VTI.BG is a registered LIR (Local Internet Registry) with RIPE NCC. We deliver the full stack of Internet number resource services — IPv4 and IPv6 address space, autonomous systems (ASN), BGP network design and operations, traffic engineering and monitoring.

IPv4 address space

  • Long- and short-term leasing — /24, /23, /22 and larger prefixes under contract with monthly, annual or multi-year terms.
  • Full RIPE delegation — transfer of inetnum, route, mntner objects in RIPE database to the customer’s operation, with maintained documentation.
  • RPKI signing (ROA) — we create and maintain Route Origin Authorization records to prevent hijacking and ensure compatibility with upstream Route Origin Validation (ROV).
  • IRR objects — maintenance of route / route6 objects in RIPE and third-party IRRs (RADB, ALTDB) for prefix acceptance by transit and peer networks.
  • Reverse DNS (PTR) — delegation of reverse zones to the customer’s DNS servers; we also host reverse DNS if required.
  • Geofeed (RFC 9092) — published CSV geofeed so that end users get correct localisation in geolocation databases (MaxMind, IP2Location, ipinfo).
  • Abuse contact and WHOIS hygiene — abuse mailbox monitoring, periodic due-diligence reviews per RIPE requirements.
  • Monthly reporting — IP utilisation (RIPE policy target > 80 %), incident reports, policy compliance.

IPv6 address space

  • IPv6 PI / PA blocks — /48 for end-sites, /32 for LIR; support for greenfield deployments or dual-stack migration of existing IPv4 networks.
  • SLAAC / DHCPv6 — access network design with RA, prefix delegation for CPE devices.
  • RPKI for IPv6 — equivalent ROAs to prevent hijacking.
  • Dual-stack with NAT64 / 464XLAT — for customers with limited IPv4 but requiring dual reachability.

ASN (Autonomous Systems)

  • ASN application — preparation of the RIPE application, documentation of multi-homing or peering plan; typically 4-byte ASN.
  • Peering strategy — peering policy selection (open / selective / restrictive), PeeringDB objects, desired-peers catalogue.
  • ASN management — maintenance of as-set objects, as-block delegations, documentation of peering relationships.
  • Operational audits — periodic review of BGP session hygiene, AS-path analysis, unexpected-transit detection.

BGP design and operations

Full BGP network lifecycle — from initial design to day-2 operations.

Architecture and connectivity

  • Transit contracts — upstream provider evaluation and negotiation (Tier-1 and Tier-2), routing policy analysis and SLA review.
  • Private peering (PNI) — direct cross-connect design in data centre carriers for critical traffic flows.
  • Public peering (IX) — presence at public exchange points (BIX.BG, DE-CIX, AMS-IX, LINX), route-server peering, bilateral sessions.
  • Multi-homing — active-active or active-passive architectures; BGP configuration for detection and failover under 60 seconds.
  • Internal BGP (iBGP) — route reflection (RFC 4456), confederations (RFC 5065) for scalable AS topologies.

Traffic engineering

  • Inbound control — AS-path prepending, MED values, more-specific prefix advertisements, BGP communities toward specific upstreams.
  • Outbound control — local-preference, route-maps on community and AS-path, session weights.
  • BGP communities — community scheme design (RFC 8092 large communities for 4-byte ASN), publication in PeeringDB and on-site documentation.
  • BGP flowspec (RFC 8955) — for DDoS mitigation and selective rate limiting; integration with upstream providers.
  • RTBH (Remote-Triggered Black Hole) — community-signaled blackholing for rapid attack response.

Security

  • RPKI Origin Validation (ROV) — applied on eBGP sessions; invalid and not-found policies per best practice.
  • MD5 authentication / TCP-AO (RFC 5925) — BGP session protection against spoofing and session hijacking.
  • GTSM (RFC 5082) — TTL protection for eBGP sessions.
  • BGP Roles (RFC 9234, OTC) — automated route leak protection (Customer-Provider inversions).
  • Max-prefix limits — resource exhaustion prevention when a partner misconfigures.
  • Prefix filtering — IRR-generated prefix lists built automatically (bgpq4, IRRPT) with daily refresh.

Monitoring and observability

  • Streaming telemetry (gNMI, gRPC) — BGP state export to timeseries databases (Prometheus, InfluxDB).
  • RouteViews / RIPE RIS / BGPStream — BGP announcement monitoring from a global perspective; alerts on unexpected origin AS or AS-path changes.
  • Looking Glass — public looking glass for customers.
  • NetFlow / sFlow / IPFIX — traffic analytics, top-N reports, anomaly detection.
  • RIPE RPKI Monitor — ROA status and validator health tracking.

Network design

Services for operators and enterprises that build on the IP / BGP base.

  • IGP design — OSPF (RFC 2328) and IS-IS (RFC 1195) for underlay routing; area / level planning for scale.
  • MPLS — RSVP-TE or LDP signaling, traffic engineering tunnels, FRR (Fast Reroute).
  • Segment Routing (SR-MPLS, SRv6) — modern networks with opportunity-based TE.
  • L2VPN / L3VPN — MPLS VPN services (VPWS, VPLS, EVPN) for enterprise customers.
  • Data centre underlay — EVPN / VXLAN fabric design, BGP unnumbered, IPv6 peering for the fabric.
  • SDN controllers — integration with ODL, Juniper NorthStar, Cisco Crosswork.

Platforms

We work vendor-agnostic — hands-on experience with:

  • Cisco IOS XR / IOS / NX-OS
  • Juniper Junos
  • Arista EOS
  • Nokia SR OS (7750, 7250)
  • MikroTik RouterOS — for smaller POPs and edge devices
  • FRRouting / BIRD — Linux-based route servers and peering routers
  • Palo Alto / Fortinet / pfSense — BGP-enabled firewalls

Compliance and support

  • RIPE policy compliance — due diligence, abuse handling, audit readiness.
  • ICANN / RIR policies — proper documentation for transfers, promotional leases, M&A.
  • Contractual support — 24/7 on-call for BGP incidents, SLA with < 30-minute response time for P1 incidents.
  • Change management — maintenance windows, pre-change peer notification (peering-notify@), post-change validation.

Standards and RFCs

IP resources: RIPE-708 (IPv4 Address Allocation and Assignment), RIPE-738 (IPv6 Address Allocation and Assignment), RFC 7020 (Internet Number Resources).

BGP: RFC 4271 (BGP-4), RFC 4456 (Route reflection), RFC 5065 (Confederations), RFC 4760 (Multiprotocol BGP), RFC 7454 (BGP Operations and Security), RFC 8212 (Default Deny), RFC 9234 (BGP Role).

RPKI: RFC 6480 (RPKI Architecture), RFC 6482 (ROA Format), RFC 6811 (Origin Validation), RFC 8893 (RPKI Transport).

Security: RFC 5082 (GTSM), RFC 5925 (TCP-AO), RFC 7908 (Route Leaks), RFC 8955 (BGP Flow Specification).

Transport & TE: RFC 3031 (MPLS), RFC 3209 (RSVP-TE), RFC 8402 (Segment Routing), RFC 7432 (BGP EVPN).