help with route leak incidents (ours or inbound)?
Yes. For outbound leaks from your AS we triage, roll back and write the RFO. For inbound (someone leaking you) we coordinate with the offending AS through NOC email and RIPE abuse contacts, file with the incident response community if needed.
Can you run our RPKI infrastructure?
Yes. We deploy and operate Delegated RPKI CAs, ROA signing pipelines, and HA validators (Routinator, Fort, StayRTR) feeding RTR sessions to your routers. With monitoring and alerting on ROA drift, validator disagreement and RTR health.
Do you help us join MANRS?
Yes. We prepare the MANRS application evidence across the four operator actions (prefix filtering, anti-spoofing, coordination, global validation), submit it and keep you compliant through the annual review cycle.
Do you peer with us?
Through DSIX (AS58218), our own internet exchange, we peer with any ASN that meets the open policy. We can also arrange direct BGP sessions with AS57050 if your traffic pattern benefits from it.

Also useful

ASN Registration
Get your ASN first
DSIX Internet Exchange
Peer with us for free
Managed LIR
LIR ops on top of BGP

Send us the brief, get a fixed-fee BGP proposal

Describe your network: ASN, prefixes, current transits/peers, target design. We return a scoped proposal within three business days.

Start a conversation Email us

Trusted By & Member Of

We are proud members of leading internet infrastructure organizations.

RIPE NCC MANRS PeeringDB RoTLD DSIX SBIX 4IXP LOCIX Euro-IX RIPE NCC MANRS PeeringDB RoTLD DSIX SBIX 4IXP LOCIX Euro-IX