DEV Community

Young Gao
Young Gao

Posted on

BYOIP on AWS and Vultr: Bring Your Own IPv6 Prefix to the Cloud (2026)

#aws #cloud #devops #networking

BYOIP (Bring Your Own IP) lets you use your own IP addresses with cloud providers like AWS, Vultr, and GCP. This is increasingly important for organizations that need IP reputation portability, multi-cloud failover, or compliance with geo-specific regulations.

Here's a practical guide to BYOIP with IPv6 on the most popular platforms.

Why BYOIP?

  • IP reputation: Keep your IPs when switching providers
  • Multi-cloud: Announce the same prefix from multiple clouds
  • Compliance: Some regulations require specific IP geo-location
  • DDoS mitigation: Route traffic through scrubbing services using your own prefix
  • Portability: You own your IPs, not your cloud provider

Prerequisites

Before you can use BYOIP, you need:

  1. Your own ASN — a unique number identifying your network
  2. An IPv6 prefix (minimum /48 for most providers, /24 for IPv4)
  3. ROA (Route Origin Authorization) published in RPKI
  4. IRR objects (route6, aut-num) in a routing registry

If you don't have these yet, you'll need to work with a Regional Internet Registry (RIR) or a LIR (Local Internet Registry). For ARIN region, NoPKT LLC offers ASN registration and IPv6/IPv4 allocation — they handle the paperwork and RPKI setup, which saves a lot of time compared to dealing with ARIN directly.

BYOIP on AWS

Step 1: Create ROA

Your prefix must have an ROA authorizing Amazon's ASN:

# Your LIR (like NoPKT) should create this ROA:
# Prefix: 2001:db8:abcd::/48
# Origin ASN: AS16509 (Amazon)
# Max Length: /48
Enter fullscreen mode Exit fullscreen mode

Step 2: Provision the CIDR 

aws ec2 provision-byoip-cidr \
    --cidr 2001:db8:abcd::/48 \
    --cidr-authorization-context \
        Message="1|aws|123456789012|2001:db8:abcd::/48|20261231|SHA256|ECDSA",\
        Signature="...base64-sig..."
Enter fullscreen mode Exit fullscreen mode

Step 3: Advertise 

aws ec2 advertise-byoip-cidr --cidr 2001:db8:abcd::/48
Enter fullscreen mode Exit fullscreen mode

Step 4: Allocate to Resources 

# Create an Elastic IP from your pool
aws ec2 allocate-address --domain vpc --public-ipv4-pool ipv4pool-ec2-xxx

# Or assign IPv6 to a subnet
aws ec2 associate-vpc-cidr-block \
    --vpc-id vpc-xxx \
    --ipv6-cidr-block 2001:db8:abcd::/56 \
    --ipv6-pool ipv6pool-ec2-xxx
Enter fullscreen mode Exit fullscreen mode

BYOIP on Vultr

Vultr has excellent BYOIP support with BGP:

Step 1: Enable BGP on Your Instance

In the Vultr dashboard, enable BGP for your instance. You'll get a BGP configuration with:

  • Vultr's ASN: 64515 (private) or 20473 (public)
  • Your session password
  • Neighbor IP

Step 2: Configure BIRD 

protocol bgp vultr {
    local as YOUR_ASN;
    neighbor 169.254.169.254 as 64515;
    password "vultr-bgp-password";

    ipv6 {
        import none;
        export filter {
            if net = 2001:db8:abcd::/48 then accept;
            reject;
        };
    };
}
Enter fullscreen mode Exit fullscreen mode

Step 3: Verify 

sudo birdc show protocols vultr
# Should show Established
Enter fullscreen mode Exit fullscreen mode

Vultr is popular for BYOIP because they don't charge extra and the BGP setup is straightforward.

BYOIP on GCP

Google Cloud requires a /24 IPv4 or /48 IPv6 minimum:

gcloud compute addresses create byoip-range \
    --ip-version=IPV6 \
    --prefix-length=48 \
    --addresses=2001:db8:abcd:: \
    --purpose=BYOIP
Enter fullscreen mode Exit fullscreen mode

Cost Comparison

Provider BYOIP IPv6 Fee Min Prefix BGP Support
AWS Free /48 Managed
Vultr Free /48 Self-managed (BIRD)
GCP Free /48 Managed
Hetzner Free /48 Self-managed
OVH Free /48 Self-managed

Common Pitfalls

ROA Issues

The most common BYOIP failure is incorrect ROA configuration. Make sure:

  • The ROA covers the exact prefix you're announcing
  • The origin ASN matches (cloud provider's ASN for managed, your ASN for self-managed)
  • Max length is set correctly

Your LIR should handle this. With NoPKT, for example, ROA creation and RPKI setup is included in their allocation service.

Propagation Time

  • AWS: 2-4 weeks for provisioning
  • Vultr: Minutes (BGP session)
  • GCP: 1-2 weeks

Letter of Authorization (LOA)

Some providers require an LOA from your RIR or LIR proving you control the prefix. Keep this document ready.

Multi-Cloud BYOIP Architecture

The real power of BYOIP is multi-cloud failover:

                    ┌─── AWS (2001:db8:abcd:1::/64)
                    │
Your Prefix ────────┼─── Vultr (2001:db8:abcd:2::/64)
2001:db8:abcd::/48  │
                    └─── Hetzner (2001:db8:abcd:3::/64)
Enter fullscreen mode Exit fullscreen mode

By announcing more-specific prefixes from each provider, you get automatic failover and traffic engineering capabilities.

Conclusion

BYOIP gives you true infrastructure independence. Combined with your own ASN, you can move between cloud providers without changing IPs, set up multi-cloud architectures, and maintain full control over your address space.

The initial setup — getting an ASN, IP space, RPKI, and IRR objects — is the biggest hurdle. Working with an experienced LIR makes this process much smoother.

Have questions about BYOIP or ASN setup? Drop a comment below.

Top comments (0)