@serve.zone/dcrouter 13.34.0 → 13.36.0

package/ts/config/classes.route-config-manager.ts

@@ -11,8 +11,7 @@ import type { IDcRouterRouteConfig } from '../../ts_interfaces/data/remoteingres
 import { type IHttp3Config, augmentRouteWithHttp3 } from '../http3/index.js';
 import type { ReferenceResolver } from './classes.reference-resolver.js';
 
-/** An IP allow entry: plain IP/CIDR or domain-scoped. */
-export type TIpAllowEntry = string | { ip: string; domains: string[] };
+export type TVpnClientAllowEntry = string | { clientId: string; domains: string[] };
 
 export interface IRouteMutationResult {
   success: boolean;
@@ -57,7 +56,7 @@ export class RouteConfigManager {
   constructor(
     private getSmartProxy: () => plugins.smartproxy.SmartProxy | undefined,
     private getHttp3Config?: () => IHttp3Config | undefined,
-    private getVpnClientIpsForRoute?: (route: IDcRouterRouteConfig, routeId?: string) => TIpAllowEntry[],
+    private getVpnClientAccessForRoute?: (route: IDcRouterRouteConfig, routeId?: string) => TVpnClientAllowEntry[],
     private referenceResolver?: ReferenceResolver,
     private onRoutesApplied?: (routes: plugins.smartproxy.IRouteConfig[]) => void | Promise<void>,
     private getRuntimeRoutes?: () => plugins.smartproxy.IRouteConfig[],
@@ -73,10 +72,10 @@ export class RouteConfigManager {
     return this.routes.get(id);
   }
 
-  public setVpnClientIpsResolver(
-    resolver?: (route: IDcRouterRouteConfig, routeId?: string) => TIpAllowEntry[],
+  public setVpnClientAccessResolver(
+    resolver?: (route: IDcRouterRouteConfig, routeId?: string) => TVpnClientAllowEntry[],
   ): void {
-    this.getVpnClientIpsForRoute = resolver;
+    this.getVpnClientAccessForRoute = resolver;
   }
 
   /**
@@ -608,49 +607,42 @@ export class RouteConfigManager {
     routeId?: string,
   ): plugins.smartproxy.IRouteConfig {
     const dcRoute = route as IDcRouterRouteConfig;
-    const vpnEntries = this.getVpnClientIpsForRoute?.(dcRoute, routeId) || [];
+    const vpnEntries = this.getVpnClientAccessForRoute?.(dcRoute, routeId) || [];
 
-    if (!dcRoute.vpnOnly) {
-      const existingAllowList = route.security?.ipAllowList;
-      if (!Array.isArray(existingAllowList) || existingAllowList.length === 0 || vpnEntries.length === 0) {
-        return route;
-      }
-
-      return {
-        ...route,
-        security: {
-          ...route.security,
-          ipAllowList: this.mergeIpAllowEntries(existingAllowList as TIpAllowEntry[], vpnEntries),
-        },
-      };
+    if (!dcRoute.vpnOnly && vpnEntries.length === 0) {
+      return route;
     }
 
-    const existingBlockList = route.security?.ipBlockList || [];
-    const ipBlockList = vpnEntries.length
-      ? existingBlockList
-      : [...new Set([...existingBlockList, '*'])];
+    const existingVpnSecurity = route.security?.vpn || {};
+    const mergedAllowedClients = this.mergeVpnClientAllowEntries(
+      existingVpnSecurity.allowedClients || [],
+      vpnEntries,
+    );
 
     return {
       ...route,
       security: {
         ...route.security,
-        ipAllowList: vpnEntries,
-        ipBlockList,
+        vpn: {
+          ...existingVpnSecurity,
+          required: dcRoute.vpnOnly ? true : existingVpnSecurity.required,
+          allowedClients: mergedAllowedClients,
+        },
       },
     };
   }
 
-  private mergeIpAllowEntries(
-    existingEntries: TIpAllowEntry[],
-    vpnEntries: TIpAllowEntry[],
-  ): TIpAllowEntry[] {
-    const merged: TIpAllowEntry[] = [];
+  private mergeVpnClientAllowEntries(
+    existingEntries: TVpnClientAllowEntry[],
+    vpnEntries: TVpnClientAllowEntry[],
+  ): TVpnClientAllowEntry[] {
+    const merged: TVpnClientAllowEntry[] = [];
     const seen = new Set<string>();
 
     for (const entry of [...existingEntries, ...vpnEntries]) {
       const key = typeof entry === 'string'
-        ? `ip:${entry}`
-        : `domain:${entry.ip}:${[...entry.domains].sort().join(',')}`;
+        ? `client:${entry}`
+        : `domain:${entry.clientId}:${[...entry.domains].sort().join(',')}`;
       if (seen.has(key)) continue;
       seen.add(key);
       merged.push(entry);

package/ts/config/classes.target-profile-manager.ts

@@ -5,7 +5,7 @@ import type { ITargetProfile, ITargetProfileTarget } from '../../ts_interfaces/d
 import type { IDcRouterRouteConfig } from '../../ts_interfaces/data/remoteingress.js';
 import type { IRoute } from '../../ts_interfaces/data/route-management.js';
 
-type TIpAllowEntry = string | { ip: string; domains?: string[] };
+type TVpnClientAllowEntry = string | { clientId: string; domains: string[] };
 
 /**
  * Manages TargetProfiles (target-side: what can be accessed).
@@ -206,37 +206,35 @@ export class TargetProfileManager {
   }
 
   // =========================================================================
-  // Core matching: route → client IPs
+  // Core matching: route → VPN client grants
   // =========================================================================
 
   /**
-   * For a vpnOnly route, find all enabled VPN clients whose assigned TargetProfile
-   * matches the route. Returns IP allow entries for injection into ipAllowList.
+   * Find all enabled VPN clients whose assigned TargetProfile matches the route.
+   * Returns SmartProxy VPN client allow entries for authenticated metadata checks.
    *
    * Entries are domain-scoped when a profile matches via specific domains that are
    * a subset of the route's wildcard. Plain IPs are returned for routeRef/target matches
    * or when profile domains exactly equal the route's domains. Profiles can also opt
-   * into source-IP matching against non-vpnOnly route security.
+   * into source-policy routes; SmartProxy evaluates the real source IP per connection.
    */
-  public getMatchingClientIps(
+  public getMatchingVpnClients(
     route: IDcRouterRouteConfig,
     routeId: string | undefined,
     clients: VpnClientDoc[],
     allRoutes: Map<string, IRoute> = new Map(),
-    clientSourceIps: Map<string, string> = new Map(),
-  ): Array<string | { ip: string; domains: string[] }> {
-    const entries: Array<string | { ip: string; domains: string[] }> = [];
+  ): TVpnClientAllowEntry[] {
+    const entries: TVpnClientAllowEntry[] = [];
     const routeDomains = this.getRouteDomains(route);
     const routeNameIndex = this.buildRouteNameIndex(allRoutes);
 
     for (const client of clients) {
-      if (!client.enabled || !client.assignedIp) continue;
+      if (!client.enabled || !client.clientId) continue;
       if (!client.targetProfileIds?.length) continue;
 
       // Collect scoped domains from all matching profiles for this client
       let fullAccess = false;
       const scopedDomains = new Set<string>();
-      const clientSourceIp = clientSourceIps.get(client.clientId);
 
       for (const profileId of client.targetProfileIds) {
         const profile = this.profiles.get(profileId);
@@ -258,10 +256,8 @@ export class TargetProfileManager {
         }
 
         if (
-          !route.vpnOnly
-          && profile.allowRoutesByClientSourceIp === true
-          && clientSourceIp
-          && this.routeAllowsSourceIp(route, clientSourceIp, routeDomains)
+          profile.allowRoutesByClientSourceIp === true
+          && this.routeHasSourcePolicy(route)
         ) {
           fullAccess = true;
           break;
@@ -269,9 +265,9 @@ export class TargetProfileManager {
       }
 
       if (fullAccess) {
-        entries.push(client.assignedIp);
+        entries.push(client.clientId);
       } else if (scopedDomains.size > 0) {
-        entries.push({ ip: client.assignedIp, domains: [...scopedDomains] });
+        entries.push({ clientId: client.clientId, domains: [...scopedDomains] });
       }
     }
 
@@ -285,7 +281,6 @@ export class TargetProfileManager {
   public getClientAccessSpec(
     targetProfileIds: string[],
     allRoutes: Map<string, IRoute>,
-    clientSourceIp?: string,
   ): { domains: string[]; targetIps: string[] } {
     const domains = new Set<string>();
     const targetIps = new Set<string>();
@@ -322,9 +317,7 @@ export class TargetProfileManager {
           routeNameIndex,
         );
         const sourceIpMatchesRoute = profile.allowRoutesByClientSourceIp === true
-          && clientSourceIp
-          && !dcRoute.vpnOnly
-          && this.routeAllowsSourceIp(dcRoute, clientSourceIp, routeDomains);
+          && this.routeHasSourcePolicy(dcRoute);
         if (profileMatchesRoute || sourceIpMatchesRoute) {
           for (const d of routeDomains) {
             domains.add(d);
@@ -450,197 +443,14 @@ export class TargetProfileManager {
     return false;
   }
 
-  private routeAllowsSourceIp(
-    route: IDcRouterRouteConfig,
-    sourceIp: string,
-    routeDomains: string[],
-  ): boolean {
+  private routeHasSourcePolicy(route: IDcRouterRouteConfig): boolean {
     const security = (route as any).security;
-    const ipAllowList = this.normalizeIpEntries(security?.ipAllowList);
-    const ipBlockList = this.normalizeIpEntries(security?.ipBlockList);
-
-    if (this.ipEntriesMatchSource(ipBlockList, sourceIp, routeDomains)) {
-      return false;
-    }
-
-    if (!ipAllowList.length) {
-      return true;
-    }
-
-    return this.ipEntriesMatchSource(ipAllowList, sourceIp, routeDomains);
-  }
-
-  private normalizeIpEntries(entries: unknown): TIpAllowEntry[] {
-    if (!entries) return [];
-    if (Array.isArray(entries)) return entries as TIpAllowEntry[];
-    return [entries as TIpAllowEntry];
-  }
-
-  private ipEntriesMatchSource(
-    entries: TIpAllowEntry[],
-    sourceIp: string,
-    routeDomains: string[],
-  ): boolean {
-    return entries.some((entry) => this.ipEntryMatchesSource(entry, sourceIp, routeDomains));
-  }
-
-  private ipEntryMatchesSource(
-    entry: TIpAllowEntry,
-    sourceIp: string,
-    routeDomains: string[],
-  ): boolean {
-    const ipPattern = typeof entry === 'string' ? entry : entry.ip;
-    if (typeof ipPattern !== 'string') return false;
-    if (!this.ipPatternMatchesSource(ipPattern, sourceIp)) {
-      return false;
-    }
-
-    if (typeof entry === 'string' || !entry.domains?.length) {
-      return true;
-    }
-
-    if (!routeDomains.length) {
-      return false;
-    }
-
-    return routeDomains.some((routeDomain) =>
-      entry.domains!.some((entryDomain) =>
-        this.domainMatchesPattern(routeDomain, entryDomain)
-        || this.domainMatchesPattern(entryDomain, routeDomain),
-      ),
-    );
-  }
-
-  private ipPatternMatchesSource(pattern: string, sourceIp: string): boolean {
-    const trimmedPattern = pattern.trim();
-    const trimmedSourceIp = sourceIp.trim();
-    if (!trimmedPattern || !trimmedSourceIp) return false;
-    if (trimmedPattern === '*') return true;
-    if (trimmedPattern === trimmedSourceIp) return true;
-
-    if (trimmedPattern.includes('/')) {
-      return this.ipMatchesCidr(trimmedSourceIp, trimmedPattern);
-    }
-
-    if (trimmedPattern.includes('-')) {
-      return this.ipMatchesRange(trimmedSourceIp, trimmedPattern);
-    }
-
-    if (trimmedPattern.includes('*')) {
-      return this.ipMatchesWildcard(trimmedSourceIp, trimmedPattern);
-    }
-
-    return false;
-  }
-
-  private ipMatchesCidr(sourceIp: string, cidr: string): boolean {
-    const [networkIp, prefixString] = cidr.split('/');
-    if (!networkIp || !prefixString) return false;
-    const source = this.ipToComparable(sourceIp);
-    const network = this.ipToComparable(networkIp);
-    const prefix = Number(prefixString);
-    if (!source || !network || source.version !== network.version) return false;
-
-    const bitCount = source.version === 4 ? 32 : 128;
-    if (!Number.isInteger(prefix) || prefix < 0 || prefix > bitCount) return false;
-    if (prefix === 0) return true;
-
-    const shift = BigInt(bitCount - prefix);
-    return (source.value >> shift) === (network.value >> shift);
-  }
-
-  private ipMatchesRange(sourceIp: string, range: string): boolean {
-    const [startIp, endIp] = range.split('-').map((part) => part.trim());
-    if (!startIp || !endIp) return false;
-    const source = this.ipToComparable(sourceIp);
-    const start = this.ipToComparable(startIp);
-    const end = this.ipToComparable(endIp);
-    if (!source || !start || !end) return false;
-    if (source.version !== start.version || source.version !== end.version) return false;
-    return source.value >= start.value && source.value <= end.value;
-  }
-
-  private ipMatchesWildcard(sourceIp: string, pattern: string): boolean {
-    const sourceParts = sourceIp.split('.');
-    const patternParts = pattern.split('.');
-    if (sourceParts.length !== 4 || patternParts.length !== 4) return false;
-
-    return patternParts.every((patternPart, index) => {
-      if (patternPart === '*') return true;
-      return patternPart === sourceParts[index];
-    });
-  }
-
-  private ipToComparable(ip: string): { version: 4 | 6; value: bigint } | undefined {
-    const normalizedIp = this.normalizeIpLiteral(ip);
-    const ipVersion = plugins.net.isIP(normalizedIp);
-    if (ipVersion === 4) {
-      const parts = normalizedIp.split('.').map((part) => Number(part));
-      if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part) || part < 0 || part > 255)) {
-        return undefined;
-      }
-      return {
-        version: 4,
-        value: parts.reduce((value, part) => (value << 8n) + BigInt(part), 0n),
-      };
-    }
-
-    if (ipVersion === 6) {
-      const parts = this.expandIpv6(normalizedIp);
-      if (!parts) return undefined;
-      return {
-        version: 6,
-        value: parts.reduce((value, part) => (value << 16n) + BigInt(part), 0n),
-      };
-    }
-
-    return undefined;
-  }
-
-  private normalizeIpLiteral(ip: string): string {
-    const trimmed = ip.trim().replace(/^\[|\]$/g, '');
-    const zoneIndex = trimmed.indexOf('%');
-    const withoutZone = zoneIndex === -1 ? trimmed : trimmed.slice(0, zoneIndex);
-    const ipv4MappedPrefix = '::ffff:';
-    if (withoutZone.toLowerCase().startsWith(ipv4MappedPrefix)) {
-      const mappedIpv4 = withoutZone.slice(ipv4MappedPrefix.length);
-      if (plugins.net.isIP(mappedIpv4) === 4) return mappedIpv4;
-    }
-    return withoutZone;
-  }
-
-  private expandIpv6(ip: string): number[] | undefined {
-    let normalizedIp = ip.toLowerCase();
-    if (normalizedIp.includes('.')) {
-      const lastColonIndex = normalizedIp.lastIndexOf(':');
-      const ipv4Part = normalizedIp.slice(lastColonIndex + 1);
-      const ipv4Comparable = this.ipToComparable(ipv4Part);
-      if (!ipv4Comparable || ipv4Comparable.version !== 4) return undefined;
-      const high = Number((ipv4Comparable.value >> 16n) & 0xffffn).toString(16);
-      const low = Number(ipv4Comparable.value & 0xffffn).toString(16);
-      normalizedIp = `${normalizedIp.slice(0, lastColonIndex)}:${high}:${low}`;
-    }
-
-    const doubleColonParts = normalizedIp.split('::');
-    if (doubleColonParts.length > 2) return undefined;
-
-    const head = doubleColonParts[0] ? doubleColonParts[0].split(':') : [];
-    const tail = doubleColonParts[1] ? doubleColonParts[1].split(':') : [];
-    const missingCount = 8 - head.length - tail.length;
-    if (missingCount < 0 || (doubleColonParts.length === 1 && missingCount !== 0)) return undefined;
-
-    const parts = [
-      ...head,
-      ...Array(missingCount).fill('0'),
-      ...tail,
-    ];
-    if (parts.length !== 8) return undefined;
-
-    const numbers = parts.map((part) => Number.parseInt(part || '0', 16));
-    if (numbers.some((part) => !Number.isInteger(part) || part < 0 || part > 0xffff)) {
-      return undefined;
-    }
-    return numbers;
+    const blockEntries = Array.isArray(security?.ipBlockList)
+      ? security.ipBlockList
+      : security?.ipBlockList
+        ? [security.ipBlockList]
+        : [];
+    return !blockEntries.some((entry: unknown) => typeof entry === 'string' && entry.trim() === '*');
   }
 
   private getRouteDomains(route: IDcRouterRouteConfig): string[] {

package/ts/monitoring/classes.metricsmanager.ts

@@ -3,6 +3,7 @@ import { DcRouter } from '../classes.dcrouter.js';
 import { MetricsCache } from './classes.metricscache.js';
 import { SecurityLogger, SecurityEventType } from '../security/classes.securitylogger.js';
 import { logger } from '../logger.js';
+import type { IAsnActivity } from '../../ts_interfaces/data/stats.js';
 
 export class MetricsManager {
   private metricsLogger: plugins.smartlog.Smartlog;
@@ -545,7 +546,7 @@ export class MetricsManager {
   // Get network metrics from SmartProxy
   public async getNetworkStats() {
     // Use shorter cache TTL for network stats to ensure real-time updates
-    return this.metricsCache.get('networkStats', () => {
+    return this.metricsCache.get('networkStats', async () => {
       const proxyMetrics = this.dcRouter.smartProxy ? this.dcRouter.smartProxy.getMetrics() : null;
 
       if (!proxyMetrics) {
@@ -554,6 +555,7 @@ export class MetricsManager {
           throughputRate: { bytesInPerSecond: 0, bytesOutPerSecond: 0 },
           topIPs: [] as Array<{ ip: string; count: number }>,
           topIPsByBandwidth: [] as Array<{ ip: string; count: number; bwIn: number; bwOut: number }>,
+          topASNs: [] as IAsnActivity[],
           totalDataTransferred: { bytesIn: 0, bytesOut: 0 },
           throughputHistory: [] as Array<{ timestamp: number; in: number; out: number }>,
           throughputByIP: new Map<string, { in: number; out: number }>(),
@@ -725,10 +727,15 @@ export class MetricsManager {
         .slice(0, 10)
         .map(([ip, data]) => ({ ip, count: data.count, bwIn: data.bwIn, bwOut: data.bwOut }));
 
-      this.dcRouter.securityPolicyManager?.queueObservedIps([
+      const observedIps = [...new Set([
+        ...connectionsByIP.keys(),
+        ...throughputByIP.keys(),
         ...topIPs.map((item) => item.ip),
         ...topIPsByBandwidth.map((item) => item.ip),
-      ]);
+      ])];
+      this.dcRouter.securityPolicyManager?.queueObservedIps(observedIps);
+
+      const topASNs = await this.buildTopASNs(observedIps, allIPData);
 
       // Build domain activity using per-IP domain request counts from Rust engine
       const connectionsByRoute = proxyMetrics.connections.byRoute();
@@ -872,6 +879,7 @@ export class MetricsManager {
         throughputRate,
         topIPs,
         topIPsByBandwidth,
+        topASNs,
         totalDataTransferred,
         throughputHistory,
         throughputByIP,
@@ -885,6 +893,60 @@ export class MetricsManager {
     }, 1000); // 1s cache — matches typical dashboard poll interval
   }
 
+  private async buildTopASNs(
+    observedIps: string[],
+    allIPData: Map<string, { count: number; bwIn: number; bwOut: number }>,
+  ): Promise<IAsnActivity[]> {
+    const manager = this.dcRouter.securityPolicyManager;
+    if (!manager || observedIps.length === 0) {
+      return [];
+    }
+
+    const intelligenceRecords = await manager.listIpIntelligence({
+      ipAddresses: observedIps,
+      limit: Math.max(100, observedIps.length),
+    });
+    const asnActivity = new Map<number, IAsnActivity>();
+
+    for (const record of intelligenceRecords) {
+      if (typeof record.asn !== 'number') continue;
+
+      const ipData = allIPData.get(record.ipAddress);
+      if (!ipData) continue;
+
+      const existing = asnActivity.get(record.asn);
+      const activity = existing || {
+        asn: record.asn,
+        organization: record.asnOrg || record.registrantOrg || `AS${record.asn}`,
+        country: record.countryCode || record.country || record.registrantCountry || null,
+        activeConnections: 0,
+        ipCount: 0,
+        bytesInPerSecond: 0,
+        bytesOutPerSecond: 0,
+        sampleIps: [],
+      };
+
+      activity.activeConnections += ipData.count;
+      activity.bytesInPerSecond += ipData.bwIn;
+      activity.bytesOutPerSecond += ipData.bwOut;
+      activity.ipCount++;
+      if (activity.sampleIps.length < 5) {
+        activity.sampleIps.push(record.ipAddress);
+      }
+      asnActivity.set(record.asn, activity);
+    }
+
+    return [...asnActivity.values()]
+      .sort((a, b) => {
+        const connectionDiff = b.activeConnections - a.activeConnections;
+        if (connectionDiff !== 0) return connectionDiff;
+        const bandwidthA = a.bytesInPerSecond + a.bytesOutPerSecond;
+        const bandwidthB = b.bytesInPerSecond + b.bytesOutPerSecond;
+        return bandwidthB - bandwidthA;
+      })
+      .slice(0, 10);
+  }
+
   // --- Time-series helpers ---
 
   private static minuteKey(ts: number = Date.now()): number {

package/ts/opsserver/handlers/security.handler.ts

@@ -103,6 +103,7 @@ export class SecurityHandler {
               throughputRate: networkStats.throughputRate,
               topIPs: networkStats.topIPs,
               topIPsByBandwidth: networkStats.topIPsByBandwidth,
+              topASNs: networkStats.topASNs,
               totalDataTransferred: networkStats.totalDataTransferred,
               throughputHistory: networkStats.throughputHistory || [],
               throughputByIP,
@@ -121,6 +122,7 @@ export class SecurityHandler {
             throughputRate: { bytesInPerSecond: 0, bytesOutPerSecond: 0 },
             topIPs: [],
             topIPsByBandwidth: [],
+            topASNs: [],
             totalDataTransferred: { bytesIn: 0, bytesOut: 0 },
             throughputHistory: [],
             throughputByIP: [],

package/ts/opsserver/handlers/stats.handler.ts

@@ -334,6 +334,7 @@ export class StatsHandler {
                     connections: ip.count,
                     bandwidth: { in: ip.bwIn, out: ip.bwOut },
                   })),
+                  topASNs: stats.topASNs || [],
                   domainActivity: stats.domainActivity || [],
                   throughputHistory: stats.throughputHistory || [],
                   requestsPerSecond: stats.requestsPerSecond || 0,

package/ts/vpn/classes.vpn-manager.ts

@@ -152,6 +152,8 @@ export class VpnManager {
       wgListenPort,
       clients: clientEntries,
       socketForwardProxyProtocol: !isBridge,
+      socketForwardProxyProtocolSource: 'remoteIp',
+      socketForwardProxyProtocolVpnMetadata: true,
       destinationPolicy: this.getServerDestinationPolicy(forwardingMode, defaultDestinationPolicy),
       serverEndpoint,
       clientAllowedIPs: [subnet],

package/ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '13.34.0',
+  version: '13.36.0',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

package/ts_web/appstate.ts

@@ -55,6 +55,7 @@ export interface INetworkState {
   totalBytes: { in: number; out: number };
   topIPs: Array<{ ip: string; count: number }>;
   topIPsByBandwidth: Array<{ ip: string; count: number; bwIn: number; bwOut: number }>;
+  topASNs: interfaces.data.IAsnActivity[];
   throughputByIP: Array<{ ip: string; in: number; out: number }>;
   ipIntelligence: interfaces.data.IIpIntelligenceRecord[];
   domainActivity: interfaces.data.IDomainActivity[];
@@ -176,6 +177,7 @@ export const networkStatePart = await appState.getStatePart<INetworkState>(
     totalBytes: { in: 0, out: 0 },
     topIPs: [],
     topIPsByBandwidth: [],
+    topASNs: [],
     throughputByIP: [],
     ipIntelligence: [],
     domainActivity: [],
@@ -689,6 +691,7 @@ export const fetchNetworkStatsAction = networkStatePart.createAction(async (stat
         : { in: 0, out: 0 },
       topIPs: networkStatsResponse.topIPs || [],
       topIPsByBandwidth: networkStatsResponse.topIPsByBandwidth || [],
+      topASNs: networkStatsResponse.topASNs || [],
       throughputByIP: networkStatsResponse.throughputByIP || [],
       ipIntelligence: currentState.ipIntelligence,
       domainActivity: networkStatsResponse.domainActivity || [],
@@ -3152,6 +3155,7 @@ async function dispatchCombinedRefreshActionInner() {
           bwIn: e.bandwidth?.in || 0,
           bwOut: e.bandwidth?.out || 0,
         })),
+        topASNs: network.topASNs || [],
         throughputByIP: network.topEndpoints.map(e => ({ ip: e.endpoint, in: e.bandwidth?.in || 0, out: e.bandwidth?.out || 0 })),
         domainActivity: network.domainActivity || [],
         throughputHistory: network.throughputHistory || [],

package/ts_web/elements/network/ops-view-network-activity.ts

@@ -308,6 +308,9 @@ export class OpsViewNetworkActivity extends DeesElement {
         <!-- Top IPs by Connection Count -->
         ${this.renderTopIPs()}
 
+        <!-- Top ASNs by Connection Count -->
+        ${this.renderTopASNs()}
+
         <!-- Top IPs by Bandwidth -->
         ${this.renderTopIPsByBandwidth()}
 
@@ -450,6 +453,28 @@ export class OpsViewNetworkActivity extends DeesElement {
     ];
   }
 
+  private getAsnDataActions() {
+    return [
+      {
+        name: 'Block ASN',
+        iconName: 'lucide:radio-tower',
+        type: ['inRow', 'contextmenu'] as any,
+        actionFunc: async (actionData: any) => {
+          await this.createBlockRuleDialog('asn', String(actionData.item.asn), 'Blocked ASN from Network Activity');
+        },
+      },
+      {
+        name: 'Block Organization',
+        iconName: 'lucide:building-2',
+        type: ['contextmenu'] as any,
+        actionRelevancyCheckFunc: (actionData: any) => Boolean(actionData.item.organization),
+        actionFunc: async (actionData: any) => {
+          await this.createBlockRuleDialog('organization', actionData.item.organization, 'Blocked organization from Network Activity');
+        },
+      },
+    ];
+  }
+
   private calculateThroughput(): { in: number; out: number } {
     // Use real throughput data from network state
     return {
@@ -619,6 +644,40 @@ export class OpsViewNetworkActivity extends DeesElement {
     `;
   }
 
+  private renderTopASNs(): TemplateResult {
+    if (!this.networkState.topASNs || this.networkState.topASNs.length === 0) {
+      return html``;
+    }
+
+    return html`
+      <dees-table
+        .data=${this.networkState.topASNs}
+        .rowKey=${'asn'}
+        .highlightUpdates=${'flash'}
+        .displayFunction=${(asnData: appstate.INetworkState['topASNs'][number]) => {
+          return {
+            'ASN': `AS${asnData.asn}`,
+            'Organization': this.formatOptional(asnData.organization),
+            'Connections': asnData.activeConnections,
+            'IPs': asnData.ipCount,
+            'Bandwidth In': this.formatBitsPerSecond(asnData.bytesInPerSecond),
+            'Bandwidth Out': this.formatBitsPerSecond(asnData.bytesOutPerSecond),
+            'Total Bandwidth': this.formatBitsPerSecond(asnData.bytesInPerSecond + asnData.bytesOutPerSecond),
+            'Country': this.formatOptional(asnData.country),
+            'Sample IPs': asnData.sampleIps.join(', '),
+          };
+        }}
+        .dataActions=${this.getAsnDataActions()}
+        heading1="Top Connected ASNs"
+        heading2="Organizations causing the most active connections across observed IPs"
+        searchable
+        .showColumnFilters=${true}
+        .pagination=${false}
+        dataName="ASN"
+      ></dees-table>
+    `;
+  }
+
   private renderTopIPsByBandwidth(): TemplateResult {
     if (!this.networkState.topIPsByBandwidth || this.networkState.topIPsByBandwidth.length === 0) {
       return html``;