diff --git a/content/network/IPAM.md b/content/network/IPAM.md index f591a01..bf6cab7 100644 --- a/content/network/IPAM.md +++ b/content/network/IPAM.md @@ -18,11 +18,11 @@ IP address tables |IPv6 Address Range|Purpose| |:--|:--| -|fd42:4242:2601:acXX::/64|Anycast services| -|fd42:4242:2601:*AA*::/64|Public services for host *AA*| +|fd42:4242:2601:acXX::/64|anycast services| +|fd42:4242:2601:*AA*::/64|public services for host *AA*| +|fd42:4242:2601:10*AA*::/64|dmz services for host *AA*| |fd42:4242:2601:*AA*00::/56|/56 routed to host *AA*| -|fd42:4242:2601:*AA*02::/64|Tier2 services on host *AA*| -|fd42:4242:2601:*AA*64::/64|NAT64 service related to host *AA*| +|fd42:4242:2601:*AA*02::/64|tier2 services on host *AA*| ## burble.dn42 Services @@ -34,69 +34,80 @@ IP address tables |[burble.dn42](https://burble.dn42)
[www.burble.dn42](https://burble.dn42)|172.20.129.3|fd42:4242:2601:ac80::1|Website| |collector.dn42|172.20.129.4|fd42:4242:2601:ac12::1|Global Route Collector| |pingable.burble.dn42|172.20.129.5|fd42:4242:2601:ac05::1|Pingable IP Address| -|nats.burble.dn42|172.20.129.6|fd42:4242:2601:ac06::1|nats.io Cluster| -| |172.20.129.7| |_Unallocated_| -|whois.burble.dn42|172.20.129.8|fd42:4242:2601:ac43::1|Whois service| +||172.20.129.6||_unallocated_| +||172.20.129.7||_unallocated_| +|whois.burble.dn42|172.20.129.8|fd42:4242:2601:ac43::1|Whois service anycast| |voip.burble.dn42|172.20.129.9|fd42:4242:2601:37:216:3eff:fe8f:6211|Asterisk VOIP Service| -|shell.burble.dn42|172.20.129.10|fd42:4242:2601:ac22::1|Shell service| -| |172.20.129.11| |_Unallocated_| +|shell.burble.dn42|172.20.129.10|fd42:4242:2601:ac22::1|Shell service anycast| +|traefik-v2.burble.dn42|172.20.129.11|fd42:4242:2601:ac81::1|Global traefik cluster| |traefik.burble.dn42|172.20.129.12|fd42:4242:2601:ac82::1|Global traefik cluster| |traefik-eu.burble.dn42|172.20.129.13|fd42:4242:2601:ac83::1|Europe traefik cluster| |traefik-na.burble.dn42|172.20.129.14|fd42:4242:2601:ac84::1|North America traefik cluster| | |_172.20.129.15-19_| |_Unallocated_| -||172.20.129.20/30|_n/a_|[Dialup Service](/retro/modem/) endpoints| -|shell.de.burble.dn42|172.20.129.24|fd42:4242:2601:100b:216:3eff:fe32:1a21|DE shell service| -|shell.uk.burble.dn42|172.20.129.25|fd42:4242:2601:1015:216:3eff:fe91:b943|UK shell service| -|shell.nyc.burble.dn42|172.20.129.26|fd42:4242:2601:101d:216:3eff:fefc:722|NYC shell service| -|shell.lax.burble.dn42|172.20.129.27|fd42:4242:2601:1018:216:3eff:feaa:7249|LAX shell service| -|shell.fr.burble.dn42|172.20.129.28|fd42:4242:2601:1017:216:3eff:fe01:2f1f|FR shell service| -||172.20.129.30||*shell service unassigned*| +||172.20.129.20/30| |[Dialup Service](/retro/modem/) endpoints| +|shell.ca-bhs1.burble.dn42|172.20.129.21|fd42:4242:2601:100c:72ef:f1ff:febb:d521|Shell Server| +|shell.us-ash1.burble.dn42|172.20.129.22|fd42:4242:2601:1017:72ef:f1ff:febb:d521|Shell Server| +|shell.fr-rbx1.burble.dn42|172.20.129.23|fd42:4242:2601:1006:72ef:f1ff:febb:d521|Shell Server| +|shell.de-fra2.burble.dn42|172.20.129.24|fd42:4242:2601:100b:72ef:f1ff:febb:d521|Shell Server| +|shell.uk-lon1.burble.dn42|172.20.129.25|fd42:4242:2601:1015:72ef:f1ff:febb:d521|Shell Server| +|shell.us-nyc2.burble.dn42|172.20.129.26|fd42:4242:2601:101d:72ef:f1ff:febb:d521|Shell Server| +|shell.us-lax2.burble.dn42|172.20.129.27|fd42:4242:2601:1018:72ef:f1ff:febb:d521|Shell Server| +| |_172.20.129.28-30_| |*shell service unassigned*| ||172.20.129.31||*unassigned*| ## burble.dn42 Nodes (DN42 Addressing) |DNS|IPv4|IPv6|Comment| |:--|:--|:--|:--| -|*unassigned* |172.20.129.164|fd42:4242:2601:3f::1|| +|fr-gra1.burble.dn42 |172.20.129.164|fd42:4242:2601:3f::1|Private Node| |us-nyc3.burble.dn42 |172.20.129.165|fd42:4242:2601:3a::1|NYC Cluster| |uk-lon2.burble.dn42 |172.20.129.166|fd42:4242:2601:2e::1|UK Storage| -|*unassigned* |172.20.129.167|fd42:4242:2601:2d::1|| -|nl-ams2.burble.dn42 |172.20.129.168|fd42:4242:2601:34::1|Private Node| +|se-sto1.burble.dn42 |172.20.129.167|fd42:4242:2601:2d::1|SE Public Peering| +|de-fra3.burble.dn42 |172.20.129.168|fd42:4242:2601:34::1|Private Node| |de-fra1.burble.dn42 |172.20.129.169|fd42:4242:2601:31::1|DE Public Peering| -|de-fra3.burble.dn42 |172.20.129.170|fd42:4242:2601:2c::1|DE Dev Cluster| +|ca-bhs1.burble.dn42 |172.20.129.170|fd42:4242:2601:2c::1|CA Public Peering| |de-fra2.burble.dn42 |172.20.129.171|fd42:4242:2601:2b::1|DE Cluster| |us-lax1.burble.dn42 |172.20.129.172|fd42:4242:2601:2a::1|LAX Public Peering| -|ch-zur2.burble.dn42 |172.20.129.173|fd42:4242:2601:27::1|CH Cluster| -|ch-zur1.burble.dn42 |172.20.129.174|fd42:4242:2601:28::1|CH Public Peering| +|uk-lon6.burble.dn42 |172.20.129.173|fd42:4242:2601:27::1|UK Cluster| +|ch-zur1.burble.dn42 |172.20.129.174|fd42:4242:2601:28::1|CH Public Peering - *being decommissioned*| |us-nyc1.burble.dn42 |172.20.129.175|fd42:4242:2601:29::1|NYC Public Peering| |us-nyc2.burble.dn42 |172.20.129.176|fd42:4242:2601:3d::1|NYC Cluster| |uk-lon4.burble.dn42 |172.20.129.177|fd42:4242:2601:25::1|UK Cluster| |uk-lon5.burble.dn42 |172.20.129.178|fd42:4242:2601:24::1|UK Cluster| -|de-fra4.burble.dn42 |172.20.129.179|fd42:4242:2601:23::1|DE Dev Cluster| +|uk-cov1.burble.dn42 |172.20.129.179|fd42:4242:2601:23::1|UK Cluster| |us-lax2.burble.dn42 |172.20.129.180|fd42:4242:2601:38::1|LAX Cluster| -|de-nue1.burble.dn42 |172.20.129.181|fd42:4242:2601:37::1|DE Cluster| -|*unassigned* |172.20.129.182|fd42:4242:2601:3e::1|| -|nl-ams3.burble.dn42 |172.20.129.183|fd42:4242:2601:3c::1|Experimental| +|us-ash1.burble.dn42 |172.20.129.181|fd42:4242:2601:37::1|Ashburn Public Peering| +|fr-par2.burble.dn42 |172.20.129.182|fd42:4242:2601:3e::1|FR Cluster| +|nl-ams3.burble.dn42 |172.20.129.183|fd42:4242:2601:3c::1|Experimental - *being decommissioned*| |uk-lon3.burble.dn42 |172.20.129.184|fd42:4242:2601:30::1|Private Node| -|no-trd1.burble.dn42 |172.20.129.185|fd42:4242:2601:39::1|NO Public Peering| +|no-trd1.burble.dn42 |172.20.129.185|fd42:4242:2601:39::1|NO Public Peering - *being decommissioned*| |nl-ams1.burble.dn42 |172.20.129.186|fd42:4242:2601:32::1|Private Node| |uk-lon1.burble.dn42 |172.20.129.187|fd42:4242:2601:35::1|UK Public Peering| -|fr-par1.burble.dn42 |172.20.129.188|fd42:4242:2601:36::1|FR Public Peering| -|*unassigned* |172.20.129.189|fd42:4242:2601:26::1|| -|*reserved* |172.20.129.190|fd42:4242:2601:20::1|Private Node| -|*reserved* |172.20.129.191|fd42:4242:2601:20::1|Private Node| +|fr-par1.burble.dn42 |172.20.129.188|fd42:4242:2601:36::1|FR Public Peering - *being decommissioned*| +|fr-rbx1.burble.dn42 |172.20.129.189|fd42:4242:2601:26::1|FR Public Peering| +|*reserved* |172.20.129.190|fd42:4242:2601:20::1|| +|*reserved* |172.20.129.191|fd42:4242:2601:20::1|| ## burble.dn42 Nodes (Public Addressing) |DNS|IPv4|IPv6| |:--|:--|:--| -|dn42-fr-par1.burble.com|51.159.194.131|2001:bc8:1201:50d:d6ae:52ff:fecc:c97| +|dn42-fr-rbx1.burble.com|51.254.198.204|2001:41d0:1008:acc::1| |dn42-uk-lon1.burble.com|45.91.93.104|2a0e:dc0:5:5::1| |dn42-de-fra1.burble.com|5.180.253.211|2a0e:6a80:3:430::1| -|dn42-ch-zur1.burble.com|45.91.92.111|2a0e:dc0:6:8::1| -|dn42-no-trd1.burble.com|217.168.87.226|2001:678:dd0:ffff::25| +|dn42-se-sto1.burble.com|176.126.84.199|2a0e:dc0:2:1e93::1| +|dn42-ca-bhs1.burble.com|167.114.211.156|2607:5300:60:7a9c::1| |dn42-us-lax1.burble.com|45.67.219.3|2a04:bdc7:100:4656::1| |dn42-us-nyc1.burble.com|109.205.61.36|2605:4840:2:eed4::1| +|dn42-us-ash1.burble.com|173.249.195.195|2607:9000:9000:10ae::a| |DNS|IPv4|IPv6| |:--|:--|:--| |git.dn42.dev |45.91.93.104|2a0e:dc0:5:5:425d:6eff:feb4:6e2d| + +## elburb.dn42 + +elburb.dn42 is a private domain used for burble.dn42 internal services. + +|IPv6 Range|Purpose| +|:--|:--| +|fd8f:a4c9:1c03::/48|Reserved for internal use| diff --git a/content/network/design.md b/content/network/design.md index 270e4da..b9c1f53 100644 --- a/content/network/design.md +++ b/content/network/design.md @@ -3,7 +3,11 @@ title: "Network Design" geekdocDescription: "burble.dn42 network design" weight: 0 --- -This page documents some key elements of the current burble.dn42 design. + +{{}} +This page documents a previous iteration of the burble.dn42 network and +is currently out of date. +{{}} ## Tunnel Mesh diff --git a/content/network/nodes.md b/content/network/nodes.md index c83a4ca..81f9825 100644 --- a/content/network/nodes.md +++ b/content/network/nodes.md @@ -8,8 +8,25 @@ Public peering nodes ## Europe +### dn42-fr-rbx1 + +||| +|---|---| +|**Location**|OVH, Roubaix, France| +|**Specs**|E5-1650v3, 64GB, 2 x 480GB SSD, 300mbit up/1Gbit down| +|**Public Hostname**|dn42-fr-rbx1.burble.com| +|**Public IPv4 Address**|51.254.198.204| +|**Public IPv6 Address**|2001:41d0:1008:acc::1| +|**Tunnel IPv4 Peer Address**|172.20.129.189/32| +|**Tunnel IPv6 Link Local**|fe80::42:2601:26:1/64| +|**Tunnel IPv6 ULA**|fd42:4242:2601:26::1/128| + ### dn42-fr-par1 +{{}} +fr-par1 is being decommissioned +{{}} + ||| |---|---| |**Location**|Scaleway/Online.net, Paris, France| @@ -37,7 +54,7 @@ Public peering nodes ### dn42-de-fra1 ||| |---|---| -|**Location**|Bero Host, Frankfurt, Germany| +|**Location**|BeroHost, Frankfurt, Germany| |**Specs**|6 x EPYC 7443P, 24GB, 300GB NVME, 25TB @ 10gbit| |**Public Hostname**|dn42-de-fra1.burble.com| |**Public IPv4 Address**|5.180.253.211| @@ -46,33 +63,45 @@ Public peering nodes |**Tunnel IPv6 Link Local**|fe80::42:2601:31:1/64| |**Tunnel IPv6 ULA**|fd42:4242:2601:31::1/128| -### dn42-ch-zur1 +### dn42-se-sto1 + ||| |---|---| -|**Location**|HostHatch, Zurich, Switzerland| -|**Specs**|2 x E5-2690v2, 12GB, 60GB SSD, 10TB @ 10gbit| -|**Public Hostname**|dn42-ch-zur1.burble.com| -|**Public IPv4 Address**|45.91.92.111| -|**Public IPv6 Address**|2a0e:dc0:6:8::1| -|**Tunnel IPv4 Peer Address**|172.20.129.174/32| -|**Tunnel IPv6 Link Local**|fe80::42:2601:28:1/64| -|**Tunnel IPv6 ULA**|fd42:4242:2601:28::1/128| - -### dn42-no-trd1 -||| -|---|---| -|**Location**|Trondheim, Norway| -|**Specs**|2 shared cores, 2GB, 16GB SSD, 1gbit unmetered| -|**Public Hostname**|dn42-no-trd1.burble.com| -|**Public IPv4 Address**|217.168.87.226| -|**Public IPv6 Address**|2001:678:dd0:ffff::25| -|**Tunnel IPv4 Peer Address**|172.20.129.185/32| -|**Tunnel IPv6 Link Local**|fe80::42:2601:39:1/64| -|**Tunnel IPv6 ULA**|fd42:4242:2601:39::1/128| - +|**Location**|HostHatch, Stockholm, Sweden| +|**Specs**|6 x EPYC 7542, 32GB, 340GB NVME, 10gbit| +|**Public Hostname**|dn42-se-sto1.burble.com| +|**Public IPv4 Address**|176.126.84.199| +|**Public IPv6 Address**|2a0e:dc0:2:1e93::1| +|**Tunnel IPv4 Peer Address**|172.20.129.167/32| +|**Tunnel IPv6 Link Local**|fe80::42:2601:2d:1/64| +|**Tunnel IPv6 ULA**|fd42:4242:2601:2d::1/128| ## North America +### dn42-ca-bhs1 +||| +|---|---| +|**Location**|OVH, Beauharnois, Canada| +|**Specs**|E5-1650v3, 64GB, 2 x 480GB SSD, 300mbit up/1Gbit down| +|**Public Hostname**|dn42-ca-bhs1.burble.com| +|**Public IPv4 Address**|167.114.211.156| +|**Public IPv6 Address**|2607:5300:60:7a9c::1| +|**Tunnel IPv4 Peer Address**|172.20.129.170/32| +|**Tunnel IPv6 Link Local**|fe80::42:2601:2c:1/64| +|**Tunnel IPv6 ULA**|fd42:4242:2601:2c::1/128| + +### dn42-us-ash1 +||| +|---|---| +|**Location**|GreenCloud, Ashburn, United States| +|**Specs**|8 x EPYC 7763, 32GB, 480GB NVME, 10gbit| +|**Public Hostname**|dn42-us-ash1.burble.com| +|**Public IPv4 Address**|173.249.195.195| +|**Public IPv6 Address**|2607:9000:9000:10ae::a| +|**Tunnel IPv4 Peer Address**|172.20.129.181/32| +|**Tunnel IPv6 Link Local**|fe80::42:2601:37:1/64| +|**Tunnel IPv6 ULA**|fd42:4242:2601:37::1/128| + ### dn42-us-lax1 ||| |---|---| diff --git a/content/network/status.md b/content/network/status.md index 365fc21..93a25c4 100644 --- a/content/network/status.md +++ b/content/network/status.md @@ -4,13 +4,6 @@ geekdocDescription: "Network Status" weight: 100 --- -## Uptime Kuma - -- [https://uptime.burble.dn42/status/bdn42](https://uptime.burble.dn42/status/bdn42) (dn42) -- [https://uptime.burble.com/status/bdn42](https://uptime.burble.com/status/bdn42) (com) - -A self-hosted instance of [Uptime Kuma](https://github.com/louislam/uptime-kuma) provides the current status on many of the burble.dn42 services. - ## Uptime Robot - [https://stats.uptimerobot.com/l2913c0R6](https://stats.uptimerobot.com/l2913c0R6) (public internet link) diff --git a/content/retro/fake.md b/content/retro/fake.md index 3f151be..ca7aee1 100644 --- a/content/retro/fake.md +++ b/content/retro/fake.md @@ -5,6 +5,11 @@ weight: 20 --- No modem ? no problem. +{{}} +Dialup services may or may not be available depending on rebuild progress. +{{}} + + If you don't have a physical modem you can still get that retro vibe by accessing dn42 using the modem emulator service. This service presents a series of TCP/IP ports that emulate a subset of the Hayes AT command set diff --git a/content/services/acme.md b/content/services/acme.md index 9d1a03d..4f69cff 100644 --- a/content/services/acme.md +++ b/content/services/acme.md @@ -152,7 +152,7 @@ high availability service. The cluster currently runs on the following nodes: - - ch-zur2 + - uk-lon1 - de-fra1 - fr-par1 diff --git a/content/services/ca.md b/content/services/ca.md index 1d5801b..e74d43b 100644 --- a/content/services/ca.md +++ b/content/services/ca.md @@ -18,34 +18,41 @@ burble.dn42 maintains a PKI infarstructure for its services, using ## CA Download -[burble-dn42-ca.pem](/burble-dn42-ca.pem) - ``` -----BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIUBIkK5f6OppmInBEKnG0xiNTn7lIwDQYJKoZIhvcNAQEL -BQAwazELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJs -ZS5kbjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYP -ZG40MkBidXJibGUuY29tMB4XDTE5MDgxMzEwMDg0OVoXDTI5MDUxMjEwMDg0OVow -azELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJsZS5k -bjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYPZG40 -MkBidXJibGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSxS -bQq27BmOsx5aX/G3x/lcIt0N0ECb0pZ8laX1/DFMWTBgQxpcwuOGyagsq7Jd6Ozt -fvZUAD8K3P0q6JCX+164Yq+3yA1urchdUf0rFby6JJYkhSSVnzTWouNRfiTNYmUK -C6Dtd3ZDQux6+8JAxI1rYGV+HqJ4y2N5A1pGGjLLfESfu38I2SflT5tUVNRgTfV9 -ERbIQl7Zq9fYoizLnkbGWRSY5lk8Cwyz1q342Z8NazE5glJgE54uzLMmcdZfSD5f -2wF/XgIM8vcpXGo10aU8ZiYlevxDls1S/p2IdIZ3idb9+38hEY+mBenDNxA1Ad+d -5lQZIL0v7QHgtHiyqQIDAQABo1MwUTAdBgNVHQ4EFgQU3z7rCRdMpqOyh7MLWfO8 -F75hmxwwHwYDVR0jBBgwFoAU3z7rCRdMpqOyh7MLWfO8F75hmxwwDwYDVR0TAQH/ -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAm2hdaRx7CESeeWpvQIUmWysYWZ5r -tLsDkU0PdM2vQSB42MbngKNGi2GU1CXgQhNiYDieoIMhtfMf1Zl6PBm13XE11COg -HKCbs828G5X6HrlCnVAfqQiaa0HLZ0vFO94RVknn/wqr2VoHKNLdA46gMD67FWGm -KGyeD480JbIOiM69r/4JGzuJSh384CxH6KPCX7dUywxgI9zbW99SaKTQNJ8Z+O04 -qPtmh+qW0L8a7lTuaR/SEbloDA+ztDYyEPsgmVpvM+e2PtJdmygGaUc8Y15TevJR -PGauY9oPLMXdxRYsqjQeKjBXv7Ms0CQB8XNHQ7zPsM83EZD5Eq68wLIvUA== +MIIFYzCCA0ugAwIBAgIUDFQuqm9Jd1nKLsvx0mFD0sOo5ZIwDQYJKoZIhvcNAQEL +BQAwLDEUMBIGA1UEChMLYnVyYmxlLmRuNDIxFDASBgNVBAMTC2J1cmJsZS5kbjQy +MCAXDTI0MTIwNTE0MDgzM1oYDzIwNzQxMTIzMTQwOTAyWjAsMRQwEgYDVQQKEwti +dXJibGUuZG40MjEUMBIGA1UEAxMLYnVyYmxlLmRuNDIwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDBU5+AhFEIgQb8HpV6DWTyHCEFsSLHfYElV7Su+q/R +5RxeLSoYbNrzfsKzoWdVS7lHhmxSsjsY4fM6P3mxhns4QmUOobvB0tuDWtWnudKU +oOqT2U5XCZZ05342F5isnEHdGYZPolMnFkv4Diiy4Bx+fgFElyqA7yJpIvuHXK1W +upy9V5NC6zcUBs6S3grOKRJ4Wk1PZMjGj++wt5B8wc+eqOt/P/V33dqdou6vvQgE +9TAPn36dYLsY3ifIZCSf4VWEtkJTsuEx/eGGnbkH6Q6Qwqz6gMFE9ICHadSpxBDR +GMFRBYAaDE3m/YQxezkQ3rJIj88crKzM/UgM2xB6W6Z69tUZWJU39c5SP96/nxaY +qhBw1IwfPborpBx0iWNOa9sZwWlJPUDeRvqyFeZSsza8luGXd8SnXFL4YGscZUzn +Y19nrfy4xzkwrGRQw1cQiYa6mvfxcZtRFDbNu+k4nBXrLwdUtvyGImkGhNVJxu4T +RTAi3YOf8cm5Vibr6nL2iDZBXpc0NRZJGteHlyvU7QV5iXBq7aB8oBTu2mJ4xHLn +qdokBlEblcmDDJGzKV6Y2RXVDsUeZjnSfuYUQ7+UvzWu3upWcXIw9+SPJJGFAZqh +39YC2R0kvMhE81TfIe+G80pTXNOkvaWb+ubkJaKyIKvlC3AnHcFOzeM3r0Sp9wy9 +1wIDAQABo3sweTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUhCbuFSi7v4bKCY8nWJMIYsd6XPYwHwYDVR0jBBgwFoAUhCbuFSi7v4bK +CY8nWJMIYsd6XPYwFgYDVR0RBA8wDYILYnVyYmxlLmRuNDIwDQYJKoZIhvcNAQEL +BQADggIBAIBX61fUiNS9N9xxksuwnGPgJSVdGIGFKexYDbVEG2NsyF55K1XuyWWP +bh059agAZoTrJRVINCTTwe0Ox+J87RqoozGMR6/xKd83hCVMTZHEcKJzR5N0s/PR +PAnzRFUPWXkHjjY+9NrVQ8taLVIRpnkTt08RRcvvaFaC2Am5kUZRqc7U5vNkOX1U +Jgl2G88TJphsxf8HgFBB0VFOxvo04Ub6v+RIVDy+hDWllx8t6KOn2hketSeCsQOc +0g9WGn86ofSvWgLvpd6w4RnIWVggSNd+vcOXJhpBN4FvrJXU4XYADj/sf3x1GHkj +ODs0CPzsI2sR3JBxDUJwK/10qQyCnvJ5cKPT+OgpJlf3swLRyapE/p5jcs22iIBF +ZIHLePCgfv7QSntLuf9ahx4NAMmz/R23im4tcUD3alZ6iTPvPtcGi+FeAOBXChWr +ItpNnlrPEPdqTKKmmfFdrehOYYVoX+Ch4WOdftpXr2KEECjiZhMEMywhgXecjnCM +c691Tpa+sdCrQ56kD5I1xGzZKINcHpuiek0H/S7dPUE4PjH8ol0ccSxawgeA/Udm +FtM7hk85EYPUESzQGFEbUoQ6RS9r087zYKwowZN2rJ/MrCF/i7WIqt03YG87V8J3 +BUtApScN9rpa7AdP0egAoNdPohO3yIahwvfDvecSERcmg5AeTQu5 -----END CERTIFICATE----- ``` {{}} -Certificate Expiry Date: ```May 12 10:08:49 2029 GMT``` +Certificate Expiry Date: ```Nov 23 14:09:02 2074``` {{}} diff --git a/content/services/internal.md b/content/services/internal.md index 4c13c05..4d38185 100644 --- a/content/services/internal.md +++ b/content/services/internal.md @@ -66,13 +66,6 @@ that is used primarily for web application workloads. Nomad integrates with [traefik](/services/internal/#traefik--traefik-eu--traefik-na) to provide resilient, globally available applications. -## nats.burble.dn42 - -burble.dn42 operates a [nats.io](https://nats.io/) cluster as a distributed, -network wide, broadcast and RPC solution. - -The cluster uses decentralised JWT tokens for authentication. - ## ci.burble.dn42 The burble.dn42 [git](/services/public#git) has an associated CI/CD service diff --git a/content/services/shell.md b/content/services/shell.md index 5e3048b..2b3cae2 100644 --- a/content/services/shell.md +++ b/content/services/shell.md @@ -5,11 +5,13 @@ weight: 60 --- burble.dn42 provides shell accounts on the following servers: -- shell.fr.burble.dn42 -- shell.uk.burble.dn42 -- shell.de.burble.dn42 -- shell.lax.burble.dn42 -- shell.nyc.burble.dn42 +- shell.fr-rbx1.burble.dn42 +- shell.uk-lon1.burble.dn42 +- shell.de-fra2.burble.dn42 +- shell.ca-bhs1.burble.dn42 +- shell.us-ash1.burble.dn42 +- shell.us-lax2.burble.dn42 +- shell.us-nyc2.burble.dn42 There is also an anycast address [shell.burble.dn42](https://shell.burble.dn42) that will route to the closest server. @@ -43,12 +45,15 @@ ssh foo@shell.burble.dn42 or log in to a specific server: ```shell -ssh foo@shell.fr.burble.dn42 +ssh foo@shell.fr-rbx1.burble.dn42 ``` Your home directory is created automatically on first access and will then -persist across logins. -Home directories are *not* replicated across servers. +persist across logins. + +{{}} +Home directories are **not** replicated across servers. +{{}} ## Key Services @@ -71,12 +76,14 @@ The shell servers include a webserver with user directories (`~/public_html/`) and CGI (`~/public_html/cgi-bin/`) enabled. The webserver is accessed over https and has a dn42 certificate. -- `https://shell.fr.burble.dn42/~/` -- `https://shell.uk.burble.dn42/~/` -- `https://shell.de.burble.dn42/~/` -- `https://shell.lax.burble.dn42/~/` -- `https://shell.nyc.burble.dn42/~/` - `https://shell.burble.dn42/~/` +- `https://shell.fr-rbx1.burble.dn42/~/` +- `https://shell.uk-lon1.burble.dn42/~/` +- `https://shell.de-fra2.burble.dn42/~/` +- `https://shell.ca-bhs1.burble.dn42/~/` +- `https://shell.us-ash1.burble.dn42/~/` +- `https://shell.us-lax2.burble.dn42/~/` +- `https://shell.us-nyc2.burble.dn42/~/` {{}} Remember that any files need to be accessible by the webserver, diff --git a/public/2021/ExportedRoutes2021.png b/public/2021/ExportedRoutes2021.png new file mode 100644 index 0000000..fb5b9c2 Binary files /dev/null and b/public/2021/ExportedRoutes2021.png differ diff --git a/public/2021/ROA2021.png b/public/2021/ROA2021.png new file mode 100644 index 0000000..58d1473 Binary files /dev/null and b/public/2021/ROA2021.png differ diff --git a/public/404.html b/public/404.html index cc43bfb..ac7a114 100644 --- a/public/404.html +++ b/public/404.html @@ -1,7 +1,7 @@ - + @@ -42,7 +42,7 @@
- + @@ -61,7 +61,7 @@
Error 404
Seems like what you are looking for can't be found. Don't worry we can - bring you back to the homepage. + bring you back to the homepage.
diff --git a/public/additional/index.html b/public/additional/index.html index f67bf6a..f221226 100644 --- a/public/additional/index.html +++ b/public/additional/index.html @@ -1,7 +1,7 @@ - + @@ -31,7 +31,7 @@ - + @@ -49,7 +49,7 @@ - + @@ -120,8 +120,8 @@ - - Overview + + Network Design @@ -282,6 +282,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -422,6 +447,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -438,6 +538,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -482,13 +690,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -781,7 +1012,7 @@
  • - Maintenance Log: A log of changes to the burble.dn42 network + Maint. Log Archive: A log of changes to the burble.dn42 network @@ -842,6 +1073,19 @@ +
  • + + + Other stuff: Other random stuff + + + + + +
    • + + +
  • @@ -915,7 +1159,7 @@ - + diff --git a/public/additional/index.xml b/public/additional/index.xml index 486a831..d0a85f5 100644 --- a/public/additional/index.xml +++ b/public/additional/index.xml @@ -2,19 +2,24 @@ Additional Info on burble.dn42 - https://dn42.burble.com/additional/ + http://localhost:2010/additional/ Recent content in Additional Info on burble.dn42 - Hugo -- gohugo.io - en-gb + Hugo + en-gb + + + Other stuff + http://localhost:2010/additional/other-stuff/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/additional/other-stuff/ + <p>A collection of other stuff that may or may not be dn42 related, or even interesting.</p> <h2 id="an-atomic-clock-ntp-server">An atomic clock NTP server</h2> <p><img src="http://localhost:2010/other/rubi.jpg" alt="Atomic Clock" width="80%"/></p> <p>Rubidium Atomic Clock + GPS + Odroid N2+</p> <h2 id="homelab">Homelab</h2> <p>The burble.dn42 homelab:</p> <p><img src="http://localhost:2010/other/homelab.jpg" alt="Serverz" width="80%"/></p> <p>32 cores, 156GB RAM, 6TB NVMe/SSD, 56TB HDD, ~70 watts</p> <p>The two hanging USB devices are USB modems for the <a href="http://localhost:2010/retro/modem/">burble.dn42 dial up service</a>.</p> + Things to do in DN42 - https://dn42.burble.com/additional/things-to-do/ + http://localhost:2010/additional/things-to-do/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/things-to-do/ - What can you do in DN42 ? Ultimately, you&rsquo;ll get out of DN42 what you put in to it, but I&rsquo;ve listed here a few ideas that may serve as inspiration and the spark an idea. -This is deliberately not a set of instructions or a guide and it&rsquo;s not a checklist of stuff you must do. If you are interested in something there is plenty of public information available on all these topics. + http://localhost:2010/additional/things-to-do/ + <p>What can you do in DN42 ? Ultimately, you&rsquo;ll get out of DN42 what you put in to it, but I&rsquo;ve listed here a few ideas that may serve as inspiration and the spark an idea.</p> <p>This is deliberately not a set of instructions or a guide and it&rsquo;s not a checklist of stuff you must do.<br/> If you are interested in something there is plenty of public information available on all these topics.</p> - diff --git a/public/additional/maintlog/2018/index.html b/public/additional/maintlog/2018/index.html index e9228d9..5632a1a 100644 --- a/public/additional/maintlog/2018/index.html +++ b/public/additional/maintlog/2018/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -756,7 +987,7 @@ - burble.dn42 / Additional Info / Maintenance Log / 2018 + burble.dn42 / Additional Info / Maint. Log Archive / 2018 @@ -784,16 +1015,16 @@

    Archive of changes made in 2018

    -

    30th December 2018

    +

    30th December 2018

    Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3.

    -

    27th December 2018

    +

    27th December 2018

    Added Certificate Authority details.

    -

    26th December 2018

    +

    26th December 2018

    Upgraded the looking glass with Zhaofeng bird-lg fixes.
    ROA data is available through the burble.dn42 website, see the Services page.
    RPKI service is now replicated across regions to provide additional resiliency.
    New version of bird2 deployed, including RPKI fixes from JRB0001.

    -

    24th December 2018

    +

    24th December 2018

    Added new peers:

    • AS4242422255/LINUXGEMINI at dn42-tr-ist1
      • @@ -803,22 +1034,22 @@ New version of bird2 deployed, including RPKI fixes from JRB0001.

      Updated the Services page to include more implementation details.
      Reworked intra-confederation peering to provide more resilience.
      Implemented ROA via RPKI updates using roasrv by Yamakaja and gortr

      -

      16th December 2018

      +

      16th December 2018

      New node !

      dn42-jp-tyo1 has been commissioned and is open for new peers in Tokyo, Japan.

      -

      14th December 2018

      +

      14th December 2018

      Updated host information and network map with new nodes.

      -

      10th December 2018

      +

      10th December 2018

      New peers added:

      • AS4242423090/HEIAS at dn42-fr-rbx1
      • AS4242421979/MDUCHARME at dn42-us-sea2

      dn42-us-sea2 is now operational and available for peering.

      -

      2nd December 2018

      +

      2nd December 2018

      tinc + babeld is not a winning combination. Since introducing babeld, the burble.dn42 WAN overlay has experienced a number of periods of instability, with nodes dropping on and off the network.

      The WAN has been updated to use a Wireguard mesh with OSPF as IGP, and is now significantly more stable again.

      -

      1st December 2018

      +

      1st December 2018

      New peers added:

      -

      30th November 2018

      +

      30th November 2018

      Three new nodes will be available for peering soon:

      • dn42-us-chi2 - Chicago, United States
      • dn42-us-sea2 - Seattle, United States
      • dn42-us-dal3 - Dallas, United States
      -

      29th November 2018

      +

      29th November 2018

      dn42-us-dal1 locked up, and has been restarted.

      -

      28th November 2018

      +

      28th November 2018

      dn42-uk-lon1, dn42-lt-vil1, dn42-sg-sin1 and dn42-us-mia1 all locked up at 03:00 UTC and have now been restarted.

      -

      23nd November 2018

      +

      23nd November 2018

      Black Friday has delivered four new nodes to the burble.dn42 network:

      All nodes are open to new peers, so just contact dn42@burble.com if you’d like to connect to the network.

      -

      22nd November 2018

      +

      22nd November 2018

      New peers added:

      • AS4242420165/ZAICA at dn42-fr-rbx1
      • AS42424222673/CORESTORAGE at dn42-uk-lon1
      -

      18th November 2018

      +

      18th November 2018

      Updates to reverse DNS.

      -

      17th November 2018

      +

      17th November 2018

      Added new peers

      • AS4242423640/HESSENET at dn42-fr-rbx1
      • AS4242420149/NIRF at dn42-lt-vil1
      -

      17th November 2018

      +

      17th November 2018

      The internal routing protocol (IGP) for burble.dn42 has moved from OSPF to using babeld.

      All nodes on the burble.dn42 network are inter-connected with a tinc mesh. Despite the network physically spanning across contintents, OSPF saw the tinc overlay network as being flat which prevented effective use of technologies such as anycast and forced the use of central resources. The hope is that babel, configured to use an RTT metric, will allow better use of regional services.

      Please let me know if you observe any issues due to the new IGP.

      -

      16th November 2018

      +

      16th November 2018

      New node in Istanbul, Turkey.

      dn42-tr-ist1 has been commissioned and is now open for new peers. See the peering page for more details.

      @@ -920,7 +1151,7 @@ Implemented ROA via RPKI updates using ro - + diff --git a/public/additional/maintlog/2019/index.html b/public/additional/maintlog/2019/index.html index 213a637..8dd1e50 100644 --- a/public/additional/maintlog/2019/index.html +++ b/public/additional/maintlog/2019/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
    • + + + + + Abuse Policy + + + + + + +
      • + + +
    @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -756,7 +987,7 @@ - burble.dn42 / Additional Info / Maintenance Log / 2019 + burble.dn42 / Additional Info / Maint. Log Archive / 2019 @@ -784,7 +1015,7 @@

    Archive of changes made in 2019

    -

    31st December 2019

    +

    31st December 2019

    The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, @@ -802,7 +1033,7 @@ changes I’ve made.

  • dn42-hk-hkg1

    • Happy New Year

    -

    24th December 2019

    +

    24th December 2019

    The last month has been spent redesigning my WAN and introducting a latency based metric for connectivity between nodes. This is now mostly complete, but not without its own follow on problems that need to be resolved.

    @@ -815,7 +1046,7 @@ problems that need to be resolved.

    Another new node will also be added, dn42-fr-rbx2 and dn42-fr-rbx1 will be retired.

    Merry Christmas DN42

    -

    29th November 2019

    +

    29th November 2019

    Black friday is here and new nodes are on the way.

    • dn42-fr-sbg1
      • @@ -823,61 +1054,61 @@ problems that need to be resolved.

    • dn42-sg-sin1
    • dn42-hk-hkg1
    -

    2nd November 2019

    +

    2nd November 2019

    Retired dn42-us-lax2, dn42-us-chi2, dn42-ca-bhs1, dn42-tr-ist1 and dn42-no-osl1.
    Restructured the internal confederations.

    -

    26th October 2019

    +

    26th October 2019

    New experimental node added hosted in the Oracle Cloud environment in Mumbai, India.

    Users are welcome to peer and test the node, but should be aware there may be short notice changes or interruptions to service.

    -

    19th October 2019

    +

    19th October 2019

    After a few weeks of outage and putting up with influx using up a vast amount of resources, the monitoring service has finally moved to a federated prometheus architecture. Hopefully this will have better performance than the influx architecture used previously. At some point I’ll update the monitoring page with details of the new configuration.

    -

    12th October 2019

    +

    12th October 2019

    The burble.dn42 wiki service is now part of the global anycast for wiki.dn42.

    See the services page for more details.

    -

    2nd October 2019

    +

    2nd October 2019

    The recursive DNS service now supports clearnet queries

    -

    15th September 2019

    +

    15th September 2019

    Stop supporting IPsec tunnels

    -

    21st August 2019

    +

    21st August 2019

    Removed sg-sin3 and vn-han1

    -

    13th August 2019

    +

    13th August 2019

    Added DN42 wiki service editable via dn42, readonly via clearnet.

    Issued new Certificate Authority root certificate with a longer expiry date.

    -

    11th August 2019

    +

    11th August 2019

    Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass.

    Influx ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed.

    -

    28th July 2019

    +

    28th July 2019

    Add dn42-us-mia2, which will replace dn42-us-mia1

    -

    25th July 2019

    +

    25th July 2019

    Add pingable.burble.dn42

    -

    21st July 2019

    +

    21st July 2019

    Decommissioning of dn42-ru-mos1 and dn42-us-sea1

    -

    17th July 2019

    +

    17th July 2019

    DoH! The DNS Service now support DNS over HTTPS.

    -

    22nd June 2019

    +

    22nd June 2019

    Tidied up node information.

    -

    14th June 2019

    +

    14th June 2019

    A new host IRC web service has been added, based on thelounge.

    See the services page for more details.

    -

    8th June 2019

    +

    8th June 2019

    The recursive DNS service now uses parallel queries across all five regional master nodes.
    This approach takes advantage of the burble.dn42 global scale to reduce latencies, improve resilience and prevent local connectivity problems from impacting the results. See the DNS page for more info.

    -

    24th May 2019

    +

    24th May 2019

    Moved and extended the DN42 monitoring so that it is more independent and also clustered.

    A writeup of the hosted grafana service and monitoring is available here.

    -

    21st May 2019

    +

    21st May 2019

    dn42-uk-lon1 is back again after being out of action for the day.

    The host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node.

    -

    20th May 2019

    +

    20th May 2019

    Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities.

    Added new peers

      @@ -886,13 +1117,13 @@ provider has spent the day recovering the node.

    • AS4242421166 / MTR at dn42-fr-rbx1 and dn42-de-fra1
    -

    15th May 2019

    +

    15th May 2019

    Updated my fork of bird-lg by merging Zhaofeng’s Python2 to Python3 bird-lg updates and fixing a few outstanding problems.

    The updated code is now live on the burble.dn42 looking glass.

    -

    13th May 2019

    +

    13th May 2019

    Moved the looking glass to its own container, in anticipation of future website changes

    dn42-us-mia1 is offline again.

    -

    10th May 2019

    +

    10th May 2019

    dn42-us-chi2 was suspended by the provider on 8/5 due to ‘NTP reflection attacks’.

    This is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised @@ -912,10 +1143,10 @@ but, understandable that the economics of providing VPS services can prohibt thi

  • AS4242422322 / PLASMATRIX at dn42-de-fra1
    • -

    5th May 2019

    +

    5th May 2019

    Added git service.
    See the services page for more details.`<

    -

    1st May 2019

    +

    1st May 2019

    Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren’t working.
    Both are fixed now.

    Added new peers:

    @@ -923,7 +1154,7 @@ Both are fixed now.

  • AS76140 / FEUERROT at dn42-de-fra1
    • -

    30th April 2019

    +

    30th April 2019

    New node added and ready for peering

    • dn42-ca-bhs2 (Beauharnois, Canada)
      • @@ -947,13 +1178,13 @@ and East Coast.
    • AS4242422543 / RESETTRAP at dn42-jp-tyo1
    -

    19th April 2019

    +

    19th April 2019

    New nodes added and ready for peering.

    • dn42-at-vie1 (Vienna, Austria)
    • dn42-us-nyc1 (New York, United States)
    -

    18th April 2019

    +

    18th April 2019

    Over the last week, and number of major changes have taken place to the burble.dn42 network.
    These include:

      @@ -968,7 +1199,7 @@ routing domain. As a side effect, this change also fixes the problem where inter being leaked and causing confusing traceroutes for DN42 users.

    Over time, internal IPv4 services will be removed

    -

    12th April 2019

    +

    12th April 2019

    New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services.

    172.20.129.0/27 will be used as anycast addresses for services. @@ -980,21 +1211,21 @@ and additional services.

  • AS4242421475 / SIRMYSTERION at dn42-us-chi2
    • -

    7th April 2019

    +

    7th April 2019

    Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability.

    -

    3rd April 2019

    +

    3rd April 2019

    Added new peers:

    -

    31st March 2019

    +

    31st March 2019

    The DNS service has gone global, with every node in the burble.dn42 network now participating in the DNS Anycast service.
    More details can be found on the DNS page.

    -

    26rd March 2019

    +

    26rd March 2019

    Added new peers:

    -

    11th March 2019

    +

    11th March 2019

    New node added dn42-de-fra1

    -

    9th March 2019

    +

    9th March 2019

    Added new peers:

    • AS4242420101 / @@ -1029,7 +1260,7 @@ storage array crashed.
    • dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side
    -

    7th March 2019

    +

    7th March 2019

    Added new peers

    -

    26th February 2019

    +

    26th February 2019

    Initialised GRC website

    Added new peers

      @@ -1046,17 +1277,17 @@ suspended the VPS due to a billing error on their side
    • AS4242423156 / BUROA at dn42-us-chi2
    -

    21st February 2019

    +

    21st February 2019

    The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv.

    -

    19th February 2019

    +

    19th February 2019

    New peer added:

    -

    18th February 2019

    +

    18th February 2019

    The internal and public ROA service has been moved over to using dn42regsrv.
    See the services page for more details.

    New peer added:

    @@ -1064,7 +1295,7 @@ See the services page for more details.
  • AS4242423973 / TECHNOPOINT at dn42-sg-sin3
    • -

    16th February 2019

    +

    16th February 2019

    New peers added:

    -

    10th February 2019

    +

    10th February 2019

    Updated the services to include new stuff::

    • DNS
      • @@ -1099,17 +1330,17 @@ at dn42-ca-bhs1 / PHIIVO at dn42-us-lax2
    -

    26th January 2019

    +

    26th January 2019

    New service !

    A burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network.

    A common, global route collector is in progress, see here

    -

    21st January 2019

    +

    21st January 2019

    New peer added:

    • AS4242423306 / TIMK at dn42-au-syd1
    -

    13th January 2019

    +

    13th January 2019

    bgpmap updated to add MNT and prefix info for ASes.

    New peers added:

      @@ -1117,23 +1348,23 @@ some interesting stats showing reachabil
    • AS4242423569 / DHE at dn42-us-dal3
    • AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1
    -

    12th January 2019

    +

    12th January 2019

    The Looking Glass now supports bgpmap again.
    My bird-lg fixes are available on github.

    New peer added:

    • AS4242421501 / ADAMYI at dn42-au-syd1
    -

    11th January 2019

    +

    11th January 2019

    Some layout fixes to the Looking Glass, including fixing whois lookups.

    -

    3rd January 2019

    +

    3rd January 2019

    First new peers of 2019:

    • AS4242420505 / 42ISLIFE at dn42-ca-bhs1
    • AS4242421114 / GRGR at dn42-us-chi2
    • AS4242421050 / NAPSTERBATER at dn42-us-chi2
    -

    2nd January 2019

    +

    2nd January 2019

    Consolidated number of anycast sessions.

    @@ -1187,7 +1418,7 @@ My bird-lg fixes are available on g - + diff --git a/public/additional/maintlog/2020/index.html b/public/additional/maintlog/2020/index.html index b50e3e7..14b7e13 100644 --- a/public/additional/maintlog/2020/index.html +++ b/public/additional/maintlog/2020/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -756,7 +987,7 @@ - burble.dn42 / Additional Info / Maintenance Log / 2020 + burble.dn42 / Additional Info / Maint. Log Archive / 2020 @@ -784,7 +1015,9 @@

    Archive of changes made in 2020

    -

    13th December 2020

    +

    22nd December 2020

    +

    es-mad1 in Madrid, Spain has been deployed and is now open for peering.

    +

    13th December 2020

    Issue Log

    burble.dn42 now has a public issue log, hosted on the DN42 Registry.

      @@ -808,11 +1041,11 @@ Whilst this isn’t a public service the first visibile benefit is that the ROA files now update immediately following registry changes. Previously changes were polled and could take up to an hour to be updated.

      -

      6th December 2020

      +

      6th December 2020

      ca-bhs2 and fr-rbx1 have been migrated to their new servers. If you are peering with these nodes please make sure you update any IP addresses on your side as required.

      git.dn42.dev is hosted on ca-bhs2 and so was also migrated and upgraded to v1.13.0.

      -

      28th November 2020

      +

      28th November 2020

      Black Friday has been been and gone and this means that a few nodes have now reached the end of their contract and are being retired:

      • fr-sbg1
        • @@ -827,12 +1060,12 @@ nodes please make sure you update any IP addresses on your side as required.

      • new nodes expected in Hong Kong and Madrid, eta Jan 2021

      Users of ca-bhs2 will be migrated to the new node, with details to be confirmed.

      -

      12th September 2020

      +

      12th September 2020

      uk-lon1 has been upgraded. If you are peered on this node, please update your IP address accordingly.

      burble.dn42 now includes some limited protection against ghost route updates. See the communities page for more details.

      -

      9th September 2020

      +

      9th September 2020

      uk-lon1 will be upgraded this weekend (12/13th September), but unfortunately this does mean that the IP address for the server is going to change.

      @@ -847,124 +1080,124 @@ to update them, as detailed below.

      All other peering details, such as encryption keys and tunnel IP addresses will remain the same, and the new server is in the same datacentre so there should be no changes to connectivity or latency.

      -

      28th August 2020

      +

      28th August 2020

      Changes to the burble.dn42 network

      -

      Over the next year the focus of the burble.dn42 network will change focus to providing high quality, reliable services for DN42. As part of this change, a number of the current ‘edge’ nodes will be decommissioned to reduce admin overhead and allow concentration on the core, service nodes.

      +

      Over the next year the focus of the burble.dn42 network will change focus to providing high quality, reliable services for DN42. As part of this change, a number of the current ’edge’ nodes will be decommissioned to reduce admin overhead and allow concentration on the core, service nodes.

      The following nodes will be decommissioned and are no longer available for new peerings:

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      NodeDecommissioning Date
      us-mia2Immediately
      sg-sin1November 2020
      us-sea2November 2020
      fr-sbg1Nocember 2020
      jp-tyo1December 2020
      au-syd1January 2021
      us-nyc1April 2021
      us-chi1May 2021
       
      NodeDecommissioning Date
      us-mia2Immediately
      sg-sin1November 2020
      us-sea2November 2020
      fr-sbg1Nocember 2020
      jp-tyo1December 2020
      au-syd1January 2021
      us-nyc1April 2021
      us-chi1May 2021
       

      The current core nodes will continue to operate and some will also be upgraded. The number of services provided by the network will also expand.

      Core nodes

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      NodeFuture Plans
      fr-rbx1Increase in services offered
      ca-bhs2Upgrade to ssd disks ~November 2020
      de-fra1Upgraded in August to 4 x Epyc / 20G RAM / NVMe
      us-dal3Increase in services offered / potential for upgrade
      us-lax1Increase in services offered
      sg-sin2Take over services from sg-sin1
       
      NodeFuture Plans
      fr-rbx1Increase in services offered
      ca-bhs2Upgrade to ssd disks ~November 2020
      de-fra1Upgraded in August to 4 x Epyc / 20G RAM / NVMe
      us-dal3Increase in services offered / potential for upgrade
      us-lax1Increase in services offered
      sg-sin2Take over services from sg-sin1
       

      Other Nodes

      - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + +
      NodeFuture Plans
      uk-lon1Upgrade before January 2021
      ch-zur1No changes planned
      no-trd1No changes planned
       
      NodeFuture Plans
      uk-lon1Upgrade before January 2021
      ch-zur1No changes planned
      no-trd1No changes planned
       
      -

      22nd August 2020

      +

      22nd August 2020

      de-fra1 has been replaced with a shiny, upgraded, new node.

      If you are peered on de-fra1, please check your configuration and ensure you are using the new IP addresses

      @@ -973,10 +1206,10 @@ you are using the new IP addresses

    • IPv6: 2a0d:5941:1:17c::4e2a

    All other peering parameters remain the same.

    -

    15th August 2020

    +

    15th August 2020

    The DN42 registry now supports automated pipelines using Drone CI.
    Details will be published on the DN42 wiki.

    -

    25th July 2020

    +

    25th July 2020

    us-mia1 and us-mia2 have been swapped. The provider for the old us-mia2 (Stockservers) appears to have ceased trading, so the node has been swapped in case the original server disappears at short notice.

    @@ -985,16 +1218,16 @@ until it dies completely.

    no-trd1 has been added, courtesy of jastrup.

    lt-vil1 is being decommissioned and users will need to migrate to a different node to maintain service.

    -

    5th July 2020

    +

    5th July 2020

    A busy weekend supporting the move of the DN42 registry to its new host.

    Remember to join the new mailing list at https://groups.io/g/dn42 and create yourself an account on the new registry https://git.dn42.dev

    -

    10th June 2020

    +

    10th June 2020

    Website moved again, and new paste.burble.dn42 service added.

    -

    6th June 2020

    +

    6th June 2020

    The global route collector has had a long overdue upgrade. Please let me know if you spot any residual issues.

    -

    25th May 2020

    +

    25th May 2020

    The new DNS implementation has been deployed across all nodes. The DNS service now supports:

      @@ -1004,31 +1237,31 @@ The DNS service now supports:

    All services support UDP, TCP, DNS over HTTPS and DNS over TLS queries. See the DNS page for more info.

    -

    23rd May 2020

    +

    23rd May 2020

    A new implementation of the edge DNS service is currently being tested across a few nodes, please let me know if you spot any DNS oddness.

    -

    18th May 2020

    +

    18th May 2020

    Added whois.burble.dn42 service, see the services page for more details.

    https://explorer.burble.dn42 now has regional mirrors so should be significantly faster for anyone not in Europe.

    -

    16th May 2020

    +

    16th May 2020

    Approximately 40 old or inactive peers have been deleted as part of a spring cleaning exercise.

    If you’ve been accidently deleted and still want to peer with me, just give me a shout and I will re-instate the configuration.

    -

    11th May 2020

    +

    11th May 2020

    Rate limiting on BGP sessions has been implemented to protect the network from major route flapping events. The rate limiting should only kick in after 30+ minutes of extremely high updates (or even longer for milder events), but please let me know if this causes any issues.

    -

    8th May 2020

    +

    8th May 2020

    us-lax1 has been migrated. If you peer with me please remember to update the clearnet IP addresses on your side:

    dn42-us-lax1
    IPv4: 185.215.224.214
    IPv6: 2a0b:ae40:1:4a0a::5a

    -

    5th May 2020

    +

    5th May 2020

    us-lax1 is being upgraded !

    Apologies for the short notice, but us-lax1 will be upgraded over the weekend of 9th/10th May. The upgrade will allow for more services to be provided from the node, to provide @@ -1036,20 +1269,20 @@ enabling a better response for users in Asia and West Coast US.

    Unfortunately the upgrade means that IP address of the node will change and peers will need to update their config accordingly. The encryption keys and tunnel addresses should not need to change.

    -

    4th May 2020

    +

    4th May 2020

    Several of the burble.dn42 core nodes have been upgraded to Ubuntu 20.04. This required a short outage, but will allow for a refactoring of a few services in the future.

    -

    13th April 2020

    +

    13th April 2020

    Bugs have been fixed and both instances of the burble.dn42 website are now running in a new environment with the latest grav.

    The new website instance is the first burble.dn42 application running on Ubuntu 20.04 (Focal Fossa).

    -

    11th April 2020

    +

    11th April 2020

    The clearnet version of this website is running with a new instance that has the latest grav.
    Please let me know if you spot any problems.

    The DN42 instance continues to run with the previous version.

    -

    4th April 2020

    +

    4th April 2020

    Well, that was fun; burble.dn42 had a number of outages over this evening, caused by trying to perform a rolling upgrade across the network. The biggest of these took out the burble.dn42 DNS service for an extended period, impacting DNS resolution across DN42.

    @@ -1074,53 +1307,53 @@ burble.dn42 failed or could not be restarted and recovery was also hampered by h work without having DNS available.

    • -

    1st April 2020

    +

    1st April 2020

    at-vie1 will be decommissioned by 14th April. If you are peered on this node, please contact me to move the peering to another node.

    -

    28th March 2020

    +

    28th March 2020

    The patched pdns recursor is now deployed to all core nodes.

    Please let me know immediately if you notice odd DNS behaviour.

    -

    24th March 2020

    +

    24th March 2020

    fr-sbg1 (which hosts the europe region core DNS service) is currently testing a special pdns recursor build in order to try and fix this issue.

    The server is likely to be used for most recursive DNS lookups across Europe that use the new DNS anycast addresses, or my service directly. Please let me know immediately if you notice odd DNS behaviour.

    -

    26th January 2019

    +

    26th January 2019

    This weekend has been a huge maintenance weekend for burble.dn42, with the following updates taking place:

    • A number of nodes have been built and swapped in to the network to upgrade and manage renewals
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    fr-rbx1 replaced by fr-rbx2fr-rbx2 was a much faster node
    ca-bhs2 replaced with a new nodethe replacement is also much faster
    us-dal3 replaced by us-dal1us-dal3 was a poor performer and has been replaced with a dedicated server
    au-syd1 replaced with a new nodememory increased from 1G to 2G
    sg-sin2 replaced with a new nodememory increased from 1G to 2G
    fr-rbx1 replaced by fr-rbx2fr-rbx2 was a much faster node
    ca-bhs2 replaced with a new nodethe replacement is also much faster
    us-dal3 replaced by us-dal1us-dal3 was a poor performer and has been replaced with a dedicated server
    au-syd1 replaced with a new nodememory increased from 1G to 2G
    sg-sin2 replaced with a new nodememory increased from 1G to 2G

    Node renewals are now mostly sorted until November, which will be a nice break for my wallet.

      @@ -1140,113 +1373,113 @@ are on, or point to, the new core nodes.

    The core network looked like this prior to November 2019:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NameCPUMemoryDiskNetworkDescr
    fr-rbx1i5-2400 (4/8 x 3.4Ghz)16G2TB Consumer HDD100mbps un-meteredKimsufi KS-10
    ca-bhs2i5-3570S (4/8 x 3.8Ghz)16G2TB Consumer HDD100mbps un-meteredKimsufi KS-10
    sg-sin2virtual (1 x 3.5Ghz)1G30GB HDD1TB @ 1gbitOVH VPS
    us-dal3virtual (2 x 3.4Ghz)5G120GB HDD5TB @ 10gbitHostDoc VPS
    NameCPUMemoryDiskNetworkDescr
    fr-rbx1i5-2400 (4/8 x 3.4Ghz)16G2TB Consumer HDD100mbps un-meteredKimsufi KS-10
    ca-bhs2i5-3570S (4/8 x 3.8Ghz)16G2TB Consumer HDD100mbps un-meteredKimsufi KS-10
    sg-sin2virtual (1 x 3.5Ghz)1G30GB HDD1TB @ 1gbitOVH VPS
    us-dal3virtual (2 x 3.4Ghz)5G120GB HDD5TB @ 10gbitHostDoc VPS

    Following the upgrades, the core now consists of the following servers:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NameCPUMemoryDiskNetworkDescr
    fr-sbg1E5-1620 (4/8 x 3.7Ghz)32G3 x 480GB SSD500mbps un-meteredOVH SYS
    fr-rbx1E3-1245 (4/8 x 3.4Ghz)32G2 x 480GB SSD500mbps un-meteredOVH SYS
    uk-lon3virtual (2 x 3Ghz)3G3TB HDD10TB @ 1gbitHostHatch
    ca-bhs2E5-1620 (4/8 x 3.7Ghz)32G2 x 2TB Ent. HDD500mbps un-meteredOVH SYS
    us-dal3C2750 (8 x 2.4Ghz)8G240GB SSD100mbps un-metereddrserver
    sg-sin1virtual (4 x 2.2Ghz)4G24GB SSD1gbit un-meteredITLDC VPS
    NameCPUMemoryDiskNetworkDescr
    fr-sbg1E5-1620 (4/8 x 3.7Ghz)32G3 x 480GB SSD500mbps un-meteredOVH SYS
    fr-rbx1E3-1245 (4/8 x 3.4Ghz)32G2 x 480GB SSD500mbps un-meteredOVH SYS
    uk-lon3virtual (2 x 3Ghz)3G3TB HDD10TB @ 1gbitHostHatch
    ca-bhs2E5-1620 (4/8 x 3.7Ghz)32G2 x 2TB Ent. HDD500mbps un-meteredOVH SYS
    us-dal3C2750 (8 x 2.4Ghz)8G240GB SSD100mbps un-metereddrserver
    sg-sin1virtual (4 x 2.2Ghz)4G24GB SSD1gbit un-meteredITLDC VPS
    @@ -1300,7 +1533,7 @@ are on, or point to, the new core nodes. - + diff --git a/public/additional/maintlog/index.html b/public/additional/maintlog/index.html index 3ca84c9..5c01c30 100644 --- a/public/additional/maintlog/index.html +++ b/public/additional/maintlog/index.html @@ -1,12 +1,12 @@ - + - + -Maintenance Log | burble.dn42 +Maint. Log Archive | burble.dn42 @@ -31,7 +31,7 @@ - + @@ -49,7 +49,7 @@ - + @@ -120,8 +120,8 @@ - - Overview + + Network Design @@ -282,6 +282,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -422,6 +447,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -438,6 +538,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -482,13 +690,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -752,7 +983,7 @@ - burble.dn42 / Additional Info / Maintenance Log + burble.dn42 / Additional Info / Maint. Log Archive @@ -768,7 +999,7 @@
    -

    Maintenance Log

    +

    Maint. Log Archive

    @@ -778,12 +1009,118 @@

    A log of changes to the burble.dn42 network.

    -

    18th December 2020

    -

    New static website built using Hugo.

    -

    22nd December 2020

    -

    es-mad1 in Madrid, Spain has been deployed and is now open for peering.

    +

    6th December 2021

    +

    As you may have noticed, the maintenance log is no longer being kept up to date !

    +

    17th July 2021

    +

    A new dedicated server us-nyc1 has joined burble.dn42, hosted in Virmach’s +Buffalo, NY datacentre.

    +

    The server is not open for peering, however it does host a shell server +that you are free to use. See the Shell Accounts +service page for more info.

    +

    27th June 2021

    +

    The shell servers now have apache2 installed to provide home directory +public_html access.
    +See the Shell Accounts service page +for more info.

    +

    23rd June 2021

    +

    Added shell.ca-bhs2.burble.dn42 as a new shell server.

    +

    21st June 2021

    +

    Added new Shell Accounts service

    +

    19th May 2021

    +

    dn42regsrv now supports publishing ROA in OpenBGPD format.

    +

    The ROA are now published at the following links:

    + +
    + us-nyc1 and us-chi1 have been removed from service and decommissioned.
    +If you were peered on these nodes, please contact me if you wish to re-peer on a different node. +
    + +

    10th April 2021

    +

    The b.recursive-servers.dn42 DNS resovler is running an experimental build +of pdns-recursor to test a fix of this issue.
    +Please let me know if you spot any strange problems.

    +

    burble.dn42 websites are now using a TLS certificate issued by the +DN42 ACME service.

    +

    A number of significant changes have been implemented for the global route collector

    +
      +
    • Downstream peerings have been stopped, in favour of parsing the MRT dumps
      • +
    • The collector has moved from de-fra1 to fr-rbx1, where bandwidth is no issue
      • +
    • A special routing policy has been implemented for the collector to encourage traffic +to go directly to fr-rbx1 and not transit through burble.dn42 nodes. See also the Routing Policy page.
      • +
    • Internal rate limits on BGP sessions have been relaxed
      • +
    +

    3rd April 2021

    +

    The collector is now using a TLS certificate issued by the +DN42 ACME service. The collector is behind an anycasted +reverse proxy, so a normal ACME challenge will not work. Instead, the certificate +is managed using +dnscontrol to respond to +an ACME DNS challenge.

    +

    DNSSEC has been enabled on all edge nodes.

    +

    2nd April 2021

    +

    There was a major DNS outage today as a minor change took out the entire service.

    +

    What should have been a trivial config change actually upgraded the container +from Alpine 3.11 to Alpine 3.13 and caused a number of the DNS applications to +stop working due to incompatibilities.

    +

    The lack of working DNS meant it was more complicated to bootstrap the service +back again, leading to a long delay in restoring service.

    +

    27th March 2021

    +

    Fixed a bug in bird that was preventing MRT dumps from the collector working. +Hopefully the dumps can now be successfully parsed: +https://mrt.collector.dn42

    +

    25th March 2021

    +

    Bird 2.0.8 has been deployed +across the network. Please let me know if you see problems.

    +

    burble.dn42 uses a custom bird build that includes additional debugging. The +source code for the build is available on git.burble.dn42.

    +
    +

    Advanced Notice

    +
      +
    • us-nyc1 will be decommissioned before 15/04/21
      • +
    • us-chi1 will be decommissioned before 14/05/21
      • +
    +
    + +

    23rd February 2021

    +

    Updated IPv6 address for hk-hkg1

    +

    10th January 2021

    +

    Upgraded the looking glass to use +bird-lg-go.

    +

    The main benefit of the go version is that it executes queries in +parallel, greatly improving response times with a large number +of nodes.

    +

    6th January 2021

    +

    hk-hkg1 is now open for IPv4 peering; see the node information for details.

    +

    IPv6 connectivity is expected ~February.

    +

    4th January 2021

    +

    Happy New Year DN42.

    +

    New Website

    +

    The new year brings a new website for burble.dn42 built using Hugo and statically +delivered from each core node for speed. As always, the source for the website is available in the +gitea repo.

    +

    Anycast MTU

    +

    The MTU for anycast services has been reduced to 1280 after a problem was seen with IPv6 path MTU discovery.

    +

    The problem was due to an asymmetric path, where a request to the wiki went to one node but the return +path was via a different node. The other node also hosted a wiki instance, which meant that pmtud ICMP +messages on the return path were being picked up by the wrong node. To fix this, the MTU has been clamped +to the minimum allowable size of 1280.

    +

    Interestingly, Cloudflare also recognised the same type of issue and wrote up what they did in their blog.

    +

    The following services were impacted by the changes.

    +
      +
    • DNS Services
      • +
    • NGINX Reverse Proxy (and therefore also all websites, including the Wiki mirrors)
      • +
    • WHOIS Service
      • +
    +

    New Nodes

    +

    es-mad1 in Madrid, Spain has already been delivered and is now open for peerings.

    +

    The new node in Hong Kong, hk-hkg1 has also been delivered and I’m now just waiting for IPv6 to be available +before it too will also be ready for peering.

    -

    Historical changes from previous years

    +

    Historical changes from previous years

    @@ -896,7 +1233,7 @@ - + diff --git a/public/additional/maintlog/index.xml b/public/additional/maintlog/index.xml index 0592be7..4fae3e4 100644 --- a/public/additional/maintlog/index.xml +++ b/public/additional/maintlog/index.xml @@ -1,51 +1,32 @@ - Maintenance Log on burble.dn42 - https://dn42.burble.com/additional/maintlog/ - Recent content in Maintenance Log on burble.dn42 - Hugo -- gohugo.io - en-gb + Maint. Log Archive on burble.dn42 + http://localhost:2010/additional/maintlog/ + Recent content in Maint. Log Archive on burble.dn42 + Hugo + en-gb + 2020 - https://dn42.burble.com/additional/maintlog/2020/ + http://localhost:2010/additional/maintlog/2020/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/maintlog/2020/ - Archive of changes made in 2020 -13th December 2020 Issue Log -burble.dn42 now has a public issue log, hosted on the DN42 Registry. - Issue Log Feel free to raise issues or enhancements on the log. -Speedtest Service -An experimental speed test service has been introduced: - France: https://speedtest.fr-rbx1.burble.dn42 Canada: https://speedtest.ca-bhs2.burble.dn42 The two services are currently only accessible over IPv6 but are hosted on dedicated servers with plenty of available bandwidth. + http://localhost:2010/additional/maintlog/2020/ + <p>Archive of changes made in 2020</p> <h4 id="22nd-december-2020">22nd December 2020</h4> <p>es-mad1 in Madrid, Spain has been deployed and is now open for peering.</p> <h4 id="13th-december-2020">13th December 2020</h4> <p><strong>Issue Log</strong></p> <p>burble.dn42 now has a public issue log, hosted on the <a href="https://git.dn42.dev">DN42 Registry</a>.</p> <ul> <li><a href="https://git.dn42.dev/burble/burble.dn42/issues">Issue Log</a></li> </ul> <p>Feel free to raise issues or enhancements on the log.</p> <p><strong>Speedtest Service</strong></p> <p>An experimental speed test service has been introduced:</p> <ul> <li>France: <a href="https://speedtest.fr-rbx1.burble.dn42">https://speedtest.fr-rbx1.burble.dn42</a></li> <li>Canada: <a href="https://speedtest.ca-bhs2.burble.dn42">https://speedtest.ca-bhs2.burble.dn42</a></li> </ul> <p>The two services are currently only accessible over IPv6 but are hosted on dedicated servers with plenty of available bandwidth. If the service ends up loading or disrupting the rest of the network then I may end up removing it, so use responsibly.</p> - 2019 - https://dn42.burble.com/additional/maintlog/2019/ + http://localhost:2010/additional/maintlog/2019/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/maintlog/2019/ - Archive of changes made in 2019 -31st December 2019 The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I&rsquo;ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published. + http://localhost:2010/additional/maintlog/2019/ + <p>Archive of changes made in 2019</p> <h4 id="31st-december-2019">31st December 2019</h4> <p>The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I&rsquo;ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published.</p> - 2018 - https://dn42.burble.com/additional/maintlog/2018/ + http://localhost:2010/additional/maintlog/2018/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/maintlog/2018/ - Archive of changes made in 2018 -30th December 2018 Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3. -27th December 2018 Added Certificate Authority details. -26th December 2018 Upgraded the looking glass with Zhaofeng bird-lg fixes. -ROA data is available through the burble.dn42 website, see the Services page. -RPKI service is now replicated across regions to provide additional resiliency. -New version of bird2 deployed, including RPKI fixes from JRB0001. -24th December 2018 Added new peers: + http://localhost:2010/additional/maintlog/2018/ + <p>Archive of changes made in 2018</p> <h4 id="30th-december-2018">30th December 2018</h4> <p>Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3.</p> <h4 id="27th-december-2018">27th December 2018</h4> <p>Added <a href="http://localhost:2010/home/certificate-authority">Certificate Authority</a> details.</p> <h4 id="26th-december-2018">26th December 2018</h4> <p>Upgraded the <a href="https://lg.burble.com">looking glass</a> with Zhaofeng <a href="https://github.com/zhaofengli/bird-lg/commits/zhaofengli">bird-lg fixes</a>.<br> ROA data is available through the burble.dn42 website, see the <a href="home/burble-dn42-services">Services</a> page.<br> RPKI service is now replicated across regions to provide additional resiliency.<br> New version of bird2 deployed, including RPKI fixes from JRB0001.</p> <h4 id="24th-december-2018">24th December 2018</h4> <p>Added new peers:</p> - diff --git a/public/additional/other-stuff/index.html b/public/additional/other-stuff/index.html new file mode 100644 index 0000000..d0648c2 --- /dev/null +++ b/public/additional/other-stuff/index.html @@ -0,0 +1,1084 @@ + + + + + + + + +Other stuff | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Additional Info / Other stuff + + + + + + + + + + + + +
    + + +
    +

    Other stuff

    + + + + + + + +

    A collection of other stuff that may or may not be dn42 related, or even interesting.

    +

    An atomic clock NTP server

    +

    Atomic Clock

    +

    Rubidium Atomic Clock + GPS + Odroid N2+

    +

    Homelab

    +

    The burble.dn42 homelab:

    +

    Serverz

    +

    32 cores, 156GB RAM, 6TB NVMe/SSD, 56TB HDD, ~70 watts

    +

    The two hanging USB devices are USB modems for the burble.dn42 dial up service.

    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/additional/things-to-do/index.html b/public/additional/things-to-do/index.html index dc8e190..af0ee5a 100644 --- a/public/additional/things-to-do/index.html +++ b/public/additional/things-to-do/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -781,7 +1012,7 @@ but I’ve listed here a few ideas that may serve as inspiration and the spa

    This is deliberately not a set of instructions or a guide and it’s not a checklist of stuff you must do.
    If you are interested in something there is plenty of public information available on all these topics.

    -

    Getting Started

    +

    Getting Started

    • Read up on how Internet peering works, and the tools and protocols that are used
    • Register your details in the DN42 registry @@ -806,7 +1037,7 @@ people are doing, or the problems they have, as well as getting your own network
    • use a DN42 service

    Congratulations, you’re connected to DN42 !

    -

    The Basics

    +

    The Basics

    • Get more peers
        @@ -846,7 +1077,7 @@ people are doing, or the problems they have, as well as getting your own network
      • Add your network to the peerfinder
      • Learn something new and add it to the DN42 Wiki
      -

      Intermediate

      +

      Intermediate

      • Secure your network
      • Distribute DN42 routes to another, internal node @@ -895,8 +1126,14 @@ people are doing, or the problems they have, as well as getting your own network
    -

    Complex

    +

    Complex

      +
    • Isolate your network +
        +
      • Using VRFs
        • +
      • Using Namespaces
        • +
      +
    • Connect multiple nodes to the same peer AS in different geographic locations
      • Optimise the routes to the AS
        • @@ -925,7 +1162,7 @@ people are doing, or the problems they have, as well as getting your own network
    -

    Even more

    +

    Even more

    • Make something new
        @@ -967,6 +1204,19 @@ and shrink it down to your network, but using the same techniques as the global
      • Grab your next job based on your experience ;)
      • +
    • Make it all again +
        +
      • There’s more than one way to do it; rebuild your network using a different design
        • +
      • How can you rebuild everything whilst minising the impact to everyone else ?
        • +
      • What did you learn ? What works better now ? What is worse ?
        • +
      • How can you do it again better next time ?
        • +
      +
      • +
    +

    Final words

    +

    What can you do in DN42 ?

    +
      +
    • Do whatever is fun and interesting for you
    @@ -1020,7 +1270,7 @@ and shrink it down to your network, but using the same techniques as the global - + diff --git a/public/burble-dn42-map.png b/public/burble-dn42-map.png index 556662a..a6ae5f9 100644 Binary files a/public/burble-dn42-map.png and b/public/burble-dn42-map.png differ diff --git a/public/categories/index.xml b/public/categories/index.xml index 840042b..09231c1 100644 --- a/public/categories/index.xml +++ b/public/categories/index.xml @@ -2,9 +2,10 @@ Categories on burble.dn42 - https://dn42.burble.com/categories/ + http://localhost:2010/categories/ Recent content in Categories on burble.dn42 - Hugo -- gohugo.io - en-gb + Hugo + en-gb + diff --git a/public/design/DN42-Core.svg b/public/design/DN42-Core.svg new file mode 100644 index 0000000..137c3a6 --- /dev/null +++ b/public/design/DN42-Core.svg @@ -0,0 +1,4 @@ + + + +
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Bird2
    Route Reflectors
    Route Reflectors
    dn42 routers
    dn42 routers
    MTU 4260
    MTU 42...
    MTU 1420 / various
    MTU 1420 / various
    dn42 peers
    Wireguard
    OVPN
    dn42 peers...
    Injected Tunnels
    Injected...
    Host Bridges
    Host Bri...
    dn42 router lxd
    dn42 rout...
    svcs
    svcs
    svcs
    svcs
    svcs
    svcs
    svcs
    svcs
    tier1
    public services
    tier1...
    tier2
    internal services
    tier2...
    nftables
    nftab...
    MTU 4260
    MTU 4260
    dmz
    dmz
    dn42 VXLAN
    dn42 VXLAN    Text is not SVG - cannot display     \ No newline at end of file diff --git a/public/design/DN42-EVPN.svg b/public/design/DN42-EVPN.svg new file mode 100644 index 0000000..f72e5f8 --- /dev/null +++ b/public/design/DN42-EVPN.svg @@ -0,0 +1,4 @@ + + + +
    BGP EVPN
    BGP EVPN
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    FRR
    Route Reflectors
    Route Reflectors
    Nodes
    Nodes
    VXLAN
    VXLAN
    MTU 4260
    MTU 4260
    MTU 4310
    MTU 4310    Viewer does not support full SVG 1.1     \ No newline at end of file diff --git a/public/design/DN42-Host.svg b/public/design/DN42-Host.svg new file mode 100644 index 0000000..57bcdd3 --- /dev/null +++ b/public/design/DN42-Host.svg @@ -0,0 +1,4 @@ + + + +
    Internet
    Internet
    Wireguard/L2TP Tunnels
    Wireguard/L2TP Tunnels
    VXLAN Endpoints
    VXLAN Endpoints
    host managed
    networking
    host managed...
    Host Bridges
    Host Bridges
    dn42 router
    dn42 router
    dn42 service
    dn42 service
    dn42 service
    dn42 service
    non-dn42
    non-dn42
    dn42 tier1
    dn42 tier1
    dn42 tier2
    dn42 tier2
    direct clearnet access
    direct clearnet access
    dn42 routing VXLAN
    dn42 routing VXLAN
    dn42 peers
    dn42 peers
    tunnel injection
    tunnel injection
    FRR
    FRR
    nftables
    nftables    Text is not SVG - cannot display     \ No newline at end of file diff --git a/public/design/DN42-Tunnels.svg b/public/design/DN42-Tunnels.svg new file mode 100644 index 0000000..df5e7cb --- /dev/null +++ b/public/design/DN42-Tunnels.svg @@ -0,0 +1,4 @@ + + + +
    Wireguard/L2TP
    Mesh
    Wireguard/L2TP...
    MTU 4310
    MTU 4310
    Wireguard
    Wireguard
    MTU 4310
    MTU 4310    Text is not SVG - cannot display     \ No newline at end of file diff --git a/public/dn42-ca.pem b/public/dn42-ca.pem new file mode 100644 index 0000000..836bd60 --- /dev/null +++ b/public/dn42-ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID8DCCAtigAwIBAgIFIBYBAAAwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMC +WEQxDTALBgNVBAoMBGRuNDIxIzAhBgNVBAsMGmRuNDIgQ2VydGlmaWNhdGUgQXV0 +aG9yaXR5MR8wHQYDVQQDDBZkbjQyIFJvb3QgQXV0aG9yaXR5IENBMCAXDTE2MDEx +NjAwMTIwNFoYDzIwMzAxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJYRDENMAsGA1UE +CgwEZG40MjEjMCEGA1UECwwaZG40MiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAd +BgNVBAMMFmRuNDIgUm9vdCBBdXRob3JpdHkgQ0EwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDBGRDeAYYR8YIMsNTl/5rI46r0AAiCwM9/BXohl8G1i6PR +VO76BA931VyYS9mIGMEXEJLlJPrvYetdexHlvrqJ8mDJO4IFOnRUYCNmGtjNKHvx +6lUlmowEoP+dSFRMnbwtoN9xrmRHDed1BfTFAirSDL6jY1RiK60p62oIpF6o6/FS +FE7RXUEv0xm65II2etGj8oT2B7L2DDDb23bu6RQFx491tz/V1TVW0JJE3yYeAPqu +y3rJUGddafj5/SWnHdtAsUK8RVfhyRxCummAHuolmRKfbyOj0i5KzRXkfEn50cDw +GQwVUM6mUbuqFrKC7PRhRIwc3WVgBHewTZlnF/sJAgMBAAGjgaowgacwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFR2iLLAtTDQ/E/J +bTv5jFURrBUVMB8GA1UdIwQYMBaAFFR2iLLAtTDQ/E/JbTv5jFURrBUVMEQGA1Ud +HgQ9MDugOTAHggUuZG40MjAKhwisFAAA//wAADAihyD9QgAAAAAAAAAAAAAAAAAA +//8AAAAAAAAAAAAAAAAAADANBgkqhkiG9w0BAQsFAAOCAQEAXKQ7QaCBaeJxmU11 +S1ogDSrZ7Oq8jU+wbPMuQRqgdfPefjrgp7nbzfUW5GrL58wqj+5/FAqltflmSIHl +aB4MpqM8pyvjlc/jYxUNFglj2WYxO0IufBrlKI5ePZ4omUjpR4YR4gQpYCuWlZmu +P6v/P0WrfgdFTk0LGEA9OwKcTqkPpcI/SjB3rmZcs42yQWvimAF94GtScE09uKlI +9QLS2UBmtl5EJRFVrDEC12dyamq8dDRfddyaT4MoQOAq3D9BQ1pHByu3pz/QFaJC +1zAi8vbktPY7OMprTOc8pHDL3q8KFP8jJcoEzZ5Jw0vkCrULhLXvtFtjB0djzVxQ +C0IKqQ== +-----END CERTIFICATE----- diff --git a/public/index.html b/public/index.html index d57b8df..454ba59 100644 --- a/public/index.html +++ b/public/index.html @@ -2,7 +2,7 @@ - + @@ -32,7 +32,7 @@ - + @@ -50,7 +50,7 @@ - + @@ -121,8 +121,8 @@ - - Overview + + Network Design @@ -283,6 +283,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -423,6 +448,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -439,6 +539,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -483,13 +691,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -816,7 +1047,7 @@ - + diff --git a/public/index.xml b/public/index.xml index 995cb4e..e29712a 100644 --- a/public/index.xml +++ b/public/index.xml @@ -2,200 +2,186 @@ burble.dn42 - https://dn42.burble.com/ + http://localhost:2010/ Recent content on burble.dn42 - Hugo -- gohugo.io - en-gb + Hugo + en-gb + Fri, 18 Dec 2020 00:00:00 +0000 + 2020 - https://dn42.burble.com/additional/maintlog/2020/ + http://localhost:2010/additional/maintlog/2020/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/maintlog/2020/ - Archive of changes made in 2020 -13th December 2020 Issue Log -burble.dn42 now has a public issue log, hosted on the DN42 Registry. - Issue Log Feel free to raise issues or enhancements on the log. -Speedtest Service -An experimental speed test service has been introduced: - France: https://speedtest.fr-rbx1.burble.dn42 Canada: https://speedtest.ca-bhs2.burble.dn42 The two services are currently only accessible over IPv6 but are hosted on dedicated servers with plenty of available bandwidth. + http://localhost:2010/additional/maintlog/2020/ + <p>Archive of changes made in 2020</p> <h4 id="22nd-december-2020">22nd December 2020</h4> <p>es-mad1 in Madrid, Spain has been deployed and is now open for peering.</p> <h4 id="13th-december-2020">13th December 2020</h4> <p><strong>Issue Log</strong></p> <p>burble.dn42 now has a public issue log, hosted on the <a href="https://git.dn42.dev">DN42 Registry</a>.</p> <ul> <li><a href="https://git.dn42.dev/burble/burble.dn42/issues">Issue Log</a></li> </ul> <p>Feel free to raise issues or enhancements on the log.</p> <p><strong>Speedtest Service</strong></p> <p>An experimental speed test service has been introduced:</p> <ul> <li>France: <a href="https://speedtest.fr-rbx1.burble.dn42">https://speedtest.fr-rbx1.burble.dn42</a></li> <li>Canada: <a href="https://speedtest.ca-bhs2.burble.dn42">https://speedtest.ca-bhs2.burble.dn42</a></li> </ul> <p>The two services are currently only accessible over IPv6 but are hosted on dedicated servers with plenty of available bandwidth. If the service ends up loading or disrupting the rest of the network then I may end up removing it, so use responsibly.</p> - 2019 - https://dn42.burble.com/additional/maintlog/2019/ + http://localhost:2010/additional/maintlog/2019/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/maintlog/2019/ - Archive of changes made in 2019 -31st December 2019 The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I&rsquo;ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published. + http://localhost:2010/additional/maintlog/2019/ + <p>Archive of changes made in 2019</p> <h4 id="31st-december-2019">31st December 2019</h4> <p>The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I&rsquo;ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published.</p> - 2018 - https://dn42.burble.com/additional/maintlog/2018/ + http://localhost:2010/additional/maintlog/2018/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/maintlog/2018/ - Archive of changes made in 2018 -30th December 2018 Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3. -27th December 2018 Added Certificate Authority details. -26th December 2018 Upgraded the looking glass with Zhaofeng bird-lg fixes. -ROA data is available through the burble.dn42 website, see the Services page. -RPKI service is now replicated across regions to provide additional resiliency. -New version of bird2 deployed, including RPKI fixes from JRB0001. -24th December 2018 Added new peers: + http://localhost:2010/additional/maintlog/2018/ + <p>Archive of changes made in 2018</p> <h4 id="30th-december-2018">30th December 2018</h4> <p>Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3.</p> <h4 id="27th-december-2018">27th December 2018</h4> <p>Added <a href="http://localhost:2010/home/certificate-authority">Certificate Authority</a> details.</p> <h4 id="26th-december-2018">26th December 2018</h4> <p>Upgraded the <a href="https://lg.burble.com">looking glass</a> with Zhaofeng <a href="https://github.com/zhaofengli/bird-lg/commits/zhaofengli">bird-lg fixes</a>.<br> ROA data is available through the burble.dn42 website, see the <a href="home/burble-dn42-services">Services</a> page.<br> RPKI service is now replicated across regions to provide additional resiliency.<br> New version of bird2 deployed, including RPKI fixes from JRB0001.</p> <h4 id="24th-december-2018">24th December 2018</h4> <p>Added new peers:</p> + + + Dialup Service + http://localhost:2010/retro/modem/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/retro/modem/ + <p>Connect in to dn42 using a real physical modem.</p> <blockquote class="gdoc-hint danger"> <p><strong>06/02/23</strong> - The modem service is currently unavailable and will remain offline until later in the year.</p> <p>In the meantime, the <a href="https://wdev.burble.dn42/retro/fake/">modem emulator</a> service is still available.</p> </blockquote> <blockquote class="gdoc-hint warning"> <strong>Health warning</strong>: dialing in to dn42 can be rewarding and great fun, but using modems over VoIP is flakey at the best of times and getting it to work can be a frustrating experience. This is very much an experimental service. </blockquote> <p>The burble.dn42 dialup service allows you to dial in to dn42 via a modem. The modem is reachable via VoIP and connected to a PPP server, allowing you to log in and obtain full dn42 IPv4 connectivity.</p> - Peering with burble.dn42 - https://dn42.burble.com/network/peering/ + http://localhost:2010/network/peering/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/peering/ - This page provides the information to get started on peering with the burble.dn42 network -burble.dn42 is a set of global POPs integrated to the dn42 network, and new peering requests are welcome. A description of the network is available in the Overview page. -burble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42. Please ensure you read the information below before requesting to peer. + http://localhost:2010/network/peering/ + <p>This page provides the information to get started on peering with the burble.dn42 network</p> <p>burble.dn42 is a set of global POPs integrated to the <a href="https://dn42.dev/">dn42</a> network, and new peering requests are welcome. Some details of the network are available in the <a href="http://localhost:2010/network/design">Design</a> page.</p> <p>burble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42.<br/> <em>Please ensure you read the information below before requesting to peer.</em></p> - DN42 - https://dn42.burble.com/services/dn42/ + http://localhost:2010/services/dn42/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/dn42/ - burble.dn42 hosts a number of DN42 infrastructure services. -DNS Service Name IP DN42 Master b.master.delegation-servers.dn42 fd42:180:3de0:30::1 Authoritative Service b.delegation-servers.dn42 172.20.129.1fd42:4242:2601:ac53::1 Recursive Service b.recursive-servers.dn42 172.20.129.2fd42:4242:2601:ac53::53 burble.dn42 provides a local, anycast, authoritative and recursive DNS service. -The DNS Service has it&rsquo;s own page. -DN42 Wiki Mirror Mirror URLs wiki.dn42wiki.burble.dn42  (editable via DN42) dn42. + http://localhost:2010/services/dn42/ + <p>burble.dn42 hosts a number of DN42 infrastructure services.</p> <h2 id="dns">DNS</h2> <table> <thead> <tr> <th style="text-align: left">Service</th> <th style="text-align: left">Name</th> <th style="text-align: left">IP</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">DN42 Master</td> <td style="text-align: left">b.master.delegation-servers.dn42</td> <td style="text-align: left">fd42:180:3de0:30::1</td> </tr> <tr> <td style="text-align: left">Authoritative Service</td> <td style="text-align: left">b.delegation-servers.dn42</td> <td style="text-align: left">172.20.129.1<br/>fd42:4242:2601:ac53::1</td> </tr> <tr> <td style="text-align: left">Recursive Service</td> <td style="text-align: left">b.recursive-servers.dn42</td> <td style="text-align: left">172.20.129.2<br/>fd42:4242:2601:ac53::53</td> </tr> </tbody> </table> <p>burble.dn42 provides a local, anycast, authoritative and recursive DNS service.<br> The <a href="http://localhost:2010/services/dns">DNS Service</a> has it&rsquo;s own page.</p> <h2 id="dn42-wiki-mirror">DN42 Wiki Mirror</h2> <table> <thead> <tr> <th style="text-align: left">Mirror URLs</th> <th></th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="https://wiki.dn42/">wiki.dn42</a><br/><a href="https://wiki.burble.dn42/">wiki.burble.dn42</a> </td> <td style="text-align: left">(editable via DN42)</td> </tr> <tr> <td style="text-align: left"><a href="https://dn42.dev/">dn42.dev</a><br/><a href="https://wiki.burble.com/">wiki.burble.com</a> </td> <td style="text-align: left">(read-only via public internet)</td> </tr> </tbody> </table> <p>burble.dn42 maintains a globally distributed mirror of the DN42 Wiki, and is part of the wiki.dn42 anycast group. The DN42 services (<a href="https://wiki.dn42/">wiki.dn42</a> and <a href="https://wiki.burble.dn42/">wiki.burble.dn42</a>) are editable, whilst the public internet views (<a href="https://dn42.dev/">dn42.dev</a> and <a href="https://wiki.burble.com/">wiki.burble.com</a>) are read-only.</p> + + + Modem Emulator + http://localhost:2010/retro/fake/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/retro/fake/ + <p>No modem ? no problem.</p> <blockquote class="gdoc-hint danger"> Dialup services may or may not be available depending on rebuild progress. </blockquote> <p>If you don&rsquo;t have a physical modem you can still get that retro vibe by accessing dn42 using the modem emulator service. This service presents a series of TCP/IP ports that emulate a subset of the Hayes AT command set and which are speed limited to specific baud rates. The modem can dial directly to the fr-par1 shell service for that CLI experience, or get full dn42 access via a PPP session.</p> - Node Information - https://dn42.burble.com/network/nodes/ + http://localhost:2010/network/nodes/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/nodes/ - Europe dn42-fr-rbx1 Location OVH (SoYouStart), Roubaix, France Specs 4 core/8 thread, 32GB, 2 x 960GB SSD, 500mbit unmetered Public Hostname dn42-fr-rbx1.burble.com Public IPv4 Address 176.31.240.39 Public IPv6 Address 2001:41d0:8:127::1 Tunnel IPv4 Peer Address 172.20.129.188/32 Tunnel IPv6 Link Local fe80::42:2601:36:1/64 Tunnel IPv6 ULA fd42:4242:2601:36::1/128 dn42-uk-lon1 Location Clouvider, London, UK Specs 4 core/8 thread, 32GB, 2 x 240GB SSD, 10TB bw Public Hostname dn42-uk-lon1. + http://localhost:2010/network/nodes/ + <p>Public peering nodes</p> <h2 id="europe">Europe</h2> <h3 id="dn42-fr-rbx1">dn42-fr-rbx1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>OVH, Roubaix, France</td> </tr> <tr> <td><strong>Specs</strong></td> <td>E5-1650v3, 64GB, 2 x 480GB SSD, 300mbit up/1Gbit down</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-fr-rbx1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>51.254.198.204</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2001:41d0:1008:acc::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.189/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:26:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:26::1/128</td> </tr> </tbody> </table> <h3 id="dn42-fr-par1">dn42-fr-par1</h3> <blockquote class="gdoc-hint warning"> fr-par1 is being decommissioned </blockquote> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>Scaleway/Online.net, Paris, France</td> </tr> <tr> <td><strong>Specs</strong></td> <td>E3-1230v2 - 4c/8t, 32GB, 2 x 1TB SSD, 1Gbit unmetered</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-fr-par1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>51.159.194.131</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2001:bc8:1201:50d:d6ae:52ff:fecc:c97</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.181/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:37:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:37::1/128</td> </tr> </tbody> </table> <h3 id="dn42-uk-lon1">dn42-uk-lon1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, London, UK</td> </tr> <tr> <td><strong>Specs</strong></td> <td>6 x EPYC 7513, 24GB, 270GB NVME, 40TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-uk-lon1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>45.91.93.104</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a0e:dc0:5:5::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.187/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:35:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:35::1/128</td> </tr> </tbody> </table> <h3 id="dn42-de-fra1">dn42-de-fra1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>BeroHost, Frankfurt, Germany</td> </tr> <tr> <td><strong>Specs</strong></td> <td>6 x EPYC 7443P, 24GB, 300GB NVME, 25TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-de-fra1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>5.180.253.211</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a0e:6a80:3:430::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.169/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:31:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:31::1/128</td> </tr> </tbody> </table> <h3 id="dn42-se-sto1">dn42-se-sto1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, Stockholm, Sweden</td> </tr> <tr> <td><strong>Specs</strong></td> <td>6 x EPYC 7542, 32GB, 340GB NVME, 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-se-sto1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>176.126.84.199</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a0e:dc0:2:1e93::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.167/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:2d:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:2d::1/128</td> </tr> </tbody> </table> <h2 id="north-america">North America</h2> <h3 id="dn42-ca-bhs1">dn42-ca-bhs1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>OVH, Beauharnois, Canada</td> </tr> <tr> <td><strong>Specs</strong></td> <td>E5-1650v3, 64GB, 2 x 480GB SSD, 300mbit up/1Gbit down</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-ca-bhs1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>167.114.211.156</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2607:5300:60:7a9c::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.170/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:2c:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:2c::1/128</td> </tr> </tbody> </table> <h3 id="dn42-us-ash1">dn42-us-ash1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>GreenCloud, Ashburn, United States</td> </tr> <tr> <td><strong>Specs</strong></td> <td>8 x EPYC 7763, 32GB, 480GB NVME, 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-us-ash1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>173.249.195.195</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2607:9000:9000:10ae::a</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.181/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:37:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:37::1/128</td> </tr> </tbody> </table> <h3 id="dn42-us-lax1">dn42-us-lax1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, Los Angeles, United States</td> </tr> <tr> <td><strong>Specs</strong></td> <td>2 x EPYC 7413, 8GB, 60GB NVME, 10TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-us-lax1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>45.67.219.3</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a04:bdc7:100:4656::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.172/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:2a:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:2a::1/128</td> </tr> </tbody> </table> <h3 id="dn42-us-nyc1">dn42-us-nyc1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, New York, United States</td> </tr> <tr> <td><strong>Specs</strong></td> <td>2 x EPYC 7443P, 8GB, 60GB NVME, 10TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-us-nyc1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>109.205.61.36</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2605:4840:2:eed4::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.175/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:29:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:29::1/128</td> </tr> </tbody> </table> - Public Services - https://dn42.burble.com/services/public/ + http://localhost:2010/services/public/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/public/ - Services provided for use within DN42 -Website burble.dn42 (dn42 link) dn42.burble.com (public internet link) This website is built using Hugo and is distributed across burble.dn42 core nodes. -The public internet site is hosted on de-fra1 behind CloudFlare and the source for the website is published in the burble.dn42 git. -Issue Log A public issue log is maintained on the DN42 Registry. - Issue Log Users are welcome to raise issues or enhancements via the log. + http://localhost:2010/services/public/ + <p>Services provided for use within DN42</p> <h2 id="website">Website</h2> <ul> <li><a href="https://burble.dn42/">burble.dn42</a> (dn42 link)</li> <li><a href="https://dn42.burble.com/">dn42.burble.com</a> (public internet link)</li> </ul> <p>This website is built using <a href="https://gohugo.io/">Hugo</a> and is <a href="http://localhost:2010/services/internal/#rproxyburbledn42">distributed</a> across burble.dn42 core nodes.</p> <p>The public internet site is a <a href="https://www.cloudflare.com">CloudFlare</a> pages application and the source is <a href="https://git.burble.com/burble.dn42/www">published</a> in the burble.dn42 git.</p> <h2 id="service-administration-portal">Service Administration Portal</h2> <ul> <li><a href="https://svc.burble.dn42/">svc.burble.dn42</a></li> </ul> <p>The service portal allows you to configure your burble.dn42 services.</p> <p>Functionality includes:</p> <ul> <li>Setting or changing a burble.dn42 LDAP password</li> <li>Changing your shell for the shell services</li> <li>Viewing peering information</li> </ul> <h2 id="diagnostic-services">Diagnostic Services</h2> <h3 id="looking-glass">Looking Glass</h3> <ul> <li><a href="https://lg.burble.com">lg.burble.com</a> (public internet link)</li> <li><a href="https://lg.burble.dn42">lg.burble.dn42</a> (dn42 link)</li> </ul> <p>The burble.dn42 looking glass is based on <a href="https://github.com/xddxdd/bird-lg-go">bird-lg-go</a> with some local customisations. The source code for the looking glass is available on the <a href="https://git.burble.com/burble.dn42/bird-lg-go">burble.dn42 git</a>.</p> - Internal Services - https://dn42.burble.com/services/internal/ + http://localhost:2010/services/internal/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/internal/ - This page provides some documenation on other services used within burble.dn42 that are not directly available for public use. -rproxy.burble.dn42 Core nodes run an nginx container that acts as a reverse proxy for services hosted in tier2. -The reverse proxy is distributed to improve local response times and is anycast as rproxy.burble.dn42. Most web services provided by burble.dn42 are simply CNAMEs to the reverse proxy which then balances and forwards the request to the actual service. + http://localhost:2010/services/internal/ + <p>This page provides some documenation on other services used within burble.dn42 that are not directly available for public use.</p> <h2 id="traefik--traefik-eu--traefik-na">traefik / traefik-eu / traefik-na</h2> <p>burble.dn42 runs a global <a href="https://traefik.io/traefik/">traefik</a> cluster which acts as a reverse proxy and load balancer for burble.dn42 web services.</p> <p>The traefik instances are anycast globally (traefik.burble.dn42), but also have regional load balancing groups for Europe (traefik-eu.burble.dn42) and North America (traefik-na.burble.dn42). This regional split helps to direct users to local services where possible.</p> - IPAM - https://dn42.burble.com/network/IPAM/ + http://localhost:2010/network/IPAM/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/IPAM/ - IP address tables -General Ranges IPv4 IPv4 Address Range Purpose 172.20.129.0/27 burble.dn42 services 172.20.129.160/27 burble.dn42 nodes IPv6 IPv6 Address Range Purpose fd42:4242:2601:acXX::/64 Anycast services fd42:4242:2601:AA::/64 Public services for host AA fd42:4242:2601:AA00::/56 /56 routed to host AA fd42:4242:2601:AA02::/64 Tier2 services on host AA burble. + http://localhost:2010/network/IPAM/ + <p>IP address tables</p> <h2 id="general-ranges">General Ranges</h2> <h3 id="ipv4">IPv4</h3> <table> <thead> <tr> <th style="text-align: left">IPv4 Address Range</th> <th style="text-align: left">Purpose</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">172.20.129.0/27</td> <td style="text-align: left">burble.dn42 services</td> </tr> <tr> <td style="text-align: left">172.20.129.160/27</td> <td style="text-align: left">burble.dn42 nodes</td> </tr> </tbody> </table> <h3 id="ipv6">IPv6</h3> <table> <thead> <tr> <th style="text-align: left">IPv6 Address Range</th> <th style="text-align: left">Purpose</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">fd42:4242:2601:acXX::/64</td> <td style="text-align: left">anycast services</td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>::/64</td> <td style="text-align: left">public services for host <em>AA</em></td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:10<em>AA</em>::/64</td> <td style="text-align: left">dmz services for host <em>AA</em></td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>00::/56</td> <td style="text-align: left">/56 routed to host <em>AA</em></td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>02::/64</td> <td style="text-align: left">tier2 services on host <em>AA</em></td> </tr> </tbody> </table> <h2 id="burbledn42-services">burble.dn42 Services</h2> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> <th style="text-align: left">Comment</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"> </td> <td style="text-align: left">172.20.129.0</td> <td style="text-align: left"> </td> <td style="text-align: left">Reserved</td> </tr> <tr> <td style="text-align: left">ns1.burble.dn42</td> <td style="text-align: left">172.20.129.1</td> <td style="text-align: left">fd42:4242:2601:ac53::1</td> <td style="text-align: left">Authoritative DNS Master</td> </tr> <tr> <td style="text-align: left">dns.burble.dn42</td> <td style="text-align: left">172.20.129.2</td> <td style="text-align: left">fd42:4242:2601:ac53::53</td> <td style="text-align: left">Recursive DNS Resolver</td> </tr> <tr> <td style="text-align: left"><a href="https://burble.dn42">burble.dn42</a><br/><a href="https://burble.dn42">www.burble.dn42</a></td> <td style="text-align: left">172.20.129.3</td> <td style="text-align: left">fd42:4242:2601:ac80::1</td> <td style="text-align: left">Website</td> </tr> <tr> <td style="text-align: left">collector.dn42</td> <td style="text-align: left">172.20.129.4</td> <td style="text-align: left">fd42:4242:2601:ac12::1</td> <td style="text-align: left">Global Route Collector</td> </tr> <tr> <td style="text-align: left">pingable.burble.dn42</td> <td style="text-align: left">172.20.129.5</td> <td style="text-align: left">fd42:4242:2601:ac05::1</td> <td style="text-align: left">Pingable IP Address</td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.6</td> <td style="text-align: left"></td> <td style="text-align: left"><em>unallocated</em></td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.7</td> <td style="text-align: left"></td> <td style="text-align: left"><em>unallocated</em></td> </tr> <tr> <td style="text-align: left">whois.burble.dn42</td> <td style="text-align: left">172.20.129.8</td> <td style="text-align: left">fd42:4242:2601:ac43::1</td> <td style="text-align: left">Whois service anycast</td> </tr> <tr> <td style="text-align: left">voip.burble.dn42</td> <td style="text-align: left">172.20.129.9</td> <td style="text-align: left">fd42:4242:2601:37:216:3eff:fe8f:6211</td> <td style="text-align: left">Asterisk VOIP Service</td> </tr> <tr> <td style="text-align: left">shell.burble.dn42</td> <td style="text-align: left">172.20.129.10</td> <td style="text-align: left">fd42:4242:2601:ac22::1</td> <td style="text-align: left">Shell service anycast</td> </tr> <tr> <td style="text-align: left">traefik-v2.burble.dn42</td> <td style="text-align: left">172.20.129.11</td> <td style="text-align: left">fd42:4242:2601:ac81::1</td> <td style="text-align: left">Global traefik cluster</td> </tr> <tr> <td style="text-align: left">traefik.burble.dn42</td> <td style="text-align: left">172.20.129.12</td> <td style="text-align: left">fd42:4242:2601:ac82::1</td> <td style="text-align: left">Global traefik cluster</td> </tr> <tr> <td style="text-align: left">traefik-eu.burble.dn42</td> <td style="text-align: left">172.20.129.13</td> <td style="text-align: left">fd42:4242:2601:ac83::1</td> <td style="text-align: left">Europe traefik cluster</td> </tr> <tr> <td style="text-align: left">traefik-na.burble.dn42</td> <td style="text-align: left">172.20.129.14</td> <td style="text-align: left">fd42:4242:2601:ac84::1</td> <td style="text-align: left">North America traefik cluster</td> </tr> <tr> <td style="text-align: left"> </td> <td style="text-align: left"><em>172.20.129.15-19</em></td> <td style="text-align: left"> </td> <td style="text-align: left"><em>Unallocated</em></td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.20/30</td> <td style="text-align: left"> </td> <td style="text-align: left"><a href="http://localhost:2010/retro/modem/">Dialup Service</a> endpoints</td> </tr> <tr> <td style="text-align: left">shell.ca-bhs1.burble.dn42</td> <td style="text-align: left">172.20.129.21</td> <td style="text-align: left">fd42:4242:2601:100c:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left">shell.us-ash1.burble.dn42</td> <td style="text-align: left">172.20.129.22</td> <td style="text-align: left">fd42:4242:2601:1017:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left">shell.fr-rbx1.burble.dn42</td> <td style="text-align: left">172.20.129.23</td> <td style="text-align: left">fd42:4242:2601:1006:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left">shell.de-fra2.burble.dn42</td> <td style="text-align: left">172.20.129.24</td> <td style="text-align: left">fd42:4242:2601:100b:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left">shell.uk-lon1.burble.dn42</td> <td style="text-align: left">172.20.129.25</td> <td style="text-align: left">fd42:4242:2601:1015:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left">shell.us-nyc2.burble.dn42</td> <td style="text-align: left">172.20.129.26</td> <td style="text-align: left">fd42:4242:2601:101d:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left">shell.us-lax2.burble.dn42</td> <td style="text-align: left">172.20.129.27</td> <td style="text-align: left">fd42:4242:2601:1018:72ef:f1ff:febb:d521</td> <td style="text-align: left">Shell Server</td> </tr> <tr> <td style="text-align: left"> </td> <td style="text-align: left"><em>172.20.129.28-30</em></td> <td style="text-align: left"> </td> <td style="text-align: left"><em>shell service unassigned</em></td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.31</td> <td style="text-align: left"></td> <td style="text-align: left"><em>unassigned</em></td> </tr> </tbody> </table> <h2 id="burbledn42-nodes-dn42-addressing">burble.dn42 Nodes (DN42 Addressing)</h2> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> <th style="text-align: left">Comment</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">fr-gra1.burble.dn42</td> <td style="text-align: left">172.20.129.164</td> <td style="text-align: left">fd42:4242:2601:3f::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">us-nyc3.burble.dn42</td> <td style="text-align: left">172.20.129.165</td> <td style="text-align: left">fd42:4242:2601:3a::1</td> <td style="text-align: left">NYC Cluster</td> </tr> <tr> <td style="text-align: left">uk-lon2.burble.dn42</td> <td style="text-align: left">172.20.129.166</td> <td style="text-align: left">fd42:4242:2601:2e::1</td> <td style="text-align: left">UK Storage</td> </tr> <tr> <td style="text-align: left">se-sto1.burble.dn42</td> <td style="text-align: left">172.20.129.167</td> <td style="text-align: left">fd42:4242:2601:2d::1</td> <td style="text-align: left">SE Public Peering</td> </tr> <tr> <td style="text-align: left">de-fra3.burble.dn42</td> <td style="text-align: left">172.20.129.168</td> <td style="text-align: left">fd42:4242:2601:34::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">de-fra1.burble.dn42</td> <td style="text-align: left">172.20.129.169</td> <td style="text-align: left">fd42:4242:2601:31::1</td> <td style="text-align: left">DE Public Peering</td> </tr> <tr> <td style="text-align: left">ca-bhs1.burble.dn42</td> <td style="text-align: left">172.20.129.170</td> <td style="text-align: left">fd42:4242:2601:2c::1</td> <td style="text-align: left">CA Public Peering</td> </tr> <tr> <td style="text-align: left">de-fra2.burble.dn42</td> <td style="text-align: left">172.20.129.171</td> <td style="text-align: left">fd42:4242:2601:2b::1</td> <td style="text-align: left">DE Cluster</td> </tr> <tr> <td style="text-align: left">us-lax1.burble.dn42</td> <td style="text-align: left">172.20.129.172</td> <td style="text-align: left">fd42:4242:2601:2a::1</td> <td style="text-align: left">LAX Public Peering</td> </tr> <tr> <td style="text-align: left">uk-lon6.burble.dn42</td> <td style="text-align: left">172.20.129.173</td> <td style="text-align: left">fd42:4242:2601:27::1</td> <td style="text-align: left">UK Cluster</td> </tr> <tr> <td style="text-align: left">ch-zur1.burble.dn42</td> <td style="text-align: left">172.20.129.174</td> <td style="text-align: left">fd42:4242:2601:28::1</td> <td style="text-align: left">CH Public Peering - <em>being decommissioned</em></td> </tr> <tr> <td style="text-align: left">us-nyc1.burble.dn42</td> <td style="text-align: left">172.20.129.175</td> <td style="text-align: left">fd42:4242:2601:29::1</td> <td style="text-align: left">NYC Public Peering</td> </tr> <tr> <td style="text-align: left">us-nyc2.burble.dn42</td> <td style="text-align: left">172.20.129.176</td> <td style="text-align: left">fd42:4242:2601:3d::1</td> <td style="text-align: left">NYC Cluster</td> </tr> <tr> <td style="text-align: left">uk-lon4.burble.dn42</td> <td style="text-align: left">172.20.129.177</td> <td style="text-align: left">fd42:4242:2601:25::1</td> <td style="text-align: left">UK Cluster</td> </tr> <tr> <td style="text-align: left">uk-lon5.burble.dn42</td> <td style="text-align: left">172.20.129.178</td> <td style="text-align: left">fd42:4242:2601:24::1</td> <td style="text-align: left">UK Cluster</td> </tr> <tr> <td style="text-align: left">uk-cov1.burble.dn42</td> <td style="text-align: left">172.20.129.179</td> <td style="text-align: left">fd42:4242:2601:23::1</td> <td style="text-align: left">UK Cluster</td> </tr> <tr> <td style="text-align: left">us-lax2.burble.dn42</td> <td style="text-align: left">172.20.129.180</td> <td style="text-align: left">fd42:4242:2601:38::1</td> <td style="text-align: left">LAX Cluster</td> </tr> <tr> <td style="text-align: left">us-ash1.burble.dn42</td> <td style="text-align: left">172.20.129.181</td> <td style="text-align: left">fd42:4242:2601:37::1</td> <td style="text-align: left">Ashburn Public Peering</td> </tr> <tr> <td style="text-align: left">fr-par2.burble.dn42</td> <td style="text-align: left">172.20.129.182</td> <td style="text-align: left">fd42:4242:2601:3e::1</td> <td style="text-align: left">FR Cluster</td> </tr> <tr> <td style="text-align: left">nl-ams3.burble.dn42</td> <td style="text-align: left">172.20.129.183</td> <td style="text-align: left">fd42:4242:2601:3c::1</td> <td style="text-align: left">Experimental - <em>being decommissioned</em></td> </tr> <tr> <td style="text-align: left">uk-lon3.burble.dn42</td> <td style="text-align: left">172.20.129.184</td> <td style="text-align: left">fd42:4242:2601:30::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">no-trd1.burble.dn42</td> <td style="text-align: left">172.20.129.185</td> <td style="text-align: left">fd42:4242:2601:39::1</td> <td style="text-align: left">NO Public Peering - <em>being decommissioned</em></td> </tr> <tr> <td style="text-align: left">nl-ams1.burble.dn42</td> <td style="text-align: left">172.20.129.186</td> <td style="text-align: left">fd42:4242:2601:32::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">uk-lon1.burble.dn42</td> <td style="text-align: left">172.20.129.187</td> <td style="text-align: left">fd42:4242:2601:35::1</td> <td style="text-align: left">UK Public Peering</td> </tr> <tr> <td style="text-align: left">fr-par1.burble.dn42</td> <td style="text-align: left">172.20.129.188</td> <td style="text-align: left">fd42:4242:2601:36::1</td> <td style="text-align: left">FR Public Peering - <em>being decommissioned</em></td> </tr> <tr> <td style="text-align: left">fr-rbx1.burble.dn42</td> <td style="text-align: left">172.20.129.189</td> <td style="text-align: left">fd42:4242:2601:26::1</td> <td style="text-align: left">FR Public Peering</td> </tr> <tr> <td style="text-align: left"><em>reserved</em></td> <td style="text-align: left">172.20.129.190</td> <td style="text-align: left">fd42:4242:2601:20::1</td> <td></td> </tr> <tr> <td style="text-align: left"><em>reserved</em></td> <td style="text-align: left">172.20.129.191</td> <td style="text-align: left">fd42:4242:2601:20::1</td> <td></td> </tr> </tbody> </table> <h2 id="burbledn42-nodes-public-addressing">burble.dn42 Nodes (Public Addressing)</h2> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">dn42-fr-rbx1.burble.com</td> <td style="text-align: left">51.254.198.204</td> <td style="text-align: left">2001:41d0:1008:acc::1</td> </tr> <tr> <td style="text-align: left">dn42-uk-lon1.burble.com</td> <td style="text-align: left">45.91.93.104</td> <td style="text-align: left">2a0e:dc0:5:5::1</td> </tr> <tr> <td style="text-align: left">dn42-de-fra1.burble.com</td> <td style="text-align: left">5.180.253.211</td> <td style="text-align: left">2a0e:6a80:3:430::1</td> </tr> <tr> <td style="text-align: left">dn42-se-sto1.burble.com</td> <td style="text-align: left">176.126.84.199</td> <td style="text-align: left">2a0e:dc0:2:1e93::1</td> </tr> <tr> <td style="text-align: left">dn42-ca-bhs1.burble.com</td> <td style="text-align: left">167.114.211.156</td> <td style="text-align: left">2607:5300:60:7a9c::1</td> </tr> <tr> <td style="text-align: left">dn42-us-lax1.burble.com</td> <td style="text-align: left">45.67.219.3</td> <td style="text-align: left">2a04:bdc7:100:4656::1</td> </tr> <tr> <td style="text-align: left">dn42-us-nyc1.burble.com</td> <td style="text-align: left">109.205.61.36</td> <td style="text-align: left">2605:4840:2:eed4::1</td> </tr> <tr> <td style="text-align: left">dn42-us-ash1.burble.com</td> <td style="text-align: left">173.249.195.195</td> <td style="text-align: left">2607:9000:9000:10ae::a</td> </tr> </tbody> </table> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">git.dn42.dev</td> <td style="text-align: left">45.91.93.104</td> <td style="text-align: left">2a0e:dc0:5:5:425d:6eff:feb4:6e2d</td> </tr> </tbody> </table> <h2 id="elburbdn42">elburb.dn42</h2> <p>elburb.dn42 is a private domain used for burble.dn42 internal services.</p> - Routing Policy - https://dn42.burble.com/network/routing-policy/ + http://localhost:2010/network/routing-policy/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/routing-policy/ - With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible. -Policy Objectives Direct routes for prefixes belonging to a peer should be given the highest priority. So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party Routes to the anycast prefixes should be prioritised through stable, low latency peers. + http://localhost:2010/network/routing-policy/ + <p>With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible.</p> <h2 id="policy-objectives">Policy Objectives</h2> <ol> <li>Direct routes for prefixes belonging to a peer should be given the highest priority. <ul> <li>So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party</li> </ul> </li> <li>Where prefixes are tagged with a DN42 region, they should be routed locally or within the burble.dn42 network. <ul> <li>To avoid sending traffic across regions when this could have been avoided.</li> <li>The AS path length is also increased between regions to pursuade external routers to also prefer local hosts.</li> </ul> </li> <li>Prioritise by shortest path, then lowest latency</li> </ol> <h2 id="policy-implementation">Policy Implementation</h2> <h3 id="bgp-local_pref">bgp local_pref</h3> <p>The local_pref for routes is set on entry, and then propogated across the whole network. This forces the network to prefer routes that, where possible, send traffic through the burble.dn42 network to a local peer, rather than sending cross regional traffic through external peers (aka <a href="https://en.wikipedia.org/wiki/Hot-potato_and_cold-potato_routing">Cold Potato Routing</a>).</p> - BGP Communities - https://dn42.burble.com/network/communities/ + http://localhost:2010/network/communities/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/communities/ - This page describes the use of BGP communities within the network. -DN42 Communities DN42 Communities are applied both internally and externally, and are used to influence the Routing Policy. - Community Description ( 64511 : 0 &lt; x &lt; 21 ) Max latency ( 64511 : 20 &lt; x &lt; 30 ) Min bandwidth ( 64511 : 30 &lt; x &lt; 35 ) Min encryption ( 64511 : 40 &lt; x &lt; 54 ) Route Origin Well Known BGP Communities The following well known communities are implemented. + http://localhost:2010/network/communities/ + <p>This page describes the use of BGP communities within the network.</p> <h2 id="dn42-communities">DN42 Communities</h2> <p>The <a href="https://dn42.net/howto/Bird-communities">DN42 Route Origin Community</a> is applied both internally and externally, and is used to influence the <a href="http://localhost:2010/network/routing-policy">Routing Policy</a>.</p> <table> <thead> <tr> <th style="text-align: left">Community  </th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">( 64511 : 40 &lt; x &lt; 54 )  </td> <td style="text-align: left">Route Origin</td> </tr> </tbody> </table> <p>The other DN42 communities are not used in burble.dn42:</p> <table> <thead> <tr> <th style="text-align: left">Community  </th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">( 64511 : 0 &lt; x &lt; 21 )  </td> <td style="text-align: left">Max latency</td> </tr> <tr> <td style="text-align: left">( 64511 : 20 &lt; x &lt; 30 )  </td> <td style="text-align: left">Min bandwidth</td> </tr> <tr> <td style="text-align: left">( 64511 : 30 &lt; x &lt; 35 )  </td> <td style="text-align: left">Min encryption</td> </tr> </tbody> </table> <h2 id="well-known-bgp-communities">Well Known BGP Communities</h2> <p>The following well known communities are implemented.</p> - DNS - https://dn42.burble.com/services/dns/ + http://localhost:2010/services/dns/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/dns/ - burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure. - Role Names DN42 DNS Master b.master.delegation-servers.dn42 Authoritative DNS Service b.delegation-servers.dn42 -ns1.burble.dn42 Recursive DNS Service b.recursive-servers.dn42dns.burble.dn42 dns64 Service dns64.burble.dn42 Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. + http://localhost:2010/services/dns/ + <p>burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure.</p> <table> <thead> <tr> <th style="text-align: left">Role</th> <th style="text-align: left">Names</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">DN42 DNS Master</td> <td style="text-align: left">b.master.delegation-servers.dn42</td> </tr> <tr> <td style="text-align: left">Authoritative DNS Service</td> <td style="text-align: left">b.delegation-servers.dn42<br>ns1.burble.dn42</td> </tr> <tr> <td style="text-align: left">Recursive DNS Service</td> <td style="text-align: left">b.recursive-servers.dn42<br/>dns.burble.dn42</td> </tr> <tr> <td style="text-align: left">dns64 Service</td> <td style="text-align: left">dns64.burble.dn42</td> </tr> </tbody> </table> <p>Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. The services support DNSSEC and are available over UDP, TCP, DNS over HTTPs and DNS over TLS.</p> + + + ACME + http://localhost:2010/services/acme/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/acme/ + <p>burble.dn42 provides an <a href="https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment">ACME</a> service using an intermediate certificate issued by the <a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a> and implemented using a <a href="https://vaultproject.io/">HashiCorp Vault</a> cluster to provide a highly available service.</p> <p>The following ACME challenge types are supported:</p> <ul> <li>http-01</li> <li>dns-01</li> <li>tls-alpn-01</li> </ul> <h2 id="dn42-endpoint">dn42 endpoint</h2> <ul> <li><a href="https://acme.burble.dn42/v1/dn42/acme/directory">https://acme.burble.dn42/v1/dn42/acme/directory</a></li> </ul> <p>The dn42 endpoint serves certificates signed by an intermediate certificate issued by the <a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a>.</p> <blockquote class="gdoc-hint info"> <p>Note that certificates are issued with a validity period of <strong>30 days</strong>, which is shorter than most clearnet ACME services.</p> + + + Shell Accounts + http://localhost:2010/services/shell/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/shell/ + <p>burble.dn42 provides shell accounts on the following servers:</p> <ul> <li>shell.fr-rbx1.burble.dn42</li> <li>shell.uk-lon1.burble.dn42</li> <li>shell.de-fra2.burble.dn42</li> <li>shell.ca-bhs1.burble.dn42</li> <li>shell.us-ash1.burble.dn42</li> <li>shell.us-lax2.burble.dn42</li> <li>shell.us-nyc2.burble.dn42</li> </ul> <p>There is also an anycast address <a href="https://shell.burble.dn42">shell.burble.dn42</a> that will route to the closest server.</p> <h2 id="accessing-the-service">Accessing the Service</h2> <p>The shell service imports user information from the dn42 registry allowing any MNTNER to log in to the servers. Usernames are constructed by lowercasing and removing the &lsquo;-MNT&rsquo; suffix.</p> <h3 id="using-an-ssh-public-key">Using an SSH public key</h3> <p>If you have an <code>auth</code> attribute with an SSH public key, this will be imported from the registry and you can use the SSH key to log in to the shell server.</p> + + + S3 Object Storage + http://localhost:2010/services/minio/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/minio/ + <p>burble.dn42 provides an S3 compatible storage service based on <a href="https://min.io/">min.io</a>.</p> <ul> <li><a href="https://minio.burble.dn42">https://minio.burble.dn42</a> - Web interface</li> <li>s3.burble.dn42 - S3 compatible interface</li> </ul> <blockquote class="gdoc-hint warning"> <p>Remember that the storage service is provided for the dn42 community and the <a href="http://localhost:2010/network/abuse/">burble.dn42 abuse policy</a> applies.</p> <p>Be considerate in your usage so that others will get the same benefits as you are enjoying now. Clean up files that you no longer need, do not use the service for illegal or objectional content and don&rsquo;t be stupid.</p> - Certificate Authority - https://dn42.burble.com/services/ca/ + http://localhost:2010/services/ca/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/ca/ - burble.dn42 maintains a PKI infarstructure for its services, using Hashicorp Vault -CA details countryName GB stateOrProvinceName dn42 organizationName burble.dn2 commonName ca.burble.dn42 emailAddress dn42@burble.com CA Download burble-dn42-ca.pem ------BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIJAIZWD8xmHTYFMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV BAYTAkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUG A1UEAwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxl LmNvbTAeFw0xODEyMjIwOTIxMDhaFw0yMDEyMjEwOTIxMDhaMGsxCzAJBgNVBAYT AkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUGA1UE AwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxlLmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEsUm0KtuwZjrMeWl/x t8f5XCLdDdBAm9KWfJWl9fwxTFkwYEMaXMLjhsmoLKuyXejs7X72VAA/Ctz9KuiQ l/teuGKvt8gNbq3IXVH9KxW8uiSWJIUklZ801qLjUX4kzWJlCgug7Xd2Q0LsevvC QMSNa2Blfh6ieMtjeQNaRhoyy3xEn7t/CNkn5U+bVFTUYE31fREWyEJe2avX2KIs y55GxlkUmOZZPAsMs9at+NmfDWsxOYJSYBOeLsyzJnHWX0g+X9sBf14CDPL3KVxq NdGlPGYmJXr8Q5bNUv6diHSGd4nW/ft/IRGPpgXpwzcQNQHfneZUGSC9L+0B4LR4 sqkCAwEAAaNTMFEwHQYDVR0OBBYEFN8+6wkXTKajsoezC1nzvBe+YZscMB8GA1Ud IwQYMBaAFN8+6wkXTKajsoezC1nzvBe+YZscMA8GA1UdEwEB/wQFMAMBAf8wDQYJ KoZIhvcNAQELBQADggEBAEdmCZyKaEk2AOcgVkQ9OMAR+AaGIUCazvWKGx2DXAJI 2zmeEKx1tkRAkEQkzoUo7vor+X8/f3FVmtVF5bxbI9y7LsrXSNZB62z+Voyj36Id rOx05MN9FPbz6FAD5a7vTWCK7hRgGTaUGwYVyVXy9iiSA8Oqm8sqblvfk9jz3E5Y TJP6b8Y/Dq9BLpciozqSLo2zPOvl7kaN3kS3eufzA4O9LKfFIxXIcqfsSzFlbQyu afBrjiG18FVCNPQW3kCBk2oOWl7z/SJjB1oG/ZcDhSdHYPj+1gTsnzTKAB8qJikh gGwJMRLy1L5Bd0p63in5SNX9LXVsY+8YiA7sa3yAhWc= -----END CERTIFICATE----- Certificate Expiry Date: May 12 10:08:49 2029 GMT + http://localhost:2010/services/ca/ + <p>burble.dn42 maintains a PKI infarstructure for its services, using <a href="http://localhost:2010/services/internal/#vaultburbledn42">Hashicorp Vault</a></p> <h2 id="ca-details">CA details</h2> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>countryName</td> <td>GB</td> </tr> <tr> <td>stateOrProvinceName   </td> <td>dn42</td> </tr> <tr> <td>organizationName</td> <td>burble.dn2</td> </tr> <tr> <td>commonName</td> <td>ca.burble.dn42</td> </tr> <tr> <td>emailAddress</td> <td><a href="mailto:dn42@burble.com">dn42@burble.com</a></td> </tr> </tbody> </table> <h2 id="ca-download">CA Download</h2> <pre tabindex="0"><code>-----BEGIN CERTIFICATE----- MIIFYzCCA0ugAwIBAgIUDFQuqm9Jd1nKLsvx0mFD0sOo5ZIwDQYJKoZIhvcNAQEL BQAwLDEUMBIGA1UEChMLYnVyYmxlLmRuNDIxFDASBgNVBAMTC2J1cmJsZS5kbjQy MCAXDTI0MTIwNTE0MDgzM1oYDzIwNzQxMTIzMTQwOTAyWjAsMRQwEgYDVQQKEwti dXJibGUuZG40MjEUMBIGA1UEAxMLYnVyYmxlLmRuNDIwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQDBU5+AhFEIgQb8HpV6DWTyHCEFsSLHfYElV7Su+q/R 5RxeLSoYbNrzfsKzoWdVS7lHhmxSsjsY4fM6P3mxhns4QmUOobvB0tuDWtWnudKU oOqT2U5XCZZ05342F5isnEHdGYZPolMnFkv4Diiy4Bx+fgFElyqA7yJpIvuHXK1W upy9V5NC6zcUBs6S3grOKRJ4Wk1PZMjGj++wt5B8wc+eqOt/P/V33dqdou6vvQgE 9TAPn36dYLsY3ifIZCSf4VWEtkJTsuEx/eGGnbkH6Q6Qwqz6gMFE9ICHadSpxBDR GMFRBYAaDE3m/YQxezkQ3rJIj88crKzM/UgM2xB6W6Z69tUZWJU39c5SP96/nxaY qhBw1IwfPborpBx0iWNOa9sZwWlJPUDeRvqyFeZSsza8luGXd8SnXFL4YGscZUzn Y19nrfy4xzkwrGRQw1cQiYa6mvfxcZtRFDbNu+k4nBXrLwdUtvyGImkGhNVJxu4T RTAi3YOf8cm5Vibr6nL2iDZBXpc0NRZJGteHlyvU7QV5iXBq7aB8oBTu2mJ4xHLn qdokBlEblcmDDJGzKV6Y2RXVDsUeZjnSfuYUQ7+UvzWu3upWcXIw9+SPJJGFAZqh 39YC2R0kvMhE81TfIe+G80pTXNOkvaWb+ubkJaKyIKvlC3AnHcFOzeM3r0Sp9wy9 1wIDAQABo3sweTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUhCbuFSi7v4bKCY8nWJMIYsd6XPYwHwYDVR0jBBgwFoAUhCbuFSi7v4bK CY8nWJMIYsd6XPYwFgYDVR0RBA8wDYILYnVyYmxlLmRuNDIwDQYJKoZIhvcNAQEL BQADggIBAIBX61fUiNS9N9xxksuwnGPgJSVdGIGFKexYDbVEG2NsyF55K1XuyWWP bh059agAZoTrJRVINCTTwe0Ox+J87RqoozGMR6/xKd83hCVMTZHEcKJzR5N0s/PR PAnzRFUPWXkHjjY+9NrVQ8taLVIRpnkTt08RRcvvaFaC2Am5kUZRqc7U5vNkOX1U Jgl2G88TJphsxf8HgFBB0VFOxvo04Ub6v+RIVDy+hDWllx8t6KOn2hketSeCsQOc 0g9WGn86ofSvWgLvpd6w4RnIWVggSNd+vcOXJhpBN4FvrJXU4XYADj/sf3x1GHkj ODs0CPzsI2sR3JBxDUJwK/10qQyCnvJ5cKPT+OgpJlf3swLRyapE/p5jcs22iIBF ZIHLePCgfv7QSntLuf9ahx4NAMmz/R23im4tcUD3alZ6iTPvPtcGi+FeAOBXChWr ItpNnlrPEPdqTKKmmfFdrehOYYVoX+Ch4WOdftpXr2KEECjiZhMEMywhgXecjnCM c691Tpa+sdCrQ56kD5I1xGzZKINcHpuiek0H/S7dPUE4PjH8ol0ccSxawgeA/Udm FtM7hk85EYPUESzQGFEbUoQ6RS9r087zYKwowZN2rJ/MrCF/i7WIqt03YG87V8J3 BUtApScN9rpa7AdP0egAoNdPohO3yIahwvfDvecSERcmg5AeTQu5 -----END CERTIFICATE----- </code></pre><blockquote class="gdoc-hint danger"> Certificate Expiry Date: <code>Nov 23 14:09:02 2074</code> </blockquote> + + + Ping Challenge + http://localhost:2010/services/ping/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/ping/ + <p>Can you solve the burble.dn42 ping challenge ?</p> <h2 id="to-start">To start</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">$ ping -s <span class="m">0</span> -c <span class="m">1</span> fd42:4242:2601:31f0::1 </span></span></code></pre></div><h2 id="hints">Hints</h2> <ul> <li>Use <code>-c 1</code> to only return one ping, <em>unless instructed otherwise</em></li> <li>Use <code>-s 0</code> to create a zero sized ping, <em>unless instructed otherwise</em></li> <li>Packet capture is your friend</li> <li>You may also find a <a href="http://kioubit.dn42/cyber/">CyberChef</a> useful</li> <li>The server maintains state based on your source IP and will time out idle clients after several days. There are ways to check the status (revealed during the challenge) but if your state times out you will need to restart from the nearest checkpoint.</li> </ul> - Realtime Status - https://dn42.burble.com/network/status/ + http://localhost:2010/network/status/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/status/ - Uptime Robot https://dn42.status.burble.com/ (public internet link) All nodes are monitored using UptimeRobot. -Grafana Dashboards https://grafana.burble.com (public internet link) https://grafana.burble.dn42 (DN42 link) Netdata and Prometheus are used to monitor the network and stats are presented using a series of Grafana dashboards. -BGP and Peering Status https://lg.burble.com/ (public internet link) https://lg.burble.dn42/ (DN42 link) BGP status can be found through my looking glass. + http://localhost:2010/network/status/ + <h2 id="uptime-robot">Uptime Robot</h2> <ul> <li><a href="https://stats.uptimerobot.com/l2913c0R6">https://stats.uptimerobot.com/l2913c0R6</a> (public internet link)</li> </ul> <p>Major nodes are also monitored off-network using <a href="https://uptimerobot.com/">UptimeRobot</a>.</p> <h2 id="grafana-dashboards">Grafana Dashboards</h2> <ul> <li><a href="https://grafana.burble.com">https://grafana.burble.com</a> (public internet link)</li> <li><a href="https://grafana.burble.dn42">https://grafana.burble.dn42</a> (DN42 link)</li> </ul> <p><a href="https://www.netdata.cloud">Netdata</a> and <a href="https://prometheus.io">Prometheus</a> are used to monitor the network and stats are presented using a series of <a href="https://grafana.com">Grafana</a> dashboards.</p> <h2 id="bgp-and-peering-status">BGP and Peering Status</h2> <ul> <li><a href="https://lg.burble.com/">https://lg.burble.com/</a> (public internet link)</li> <li><a href="https://lg.burble.dn42/">https://lg.burble.dn42/</a> (DN42 link)</li> </ul> <p>BGP status can be found through my looking glass.</p> + + + Abuse Policy + http://localhost:2010/network/abuse/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/network/abuse/ + <p>The burble.dn42 network has a zero tolerance policy on network abuse, both within burble.dn42 and across the wider DN42 network.</p> <p>Abuse could include, but is not limited to:</p> <ul> <li>Excessive use of resources</li> <li>Hacking, viruses, trojans etc or any other disruption that could harm or create risk to the services or its users</li> <li>Distribution of objectional content that could create a civil or criminal liability</li> </ul> <p>The burble.dn42 network owner is the sole arbiter for determining what is deemed abuse and for any mitigations taken.</p> - Privacy Policy - https://dn42.burble.com/privacy/ + http://localhost:2010/privacy/ Fri, 18 Dec 2020 00:00:00 +0000 - - https://dn42.burble.com/privacy/ - In common with most websites, the burble.dn42 site and associated services may log any access you make and these logs contain your source IP address together with the page or service being accessed. If you are required to log in to access a burble.dn42 service, you should assume that the user id used for the service is also logged. Website and service logs are accessible only by the network administrators and used purely for diagnostic reasons and to prevent abuse. + http://localhost:2010/privacy/ + <p>In common with most websites, the burble.dn42 site and associated services may log any access you make and these logs contain your source IP address together with the page or service being accessed. If you are required to log in to access a burble.dn42 service, you should assume that the user id used for the service is also logged. Website and service logs are accessible only by the network administrators and used purely for diagnostic reasons and to prevent abuse. They are not shared in any way. Log retention varies depending on the service, but is at most, 1 month.</p> - - Overview - https://dn42.burble.com/network/overview/ + Network Design + http://localhost:2010/network/design/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/overview/ - burble.dn42 is an experimental global network within DN42. -The network is well connected with a large number of peers, and hosts some of the DN42 core infrastructure. -Topology All nodes in the burble.dn42 network are fully meshed with wireguard tunnels. iBGP with BGP Confederations and a latency based metric are used as the interior routing protocol between nodes. iBGP is also fully meshed. and the configuration for both iBGP and wireguard tunnels is built using a number of Ansible scripts. + http://localhost:2010/network/design/ + <blockquote class="gdoc-hint warning"> This page documents a previous iteration of the burble.dn42 network and is currently out of date. </blockquote> <h2 id="tunnel-mesh">Tunnel Mesh</h2> <figure><img src="http://localhost:2010/design/DN42-Tunnels.svg" width="80%"> </figure> <p>Hosts within the burble.dn42 network are joined using an Wireguard/L2TP mesh. Static, unmanaged, L2TP tunnels operate at the IP level and are configured to create a full mesh between nodes. Wireguard is used to provide encryption and encapsulate L2TP traffic in plain UDP such that it hides fragmentation and allows packets to be processed within intermediate routers&rsquo; fast path.</p> + + + Other stuff + http://localhost:2010/additional/other-stuff/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/additional/other-stuff/ + <p>A collection of other stuff that may or may not be dn42 related, or even interesting.</p> <h2 id="an-atomic-clock-ntp-server">An atomic clock NTP server</h2> <p><img src="http://localhost:2010/other/rubi.jpg" alt="Atomic Clock" width="80%"/></p> <p>Rubidium Atomic Clock + GPS + Odroid N2+</p> <h2 id="homelab">Homelab</h2> <p>The burble.dn42 homelab:</p> <p><img src="http://localhost:2010/other/homelab.jpg" alt="Serverz" width="80%"/></p> <p>32 cores, 156GB RAM, 6TB NVMe/SSD, 56TB HDD, ~70 watts</p> <p>The two hanging USB devices are USB modems for the <a href="http://localhost:2010/retro/modem/">burble.dn42 dial up service</a>.</p> - Things to do in DN42 - https://dn42.burble.com/additional/things-to-do/ + http://localhost:2010/additional/things-to-do/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/additional/things-to-do/ - What can you do in DN42 ? Ultimately, you&rsquo;ll get out of DN42 what you put in to it, but I&rsquo;ve listed here a few ideas that may serve as inspiration and the spark an idea. -This is deliberately not a set of instructions or a guide and it&rsquo;s not a checklist of stuff you must do. If you are interested in something there is plenty of public information available on all these topics. + http://localhost:2010/additional/things-to-do/ + <p>What can you do in DN42 ? Ultimately, you&rsquo;ll get out of DN42 what you put in to it, but I&rsquo;ve listed here a few ideas that may serve as inspiration and the spark an idea.</p> <p>This is deliberately not a set of instructions or a guide and it&rsquo;s not a checklist of stuff you must do.<br/> If you are interested in something there is plenty of public information available on all these topics.</p> - diff --git a/public/js/en.search-data.min.0ffb683be720d0aa9a952cdf7965f763bcca508eb33c869653150cce1dcacc46.js b/public/js/en.search-data.min.0ffb683be720d0aa9a952cdf7965f763bcca508eb33c869653150cce1dcacc46.js new file mode 100644 index 0000000..74b64b3 --- /dev/null +++ b/public/js/en.search-data.min.0ffb683be720d0aa9a952cdf7965f763bcca508eb33c869653150cce1dcacc46.js @@ -0,0 +1,569 @@ +"use strict";(function(){const t={};t.doc={id:"id",field:["title","content"],store:["title","href","parent"]};const e=FlexSearch.create(t);window.geekdocSearchIndex=e,e.add({id:0,href:"/additional/maintlog/2020/",title:"2020",parent:"Maint. Log Archive",content:`Archive of changes made in 2020 +22nd December 2020 es-mad1 in Madrid, Spain has been deployed and is now open for peering. +13th December 2020 Issue Log +burble.dn42 now has a public issue log, hosted on the DN42 Registry. +Issue Log Feel free to raise issues or enhancements on the log. +Speedtest Service +An experimental speed test service has been introduced: +France: https://speedtest.fr-rbx1.burble.dn42 Canada: https://speedtest.ca-bhs2.burble.dn42 The two services are currently only accessible over IPv6 but are hosted on dedicated servers with plenty of available bandwidth. If the service ends up loading or disrupting the rest of the network then I may end up removing it, so use responsibly. +n8n Automation +The burble.dn42 network now has an instance of n8n to help automate internal workflows. +Whilst this isn’t a public service the first visibile benefit is that the Explorer and ROA files now update immediately following registry changes. Previously changes were polled and could take up to an hour to be updated. +6th December 2020 ca-bhs2 and fr-rbx1 have been migrated to their new servers. If you are peering with these nodes please make sure you update any IP addresses on your side as required. +git.dn42.dev is hosted on ca-bhs2 and so was also migrated and upgraded to v1.13.0. +28th November 2020 Black Friday has been been and gone and this means that a few nodes have now reached the end of their contract and are being retired: +fr-sbg1 us-sea2 jp-tyo1 sg-sin1 us-mia2 However, the good news is that Black Friday also delivered a few shiny new nodes for the burble.dn42 network: +ca-bhs2 will be replaced with a new node that has SSD rather than HDD storage new nodes expected in Hong Kong and Madrid, eta Jan 2021 Users of ca-bhs2 will be migrated to the new node, with details to be confirmed. +12th September 2020 uk-lon1 has been upgraded. If you are peered on this node, please update your IP address accordingly. +burble.dn42 now includes some limited protection against ghost route updates. See the communities page for more details. +9th September 2020 uk-lon1 will be upgraded this weekend (12/13th September), but unfortunately this does mean that the IP address for the server is going to change. +The hostname will be changed to match the new address, but if you use the IP address in your configuration (e.g. for firewall rules), you will need to update them, as detailed below. +dn42-uk-lon1.burble.com +IPv4: 185.42.222.153 IPv6: 2a04:92c5:2::42 All other peering details, such as encryption keys and tunnel IP addresses will remain the same, and the new server is in the same datacentre so there should be no changes to connectivity or latency. +28th August 2020 Changes to the burble.dn42 network +Over the next year the focus of the burble.dn42 network will change focus to providing high quality, reliable services for DN42. As part of this change, a number of the current ’edge’ nodes will be decommissioned to reduce admin overhead and allow concentration on the core, service nodes. +The following nodes will be decommissioned and are no longer available for new peerings: +Node Decommissioning Date us-mia2 Immediately sg-sin1 November 2020 us-sea2 November 2020 fr-sbg1 Nocember 2020 jp-tyo1 December 2020 au-syd1 January 2021 us-nyc1 April 2021 us-chi1 May 2021 The current core nodes will continue to operate and some will also be upgraded. The number of services provided by the network will also expand. +Core nodes +Node Future Plans fr-rbx1 Increase in services offered ca-bhs2 Upgrade to ssd disks ~November 2020 de-fra1 Upgraded in August to 4 x Epyc / 20G RAM / NVMe us-dal3 Increase in services offered / potential for upgrade us-lax1 Increase in services offered sg-sin2 Take over services from sg-sin1 Other Nodes +Node Future Plans uk-lon1 Upgrade before January 2021 ch-zur1 No changes planned no-trd1 No changes planned 22nd August 2020 de-fra1 has been replaced with a shiny, upgraded, new node. +If you are peered on de-fra1, please check your configuration and ensure you are using the new IP addresses +IPv4: 193.41.237.149 IPv6: 2a0d:5941:1:17c::4e2a All other peering parameters remain the same. +15th August 2020 The DN42 registry now supports automated pipelines using Drone CI. +Details will be published on the DN42 wiki. +25th July 2020 us-mia1 and us-mia2 have been swapped. The provider for the old us-mia2 (Stockservers) appears to have ceased trading, so the node has been swapped in case the original server disappears at short notice. +EDIT: seems the new provider wasn’t better, so us-mia2 is back on the old server until it dies completely. +no-trd1 has been added, courtesy of jastrup. +lt-vil1 is being decommissioned and users will need to migrate to a different node to maintain service. +5th July 2020 A busy weekend supporting the move of the DN42 registry to its new host. +Remember to join the new mailing list at https://groups.io/g/dn42 and create yourself an account on the new registry https://git.dn42.dev +10th June 2020 Website moved again, and new paste.burble.dn42 service added. +6th June 2020 The global route collector has had a long overdue upgrade. Please let me know if you spot any residual issues. +25th May 2020 The new DNS implementation has been deployed across all nodes. The DNS service now supports: +Authoritative DNS for DN42 domains (b.delegation-servers.dn42) Recursive DNS (b.recursive-servers.dn42) DNS64 (dns64.burble.dn42) All services support UDP, TCP, DNS over HTTPS and DNS over TLS queries. See the DNS page for more info. +23rd May 2020 A new implementation of the edge DNS service is currently being tested across a few nodes, please let me know if you spot any DNS oddness. +18th May 2020 Added whois.burble.dn42 service, see the services page for more details. +https://explorer.burble.dn42 now has regional mirrors so should be significantly faster for anyone not in Europe. +16th May 2020 Approximately 40 old or inactive peers have been deleted as part of a spring cleaning exercise. +If you’ve been accidently deleted and still want to peer with me, just give me a shout and I will re-instate the configuration. +11th May 2020 Rate limiting on BGP sessions has been implemented to protect the network from major route flapping events. The rate limiting should only kick in after 30+ minutes of extremely high updates (or even longer for milder events), but please let me know if this causes any issues. +8th May 2020 us-lax1 has been migrated. If you peer with me please remember to update the clearnet IP addresses on your side: +dn42-us-lax1 +IPv4: 185.215.224.214 +IPv6: 2a0b:ae40:1:4a0a::5a +5th May 2020 us-lax1 is being upgraded ! +Apologies for the short notice, but us-lax1 will be upgraded over the weekend of 9th/10th May. The upgrade will allow for more services to be provided from the node, to provide enabling a better response for users in Asia and West Coast US. +Unfortunately the upgrade means that IP address of the node will change and peers will need to update their config accordingly. The encryption keys and tunnel addresses should not need to change. +4th May 2020 Several of the burble.dn42 core nodes have been upgraded to Ubuntu 20.04. This required a short outage, but will allow for a refactoring of a few services in the future. +13th April 2020 Bugs have been fixed and both instances of the burble.dn42 website are now running in a new environment with the latest grav. +The new website instance is the first burble.dn42 application running on Ubuntu 20.04 (Focal Fossa). +11th April 2020 The clearnet version of this website is running with a new instance that has the latest grav. +Please let me know if you spot any problems. +The DN42 instance continues to run with the previous version. +4th April 2020 Well, that was fun; burble.dn42 had a number of outages over this evening, caused by trying to perform a rolling upgrade across the network. The biggest of these took out the burble.dn42 DNS service for an extended period, impacting DNS resolution across DN42. +The plan had been to perform a full upgrade and reboot for every burble.dn42 node. To minimise disruption I perform updates across groups of servers that are chosen to be independent so that service resilience should not be impacted. +However, this time there were two key failures: +The provider configuration for ca-bhs2 meant that it could not mount all of its disks when rebooted and it ended up in maintenance mode. The server needed to be recovered via the IPMI console. Whilst global services continued to be provided by other nodes, peers on ca-bhs2 lost connectivity whilst the node was recovered. +The new pdns-recursor that was implemented at the end of March (see below) had a different runtime path than the default OS install. This meant that when each of the core nodes was restarted the pdns-recursor failed to restart as the runtime path was missing. Since the DNS service is resilient, it continued to operate without problems until the last core node was restarted, at which point the entire service failed. Without DNS, most of the remaining burble.dn42 failed or could not be restarted and recovery was also hampered by having to work without having DNS available. +1st April 2020 at-vie1 will be decommissioned by 14th April. If you are peered on this node, please contact me to move the peering to another node. +28th March 2020 The patched pdns recursor is now deployed to all core nodes. +Please let me know immediately if you notice odd DNS behaviour. +24th March 2020 fr-sbg1 (which hosts the europe region core DNS service) is currently testing a special pdns recursor build in order to try and fix this issue. +The server is likely to be used for most recursive DNS lookups across Europe that use the new DNS anycast addresses, or my service directly. Please let me know immediately if you notice odd DNS behaviour. +26th January 2019 This weekend has been a huge maintenance weekend for burble.dn42, with the following updates taking place: +A number of nodes have been built and swapped in to the network to upgrade and manage renewals fr-rbx1 replaced by fr-rbx2 fr-rbx2 was a much faster node ca-bhs2 replaced with a new node the replacement is also much faster us-dal3 replaced by us-dal1 us-dal3 was a poor performer and has been replaced with a dedicated server au-syd1 replaced with a new node memory increased from 1G to 2G sg-sin2 replaced with a new node memory increased from 1G to 2G Node renewals are now mostly sorted until November, which will be a nice break for my wallet. +The build of ca-bhs2 introduced a new disk layout for my core nodes, which is intended to provide more flexibility for new features. uk-lon3, a private storage node, was also rebuilt for the new design. A bad decision around backups meant that I also had to re-create all the services on fr-rbx2 and us-dal1 as they were swapped in to their new roles. As a result, the services on these boxes were also flattened and rebuilt to the new disk layout. +At some future point, fr-sbg1 will follow and also change to the new layout. +The burble.dn42 is organised around a core network of servers in each region, the updates this weekend complete a series of changes to upgrade the core nodes that has been taking place since November 2019. A lot of the recent work has been to update the services so they are on, or point to, the new core nodes. The core network looked like this prior to November 2019: +Name CPU Memory Disk Network Descr fr-rbx1 i5-2400 (4/8 x 3.4Ghz) 16G 2TB Consumer HDD 100mbps un-metered Kimsufi KS-10 ca-bhs2 i5-3570S (4/8 x 3.8Ghz) 16G 2TB Consumer HDD 100mbps un-metered Kimsufi KS-10 sg-sin2 virtual (1 x 3.5Ghz) 1G 30GB HDD 1TB @ 1gbit OVH VPS us-dal3 virtual (2 x 3.4Ghz) 5G 120GB HDD 5TB @ 10gbit HostDoc VPS Following the upgrades, the core now consists of the following servers: +Name CPU Memory Disk Network Descr fr-sbg1 E5-1620 (4/8 x 3.7Ghz) 32G 3 x 480GB SSD 500mbps un-metered OVH SYS fr-rbx1 E3-1245 (4/8 x 3.4Ghz) 32G 2 x 480GB SSD 500mbps un-metered OVH SYS uk-lon3 virtual (2 x 3Ghz) 3G 3TB HDD 10TB @ 1gbit HostHatch ca-bhs2 E5-1620 (4/8 x 3.7Ghz) 32G 2 x 2TB Ent. HDD 500mbps un-metered OVH SYS us-dal3 C2750 (8 x 2.4Ghz) 8G 240GB SSD 100mbps un-metered drserver sg-sin1 virtual (4 x 2.2Ghz) 4G 24GB SSD 1gbit un-metered ITLDC VPS `}),e.add({id:1,href:"/additional/maintlog/2019/",title:"2019",parent:"Maint. Log Archive",content:`Archive of changes made in 2019 +31st December 2019 The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I’ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published. +Most services are now moved, with the main exception of DNS and the GRC, both of which need more significant work. The website also now needs major updates to reflect the changes I’ve made. +The following new nodes are also open for peering: +dn42-fr-rbx2 dn42-fr-sbg1 dn42-ch-zur1 dn42-sg-sin1 dn42-hk-hkg1 Happy New Year +24th December 2019 The last month has been spent redesigning my WAN and introducting a latency based metric for connectivity between nodes. This is now mostly complete, but not without its own follow on problems that need to be resolved. +Things still to do include: +Fixing the service delivery layer as a software upgrade breaks IPv6 connectivity Adding documentation to the website on the new design Opening new nodes for peering Making the config public Another new node will also be added, dn42-fr-rbx2 and dn42-fr-rbx1 will be retired. +Merry Christmas DN42 +29th November 2019 Black friday is here and new nodes are on the way. +dn42-fr-sbg1 dn42-ch-zur1 dn42-sg-sin1 dn42-hk-hkg1 2nd November 2019 Retired dn42-us-lax2, dn42-us-chi2, dn42-ca-bhs1, dn42-tr-ist1 and dn42-no-osl1. +Restructured the internal confederations. +26th October 2019 New experimental node added hosted in the Oracle Cloud environment in Mumbai, India. +Users are welcome to peer and test the node, but should be aware there may be short notice changes or interruptions to service. +19th October 2019 After a few weeks of outage and putting up with influx using up a vast amount of resources, the monitoring service has finally moved to a federated prometheus architecture. Hopefully this will have better performance than the influx architecture used previously. At some point I’ll update the monitoring page with details of the new configuration. +12th October 2019 The burble.dn42 wiki service is now part of the global anycast for wiki.dn42. +See the services page for more details. +2nd October 2019 The recursive DNS service now supports clearnet queries +15th September 2019 Stop supporting IPsec tunnels +21st August 2019 Removed sg-sin3 and vn-han1 +13th August 2019 Added DN42 wiki service editable via dn42, readonly via clearnet. +Issued new Certificate Authority root certificate with a longer expiry date. +11th August 2019 Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass. +Influx ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed. +28th July 2019 Add dn42-us-mia2, which will replace dn42-us-mia1 +25th July 2019 Add pingable.burble.dn42 +21st July 2019 Decommissioning of dn42-ru-mos1 and dn42-us-sea1 +17th July 2019 DoH! The DNS Service now support DNS over HTTPS. +22nd June 2019 Tidied up node information. +14th June 2019 A new host IRC web service has been added, based on thelounge. +See the services page for more details. +8th June 2019 The recursive DNS service now uses parallel queries across all five regional master nodes. +This approach takes advantage of the burble.dn42 global scale to reduce latencies, improve resilience and prevent local connectivity problems from impacting the results. See the DNS page for more info. +24th May 2019 Moved and extended the DN42 monitoring so that it is more independent and also clustered. +A writeup of the hosted grafana service and monitoring is available here. +21st May 2019 dn42-uk-lon1 is back again after being out of action for the day. +The host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node. +20th May 2019 Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities. +Added new peers +AS4242421588 / TECH9 at dn42-us-lax2 AS4242421166 / MTR at dn42-fr-rbx1 and dn42-de-fra1 15th May 2019 Updated my fork of bird-lg by merging Zhaofeng’s Python2 to Python3 bird-lg updates and fixing a few outstanding problems. +The updated code is now live on the burble.dn42 looking glass. +13th May 2019 Moved the looking glass to its own container, in anticipation of future website changes +dn42-us-mia1 is offline again. +10th May 2019 dn42-us-chi2 was suspended by the provider on 8/5 due to ‘NTP reflection attacks’. +This is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised vulnerabilities in stock NTPd. +My network uses chronyd rather than NTPd and it is simply not vulnerable to abuse in the same way as NTPd, I also regularly monitor and check the services. On the other hand, the server does see a large amount of NTP traffic and it can sometimes be difficult demonstrating that I’m specifically providing a service here and not under some kind of attack. +Apologies that the server was offline for a few days, but it should now finally be back again. +For info, here is the bandwidth graph of dn42-us-chi2 as it was suspended: +It’s trivial to see that an amplification attack was not occuring, as the inbound and outbound traffic are both equal. It’s a shame some providers don’t consider this before suspending services, but, understandable that the economics of providing VPS services can prohibt this. +Added new peers: +AS4242422322 / PLASMATRIX at dn42-de-fra1 5th May 2019 Added git service. +See the services page for more details.\`< +1st May 2019 Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren’t working. +Both are fixed now. +Added new peers: +AS76140 / FEUERROT at dn42-de-fra1 30th April 2019 New node added and ready for peering +dn42-ca-bhs2 (Beauharnois, Canada) With the addition of several new nodes, the internal BGP confederations have been re-orginised. +This new organisation should provide better balance and allow for more local services. +The North American region has been split in two, becoming Central & West Coast and East Coast. lt-vil1 and at-vie1 have been moved to the East Europe region. Added new peers: +AS4242423581 / CLOUDYSKIES at dn42-us-lax2 AS4242420141 / DEEPWATER at dn42-de-fra1 AS4242420246 / XESXEN at dn42-fr-rbx1 and dn42-uk-lon1 AS4242422543 / RESETTRAP at dn42-jp-tyo1 19th April 2019 New nodes added and ready for peering. +dn42-at-vie1 (Vienna, Austria) dn42-us-nyc1 (New York, United States) 18th April 2019 Over the last week, and number of major changes have taken place to the burble.dn42 network. +These include: +Configuring Jool to provide IPv4 to IPv6 SIIT for the new 172.20.129.0/27 prefix +The aim is for all internal services of the burble.dn42 network to be provided by IPv6, with SIIT taking place at the network edge for external IPv4 users. Configuring Jool to provide a NAT64 service +So that internal, IPv6 only, services can access external IPv4 networks Adding a new VXLAN to the WAN overlay +The new VXLAN segregates DN42 traffic from the internal traffic and enables a separate DN42 routing domain. As a side effect, this change also fixes the problem where internal IP addresses were being leaked and causing confusing traceroutes for DN42 users. Over time, internal IPv4 services will be removed +12th April 2019 New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services. +172.20.129.0/27 will be used as anycast addresses for services. 172.20.129.160/27 will be used for burble.dn42 nodes +Added new peers: +AS4242421063 / ZIIS at dn42-uk-lon1 AS4242421475 / SIRMYSTERION at dn42-us-chi2 7th April 2019 Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability. +3rd April 2019 Added new peers: +AS4242423974 / GIGGA at dn42-sg-sin3 31st March 2019 The DNS service has gone global, with every node in the burble.dn42 network now participating in the DNS Anycast service. +More details can be found on the DNS page. +26rd March 2019 Added new peers: +AS4242420568 / MARSHY at dn42-au-syd1 AS4242423853 / CHENYAO2333 at dn42-ca-bhs1 AS4242423328 / DEBOERDN2000 at dn42-ca-bhs1 AS4242423924 / EVILZONE at dn42-sg-sin3 11th March 2019 New node added dn42-de-fra1 +9th March 2019 Added new peers: +AS4242420101 / HEXA at dn42-fr-rbx1 AS4242423783 / OZARK at dn42-au-syd1 AS4242420571 / CAICAI at dn42-vn-han1 A new instance of the registry explorer has been created that references the ‘object-fix’ branch of the DN42 registry. The main purpose of this is to support the new DNS system being developed. +http://grc.burble.dn42:8043/ +A couple of the nodes on the network experienced some downtime over the week: +dn42-us-mia1 was down to 2 days and had to be rebuilt as my VPS provider’s storage array crashed. dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side 7th March 2019 Added new peers +AS4242421955 / NOP at dn42-fr-rbx1 AS4242420161 / ZZZ at dn42-jp-tyo1 26th February 2019 Initialised GRC website +Added new peers +AS4242422626 / HANNIBAL at dn42-fr-rbx1 AS4242423156 / BUROA at dn42-us-chi2 21st February 2019 The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv. +19th February 2019 New peer added: +AS4242423975 / FELIX at dn42-fr-rbx1 18th February 2019 The internal and public ROA service has been moved over to using dn42regsrv. +See the services page for more details. +New peer added: +AS4242423973 / TECHNOPOINT at dn42-sg-sin3 16th February 2019 New peers added: +AS4242420182 / JAN at dn42-uk-lon1 AS4242422042 / KLEEN at dn42-fr-rbx1 AS4242423201 / DDPO at dn42-uk-lon1 10th February 2019 Updated the services to include new stuff:: +DNS Registry REST API and Explorer Global Route Collector New peers added: +AS4242420191 / TCDUE at dn42-uk-lon1 AS4242422019 / HENOKV at dn42-fr-rbx1 AS64713 / MARTIN89 at dn42-fr-rbx1 AS4242423000 / RELROD at dn42-ca-bhs1 AS4242421656 / PHIIVO at dn42-us-lax2 26th January 2019 New service ! +A burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network. +A common, global route collector is in progress, see here +21st January 2019 New peer added: +AS4242423306 / TIMK at dn42-au-syd1 13th January 2019 bgpmap updated to add MNT and prefix info for ASes. +New peers added: +AS4242420415 / TYLER at dn42-us-lax2 AS4242423569 / DHE at dn42-us-dal3 AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1 12th January 2019 The Looking Glass now supports bgpmap again. +My bird-lg fixes are available on github. +New peer added: +AS4242421501 / ADAMYI at dn42-au-syd1 11th January 2019 Some layout fixes to the Looking Glass, including fixing whois lookups. +3rd January 2019 First new peers of 2019: +AS4242420505 / 42ISLIFE at dn42-ca-bhs1 AS4242421114 / GRGR at dn42-us-chi2 AS4242421050 / NAPSTERBATER at dn42-us-chi2 2nd January 2019 Consolidated number of anycast sessions. +`}),e.add({id:2,href:"/additional/maintlog/2018/",title:"2018",parent:"Maint. Log Archive",content:`Archive of changes made in 2018 +30th December 2018 Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3. +27th December 2018 Added Certificate Authority details. +26th December 2018 Upgraded the looking glass with Zhaofeng bird-lg fixes. +ROA data is available through the burble.dn42 website, see the Services page. +RPKI service is now replicated across regions to provide additional resiliency. +New version of bird2 deployed, including RPKI fixes from JRB0001. +24th December 2018 Added new peers: +AS4242422255/LINUXGEMINI at dn42-tr-ist1 AS4242421191/YAMAKAJA at dn42-fr-rbx1 AS4242423230/RASP at dn42-au-syd1 Updated the Services page to include more implementation details. +Reworked intra-confederation peering to provide more resilience. +Implemented ROA via RPKI updates using roasrv by Yamakaja and gortr +16th December 2018 New node ! +dn42-jp-tyo1 has been commissioned and is open for new peers in Tokyo, Japan. +14th December 2018 Updated host information and network map with new nodes. +10th December 2018 New peers added: +AS4242423090/HEIAS at dn42-fr-rbx1 AS4242421979/MDUCHARME at dn42-us-sea2 dn42-us-sea2 is now operational and available for peering. +2nd December 2018 tinc + babeld is not a winning combination. Since introducing babeld, the burble.dn42 WAN overlay has experienced a number of periods of instability, with nodes dropping on and off the network. +The WAN has been updated to use a Wireguard mesh with OSPF as IGP, and is now significantly more stable again. +1st December 2018 New peers added: +AS4242420260/GISH at dn42-au-syd1 AS4242421009/KLARA at dn42-no-osl1 AS4242420058/ILL at dn42-au-syd1 AS4242422547/LANTIAN at dn42-fr-rbx1 / dn42-us-lax2 / dn42-sg-sin3 30th November 2018 Three new nodes will be available for peering soon: +dn42-us-chi2 - Chicago, United States dn42-us-sea2 - Seattle, United States dn42-us-dal3 - Dallas, United States 29th November 2018 dn42-us-dal1 locked up, and has been restarted. +28th November 2018 dn42-uk-lon1, dn42-lt-vil1, dn42-sg-sin1 and dn42-us-mia1 all locked up at 03:00 UTC and have now been restarted. +23nd November 2018 Black Friday has delivered four new nodes to the burble.dn42 network: +dn42-vn-han1 - Hanoi, Vietnam dn42-no-osl1 - Oslo, Norway dn42-ca-bhs1 - Beauharnois, Canada dn42-us-lax2 - Los Angeles, United States dn42-sg-sin3 - Singapore All nodes are open to new peers, so just contact dn42@burble.com if you’d like to connect to the network. +22nd November 2018 New peers added: +AS4242420165/ZAICA at dn42-fr-rbx1 AS42424222673/CORESTORAGE at dn42-uk-lon1 18th November 2018 Updates to reverse DNS. +17th November 2018 Added new peers +AS4242423640/HESSENET at dn42-fr-rbx1 AS4242420149/NIRF at dn42-lt-vil1 17th November 2018 The internal routing protocol (IGP) for burble.dn42 has moved from OSPF to using babeld. +All nodes on the burble.dn42 network are inter-connected with a tinc mesh. Despite the network physically spanning across contintents, OSPF saw the tinc overlay network as being flat which prevented effective use of technologies such as anycast and forced the use of central resources. The hope is that babel, configured to use an RTT metric, will allow better use of regional services. +Please let me know if you observe any issues due to the new IGP. +16th November 2018 New node in Istanbul, Turkey. +dn42-tr-ist1 has been commissioned and is now open for new peers. See the peering page for more details. +`}),e.add({id:3,href:"/retro/modem/",title:"Dialup Service",parent:"Retro42",content:`Connect in to dn42 using a real physical modem. +06/02/23 - The modem service is currently unavailable and will remain offline until later in the year. +In the meantime, the modem emulator service is still available. +Health warning: dialing in to dn42 can be rewarding and great fun, but using modems over VoIP is flakey at the best of times and getting it to work can be a frustrating experience. This is very much an experimental service. The burble.dn42 dialup service allows you to dial in to dn42 via a modem. The modem is reachable via VoIP and connected to a PPP server, allowing you to log in and obtain full dn42 IPv4 connectivity. +Endpoints The dialup service can be reached via the following endpoints: +Endpoint Network 424026019@voip.burble.dn42 dn42 tbc clearnet tbc PSTN PPP Server Log In Details Username: dn42 Password: dn42 See also the the modem emulator for more details on how the PPP server is configured, together with an automatic login script for windows variants. +Connection Tips Ensure that T.38 Fax Mode is disabled or set to passthrough Ensure that Re-invite after Fax Tone is disabled Ensure that all Echo Cancelation is disabled Ensure VAD (Voice Activity Detection) is disabled Disable all call features (voicemail, call waiting etc.) Use G.711 ALAW G.711 ULAW may work if ALAW isn’t available, but do not use any other codecs Experiment with Disabling/Fixed/Adaptive Jitter buffers and different jitter buffer lengths Experiment with different gain settings Reduce modulation rates, you can’t connect at anything above V.34 anyway Use AT+MS? to see the current modulation settings on your modem. Start at V.34 (AT+MS=V34) Try V.32bis (AT+MS=V32b) or even V.32 (AT+MS=V32) The modems are located on a residential DSL connection and will experience more jitter when the DSL is in use, try connecting at different times and specifically during UK night time or early mornings. The PPP log in process is the same as the modem emulator so you can use the emulator to check your process before connecting using the modem. Example connection from linux The video shows an example connecting using minicom and pppd on linux. +Using a software modem JerryXiao has created instructions for connecting using D-Modem, a software modem that can connect directly over VoIP. The instructions and D-Modem software are available in the dn42 gitea repository. +`}),e.add({id:4,href:"/network/",title:"Network",parent:"burble.dn42",content:`Information about the burble.dn42 network. +Network Design: burble.dn42 network design Peering with burble.dn42: How to peer with burble.dn42 Node Information: Detailed Node Information IPAM: IP Address Lists Routing Policy: Description of the network routing policy BGP Communities: BGP communities used in the network Realtime Status: Network Status Abuse Policy: Abuse Policy `}),e.add({id:5,href:"/network/peering/",title:"Peering with burble.dn42",parent:"Network",content:`This page provides the information to get started on peering with the burble.dn42 network +burble.dn42 is a set of global POPs integrated to the dn42 network, and new peering requests are welcome. Some details of the network are available in the Design page. +burble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42. Please ensure you read the information below before requesting to peer. +Peering Requests Please mail dn42@burble.com if you’d like to peer with me. +Peering Requirements To peer with burble.dn42, you must meet the following requirements: +You must support IPv6 +You must implement ROA checks +Contact information in the registry must always be up to date and admins must respond when contacted +Contacts must also be reachable in case of problems. In addition, the network is ever evolving and failure to respond to change notices may result in your peering being suspended. +Latency to your node must be reasonable, typically this means a latency less than 40ms. +At a minimum, I’ll need to know the following in order to establish a peering: +The burble.dn42 node you would like to peer with Your ASN The public address of your host The tunnel and BGP parameters, e.g. Port number, if using wireguard or OpenVPN Public key for wireguard Any special config you need that is different to my defaults (see the Supported Tunnel Types and BGP Feature Support sections) IP addresses of your end of the tunnel Typically these will be a single IPv4/32 and Link-Local IPv6 address All peerings will be configured as a full transit session. +Residential ISPs and Dynamic IP Addresses +A 24/7 connection, with static IP addresses are the norm for DN42. If you are connecting from a residential ISP or otherwise have a dynamic IP please let me know so that I can configure my side appropriately. If you don’t do tell me, the peering may stop working when your IP address changes. +Peering in Multiple Locations +If you have multiple nodes, you are welcome to peer in several locations to provide additional redundancy and route choice. Routes exported from the network include a latency based MED attribute to help peers optimise their routing (See the Routing Policy) +It’s highly recommended to peer with multiple DN42 users though, it’s lots of fun and you should never rely on just one user for your connectivity. +Supported Tunnel Types I prefer to use wireguard, it’s simple to set up and just works. I also support OpenVPN tunnels. +Wireguard The port number will be 2xxxx where xxxx is the last four digits of your ASN. Each peer is assigned a unique encryption key, pre-shared keys are also supported (but not enabled by default). Endpoint names and IP addresses are detailed in the nodes page. My wireguard AllowedIPs are: +AllowedIPs=fe80::/64 AllowedIPs=fd00::/8 AllowedIPs=0.0.0.0/0 Use of wg-quick +Using wg-quick is not recommended as it does not support adding a peer address. If you want to use wg-quick you will need to delete and re-add the wireguard interface IP address and configure it as a point to point address or you will run in to next-hop problems when using BGP. You must read the DN42 Wiki on how to set up wg-quick for use within DN42. +OpenVPN The port number will be 2xxxx where xxxx is the last four digits of your ASN. By default I will configure the following OpenVPN parameters: +comp-lzo cipher aes-256-cbc auth sha256 Tunnel Configuration Allowed Traffic Only the following network ranges will be forwarded through the DN42 network, all other traffic will be dropped. +IPv4 +172.16.0.0/12 10.0.0.0/8 IPv6 +fd00::/8 BGP peer addresses are more permissive to allow for link local or non-DN42 IP addresses within the tunnel, but these will not be forwarded through the DN42 network. Flow Control and BGP Rate Limiting A typical BGP session in DN42 will use a trivial amount of traffic. However, for large networks like burble.dn42 some transient events, such as BGP flapping, can generate multi MB/sec traffic flows that damage the network and create instability across DN42. +To protect the network from misconfigurations and prevent excessive updates from propagating to the rest of DN42, the burble.dn42 network implements rate limiting on BGP sessions. The rate limiting activates when a large amount of BGP traffic is seen (typically 10’s or 100’s of thousands of updates a second) over a sustained period and will typically reset automatically within an hour. +There are no other controls applied to transit or non-BGP traffic. +BGP Configuration Network Name BURBLE BURBLE-MNT dn42@burble.com ASN AS4242422601 BGP Feature Support The burble.dn42 network uses a custom build of bird 2, and the following features are supported: +Multiprotocol BGP - RFC 4760 BGP Large Communities - RFC 8092 BGP Confederations - RFC 5065 Extended Next Hop - RFC 5549 Extended Messages - RFC 8654 DN42 Route Origin Authorisation (ROA - see below section on Route Filtering) DN42 Route Origin Community Note that DN42 latency, bandwidth and encryption communities are not supported. burble.dn42 custom large communities burble.dn42 Routing Policy The source code for the custom bird used on the network is available on git.burble.dn42 +Default Extensions Multiprotocol BGP is preferred, however it is not enabled by default as not all peers can support it. Please let me know when peering if you can support a multiprotocol BGP session. +Extended next hop and extended message support are both enabled by default. +Route Filtering The network applies strict Route Origin Authorisation (ROA) filtering to all received and exported routes. This means any advertised route that does not have a corresponding route{,6} object in the DN42 registry will be dropped. +ROA is implemented with updates through RPKI, using dn42regsrv and gortr. +The DN42 ROA data is provided as a public service, see the Services page. +Generic Allowed Prefixes: IPv4 +172.20.0.0/14+ 10.0.0.0/8+ IPv6 +fd00::/8{44,64} Testing Connectivity Testing Within the tunnel, hosts respond to ping and traceroute, but also have the echo (port 7) and daytime (port 13) services enabled. These can be used to check the tunnel is up and configured correctly. +$ ping fe80::42:2601:32:1%wg0 PING fe80::42:2601:32:1%wg0(fe80::42:2601:32:1%wg0) 56 data bytes 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=1 ttl=64 time=4.44 ms 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=2 ttl=64 time=4.52 ms 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=3 ttl=64 time=4.96 ms ^C --- fe80::42:2601:32:1%wg0 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 4.445/4.643/4.961/0.233 ms $ netcat fe80::42:2601:32:1%wg0 13 Sun Sep 23 09:57:26 2018 ^C $ Reachability Testing Once peering is established I have a BGP looking glass (public internet link) and global route collector which can be used to check routing configuration. Looking glasses are a key, self-service resource for you to use when understanding how your routes are propagating around the DN42 network, please take the time to learn how to use them. +Speed Test burble.dn42 operates a speed test service at speedtest.burble.dn42, see the services pages for more info. +Automated Tests pingable.burble.dn42 (172.20.129.5 / fd42:4242:2601:ac05::1) is a dedicated address that responds to ping and traceroute and may be used for automated reachability or link quality testing. +Please be considerate when configuring automated tests and set a reasonable test frequency. +In all cases, the frequency must not be more than once a second. Please consider this if your router automatically pings its tunnel endpoint for stats purposes. +`}),e.add({id:6,href:"/services/dn42/",title:"DN42",parent:"Services",content:`burble.dn42 hosts a number of DN42 infrastructure services. +DNS Service Name IP DN42 Master b.master.delegation-servers.dn42 fd42:180:3de0:30::1 Authoritative Service b.delegation-servers.dn42 172.20.129.1fd42:4242:2601:ac53::1 Recursive Service b.recursive-servers.dn42 172.20.129.2fd42:4242:2601:ac53::53 burble.dn42 provides a local, anycast, authoritative and recursive DNS service. +The DNS Service has it’s own page. +DN42 Wiki Mirror Mirror URLs wiki.dn42wiki.burble.dn42 (editable via DN42) dn42.devwiki.burble.com (read-only via public internet) burble.dn42 maintains a globally distributed mirror of the DN42 Wiki, and is part of the wiki.dn42 anycast group. The DN42 services (wiki.dn42 and wiki.burble.dn42) are editable, whilst the public internet views (dn42.dev and wiki.burble.com) are read-only. +Please note that updates to the wiki may take several hours to sync with other mirrors. +The wiki service is delivered using the burble.dn42 nomad cluster. +ACME https://acme.burble.dn42/v1/dn42/acme/directory https://acme.burble.dn42/v1/staging/acme/directory burble.dn42 provides an ACME service using an intermediate certificate issued by the dn42 certificate authority and implemented using a HashiCorp Vault cluster to provide a highly available service. +More details can be found on the ACME service page. +Whois Service whois.burble.dn42 fd42:4242:2601:ac43::1 172.20.129.8 WHOIS service providing data from the DN42 registry. The WHOIS service is also anycasted across the network. +The source code for the service is available in the burble.dn42 git. +Global Route Collector https://collector.dn42/ (DN42 link) https://lg.collector.dn42/ (DN42 link) ssh shell@collector.dn42 The global route collector provides a central bird instance that collects routes from peers across the DN42 network. +All users are invited to join the collector and help provide stats for the network. +The route collector can currently be queried by using ssh to connect a bird shell or via a looking glass. +Additional services and stats are expected to be developed in the future. +DN42 Infrastructure Monitoring burble.dn42 hosts monitoring and alerting of key DN42 services at https://grafana.burble.dn42. +`}),e.add({id:7,href:"/retro/fake/",title:"Modem Emulator",parent:"Retro42",content:`No modem ? no problem. +If you don’t have a physical modem you can still get that retro vibe by accessing dn42 using the modem emulator service. This service presents a series of TCP/IP ports that emulate a subset of the Hayes AT command set and which are speed limited to specific baud rates. The modem can dial directly to the fr-par1 shell service for that CLI experience, or get full dn42 access via a PPP session. +The service is intended to be used as a fake serial port in a retro VM or connected to directly using a serial terminal. +Accessing the modem emulator service dialup.burble.dn42:(10000 + baud/100) The modem emulator is accessed by connecting to dialup.burble.dn42 on ports corresponding to specific baud rates, as detailed in the table below. +Port BAUD Port BAUD Port BAUD 10003 300 10012 1200 10024 2400 10048 4800 10096 9600 10144 14400 10192 19200 10288 28800 10336 33600 10560 56000 11150 115000 Low baud rates give a great experience when using a serial terminal and the shell service but aren’t so much fun when using PPP. Conversely, using a serial terminal and higher baud rates is a bit dull and they are better suited to the PPP service. The emulated modem is able to dial two services depending on the number used. +Dial Number Service 54311 fr-par1 shell server 4242 PPP dialup service Dialling the fr-par1 shell server Use a terminal emulator and dial 54311 to access the fr-par1 shell server. +Once the modem connects, use your burble.dn42 username and password to log in. +You can set a burble.dn42 password using the services portal. Don’t forget to set a terminal type once you’ve logged in, e.g. export TERM=vt102 Dialing the PPP server Dial 4242 to access the PPP server. Use username: dn42, password: dn42 to log in. Once you see the PPP initiation string, connect your PPP client. PPP authentication should not be required. Example shell session using socat and minicom Example on how to connect to the shell server using socat and minicom at 2400 baud +$ socat -d -d pty,rawer tcp:dialup.burble.dn42:10024 & ... ... socat[xxx] N PTY is /dev/pts/2 ... $ minicom -D /dev/pts/2 Within minicom type ATDT54311 to dial the shell server. +Welcome to minicom 2.8 OPTIONS: I18n Port /dev/pts/2, 14:01:58 Press CTRL-A Z for help on special keys ATDT54311 CONNECT 2400 Ubuntu 22.04.1 LTS shell-fr-par1 login: You can now log in using your burble.dn42 username and password. +Example PPP connection using QEMU and Windows XP Add a virtual serial port to QEMU using -chardev and -device. +e.g. for windows XP connecting at 115k +qemu-system-i386 -enable-kvm -cpu host -m 1024 -vga std -device AC97 -hda winxp.img -chardev socket,id=bdn42,port=11150,host=dialup.burble.dn42,server=off -device pci-serial,chardev=bdn42 Create a PPP dialup connection with username dn42 and password dn42, enable the option to prompt for username and password on connect. +Start the connection and when then chat box opens: +Type ATDT4242 to dial the PPP service Log in using username dn42 / password dn42 Hit continue when you see the PPP connect string The following chat script provided by 04dco should provide automatic login for win95 onwards: +; ; This is a script file that automatically logs you in ; to establish a dn42 dial-up PPP connection. ; ; Main entry point to script ; proc main integer nTries = 3 ; This is the login prompt and timeout values string szLogin = "modem-server Login: " integer nLoginTimeout = 5 ; This is the password prompt and timeout values string szPW = "Password: " integer nPWTimeout = 5 ; This is the prompt once your password is verified string szPrompt = "Last login: " ; Attempt to login at most 'nTries' times while 0 < nTries do ; Wait for the login prompt before entering ; the user ID, timeout after x seconds waitfor szLogin then DoLogin until nLoginTimeout TryAgain: transmit "^M" ; ping nTries = nTries - 1 endwhile goto BailOut DoLogin: ; Enter user ID transmit $USERID, raw transmit "^M" ; Wait for the password prompt waitfor szPW until nPWTimeout if FALSE == $SUCCESS then goto TryAgain endif ; Send the password transmit $PASSWORD, raw transmit "^M" ; Wait for the prompt waitfor szPrompt goto Done BailOut: ; Something isn't responding. Halt the script ; and let the user handle it manually. set screen keyboard on halt Done: endproc Source code The modem emulator is a small golang server and the source code is available on the burble.dn42 git server +`}),e.add({id:8,href:"/network/nodes/",title:"Node Information",parent:"Network",content:`Public peering nodes +Europe dn42-fr-par1 Location Scaleway/Online.net, Paris, France Specs E3-1230v2 - 4c/8t, 32GB, 2 x 1TB SSD, 1Gbit unmetered Public Hostname dn42-fr-par1.burble.com Public IPv4 Address 51.159.194.131 Public IPv6 Address 2001:bc8:1201:50d:d6ae:52ff:fecc:c97 Tunnel IPv4 Peer Address 172.20.129.181/32 Tunnel IPv6 Link Local fe80::42:2601:37:1/64 Tunnel IPv6 ULA fd42:4242:2601:37::1/128 dn42-uk-lon1 Location HostHatch, London, UK Specs 6 x EPYC 7513, 24GB, 270GB NVME, 40TB @ 10gbit Public Hostname dn42-uk-lon1.burble.com Public IPv4 Address 45.91.93.104 Public IPv6 Address 2a0e:dc0:5:5::1 Tunnel IPv4 Peer Address 172.20.129.187/32 Tunnel IPv6 Link Local fe80::42:2601:35:1/64 Tunnel IPv6 ULA fd42:4242:2601:35::1/128 dn42-de-fra1 Location Bero Host, Frankfurt, Germany Specs 6 x EPYC 7443P, 24GB, 300GB NVME, 25TB @ 10gbit Public Hostname dn42-de-fra1.burble.com Public IPv4 Address 5.180.253.211 Public IPv6 Address 2a0e:6a80:3:430::1 Tunnel IPv4 Peer Address 172.20.129.169/32 Tunnel IPv6 Link Local fe80::42:2601:31:1/64 Tunnel IPv6 ULA fd42:4242:2601:31::1/128 dn42-ch-zur1 Location HostHatch, Zurich, Switzerland Specs 2 x E5-2690v2, 12GB, 60GB SSD, 10TB @ 10gbit Public Hostname dn42-ch-zur1.burble.com Public IPv4 Address 45.91.92.111 Public IPv6 Address 2a0e:dc0:6:8::1 Tunnel IPv4 Peer Address 172.20.129.174/32 Tunnel IPv6 Link Local fe80::42:2601:28:1/64 Tunnel IPv6 ULA fd42:4242:2601:28::1/128 dn42-no-trd1 Location Trondheim, Norway Specs 2 shared cores, 2GB, 16GB SSD, 1gbit unmetered Public Hostname dn42-no-trd1.burble.com Public IPv4 Address 217.168.87.226 Public IPv6 Address 2001:678:dd0:ffff::25 Tunnel IPv4 Peer Address 172.20.129.185/32 Tunnel IPv6 Link Local fe80::42:2601:39:1/64 Tunnel IPv6 ULA fd42:4242:2601:39::1/128 North America dn42-us-lax1 Location HostHatch, Los Angeles, United States Specs 2 x EPYC 7413, 8GB, 60GB NVME, 10TB @ 10gbit Public Hostname dn42-us-lax1.burble.com Public IPv4 Address 45.67.219.3 Public IPv6 Address 2a04:bdc7:100:4656::1 Tunnel IPv4 Peer Address 172.20.129.172/32 Tunnel IPv6 Link Local fe80::42:2601:2a:1/64 Tunnel IPv6 ULA fd42:4242:2601:2a::1/128 dn42-us-nyc1 Location HostHatch, New York, United States Specs 2 x EPYC 7443P, 8GB, 60GB NVME, 10TB @ 10gbit Public Hostname dn42-us-nyc1.burble.com Public IPv4 Address 109.205.61.36 Public IPv6 Address 2605:4840:2:eed4::1 Tunnel IPv4 Peer Address 172.20.129.175/32 Tunnel IPv6 Link Local fe80::42:2601:29:1/64 Tunnel IPv6 ULA fd42:4242:2601:29::1/128 `}),e.add({id:9,href:"/services/public/",title:"Public Services",parent:"Services",content:`Services provided for use within DN42 +Website burble.dn42 (dn42 link) dn42.burble.com (public internet link) This website is built using Hugo and is distributed across burble.dn42 core nodes. +The public internet site is a CloudFlare pages application and the source is published in the burble.dn42 git. +Service Administration Portal svc.burble.dn42 The service portal allows you to configure your burble.dn42 services. +Functionality includes: +Setting or changing a burble.dn42 LDAP password Changing your shell for the shell services Viewing peering information Diagnostic Services Looking Glass lg.burble.com (public internet link) lg.burble.dn42 (dn42 link) The burble.dn42 looking glass is based on bird-lg-go with some local customisations. The source code for the looking glass is available on the burble.dn42 git. +The looking glass is replicated via the nomad cluster, with the public version behind CloudFlare. +Pingable IP address pingable.burble.dn42 172.20.129.5 fd42:4242:2601:ac05::1 pingable.burble.dn42 is a single IP address that will respond to ping and traceroute requests across the entire network. +This address may be used for automated reachability or latency tests, however please be considerate and configure a reasonable test frequency. +In all cases, do not set the ping frequency to be higher than once a second. Speed Test speedtest.burble.dn42 The speed test service provides a way for you to measure your latency and bandwidth to the core burble.dn42 service clusters. +The service is based on is OpenSpeedTest. +The speedtest service is delivered via the internal traefik and nomad clusters which are anycasted and have internal load balancing. This means that the particular server providing the speedtest is non-deterministic and you may get different results across speedtest runs. The speedtest service is provided for your benefit, please don’t abuse the service or using excessive bandwidth. Network Status and Reporting Grafana Dashboards https://grafana.burble.dn42 dn42 link https://grafana.burble.com public internet link Uptime monitoring https://stats.uptimerobot.com/l2913c0R6 Major nodes are also monitored off-network by UptimeRobot. +Anycast / Dynamic Route Monitoring https://anycast.burble.dn42 Realtime dashboard for anycast / dynamic services. Anycast status is reported every minute to the nats.io cluster and the dashboard is a live visualtion of the current status. +Internal monitoring Internally, nodes are measured by netdata which provides a real time view of each node. prometheus is then used to collect and store that data for historical reporting. grafana is used for visualisation. +Syslogs are exported in real time to a central logging node on the internal network. +Shell Accounts The burble.dn42 shell service provides shell accounts for dn42 users who have a burble.dn42 password or SSH auth methods in the registry. +See the Shell Accounts page. +S3 Compatible Object Store https://minio.burble.dn42 - Web interface s3.burble.dn42 - S3 compatible interface A min.io instance provides S3 compatible storage space for users that have registered a burble.dn42 password. +See the S3 Object Storage page for more information and examples. +DNS Service Name IP Authoritative Service ns1.burble.dn42 172.20.129.1fd42:4242:2601:ac53::1 Recursive Service dns.burble.dn42 172.20.129.2fd42:4242:2601:ac53::53 DNS64 Service dns64.burble.dn42 fd42:4242:2601:ac53::64 burble.dn42 provides a local, anycast, authoritative and recursive DNS service. +The DNS Service has it’s own page. +Registry API Service and Explorer https://explorer.burble.com/ (public internet link) https://explorer.burble.dn42/ (DN42 link) dn42regsrv is a REST API for the DN42 registry that provides a bridge between interactive applications and the registry. +As well as the main REST API to the DN42 registry, the server can also generate ROA tables and provides a small web application for exploring registry data. +ROA Data Route Origin Authorisation (ROA) tables are generated using dn42regsrv and published to the dn42.burble.com website for general use. +The JSON output file can be used with gortr to implement ROA checks via RPKI. +The Bird files can be used directly with Bird to implement ROA checks as detailed in the DN42 Wiki (Bird1 / Bird2). +The OpenBGPD files can be used directly with OpenBGPD to implement ROA checks as details in the DN42 Wiki OpenBGPD +URL IPv4/IPv6 Description https://dn42.burble.com/roa/dn42_roa_46.json Both DN42 ROA data in JSON format https://dn42.burble.com/roa/dn42_roa_bird1_46.conf Both DN42 ROA data for use with Bird1 https://dn42.burble.com/roa/dn42_roa_bird1_4.conf IPv4 Only DN42 ROA data for use with Bird1 https://dn42.burble.com/roa/dn42_roa_bird1_6.conf IPv6 Only DN42 ROA data for use with Bird1 https://dn42.burble.com/roa/dn42_roa_bird2_46.conf Both DN42 ROA data for use with Bird2 https://dn42.burble.com/roa/dn42_roa_bird2_4.conf IPv4 Only DN42 ROA data for use with Bird2 https://dn42.burble.com/roa/dn42_roa_bird2_6.conf IPv6 Only DN42 ROA data for use with Bird2 https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf Both DN42 ROA data for use with OpenBGPD https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf IPv4 Only DN42 ROA data for use with OpenBGPD https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf IPv6 Only DN42 ROA data for use with OpenBGPD ROA data is cached via Cloudflare to provide fast local access. +Git git.burble.dn42 (dn42 link) git.burble.com (public internet link) burble.dn42 related code and configuration is maintained in a local gitea repository. +VOIP voip.burble.dn42 burble.dn42 runs an asterisk based VOIP service, primarily to support the Retro42 service. +The VOIP service has a number of public endpoints available for testing: +SIP Endpoint Service 424026010@voip.burble.dn42 Time Announcement 424026011@voip.burble.dn42 Announces your caller ID 424026012@voip.burble.dn42 Echo Service 424026013@voip.burble.dn42 Randomised music 424026017@voip.burble.dn42 Dials Modem 1 directly (currently offline and used for testing) 424026018@voip.burble.dn42 Dials Modem 2 directly 424026019@voip.burble.dn42 Dialup service endpoint - dials both modems PrivateBin Instance paste.burble.dn42 (dn42 link) paste.burble.com (public internet link) burble.dn42 PrivateBin instance. +NTP Service All servers in burble.dn42 provide a stable, high stratum NTP service using chrony. +The NTP service is exposed over DN42, and users are welcome to use any server in the burble.dn42 network as an NTP time server on either the public or DN42 networks. +clicker.burble.dn42 https://clicker.burble.dn42/ Waste your time with this dn42 themed, browser based idle game. +lounge.burble.dn42 https://lounge.burble.dn42/ (dn42 link) https://lounge.burble.com/ (public internet link) thelounge is a web based IRC client that is integrated with the LDAP backend. +Log in using your burble.dn42 username/password to lurk on #dn42. +(set a password using the the burble.dn42 service portal) +Invidious instance https://invidious.burble.dn42/ burble.dn42 instance of Invidious the open source alternative front-end to YouTube. +`}),e.add({id:10,href:"/services/",title:"Services",parent:"burble.dn42",content:`Information about burble.dn42 services. +DN42: DN42 Infrastructure Services Public Services: List of public services Internal Services: Documentation for Non-public applications DNS: DNS services ACME: ACME Service Shell Accounts: burble.dn42 Shell Services S3 Object Storage: S3 Object Service Certificate Authority: burble.dn42 certificate authority Ping Challenge: The burble.dn42 Ping Challenge `}),e.add({id:11,href:"/retro/",title:"Retro42",parent:"burble.dn42",content:`dn42 like its the 1990’s +Dialup Service burble.dn42 has a full dialup service using real physical modems served over VOIP. +Modem Emulator If you don’t have a physical modem you can use the modem emulator to get a retro terminal experience or connect in to dn42 from your retro VMs. +`}),e.add({id:12,href:"/additional/",title:"Additional Info",parent:"burble.dn42",content:" Maint. Log Archive: A log of changes to the burble.dn42 network 2020 2019 2018 Other stuff: Other random stuff Things to do in DN42: Stuck for inspiration ? "}),e.add({id:13,href:"/services/internal/",title:"Internal Services",parent:"Services",content:`This page provides some documenation on other services used within burble.dn42 that are not directly available for public use. +traefik / traefik-eu / traefik-na burble.dn42 runs a global traefik cluster which acts as a reverse proxy and load balancer for burble.dn42 web services. +The traefik instances are anycast globally (traefik.burble.dn42), but also have regional load balancing groups for Europe (traefik-eu.burble.dn42) and North America (traefik-na.burble.dn42). This regional split helps to direct users to local services where possible. +vault.burble.dn42 Hashicorp Vault is used to handle secrets across the burble.dn42 network. Vault is deployed as a 3 node cluster across the Europe core nodes and uses the internal raft database as a back end. +TLS Certificate Authority Vault acts as the main certificate authority for burble.dn42 PKI. +Vault allows for regular, automated renewal of certificates on short timeframes (typically a rolling week or monthly basis). +SSH Certificate Authority Vault also acts as an SSH certificate authority, verifying both users and servers within the network. +Server certificates are generated during deployment, whilst user (or role) certificates are short lived and generated on demand. +Deployment Secrets Vault holds secrets used during node and service deployments. +Most burble.dn42 are built as stateless container images and secrets are pushed from vault in to the live containers at runtime. This ensures the container images do not contain secrets and that secrets can be applied per instance even when using a common image. +Vault also manages database credentials (using the mysql/mariadb integration), and these are also automatically generated and pushed in to container instances on deployment. +The authority to access deployment secrets is inherited, on demand, from the user token during the deployment process. This ensures that even if access was gained to the deployment server, secrets could still not be accessed without also having access to a live user token. +nomad.burble.dn42 burble.dn42 runs a global HashiCorp Nomad cluster that is used primarily for web application workloads. Nomad integrates with containerd, vault and traefik to provide resilient, globally available applications. +nats.burble.dn42 burble.dn42 operates a nats.io cluster as a distributed, network wide, broadcast and RPC solution. +The cluster uses decentralised JWT tokens for authentication. +ci.burble.dn42 The burble.dn42 git has an associated CI/CD service based on drone. +The CI/CD service is used to manage DNS, build and publish applications and the burble.dn42 website. +`}),e.add({id:14,href:"/network/IPAM/",title:"IPAM",parent:"Network",content:`IP address tables +General Ranges IPv4 IPv4 Address Range Purpose 172.20.129.0/27 burble.dn42 services 172.20.129.160/27 burble.dn42 nodes IPv6 IPv6 Address Range Purpose fd42:4242:2601:acXX::/64 Anycast services fd42:4242:2601:AA::/64 Public services for host AA fd42:4242:2601:AA00::/56 /56 routed to host AA fd42:4242:2601:AA02::/64 Tier2 services on host AA fd42:4242:2601:AA64::/64 NAT64 service related to host AA burble.dn42 Services DNS IPv4 IPv6 Comment 172.20.129.0 Reserved ns1.burble.dn42 172.20.129.1 fd42:4242:2601:ac53::1 Authoritative DNS Master dns.burble.dn42 172.20.129.2 fd42:4242:2601:ac53::53 Recursive DNS Resolver burble.dn42www.burble.dn42 172.20.129.3 fd42:4242:2601:ac80::1 Website collector.dn42 172.20.129.4 fd42:4242:2601:ac12::1 Global Route Collector pingable.burble.dn42 172.20.129.5 fd42:4242:2601:ac05::1 Pingable IP Address nats.burble.dn42 172.20.129.6 fd42:4242:2601:ac06::1 nats.io Cluster 172.20.129.7 Unallocated whois.burble.dn42 172.20.129.8 fd42:4242:2601:ac43::1 Whois service voip.burble.dn42 172.20.129.9 fd42:4242:2601:37:216:3eff:fe8f:6211 Asterisk VOIP Service shell.burble.dn42 172.20.129.10 fd42:4242:2601:ac22::1 Shell service 172.20.129.11 Unallocated traefik.burble.dn42 172.20.129.12 fd42:4242:2601:ac82::1 Global traefik cluster traefik-eu.burble.dn42 172.20.129.13 fd42:4242:2601:ac83::1 Europe traefik cluster traefik-na.burble.dn42 172.20.129.14 fd42:4242:2601:ac84::1 North America traefik cluster 172.20.129.15-19 Unallocated 172.20.129.20/30 n/a Dialup Service endpoints shell.de.burble.dn42 172.20.129.24 fd42:4242:2601:100b:216:3eff:fe32:1a21 DE shell service shell.uk.burble.dn42 172.20.129.25 fd42:4242:2601:1015:216:3eff:fe91:b943 UK shell service shell.nyc.burble.dn42 172.20.129.26 fd42:4242:2601:101d:216:3eff:fefc:722 NYC shell service shell.lax.burble.dn42 172.20.129.27 fd42:4242:2601:1018:216:3eff:feaa:7249 LAX shell service shell.fr.burble.dn42 172.20.129.28 fd42:4242:2601:1017:216:3eff:fe01:2f1f FR shell service 172.20.129.30 shell service unassigned 172.20.129.31 unassigned burble.dn42 Nodes (DN42 Addressing) DNS IPv4 IPv6 Comment unassigned 172.20.129.164 fd42:4242:2601:3f::1 us-nyc3.burble.dn42 172.20.129.165 fd42:4242:2601:3a::1 NYC Cluster uk-lon2.burble.dn42 172.20.129.166 fd42:4242:2601:2e::1 UK Storage unassigned 172.20.129.167 fd42:4242:2601:2d::1 nl-ams2.burble.dn42 172.20.129.168 fd42:4242:2601:34::1 Private Node de-fra1.burble.dn42 172.20.129.169 fd42:4242:2601:31::1 DE Public Peering de-fra3.burble.dn42 172.20.129.170 fd42:4242:2601:2c::1 DE Dev Cluster de-fra2.burble.dn42 172.20.129.171 fd42:4242:2601:2b::1 DE Cluster us-lax1.burble.dn42 172.20.129.172 fd42:4242:2601:2a::1 LAX Public Peering ch-zur2.burble.dn42 172.20.129.173 fd42:4242:2601:27::1 CH Cluster ch-zur1.burble.dn42 172.20.129.174 fd42:4242:2601:28::1 CH Public Peering us-nyc1.burble.dn42 172.20.129.175 fd42:4242:2601:29::1 NYC Public Peering us-nyc2.burble.dn42 172.20.129.176 fd42:4242:2601:3d::1 NYC Cluster uk-lon4.burble.dn42 172.20.129.177 fd42:4242:2601:25::1 UK Cluster uk-lon5.burble.dn42 172.20.129.178 fd42:4242:2601:24::1 UK Cluster de-fra4.burble.dn42 172.20.129.179 fd42:4242:2601:23::1 DE Dev Cluster us-lax2.burble.dn42 172.20.129.180 fd42:4242:2601:38::1 LAX Cluster de-nue1.burble.dn42 172.20.129.181 fd42:4242:2601:37::1 DE Cluster unassigned 172.20.129.182 fd42:4242:2601:3e::1 nl-ams3.burble.dn42 172.20.129.183 fd42:4242:2601:3c::1 Experimental uk-lon3.burble.dn42 172.20.129.184 fd42:4242:2601:30::1 Private Node no-trd1.burble.dn42 172.20.129.185 fd42:4242:2601:39::1 NO Public Peering nl-ams1.burble.dn42 172.20.129.186 fd42:4242:2601:32::1 Private Node uk-lon1.burble.dn42 172.20.129.187 fd42:4242:2601:35::1 UK Public Peering fr-par1.burble.dn42 172.20.129.188 fd42:4242:2601:36::1 FR Public Peering unassigned 172.20.129.189 fd42:4242:2601:26::1 reserved 172.20.129.190 fd42:4242:2601:20::1 Private Node reserved 172.20.129.191 fd42:4242:2601:20::1 Private Node burble.dn42 Nodes (Public Addressing) DNS IPv4 IPv6 dn42-fr-par1.burble.com 51.159.194.131 2001:bc8:1201:50d:d6ae:52ff:fecc:c97 dn42-uk-lon1.burble.com 45.91.93.104 2a0e:dc0:5:5::1 dn42-de-fra1.burble.com 5.180.253.211 2a0e:6a80:3:430::1 dn42-ch-zur1.burble.com 45.91.92.111 2a0e:dc0:6:8::1 dn42-no-trd1.burble.com 217.168.87.226 2001:678:dd0:ffff::25 dn42-us-lax1.burble.com 45.67.219.3 2a04:bdc7:100:4656::1 dn42-us-nyc1.burble.com 109.205.61.36 2605:4840:2:eed4::1 DNS IPv4 IPv6 git.dn42.dev 45.91.93.104 2a0e:dc0:5:5:425d:6eff:feb4:6e2d `}),e.add({id:15,href:"/network/routing-policy/",title:"Routing Policy",parent:"Network",content:`With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible. +Policy Objectives Direct routes for prefixes belonging to a peer should be given the highest priority. So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party Where prefixes are tagged with a DN42 region, they should be routed locally or within the burble.dn42 network. To avoid sending traffic across regions when this could have been avoided. The AS path length is also increased between regions to pursuade external routers to also prefer local hosts. Prioritise by shortest path, then lowest latency Policy Implementation bgp local_pref The local_pref for routes is set on entry, and then propogated across the whole network. This forces the network to prefer routes that, where possible, send traffic through the burble.dn42 network to a local peer, rather than sending cross regional traffic through external peers (aka Cold Potato Routing). +Local Pref Route Class 3000 burble.dn42 dynamic / anycast routes 2000 burble.dn42 internal networks 1000 Peer networks (AS path len = 1) 500 Route received in same DN42 region as it originated 100 Default bgp med The med attribute is used to implement a latency based metric across the network. Scripts are used to gather the latency between nodes (using ping) and this is then incorporated in to the ansible scripting that generates the peer configuration for the internal mesh. The peer configuration sets the med to be the latency in ms between nodes (in milliseconds * 10). A penalty of 500 is added for each hop to encourange direct routing between nodes. +med = (latency between nodes in ms * 10) + (500 per hop) The med metric is exported to external peers to help them decide how to route traffic to the burble.dn42 network. +collector.dn42 The global route collector is treated as a special case and does not follow the normal routing policy. The objective of the collector policy is to steer traffic directly to fr-par1 and reduce transit of GRC traffic over the burble.dn42 network. This is aggressively implemented for certain low bandwidth nodes to prevent any GRC traffic going through these nodes. +To accomplish this, each node announces the GRC prefix in to DN42 with different levels of path prepending depending on the available bandwidth of that node. Some nodes with low bandwidth allocations do not announce the GRC prefix at all. +Node capability Action Taken fr-par1 Prefix announced without any prepending Other nodes with unlimited BW allowance ASN prepended once Nodes with BW limits ASN prepended twice Nodes with low BW limits GRC prefix not announced As well as the external traffic engineering, the internal mesh policy also prevents transit of GRC traffic via low bandwidth nodes. +`}),e.add({id:16,href:"/network/communities/",title:"BGP Communities",parent:"Network",content:`This page describes the use of BGP communities within the network. +DN42 Communities The DN42 Route Origin Community is applied both internally and externally, and is used to influence the Routing Policy. +Community Description ( 64511 : 40 < x < 54 ) Route Origin The other DN42 communities are not used in burble.dn42: +Community Description ( 64511 : 0 < x < 21 ) Max latency ( 64511 : 20 < x < 30 ) Min bandwidth ( 64511 : 30 < x < 35 ) Min encryption Well Known BGP Communities The following well known communities are implemented. +Community Description Action ( 65535 : 65281 ) No Export Prefix should not be exported outside of AS4242422601 ( 65535 : 65282 ) No Advertise Prefix should not be exported to any peers ( 65535 : 65283 ) Local-AS Prefix should not be exported outside of region burble.dn42 Specific Communities burble.dn42 implements large BGP communities, with ISO 3166-1 / UNSD country, and UNSD region codes. +Informational Communities Community Description ( 4242422601 : 120 : host code ) Route learned on this host ( 4242422601 : 130 : 1 ) Route is a direct peer ( 4242422601 : 140 : DN42 region ) Route learned in this DN42 region `}),e.add({id:17,href:"/services/dns/",title:"DNS",parent:"Services",content:`burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure. +Role Names DN42 DNS Master b.master.delegation-servers.dn42 Authoritative DNS Service b.delegation-servers.dn42 +ns1.burble.dn42 Recursive DNS Service b.recursive-servers.dn42dns.burble.dn42 dns64 Service dns64.burble.dn42 Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. The services support DNSSEC and are available over UDP, TCP, DNS over HTTPs and DNS over TLS. +DN42 DNS Master Name IP b.master.delegation-servers.dn42 fd42:180:3de0:30::1 burble.dn42 runs one of the two master servers that support the DN42 DNS infrastructure. +See the wiki for more information on the role of the master service. +The master is hosted on ca-bhs2, providing geographic and network redundancy against the other DN42 master service, hosted in Europe. +Authoritative DNS Service Name IP ns1.burble.dn42b.delegation-servers.dn42 172.20.129.1fd42:4242:2601:ac53::1 ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides DNSSEC signed, authoritative data for DN42 related zones. +The authoritative service may be used as the root for a local DNS resolver, with the assurance that returned DNS records are traceable via DNSSEC to the DN42 registry. The service also supports AXFR and may be used as a master to a local, slaved, root zone. +Note that ns1.burble.dn42 will not forward DNS queries. +Forwarding is provided by the recursive service, dns.burble.dn42. +Slaved DN42 zones .dn42 .recursive-servers.dn42 .delegation-servers.dn42 .registry-sync.dn42 d.f.ip6.arpa. 20.172.in-addr.arpa. 21.172.in-addr.arpa. 22.172.in-addr.arpa. 23.172.in-addr.arpa. 31.172.in-addr.arpa. 10.in-addr.arpa. Mastered Zones Zone Role burble.dn42 burble.dn42 forward zone collector.dn42 Global Route Collector forward zone 1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpa burble.dn42 IPv6 reverse zone 0/27.129.20.172.in-addr.arpa burble.dn42 services IPv4 reverse zone 160/27.129.20.172.in-addr.arpa burble.dn42 nodes IPv4 reverse zone 0.3.0.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpa DNS Master reverse zone 0.0.1.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpa Registry services IPv6 reverse zone 0/28.63.22.172.in-addr.arpa Register services, IPv4 reverse zone Recursive DNS Service Name IP dns.burble.dn42b.recursive-servers.dn42 172.20.129.2fd42:4242:2601:ac53::53 dns.burble.dn42 is a caching, recursive DNS service that returns results for both DN42 and clearnet domains. The service issues parallel queries from regional masters, the recursive service takes advantage of the burble.dn42 global scale to reduce latency and avoid local connectivity problems. +The recursor is DNSSEC enabled and validates all queries. +Using the recursive DNS service Users are encouraged to consult recursive-servers.dn42 to obtain a list of recursive DNS services and configure at least two independent resolvers to obtain the best resilience. +See also the DN42 Wiki for general guidelines and best practice for setting up DNS in DN42. +$ host -t SRV _dns._udp.recursive-servers.dn42 _dns._udp.recursive-servers.dn42 has SRV record 10 10 53 a3.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 b.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 10 10 53 a0.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 j.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 k.recursive-servers.dn42. Example resolv.conf using IPv6 with IPv4 fallback +# DN42 resolve.conf search dn42 # burble.dn42 service # b.recursive-servers.dn42 nameserver fd42:4242:2601:ac53::53 # j.recursive-servers.dn42 nameserver 172.20.1.19 DNS64 Service Name IP dns64.burble.dn42 fd42:4242:2601:ac53::64 The dns64 service operates in a similar way to the main recursive service but also provides dns64 translation for hostnames that only have IPv4 addresses. +The service will return IPv4 mapped to the rfc6052 well-known prefix - 64:ff9b::/96 +DNS over HTTPS (DoH) DNS over TLS The burble.dn42 services support queries via DNS over HTTPS (on port 443) and DNS over TLS (on port 843). The HTTPS service is signed by the burble.dn42 Certificate Authority, and the CA certificate will be required by the client in order to use the service. +example +$ doh burble.dn42 https://[fd42:4242:2601:ac53::53]/dns-query burble.dn42 from https://[fd42:4242:2601:ac53::53]/dns-query TTL: 3600 seconds A: 172.20.129.3 AAAA: fd42:4242:2601:ac80:0000:0000:0000:0001 Implementation The DNS service is implemented as a tiered, anycast service with each node in the network providing a local cache in front of regional, slave nodes. +dns-edge Edge nodes provide a caching function for the slaves. +Recursive services (dns.burble.dn42 and dns64.burble.dn42) are provided by dnsmasq configured using the ‘all-servers’ mode. DN42 queries are forwarded to all regional slaves in parallel and the first response received is then returned. This approach ensures users get the lowest latency results possible, regardless of location, and that any local connectivity issues do not impact the results. +The authoritive service as well as DNS over HTTPS and DNS over TLS services are provided by dnsdist acting as a proxy. Requests are forwarded to either the regional slaves or local recursor services as appropriate and also cached. +Clearnet queries are forwarded on the edge nodes to a combination of Google and Cloudflare services. +The edge services are monitored and anycast routes automatically injected (or removed) with a health checking script. +dns-slave Region Host Location Europe dns-slave.de-fra1.burble.dn42 PHP Friends, Frankfurt, Germany Americas (East) dns-slave.ca-bhs2.burble.dn42 OVH, Beauharnois, Canada Americas (West) dns-slave.us-lax1.burble.dn42 Alvin Servers, Los Angeles, USA The slave nodes are implemented using PowerDNS. +The Authoritative DNS servers are configured as slaves replicating from the DN42 master for .dn42 related zones and a hidden master located on the private, internal network for burble.dn42 zones. +The recursive service is provided by the pdns-recursor configured with DNSSEC validation and additional caching. +dns-master The DN42 DNS master is a custom java program running on us-dal3. +`}),e.add({id:18,href:"/services/acme/",title:"ACME",parent:"Services",content:`burble.dn42 provides an ACME service using an intermediate certificate issued by the dn42 certificate authority and implemented using a HashiCorp Vault cluster to provide a highly available service. +The following ACME challenge types are supported: +http-01 dns-01 tls-alpn-01 dn42 endpoint https://acme.burble.dn42/v1/dn42/acme/directory The dn42 endpoint serves certificates signed by an intermediate certificate issued by the dn42 certificate authority. +Note that certificates are issued with a validity period of 30 days, which is shorter than most clearnet ACME services. +The recommended interval to check for expiry is 5 days. +Staging endpoint https://acme.burble.dn42/v1/staging/acme/directory The staging endpoint can be used for testing and issues junk certificates. The service uses an internal certificate authority that is specific to the staging service and should not be trusted. +The staging service issues short lived certificates with a validity period of a few days. +Certificate Transparency TODO A simpler process will be provided at a future stage, in the meantime the vault API can be queried manually to list issued certificates. +– +Vault provides an API for listing issued certificates, however the process for doing this is somewhat complicated if you have not used vault before. The instructions below detail how to interrogate the service using the vault CLI, however it is also possible to run through the same process via the HTTP API. +# The API endpoint to list issued certificates is an authenticated # endpoint that requires a vault token to access it. # # The burble.dn42 service includes an anonymous login that can be # used to obtain a suitable token. # set the VAULT_ADDR environment variable to the ACME service $ export VAULT_ADDR="https://acme.burble.dn42" # you can also set VAULT_SKIP_VERIFY=1 if you do not have the # dn42 certificate authority installed. # Issue an anonymous token and store it in the VAULT_TOKEN env variable $ export VAULT_TOKEN=$(vault write -field token auth/approle/login role_id=anonymous) # now the vault API can be accessed # list issued certificates $ vault list dn42/certs Keys ---- 06:72:54:74:02:eb:68:da:62:76:14:92:b4:84:19:36:b1:d1:d0:5c 0c:bb:39:a0:0a:aa:9c:d9:06:e8:9e:87:ff:54:73:c4:a6:42:9c:f0 13:91:4f:f7:3a:0b:ca:38:cd:c6:6e:7d:4d:fb:c5:7c:ed:b0:79:1b 39:5c:46:16:27:d8:f7:30:cc:64:1a:3c:6c:ff:c4:ac:f9:3c:3c:9c 4b:24:32:48:d0:64:55:3b:dd:b3:00:c6:33:2d:0f:3e:eb:d7:50:02 4c:8f:ce:e6:18:7a:05:c1:a3:11:45:c9:3c:34:0f:50:e0:75:6d:fd 5a:03:a9:5b:07:60:d0:fb:25:28:4b:e9:93:a8:22:cd:78:d1:29:b2 5d:26:b4:47:59:0c:0a:e9:88:b6:97:1d:2a:2b:e5:cb:d2:90:34:9e 65:c8:33:07:fc:9a:aa:fd:85:6b:fd:b4:de:29:71:e3:8e:6c:f2:11 68:e1:a6:4a:e1:58:ee:71:c7:a6:12:48:e2:7a:c5:84:c1:7c:21:5e 75:cf:16:f9:06:71:ea:86:1c:51:95:89:c9:1d:ea:a1:eb:f5:6f:83 76:91:6e:6a:23:14:00:7c:5f:c7:de:91:c4:40:73:d9:51:b4:f8:4d # view an invidual certificate $ vault read -field certificate "dn42/cert/76:91:6e:6a:23:14:00:7c:5f:c7:de:91:c4:40:73:d9:51:b4:f8:4d" -----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIUdpFuaiMUAHxfx96RxEBz2VG0+E0wDQYJKoZIhvcNAQEL BQAwVTELMAkGA1UEBhMCWEQxDTALBgNVBAoTBGRuNDIxFDASBgNVBAsTC2J1cmJs ...snip... yait1CFFq4g9/bvsNfIsvN6EJ/BGXqqww6BzKt/ioSLj -----END CERTIFICATE----- # human readable output using the step CLI (https://smallstep.com/) $ vault read -field certificate "dn42/cert/06:72:54:74:02:eb:68:da:62:76:14:92:b4:84:19:36:b1:d1:d0:5c" | step certificate inspect Certificate: Data: Version: 3 (0x2) Serial Number: 36803586486229131299250018793512622456839458908 (0x672547402eb68da62761492b4841936b1d1d05c) Signature Algorithm: SHA256-RSA Issuer: C=XD,O=dn42,OU=burble.dn42,CN=burble.dn42 staging ACME Validity Not Before: Oct 2 18:21:36 2023 UTC Not After : Nov 3 18:22:06 2023 UTC Subject: CN=drone.git.dn42 Subject Public Key Info: Public Key Algorithm: RSA Public-Key: (4096 bit) Modulus: ...snip... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: Server Authentication X509v3 Subject Key Identifier: 01:4A:7E:02:F3:B7:78:03:66:F9:21:97:4B:31:34:7C:31:DE:BB:86 X509v3 Authority Key Identifier: keyid:94:D1:C3:60:C7:88:81:A6:8C:37:AE:40:42:22:48:6B:5F:36:8F:CC Authority Information Access: OCSP - URI:https://acme.burble.dn42/v1/dn42/ocsp CA Issuers - URI:https://acme.burble.dn42/v1/dn42/ca X509v3 Subject Alternative Name: DNS:drone.git.dn42 X509v3 CRL Distribution Points: Full Name: URI:https://acme.burble.dn42/v1/dn42/crl Signature Algorithm: SHA256-RSA ...snip... Implementation The ACME implementation is provided by a 3-node HashiCorp Vault cluster behind the burble.dn42 traefik load balancer. Together they provide a global, high availability service. +The cluster currently runs on the following nodes: +ch-zur2 de-fra1 fr-par1 At any time the cluster has one leader which processes all requests and replicates state to the cluster members. The leader node automatically switches to one of the backup servers should a failure occur. +The traefik load balancer runs health checks against the vault servers and automatically redirects users to the vault cluster leader. +See the vault HA reference architecture for more details. +`}),e.add({id:19,href:"/services/shell/",title:"Shell Accounts",parent:"Services",content:`burble.dn42 provides shell accounts on the following servers: +shell.fr.burble.dn42 shell.uk.burble.dn42 shell.de.burble.dn42 shell.lax.burble.dn42 shell.nyc.burble.dn42 There is also an anycast address shell.burble.dn42 that will route to the closest server. +Accessing the Service The shell service imports user information from the dn42 registry allowing any MNTNER to log in to the servers. Usernames are constructed by lowercasing and removing the ‘-MNT’ suffix. +Using an SSH public key If you have an auth attribute with an SSH public key, this will be imported from the registry and you can use the SSH key to log in to the shell server. +Using a password MNTNERs without an SSH key must first use the burble.dn42 service portal to set an account password. +Connection Example For mntner FOO-MNT +Log in to the closest server using your ssh key or burble.dn42 password: +ssh foo@shell.burble.dn42 or log in to a specific server: +ssh foo@shell.fr.burble.dn42 Your home directory is created automatically on first access and will then persist across logins. +Home directories are not replicated across servers. +Key Services Installed Packages A broad set of command line tools, applications and games are available; the aim is to provide a comprehensive environment that is useful and fun to tinker with. +The current set of packages can be found in the shell config repo: +https://git.dn42.dev/burble/config-shell/src/branch/main/roles/user_apps/tasks/main.yml Requests for additional packages are welcome, please raise these as issues in the repo. +Webserver The shell servers include a webserver with user directories (~/public_html/) and CGI (~/public_html/cgi-bin/) enabled. The webserver is accessed over https and has a dn42 certificate. +https://shell.fr.burble.dn42/~<username>/ https://shell.uk.burble.dn42/~<username>/ https://shell.de.burble.dn42/~<username>/ https://shell.lax.burble.dn42/~<username>/ https://shell.nyc.burble.dn42/~<username>/ https://shell.burble.dn42/~<username>/ Remember that any files need to be accessible by the webserver, which runs as user/group www-data/www-data; CGI scripts must also be executable. The default umask of 077 means that the webserver won’t be able to read your public_html folder or any files within it without changing permissions. +A simplistic approach would be to make your home directory, and public_html directory world readable: +chmod a+x ~ chmod -R a+rX ~/public_html chmod -R a+rx ~/public_html/cgi-bin A more secure way of allowing access would be to use posix ACLs: +setfacl -m "u:www-data:x" ~ setfacl -Rdm "u:www-data:rX" ~/public_html setfacl -Rdm "u:www-data:rx" ~/public_html/cgi-bin Note also that home directories are not replicated across each shell server. +If you want to provide services using the anycast address you must copy your code between servers yourself. +Login Shell You can change your login shell using the burble.dn42 service portal. +Classic Games The shells have a number of classic text games installed: +Colossal Cave Adventure +Get lost in a twisty little maze of passages +$ adventure +Trek +$ trek +NetHack +The original time sink +$ nethack +Zork +Zork 1, 2 and 3 are available in /usr/local/frotz/ +$ frotz /usr/local/frotz/ZORK1.DAT +$ frotz /usr/local/frotz/ZORK2.DAT +$ frotz /usr/local/frotz/ZORK3.DAT +Take a look in /usr/games for more text games. +Cron, Batch and Services Cron and other batch or long running tasks are ok, but be a nice neighbour and prioritise other users’ interactive use. +Schedule crons to run at random or obscure times to avoid stampeding herds and control your resource usage using tools like nice and ionice. +Clearnet Clearnet access is provided. Rate limiting allows for a small amount of burst traffic, but then bandwidth is quickly limited to 10mbit/sec. In general, you should be better off using your own clearnet access for large downloads. +Connection Forwarding SSH forwarding is enabled on the servers. +For example, this means you are able to use the shell servers as a resilient, anycast jump host: +ssh -J shell.burble.dn42 my.other.host.dn42 There are also a small number of X11 apps installed on the servers: +ssh -X shell.burble.dn42 -f 'xterm & xeyes' Integration with S3 object storage The shell servers include rclone which can be used to access the S3 object storage service. +See the S3 storage example for details. +Acceptable Use In general, as long as you are not risking the service or other users you should be ok. These services are provided free for your benefit, and the objective is to provide a fun, open environment for dn42 users. Please be considerate in your usage and remember that abusing the service just spoils it for everyone else. +See also the main Abuse Policy. +Source Code and Configuration Configuration for the shell servers is maintained in a git repo: +https://git.dn42.dev/burble/config-shell The repository may be used for raising issues or requesting additional software to be installed. +`}),e.add({id:20,href:"/services/minio/",title:"S3 Object Storage",parent:"Services",content:`burble.dn42 provides an S3 compatible storage service based on min.io. +https://minio.burble.dn42 - Web interface s3.burble.dn42 - S3 compatible interface Remember that the storage service is provided for the dn42 community and the burble.dn42 abuse policy applies. +Be considerate in your usage so that others will get the same benefits as you are enjoying now. Clean up files that you no longer need, do not use the service for illegal or objectional content and don’t be stupid. +Accessing the Service The object storage service is available for all users who have set a burble.dn42 password via the service portal. +Web Interface https://minio.burble.dn42 The minio web console can be accessed by logging in using your burble.dn42 username (lowercase of your MNTNER without the -MNT suffix) and password. +From the web interface users can create your own buckets, upload or download files, and create access keys for the S3 service. +Any buckets you create must start with your lowercase MNTNER name followed by a dash. +For example, for FOOBAR-MNT buckets must start with ‘foobar-’ +Valid bucket names +foobar-mybucket foobar-bucket1 Invalid bucket names +foobar foobarmnt-bucket notfoobar-bucket S3 API s3.burble.dn42 An S3 compatible API is accessible via https://s3.burble.dn42. The S3 region is uk-lon2 +Don’t use your burble.dn42 username and password. +Use the web interface on https://minio.burble.dn42 to create a unique access and secret key when using the S3 API. SFTP sftp -P 8022 @minio.burble.dn42 The minio instance can also be accessed via SFTP on port 8022. Log in to the SFTP server using your burble.dn42 username (MNTNER name in lowercase) and password. +Example usage Using the minio client utility Install the minio client Log in to the web console at https://minio.burble.dn42 using your burble.dn42 username and password Create yourself a bucket, remember to start the bucket with your mntner e.g. ‘foobar-’ Create an acccess and secret key pair Log out the web interface and return back to the cli Create an alias in the client using the access and secret key pair generated in step 4 mc alias set burble https://s3.burble.dn42 ACCESS_KEY SECRET KEY You can now use the client to access your bucket mc ls burble/foobar-mybucket Using the S3 API to mount buckets using rclone The burble.dn42 shell servers include rclone which you can use to mount buckets directly in your shell account. +Log in to the web console at https://minio.burble.dn42 using your burble.dn42 username and password Create yourself a bucket, remember to start the bucket with your mntner e.g. ‘foobar-’ Create an acccess and secret key pair Log out the web interface and and log in to your shell account Use rclone config to configure rclone Use https://s3.burble.dn42 as the endpoint and uk-lon2 as the region Use the access and secret key pair created in step 3 for authentication You can now use rclone to mount your buckets in the shell +$ mkdir tmp $ rclone mount burble: tmp Using SFTP Simply use your burble.dn42 username and password to access the SFTP server on port 8022. +$ sftp -P 8022 burble@minio.burble.dn42 burble@minio.burble.dn42's password: Connected to minio.burble.dn42. sftp> dir burble-images sftp> exit `}),e.add({id:21,href:"/services/ca/",title:"Certificate Authority",parent:"Services",content:`burble.dn42 maintains a PKI infarstructure for its services, using Hashicorp Vault +CA details countryName GB stateOrProvinceName dn42 organizationName burble.dn2 commonName ca.burble.dn42 emailAddress dn42@burble.com CA Download burble-dn42-ca.pem +-----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIUBIkK5f6OppmInBEKnG0xiNTn7lIwDQYJKoZIhvcNAQEL BQAwazELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJs ZS5kbjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYP ZG40MkBidXJibGUuY29tMB4XDTE5MDgxMzEwMDg0OVoXDTI5MDUxMjEwMDg0OVow azELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJsZS5k bjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYPZG40 MkBidXJibGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSxS bQq27BmOsx5aX/G3x/lcIt0N0ECb0pZ8laX1/DFMWTBgQxpcwuOGyagsq7Jd6Ozt fvZUAD8K3P0q6JCX+164Yq+3yA1urchdUf0rFby6JJYkhSSVnzTWouNRfiTNYmUK C6Dtd3ZDQux6+8JAxI1rYGV+HqJ4y2N5A1pGGjLLfESfu38I2SflT5tUVNRgTfV9 ERbIQl7Zq9fYoizLnkbGWRSY5lk8Cwyz1q342Z8NazE5glJgE54uzLMmcdZfSD5f 2wF/XgIM8vcpXGo10aU8ZiYlevxDls1S/p2IdIZ3idb9+38hEY+mBenDNxA1Ad+d 5lQZIL0v7QHgtHiyqQIDAQABo1MwUTAdBgNVHQ4EFgQU3z7rCRdMpqOyh7MLWfO8 F75hmxwwHwYDVR0jBBgwFoAU3z7rCRdMpqOyh7MLWfO8F75hmxwwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAm2hdaRx7CESeeWpvQIUmWysYWZ5r tLsDkU0PdM2vQSB42MbngKNGi2GU1CXgQhNiYDieoIMhtfMf1Zl6PBm13XE11COg HKCbs828G5X6HrlCnVAfqQiaa0HLZ0vFO94RVknn/wqr2VoHKNLdA46gMD67FWGm KGyeD480JbIOiM69r/4JGzuJSh384CxH6KPCX7dUywxgI9zbW99SaKTQNJ8Z+O04 qPtmh+qW0L8a7lTuaR/SEbloDA+ztDYyEPsgmVpvM+e2PtJdmygGaUc8Y15TevJR PGauY9oPLMXdxRYsqjQeKjBXv7Ms0CQB8XNHQ7zPsM83EZD5Eq68wLIvUA== -----END CERTIFICATE----- Certificate Expiry Date: May 12 10:08:49 2029 GMT `}),e.add({id:22,href:"/services/ping/",title:"Ping Challenge",parent:"Services",content:`Can you solve the burble.dn42 ping challenge ? +To start $ ping -s 0 -c 1 fd42:4242:2601:31f0::1 Hints Use -c 1 to only return one ping, unless instructed otherwise Use -s 0 to create a zero sized ping, unless instructed otherwise Packet capture is your friend You may also find a CyberChef useful The server maintains state based on your source IP and will time out idle clients after several days. There are ways to check the status (revealed during the challenge) but if your state times out you will need to restart from the nearest checkpoint. `}),e.add({id:23,href:"/network/status/",title:"Realtime Status",parent:"Network",content:`Uptime Kuma https://uptime.burble.dn42/status/bdn42 (dn42) https://uptime.burble.com/status/bdn42 (com) A self-hosted instance of Uptime Kuma provides the current status on many of the burble.dn42 services. +Uptime Robot https://stats.uptimerobot.com/l2913c0R6 (public internet link) Major nodes are also monitored off-network using UptimeRobot. +Grafana Dashboards https://grafana.burble.com (public internet link) https://grafana.burble.dn42 (DN42 link) Netdata and Prometheus are used to monitor the network and stats are presented using a series of Grafana dashboards. +BGP and Peering Status https://lg.burble.com/ (public internet link) https://lg.burble.dn42/ (DN42 link) BGP status can be found through my looking glass. +`}),e.add({id:24,href:"/network/abuse/",title:"Abuse Policy",parent:"Network",content:`The burble.dn42 network has a zero tolerance policy on network abuse, both within burble.dn42 and across the wider DN42 network. +Abuse could include, but is not limited to: +Excessive use of resources Hacking, viruses, trojans etc or any other disruption that could harm or create risk to the services or its users Distribution of objectional content that could create a civil or criminal liability The burble.dn42 network owner is the sole arbiter for determining what is deemed abuse and for any mitigations taken. +The owner may be contacted via dn42@burble.com. +Complaints Please direct any reports of abuse originating from the burble.dn42 network to the network owner: dn42@burble.com. +Abuse of DN42 and burble.dn42 resources Remember that burble.dn42 network services (which includes peering and transit) cost real time and money to deliver, and yet are provided free so you may benefit from them. You have no rights to access the services, so be considerate in your usage such that other users can continue to get the same opportunities as you have. +Whilst the aim is to provide an open and neutral network, any actions that could be considered a risk or a threat to services, either directly against burble.dn42 or within the rest of the DN42 network may result in your use being unconditionally blocked, without warning, explanation or appeal. This could include blocking transit traffic, or removing access to the wider DN42 network, if deemed necessary. +`}),e.add({id:25,href:"/",title:"burble.dn42",parent:"",content:`An experiment in global networking. +`}),e.add({id:26,href:"/privacy/",title:"Privacy Policy",parent:"burble.dn42",content:`In common with most websites, the burble.dn42 site and associated services may log any access you make and these logs contain your source IP address together with the page or service being accessed. If you are required to log in to access a burble.dn42 service, you should assume that the user id used for the service is also logged. Website and service logs are accessible only by the network administrators and used purely for diagnostic reasons and to prevent abuse. They are not shared in any way. Log retention varies depending on the service, but is at most, 1 month. +burble.dn42 services are provided by servers operating globally. Data processing may take place in any country where the network has a pop or presence. +The services provided by burble.dn42 make use of data contained within the DN42 Registry. This data may contain personal data that has been provided voluntarily by users of DN42 and which is then made public by this website or associated services. Please refer to the DN42 registry privacy policy for more information. +If you have any data privacy concerns or requests regarding burble.dn42 services you may contact dn42@burble.com. +`}),e.add({id:27,href:"/categories/",title:"Categories",parent:"burble.dn42",content:""}),e.add({id:28,href:"/additional/maintlog/",title:"Maint. Log Archive",parent:"Additional Info",content:`A log of changes to the burble.dn42 network. +6th December 2021 As you may have noticed, the maintenance log is no longer being kept up to date ! +17th July 2021 A new dedicated server us-nyc1 has joined burble.dn42, hosted in Virmach’s Buffalo, NY datacentre. +The server is not open for peering, however it does host a shell server that you are free to use. See the Shell Accounts service page for more info. +27th June 2021 The shell servers now have apache2 installed to provide home directory public_html access. +See the Shell Accounts service page for more info. +23rd June 2021 Added shell.ca-bhs2.burble.dn42 as a new shell server. +21st June 2021 Added new Shell Accounts service +19th May 2021 dn42regsrv now supports publishing ROA in OpenBGPD format. +The ROA are now published at the following links: +https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf us-nyc1 and us-chi1 have been removed from service and decommissioned. +If you were peered on these nodes, please contact me if you wish to re-peer on a different node. 10th April 2021 The b.recursive-servers.dn42 DNS resovler is running an experimental build of pdns-recursor to test a fix of this issue. +Please let me know if you spot any strange problems. +burble.dn42 websites are now using a TLS certificate issued by the DN42 ACME service. +A number of significant changes have been implemented for the global route collector +Downstream peerings have been stopped, in favour of parsing the MRT dumps The collector has moved from de-fra1 to fr-rbx1, where bandwidth is no issue A special routing policy has been implemented for the collector to encourage traffic to go directly to fr-rbx1 and not transit through burble.dn42 nodes. See also the Routing Policy page. Internal rate limits on BGP sessions have been relaxed 3rd April 2021 The collector is now using a TLS certificate issued by the DN42 ACME service. The collector is behind an anycasted reverse proxy, so a normal ACME challenge will not work. Instead, the certificate is managed using dnscontrol to respond to an ACME DNS challenge. +DNSSEC has been enabled on all edge nodes. +2nd April 2021 There was a major DNS outage today as a minor change took out the entire service. +What should have been a trivial config change actually upgraded the container from Alpine 3.11 to Alpine 3.13 and caused a number of the DNS applications to stop working due to incompatibilities. +The lack of working DNS meant it was more complicated to bootstrap the service back again, leading to a long delay in restoring service. +27th March 2021 Fixed a bug in bird that was preventing MRT dumps from the collector working. Hopefully the dumps can now be successfully parsed: https://mrt.collector.dn42 +25th March 2021 Bird 2.0.8 has been deployed across the network. Please let me know if you see problems. +burble.dn42 uses a custom bird build that includes additional debugging. The source code for the build is available on git.burble.dn42. +Advanced Notice +us-nyc1 will be decommissioned before 15/04/21 us-chi1 will be decommissioned before 14/05/21 23rd February 2021 Updated IPv6 address for hk-hkg1 +10th January 2021 Upgraded the looking glass to use bird-lg-go. +The main benefit of the go version is that it executes queries in parallel, greatly improving response times with a large number of nodes. +6th January 2021 hk-hkg1 is now open for IPv4 peering; see the node information for details. +IPv6 connectivity is expected ~February. +4th January 2021 Happy New Year DN42. +New Website The new year brings a new website for burble.dn42 built using Hugo and statically delivered from each core node for speed. As always, the source for the website is available in the gitea repo. +Anycast MTU The MTU for anycast services has been reduced to 1280 after a problem was seen with IPv6 path MTU discovery. +The problem was due to an asymmetric path, where a request to the wiki went to one node but the return path was via a different node. The other node also hosted a wiki instance, which meant that pmtud ICMP messages on the return path were being picked up by the wrong node. To fix this, the MTU has been clamped to the minimum allowable size of 1280. +Interestingly, Cloudflare also recognised the same type of issue and wrote up what they did in their blog. +The following services were impacted by the changes. +DNS Services NGINX Reverse Proxy (and therefore also all websites, including the Wiki mirrors) WHOIS Service New Nodes es-mad1 in Madrid, Spain has already been delivered and is now open for peerings. +The new node in Hong Kong, hk-hkg1 has also been delivered and I’m now just waiting for IPv6 to be available before it too will also be ready for peering. +Historical changes from previous years 2020 2019 2018 `}),e.add({id:29,href:"/network/design/",title:"Network Design",parent:"Network",content:`This page documents some key elements of the current burble.dn42 design. +Tunnel Mesh Hosts within the burble.dn42 network are joined using an Wireguard/L2TP mesh. Static, unmanaged, L2TP tunnels operate at the IP level and are configured to create a full mesh between nodes. Wireguard is used to provide encryption and encapsulate L2TP traffic in plain UDP such that it hides fragmentation and allows packets to be processed within intermediate routers’ fast path. +Using L2TP allows for a large, virtual MTU of 4310 between nodes; this is chosen to spread the encapsulation costs of higher layers across packets. L2TP also allows for multiple tunnels between hosts and this can also be used to separate low level traffic without incurring the additional overheads of VXLANs (e.g. for NFS cross mounting). +Network configuration on hosts is managed by systemd-networkd and applied with Ansible. +Real Life Networks and Fragmentation. +Earlier designs for the burble.dn42 relied on passing fragmented packets directly down to the clearnet layer (e.g. via ESP IPsec fragementation, or UDP fragmentation with wireguard). In practice it was observed that clearnet ISPs could struggle with uncommon packet types, with packet loss seen particularly in the IPv6 case. It seems likely that some providers’ anti-DDOS and load balancing platforms had a particular impact at magnifying this problem. +To resolve this, the network was re-designed to ensure fragmentation took place at the L2TP layer such that all traffic gets encapsulated in to standard sized UDP packets. This design ensures all traffic is ’normal’ and can remain within intermediate routers' fast path. +ISP Rate Limiting +The burble.dn42 network uses jumbo sized packets that are fragemented by L2TP before being encapsulated by wireguard. This means a single packet in the overlay layers can generate multiple wireguard UDP packets in quick succession, appearing to be a high bandwidth, burst of traffic on the outgoing clearnet interface. It’s vital that all these packets arrive at the destination, or the entire overlay packet will be corrupted. For most networks this is not a problem and generally the approach works very well. +However, if you have bandwidth limits with your ISP (e.g. a 100mbit bandwidth allowance provided on a 1gbit port) packets may be generated at a high bit rate and then decimated by the ISP to match the bandwidth allowance. This would normally be fine, but if a fragmented packet is sent, the burst of smaller packets is highly likely to exceed the bandwidth allowance and the impact on upper layer traffic is brutal, causing nearly all packets to get dropped. +The burble.dn42 network manages this issue by implementing traffic shaping on the outgoing traffic using linux tc (via FireQOS). This allows outgoing packets to be queued at the correct rate, rather than being arbitrarily decimated by the ISP. +BGP EVPN Overlaying the Wireguard/L2TP mesh is a set of VXLANs managed by a BGP EVPN. +The VXLANs are primarily designed to tag and isolate transit traffic, making their use similar to MPLS. +The Babel routing protocol is used to discover loopback addresses between nodes; Babel is configured to operate across the point to point L2TP tunnels and with a static, latency based metric that is applied during deployment. +The BGP EVPN uses FRR with two global route reflectors located on different continents, for redundency. Once overheads are taken in to account the MTU within each VXLAN is 4260. +dn42 Core Routing Each host in the network runs an unprivileged LXD container that acts as a dn42 router for that host. The container uses Bird2 and routes between dn42 peer tunnels, local services on the same node and transit to the rest of the burble.dn42 network via a single dn42 core VXLAN. +Local services and peer networks are fully dual stack IPv4/IPv6 however the transit VXLAN uses purely IPv6 link-local addressing, making use of BGP multiprotocol and extended next hop capabilities for IPv4. +The transit VXLAN and burble.dn42 services networks use an MTU of 4260, however the dn42 BGP configuration includes internal communities to distribute destination MTU across the network for per-route MTUs. This helps ensure path mtu discovery takes place as early and efficiently as possible. +Local services on each host are provided by LXD containers or VMs connecting to internal network bridges. +These vary across hosts but typically include: +tier1 - used for publically avialable services (DNS, web proxy, etc) tier2 - used for internal services, with access restricted to burble.dn42 networks Other networks might include: +dmz - used for hosting untrusted services (e.g. the shell servers) dn42 services - for other networks, such as the registry services dn42 peer tunnels are created directly on the host and then injected in to the container using a small script, allowing the router container itself to remain unprivileged. +The routers also run nftables for managing access to each of the networks, bird_exporter for metrics and the bird-lg-go proxy for the burble.dn42 looking glass. +Host Configuration burble.dn42 nodes are designed to have the minimum functionality at the host level, with all major services being delivered via virtual networks, containers and VMs. +Hosts have three main functions: +connecting in to the burble.dn42 Wireguard/L2TP mesh and BGP EVPN providing internal bridges for virtual networks hosting LXD containers and VMs Together these three capabilities allow for arbitary, isolated networks and services to be created and hosted within the network. +The hosts also provide a few ancillary services: +delivering clearnet access for internal containers/VMs using an internal bridge. The host manages addressing and routing for the bridge to allow clearnet access independent of the host capabilities (e.g. proxied vs routed IPv6 connectivity) creating dn42 peer tunnels and injecting them in to the dn42 router container monitoring via netdata backup using borg `}),e.add({id:30,href:"/additional/other-stuff/",title:"Other stuff",parent:"Additional Info",content:`A collection of other stuff that may or may not be dn42 related, or even interesting. +An atomic clock NTP server Rubidium Atomic Clock + GPS + Odroid N2+ +Homelab The burble.dn42 homelab: +32 cores, 156GB RAM, 6TB NVMe/SSD, 56TB HDD, ~70 watts +The two hanging USB devices are USB modems for the burble.dn42 dial up service. +`}),e.add({id:31,href:"/tags/",title:"Tags",parent:"burble.dn42",content:""}),e.add({id:32,href:"/additional/things-to-do/",title:"Things to do in DN42",parent:"Additional Info",content:`What can you do in DN42 ? Ultimately, you’ll get out of DN42 what you put in to it, but I’ve listed here a few ideas that may serve as inspiration and the spark an idea. +This is deliberately not a set of instructions or a guide and it’s not a checklist of stuff you must do. If you are interested in something there is plenty of public information available on all these topics. +Getting Started Read up on how Internet peering works, and the tools and protocols that are used Register your details in the DN42 registry Do read the DN42 getting started guide Do browse through the registry itself and use what other people did as examples Do look through recent Pull Requests to see what is required and how to do it Join the mailing list and #dn42 on hackint DN42 is a great community with many knowledgable members. You can learn a lot from what other people are doing, or the problems they have, as well as getting your own network working Get your first peer use the peerfinder to find peers close to you, or ask on IRC ping something on DN42 use a DN42 service Congratulations, you’re connected to DN42 ! +The Basics Get more peers Add 4 or 5 different peers having several peers prevents having a dependency on a single peer and adds redundancy provides you with a variety of different routes learn how different peers manage their networks How do you see which routes are being advertised and selected ? Change route metrics and see how this influences selected routes Optimise your routes across your peers What is an optimal route anyway ? How is your network being distributed across DN42 ? How do you find out ? Change how your routes are advertised to peers to influence the routing to your network across DN42 Set up DNS and resolve a host in the .dn42 hierarchy Set up your own DNS server Register a domain; set up forward and reverse DNS Set up a blog/wiki and document your network Make the pages available over DN42 and the Internet Add your network to the peerfinder Learn something new and add it to the DN42 Wiki Intermediate Secure your network Distribute DN42 routes to another, internal node Learn how to use an IGP and iBGP Add two or more nodes to DN42 and peer with multiple AS Distribute routes from all peers across the nodes in your network How do you decide which routes are ‘best’ across the network ? Optimise your routes to DN42 How do you manage multiple entry points to your network ? What do other networks see ? How do other networks decide which node to route to ? Configure your network so that one node is preferred Optimise how DN42 sees your network Add two or more nodes in different continents Why is that different ? How do you optimise your network now ? Implement ROA Implement BGP communities Help a new joiner connect to DN42 Resolve someone elses DN42 problem Set up a looking glass Set up a service that can be used by the rest of the DN42 community Make it a ‘production’ service, add HA, monitoring and alerting Secure your service Use the DN42 CA Add it to the wiki Complex Isolate your network Using VRFs Using Namespaces Connect multiple nodes to the same peer AS in different geographic locations Optimise the routes to the AS Optimise the routes that the peer AS has to you Monitor your network How do you know it’s working well ? (what does ‘working well’ mean ?) provide public metrics Create a virtual environmment to test changes How do you make your virtual environment representative of DN42 ? Volunteer to help with DN42 core services System administration and automation Patching and maintenance Implement backups and DR Automate the set up and configuration of your nodes Automate adding peers Even more Make something new What’s the latest software or network trend ? implement it and learn how to use it Make something experimental Try out a cutting edge service or network technology and see if you can get it to work What are the current challenges faced by the Internet ? How are they being solved ? Can you replicate the problem and potential solutions in DN42 ? Make something social Create and share a community resource Make something stable Fine tune your network and nodes DN42 changes all the time, how do you protect your network from other people breaking things ? Make something small Take something huge (DNS, CDNs, gmail, distributed computing, serverless, AI …) and shrink it down to your network, but using the same techniques as the global players to manage things scale it up, and down Make something corporate Replicate a multi-datacentre corporate/organisation design Grab your next job based on your experience ;) Make it all again There’s more than one way to do it; rebuild your network using a different design How can you rebuild everything whilst minising the impact to everyone else ? What did you learn ? What works better now ? What is worse ? How can you do it again better next time ? Final words What can you do in DN42 ? +Do whatever is fun and interesting for you `})})() \ No newline at end of file diff --git a/public/js/en.search.min.e007d2b2d3ce91fd1d3bd3c2acbc3420f9defed62096fea23225713d0269f5bc.js b/public/js/en.search.min.e007d2b2d3ce91fd1d3bd3c2acbc3420f9defed62096fea23225713d0269f5bc.js new file mode 100644 index 0000000..45434bd --- /dev/null +++ b/public/js/en.search.min.e007d2b2d3ce91fd1d3bd3c2acbc3420f9defed62096fea23225713d0269f5bc.js @@ -0,0 +1 @@ +"use strict";(function(){const t=document.querySelector("#gdoc-search-input"),e=document.querySelector("#gdoc-search-results");t.addEventListener("focus",n),t.addEventListener("keyup",s);function n(){t.removeEventListener("focus",n),t.required=!0,o("/js/flexsearch-ad47a5e1ee.min.js"),o("/js/en.search-data.min.0ffb683be720d0aa9a952cdf7965f763bcca508eb33c869653150cce1dcacc46.js",function(){t.required=!1,s()})}function s(){for(;e.firstChild;)e.removeChild(e.firstChild);if(!t.value){console.log("empty"),e.classList.remove("has-hits");return}const n=window.geekdocSearchIndex.search(t.value,10);console.log(n.length),n.length>0?e.classList.add("has-hits"):e.classList.remove("has-hits"),n.forEach(function(t){const n=document.createElement("li"),s=n.appendChild(document.createElement("a"));s.href=t.href,s.textContent=t.parent?t.parent+" / "+t.title:t.title,e.appendChild(n),e.classList.add("DUMMY")})}function o(e,t){const n=document.createElement("script");n.defer=!0,n.async=!1,n.src=e,n.onload=t,document.head.appendChild(n)}})() \ No newline at end of file diff --git a/public/network/IPAM/index.html b/public/network/IPAM/index.html index aa25381..71fdebc 100644 --- a/public/network/IPAM/index.html +++ b/public/network/IPAM/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -777,421 +1008,490 @@

    IP address tables

    -

    General Ranges

    -

    IPv4

    +

    General Ranges

    +

    IPv4

    - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + +
    IPv4 Address RangePurpose
    172.20.129.0/27burble.dn42 services
    172.20.129.160/27burble.dn42 nodes
    IPv4 Address RangePurpose
    172.20.129.0/27burble.dn42 services
    172.20.129.160/27burble.dn42 nodes
    -

    IPv6

    +

    IPv6

    - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IPv6 Address RangePurpose
    fd42:4242:2601:acXX::/64Anycast services
    fd42:4242:2601:AA::/64Public services for host AA
    fd42:4242:2601:AA00::/56/56 routed to host AA
    fd42:4242:2601:AA02::/64Tier2 services on host AA
    IPv6 Address RangePurpose
    fd42:4242:2601:acXX::/64anycast services
    fd42:4242:2601:AA::/64public services for host AA
    fd42:4242:2601:10AA::/64dmz services for host AA
    fd42:4242:2601:AA00::/56/56 routed to host AA
    fd42:4242:2601:AA02::/64tier2 services on host AA
    -

    burble.dn42 Services

    +

    burble.dn42 Services

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    DNSIPv4IPv6Comment
     172.20.129.0 Reserved
    ns1.burble.dn42172.20.129.1fd42:4242:2601:ac53::1Authoritative DNS Master
    dns.burble.dn42172.20.129.2fd42:4242:2601:ac53::53Recursive DNS Resolver
    burble.dn42
    www.burble.dn42    		172.20.129.3fd42:4242:2601:ac80::1Website
    collector.dn42172.20.129.4fd42:4242:2601:ac12::1Global Route Collector
    pingable.burble.dn42172.20.129.5fd42:4242:2601:ac05::1Pingable IP Address
    wiki.burble.dn42172.20.129.6fd42:4242:2601:ac81::1DN42 Wiki Mirror
    rproxy.burble.dn42172.20.129.7fd42:4242:2601:acf0::1Distributed NGINX Reverse Proxy
    whois.burble.dn42172.20.129.8fd42:4242:2601:ac43::1Whois service
     172.20.129.10-31 Unallocated
    DNSIPv4IPv6Comment
     172.20.129.0 Reserved
    ns1.burble.dn42172.20.129.1fd42:4242:2601:ac53::1Authoritative DNS Master
    dns.burble.dn42172.20.129.2fd42:4242:2601:ac53::53Recursive DNS Resolver
    burble.dn42
    www.burble.dn42    		172.20.129.3fd42:4242:2601:ac80::1Website
    collector.dn42172.20.129.4fd42:4242:2601:ac12::1Global Route Collector
    pingable.burble.dn42172.20.129.5fd42:4242:2601:ac05::1Pingable IP Address
    172.20.129.6unallocated
    172.20.129.7unallocated
    whois.burble.dn42172.20.129.8fd42:4242:2601:ac43::1Whois service anycast
    voip.burble.dn42172.20.129.9fd42:4242:2601:37:216:3eff:fe8f:6211Asterisk VOIP Service
    shell.burble.dn42172.20.129.10fd42:4242:2601:ac22::1Shell service anycast
    traefik-v2.burble.dn42172.20.129.11fd42:4242:2601:ac81::1Global traefik cluster
    traefik.burble.dn42172.20.129.12fd42:4242:2601:ac82::1Global traefik cluster
    traefik-eu.burble.dn42172.20.129.13fd42:4242:2601:ac83::1Europe traefik cluster
    traefik-na.burble.dn42172.20.129.14fd42:4242:2601:ac84::1North America traefik cluster
     172.20.129.15-19 Unallocated
    172.20.129.20/30 Dialup Service endpoints
    shell.ca-bhs1.burble.dn42172.20.129.21fd42:4242:2601:100c:72ef:f1ff:febb:d521Shell Server
    shell.us-ash1.burble.dn42172.20.129.22fd42:4242:2601:1017:72ef:f1ff:febb:d521Shell Server
    shell.fr-rbx1.burble.dn42172.20.129.23fd42:4242:2601:1006:72ef:f1ff:febb:d521Shell Server
    shell.de-fra2.burble.dn42172.20.129.24fd42:4242:2601:100b:72ef:f1ff:febb:d521Shell Server
    shell.uk-lon1.burble.dn42172.20.129.25fd42:4242:2601:1015:72ef:f1ff:febb:d521Shell Server
    shell.us-nyc2.burble.dn42172.20.129.26fd42:4242:2601:101d:72ef:f1ff:febb:d521Shell Server
    shell.us-lax2.burble.dn42172.20.129.27fd42:4242:2601:1018:72ef:f1ff:febb:d521Shell Server
     172.20.129.28-30 shell service unassigned
    172.20.129.31unassigned
    -

    burble.dn42 Nodes (DN42 Addressing)

    +

    burble.dn42 Nodes (DN42 Addressing)

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    DNSIPv4IPv6Comment
    unassigned172.20.129.164fd42:4242:2601:3f::1
    dn42-us-lax1.burble.dn42172.20.129.165fd42:4242:2601:3a::1
    dn42-us-chi1.burble.dn42172.20.129.166fd42:4242:2601:2e::1
    - Decom. May 2021 -
    -
    dn42-ca-bhs2.burble.dn42172.20.129.167fd42:4242:2601:2d::1
    dn42-us-nyc1.burble.dn42172.20.129.168fd42:4242:2601:34::1
    - Decom. April 2021 -
    -
    dn42-de-fra1.burble.dn42172.20.129.169fd42:4242:2601:31::1
    dn42-es-mad1172.20.129.170fd42:4242:2601:2c::1
    dn42-us-phx1.burble.dn42172.20.129.171fd42:4242:2601:2b::1Private Node
    dn42-us-dal3.burble.dn42172.20.129.172fd42:4242:2601:2a::1
    unassigned172.20.129.173fd42:4242:2601:3b::1
    dn42-ch-zur1.burble.dn42172.20.129.174fd42:4242:2601:28::1
    dn42-uk-lon4.burble.dn42172.20.129.175fd42:4242:2601:29::1Private Node
    ca-bhs1.burble.dn42172.20.129.176fd42:4242:2601:26::1Temporary replacement of ca-bhs2
    unassigned172.20.129.177fd42:4242:2601:25::1
    dn42-uk-lon2.burble.dn42172.20.129.178fd42:4242:2601:24::1Private Node
    dn42-hk-hkg1172.20.129.179fd42:4242:2601:23::1Available Q1 2021
    dn42-au-syd1.burble.dn42172.20.129.180fd42:4242:2601:38::1
    - Decom. Jan 2021 -
    -
    dn42-sg-sin2.burble.dn42172.20.129.181fd42:4242:2601:37::1
    unassigned172.20.129.182fd42:4242:2601:3e::1
    unassigned172.20.129.183fd42:4242:2601:3c::1
    unassigned172.20.129.184fd42:4242:2601:22::1
    dn42-no-trd1.burble.dn42172.20.129.185fd42:4242:2601:39::1
    dn42-fr-rbx2.burble.dn42172.20.129.186fd42:4242:2601:32::1Use fr-rbx1
    dn42-uk-lon1.burble.dn42172.20.129.187fd42:4242:2601:35::1
    dn42-fr-rbx1.burble.dn42172.20.129.188fd42:4242:2601:36::1
    unassigned172.20.129.189fd42:4242:2601:3d::1
    dn42-uk-bri1.burble.dn42172.20.129.190fd42:4242:2601:20::1Private Node
     172.20.129.191 Reserved
    dn42-uk-lon3.burble.dn42 fd42:4242:2601:27::1Private Node
    dn42-uk-lon4.burble.dn42 fd42:4242:2601:29::1Private Node
    dn42-uk-lon5.burble.dn42 fd42:4242:2601:30::1Private Node
    dn42-nl-ams1.burble.dn42 fd42:4242:2601:33::1Private Node
    DNSIPv4IPv6Comment
    fr-gra1.burble.dn42172.20.129.164fd42:4242:2601:3f::1Private Node
    us-nyc3.burble.dn42172.20.129.165fd42:4242:2601:3a::1NYC Cluster
    uk-lon2.burble.dn42172.20.129.166fd42:4242:2601:2e::1UK Storage
    se-sto1.burble.dn42172.20.129.167fd42:4242:2601:2d::1SE Public Peering
    de-fra3.burble.dn42172.20.129.168fd42:4242:2601:34::1Private Node
    de-fra1.burble.dn42172.20.129.169fd42:4242:2601:31::1DE Public Peering
    ca-bhs1.burble.dn42172.20.129.170fd42:4242:2601:2c::1CA Public Peering
    de-fra2.burble.dn42172.20.129.171fd42:4242:2601:2b::1DE Cluster
    us-lax1.burble.dn42172.20.129.172fd42:4242:2601:2a::1LAX Public Peering
    uk-lon6.burble.dn42172.20.129.173fd42:4242:2601:27::1UK Cluster
    ch-zur1.burble.dn42172.20.129.174fd42:4242:2601:28::1CH Public Peering - being decommissioned
    us-nyc1.burble.dn42172.20.129.175fd42:4242:2601:29::1NYC Public Peering
    us-nyc2.burble.dn42172.20.129.176fd42:4242:2601:3d::1NYC Cluster
    uk-lon4.burble.dn42172.20.129.177fd42:4242:2601:25::1UK Cluster
    uk-lon5.burble.dn42172.20.129.178fd42:4242:2601:24::1UK Cluster
    uk-cov1.burble.dn42172.20.129.179fd42:4242:2601:23::1UK Cluster
    us-lax2.burble.dn42172.20.129.180fd42:4242:2601:38::1LAX Cluster
    us-ash1.burble.dn42172.20.129.181fd42:4242:2601:37::1Ashburn Public Peering
    fr-par2.burble.dn42172.20.129.182fd42:4242:2601:3e::1FR Cluster
    nl-ams3.burble.dn42172.20.129.183fd42:4242:2601:3c::1Experimental - being decommissioned
    uk-lon3.burble.dn42172.20.129.184fd42:4242:2601:30::1Private Node
    no-trd1.burble.dn42172.20.129.185fd42:4242:2601:39::1NO Public Peering - being decommissioned
    nl-ams1.burble.dn42172.20.129.186fd42:4242:2601:32::1Private Node
    uk-lon1.burble.dn42172.20.129.187fd42:4242:2601:35::1UK Public Peering
    fr-par1.burble.dn42172.20.129.188fd42:4242:2601:36::1FR Public Peering - being decommissioned
    fr-rbx1.burble.dn42172.20.129.189fd42:4242:2601:26::1FR Public Peering
    reserved172.20.129.190fd42:4242:2601:20::1
    reserved172.20.129.191fd42:4242:2601:20::1
    -

    burble.dn42 Nodes (Public Addressing)

    +

    burble.dn42 Nodes (Public Addressing)

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    DNSIPv4IPv6
    dn42-fr-rbx1.burble.com176.31.240.392001:41d0:8:127::1
    dn42-uk-lon1.burble.com185.42.222.1532a04:92c5:2::1
    dn42-de-fra1.burble.com193.41.237.1492a0d:5941:1:17c::4e2a
    dn42-ch-zur1.burble.com45.91.92.1112a0e:dc0:6:8::1
    dn42-no-trd1.burble.com217.168.87.2262001:678:dd0:ffff::25
    dn42-es-mad1.burble.com45.132.74.1002a0e:dc0:9:5::ab2d
    dn42-ca-bhs2.burble.com192.99.6.652607:5300:60:3741::1
    dn42-us-nyc1.burble.com185.213.26.1432a0d:5600:33:b::1
    dn42-us-chi1.burble.com193.29.63.1502605:4840:3:10::ab2d
    dn42-us-dal3.burble.com144.172.126.2012602:fe64:8::4
    dn42-us-lax1.burble.com185.215.224.2142a0b:ae40:1:4a0a::5a
    dn42-sg-sin2.burble.com139.99.89.1572402:1f00:8000:800::3bc
    dn42-hk-hkg1.burble.comtbctbc
    dn42-au-syd1.burble.com139.99.237.852402:1f00:8100:400::279
    DNSIPv4IPv6
    dn42-fr-rbx1.burble.com51.254.198.2042001:41d0:1008:acc::1
    dn42-uk-lon1.burble.com45.91.93.1042a0e:dc0:5:5::1
    dn42-de-fra1.burble.com5.180.253.2112a0e:6a80:3:430::1
    dn42-se-sto1.burble.com176.126.84.1992a0e:dc0:2:1e93::1
    dn42-ca-bhs1.burble.com167.114.211.1562607:5300:60:7a9c::1
    dn42-us-lax1.burble.com45.67.219.32a04:bdc7:100:4656::1
    dn42-us-nyc1.burble.com109.205.61.362605:4840:2:eed4::1
    dn42-us-ash1.burble.com173.249.195.1952607:9000:9000:10ae::a
    + + + + + + + + + + + + + + + +
    DNSIPv4IPv6
    git.dn42.dev45.91.93.1042a0e:dc0:5:5:425d:6eff:feb4:6e2d
    +

    elburb.dn42

    +

    elburb.dn42 is a private domain used for burble.dn42 internal services.

    + + + + + + + + + + + + +
    IPv6 RangePurpose
    fd8f:a4c9:1c03::/48Reserved for internal use
    @@ -1245,7 +1545,7 @@ - + diff --git a/public/network/abuse/index.html b/public/network/abuse/index.html new file mode 100644 index 0000000..9393701 --- /dev/null +++ b/public/network/abuse/index.html @@ -0,0 +1,1100 @@ + + + + + + + + +Abuse Policy | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Network / Abuse Policy + + + + + + + + + + + + +
    + + +
    +

    Abuse Policy

    + + + + + + + +

    The burble.dn42 network has a zero tolerance policy on network abuse, both within +burble.dn42 and across the wider DN42 network.

    +

    Abuse could include, but is not limited to:

    +
      +
    • Excessive use of resources
      • +
    • Hacking, viruses, trojans etc or any other disruption that could harm or create +risk to the services or its users
      • +
    • Distribution of objectional content that could create a civil or criminal liability
      • +
    +

    The burble.dn42 network owner is the sole arbiter for determining what is deemed abuse +and for any mitigations taken.

    +

    The owner may be contacted via dn42@burble.com.

    +

    Complaints

    +

    Please direct any reports of abuse originating from the burble.dn42 network to +the network owner: dn42@burble.com.

    +

    Abuse of DN42 and burble.dn42 resources

    +

    Remember that burble.dn42 network services (which includes peering and transit) cost real +time and money to deliver, and yet are provided free so you may benefit from them. +You have no rights to access the services, so be considerate in your usage such +that other users can continue to get the same opportunities as you have.

    +

    Whilst the aim is to provide an open and neutral network, any actions that could be +considered a risk or a threat to services, either directly against burble.dn42 or +within the rest of the DN42 network may result in your use being unconditionally +blocked, without warning, explanation or appeal. This could include blocking transit +traffic, or removing access to the wider DN42 network, if deemed necessary.

    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/network/communities/index.html b/public/network/communities/index.html index 7b37ea3..7c66c3a 100644 --- a/public/network/communities/index.html +++ b/public/network/communities/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -777,117 +1008,98 @@

    This page describes the use of BGP communities within the network.

    -

    DN42 Communities

    -

    DN42 Communities are applied both internally and externally, and are used to influence the Routing Policy.

    +

    DN42 Communities

    +

    The DN42 Route Origin Community is applied both internally and externally, and is used to influence the Routing Policy.

    - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + +
    Community  Description
    ( 64511 : 0 < x < 21 )  Max latency
    ( 64511 : 20 < x < 30 )  Min bandwidth
    ( 64511 : 30 < x < 35 )  Min encryption
    ( 64511 : 40 < x < 54 )  Route Origin
    Community  Description
    ( 64511 : 40 < x < 54 )  Route Origin
    -

    Well Known BGP Communities

    +

    The other DN42 communities are not used in burble.dn42:

    + + + + + + + + + + + + + + + + + + + + + +
    Community  Description
    ( 64511 : 0 < x < 21 )  Max latency
    ( 64511 : 20 < x < 30 )  Min bandwidth
    ( 64511 : 30 < x < 35 )  Min encryption
    +

    Well Known BGP Communities

    The following well known communities are implemented.

    - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + +
    Community  DescriptionAction
    ( 65535 : 65281 )  No ExportPrefix should not be exported outside of AS4242422601
    ( 65535 : 65282 )  No Advertise  Prefix should not be exported to any peers
    ( 65535 : 65283 )  Local-ASPrefix should not be exported outside of region
    Community  DescriptionAction
    ( 65535 : 65281 )  No ExportPrefix should not be exported outside of AS4242422601
    ( 65535 : 65282 )  No Advertise  Prefix should not be exported to any peers
    ( 65535 : 65283 )  Local-ASPrefix should not be exported outside of region
    -

    burble.dn42 Specific Communities

    +

    burble.dn42 Specific Communities

    burble.dn42 implements large BGP communities, with ISO 3166-1 / UNSD country, and UNSD region codes.

    -

    Informational Communities

    +

    Informational Communities

    - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + +
    Community  Description
    ( 4242422601 : 120 : host code )  Route learned on this host
    ( 4242422601 : 130 : 1 )  Route is a direct peer
    ( 4242422601 : 140 : DN42 region )  Route learned in this DN42 region
    Community  Description
    ( 4242422601 : 120 : host code )  Route learned on this host
    ( 4242422601 : 130 : 1 )  Route is a direct peer
    ( 4242422601 : 140 : DN42 region )  Route learned in this DN42 region
    -

    Internal Ghost Route Protection

    -

    In a large network like burble.dn42 it can take some time for route updates -to be distributed and for the network to settle following changes. As changes -ripple through the network it can create a cascade of ghost updates, each with -an increasing internal path length, or adjusted latency metric. Worse the -cascade of updates can also be re-distributed to peers, creating a significant -multiplier for the number of updates from a single change.

    -

    To protect against ghost routes, a community is used to track how many internal -hops a route has. In a fully meshed network like burble.dn42, a genuine route should -never have more than two internal hops, so an export filter is used to prevent -distribution of longer paths.

    - - - - - - - - - - - - - - - - - -
    Community  Description
    ( 4242422601 : 100 : 1 )  Added on first internal re-distribution
    ( 4242422601 : 100 : 2 )  Added on second re-distribution and prevents further re-distribution within burble.dn42
    -

    The ( 4242422601 : 100 : x ) communities are not exported to peers.

    @@ -940,7 +1152,7 @@ distribution of longer paths.

    - + diff --git a/public/network/design/index.html b/public/network/design/index.html new file mode 100644 index 0000000..21dadac --- /dev/null +++ b/public/network/design/index.html @@ -0,0 +1,1202 @@ + + + + + + + + +Network Design | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Network / Network Design + + + + + + + + + + + + +
    + + +
    +

    Network Design

    + + + + + + + +
    + This page documents a previous iteration of the burble.dn42 network and +is currently out of date. +
    + +

    Tunnel Mesh

    +
    +
    + +

    Hosts within the burble.dn42 network are joined using an Wireguard/L2TP mesh. +Static, unmanaged, L2TP tunnels operate at the IP level and are configured +to create a full mesh between nodes. Wireguard is used to provide encryption +and encapsulate L2TP traffic in plain UDP such that it hides fragmentation +and allows packets to be processed within intermediate routers’ fast path.

    +

    Using L2TP allows for a large, virtual MTU of 4310 between nodes; this is +chosen to spread the encapsulation costs of higher layers across packets. +L2TP also allows for multiple tunnels between hosts and this can also be used +to separate low level traffic without incurring the additional overheads +of VXLANs (e.g. for NFS cross mounting).

    +

    Network configuration on hosts is managed by systemd-networkd and applied +with Ansible.

    +
    +

    Real Life Networks and Fragmentation.

    +

    Earlier designs for the burble.dn42 relied on passing fragmented packets +directly down to the clearnet layer (e.g. via ESP IPsec fragementation, or +UDP fragmentation with wireguard). In practice it was observed that +clearnet ISPs could struggle with uncommon packet types, with packet +loss seen particularly in the +IPv6 case. +It seems likely that some providers’ anti-DDOS and load balancing platforms +had a particular impact at magnifying this problem.

    +

    To resolve this, the network was re-designed to ensure fragmentation took +place at the L2TP layer such that all traffic gets encapsulated in to standard +sized UDP packets. This design ensures all traffic is ’normal’ and can +remain within intermediate routers' +fast path.

    + +
    + +
    +

    ISP Rate Limiting

    +

    The burble.dn42 network uses jumbo sized packets that are fragemented by +L2TP before being encapsulated by wireguard. This means a single packet in +the overlay layers can generate multiple wireguard UDP packets in quick +succession, appearing to be a high bandwidth, burst of traffic on the +outgoing clearnet interface. It’s vital that all these packets arrive +at the destination, or the entire overlay packet will be corrupted. +For most networks this is not a problem and generally the approach +works very well.

    +

    However, if you have bandwidth limits with your ISP (e.g. a 100mbit bandwidth +allowance provided on a 1gbit port) packets may be generated at a high bit +rate and then decimated by the ISP to match the bandwidth allowance. +This would normally be fine, but if a fragmented packet is sent, the +burst of smaller packets is highly likely to exceed the bandwidth +allowance and the impact on upper layer traffic is brutal, causing +nearly all packets to get dropped.

    +

    The burble.dn42 network manages this issue by implementing traffic shaping +on the outgoing traffic using linux tc (via +FireQOS). This allows +outgoing packets to be queued at the correct rate, rather than being +arbitrarily decimated by the ISP.

    + +
    + +

    BGP EVPN

    +

    EVPN diagram

    +

    Overlaying the Wireguard/L2TP mesh is a set of VXLANs managed by a BGP EVPN.

    +

    The VXLANs are primarily designed to tag and isolate transit traffic, making +their use similar to MPLS.

    +

    The Babel routing protocol is used to discover loopback addresses between nodes; +Babel is configured to operate across the point to point L2TP tunnels and with a +static, latency based metric that is applied during deployment.

    +

    The BGP EVPN uses FRR with two global route reflectors +located on different continents, for redundency. Once overheads are taken in to account +the MTU within each VXLAN is 4260.

    +

    dn42 Core Routing

    +

    EVPN diagram

    +

    Each host in the network runs an unprivileged LXD container that acts as a dn42 router +for that host. The container uses Bird2 and routes between +dn42 peer tunnels, local services on the same node and transit to the rest of the +burble.dn42 network via a single dn42 core VXLAN.

    +

    Local services and peer networks are fully dual stack IPv4/IPv6 however the transit +VXLAN uses purely IPv6 link-local addressing, making use of BGP multiprotocol and +extended next hop capabilities for IPv4.

    +

    The transit VXLAN and burble.dn42 services networks use an MTU of 4260, however the +dn42 BGP configuration includes internal communities to distribute destination MTU across +the network for per-route MTUs. This helps ensure path mtu discovery +takes place as early and efficiently as possible.

    +

    Local services on each host are provided by LXD +containers or VMs connecting to internal network bridges.
    +These vary across hosts but typically include:

    +
      +
    • tier1 - used for publically avialable services (DNS, web proxy, etc)
      • +
    • tier2 - used for internal services, with access restricted to burble.dn42 networks
      • +
    +

    Other networks might include:

    +
      +
    • dmz - used for hosting untrusted services (e.g. the shell servers)
      • +
    • dn42 services - for other networks, such as the registry services
      • +
    +

    dn42 peer tunnels are created directly on the host and then injected in to the +container using a small script, allowing the router container itself to remain unprivileged.

    +

    The routers also run nftables for managing access to each of the networks, +bird_exporter for metrics and the +bird-lg-go proxy for the +burble.dn42 looking glass.

    +

    Host Configuration

    +

    EVPN diagram

    +

    burble.dn42 nodes are designed to have the minimum functionality at the host level, +with all major services being delivered via virtual networks, containers and VMs.

    +

    Hosts have three main functions:

    +
      +
    • connecting in to the burble.dn42 Wireguard/L2TP mesh and BGP EVPN
      • +
    • providing internal bridges for virtual networks
      • +
    • hosting LXD containers and VMs
      • +
    +

    Together these three capabilities allow for arbitary, isolated networks and services +to be created and hosted within the network.

    +

    The hosts also provide a few ancillary services:

    +
      +
    • delivering clearnet access for internal containers/VMs using an internal bridge. +The host manages addressing and routing for the bridge to allow clearnet access independent +of the host capabilities (e.g. proxied vs routed IPv6 connectivity)
      • +
    • creating dn42 peer tunnels and injecting them in to the dn42 router container
      • +
    • monitoring via netdata
      • +
    • backup using borg
      • +
    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/network/index.html b/public/network/index.html index 1a09030..3878460 100644 --- a/public/network/index.html +++ b/public/network/index.html @@ -1,7 +1,7 @@ - + @@ -31,7 +31,7 @@ - + @@ -49,7 +49,7 @@ - + @@ -120,8 +120,8 @@ - - Overview + + Network Design @@ -282,6 +282,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -422,6 +447,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -438,6 +538,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -482,13 +690,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -782,7 +1013,7 @@
  • - Overview: Introduction to the burble.dn42 network + Network Design: burble.dn42 network design @@ -882,6 +1113,21 @@ + + +
  • + + + Abuse Policy: Abuse Policy + + + + + +
    • + + + @@ -942,7 +1188,7 @@ - + diff --git a/public/network/index.xml b/public/network/index.xml index 52ef712..eb0cf18 100644 --- a/public/network/index.xml +++ b/public/network/index.xml @@ -2,82 +2,66 @@ Network on burble.dn42 - https://dn42.burble.com/network/ + http://localhost:2010/network/ Recent content in Network on burble.dn42 - Hugo -- gohugo.io - en-gb + Hugo + en-gb + Peering with burble.dn42 - https://dn42.burble.com/network/peering/ + http://localhost:2010/network/peering/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/peering/ - This page provides the information to get started on peering with the burble.dn42 network -burble.dn42 is a set of global POPs integrated to the dn42 network, and new peering requests are welcome. A description of the network is available in the Overview page. -burble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42. Please ensure you read the information below before requesting to peer. + http://localhost:2010/network/peering/ + <p>This page provides the information to get started on peering with the burble.dn42 network</p> <p>burble.dn42 is a set of global POPs integrated to the <a href="https://dn42.dev/">dn42</a> network, and new peering requests are welcome. Some details of the network are available in the <a href="http://localhost:2010/network/design">Design</a> page.</p> <p>burble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42.<br/> <em>Please ensure you read the information below before requesting to peer.</em></p> - Node Information - https://dn42.burble.com/network/nodes/ + http://localhost:2010/network/nodes/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/nodes/ - Europe dn42-fr-rbx1 Location OVH (SoYouStart), Roubaix, France Specs 4 core/8 thread, 32GB, 2 x 960GB SSD, 500mbit unmetered Public Hostname dn42-fr-rbx1.burble.com Public IPv4 Address 176.31.240.39 Public IPv6 Address 2001:41d0:8:127::1 Tunnel IPv4 Peer Address 172.20.129.188/32 Tunnel IPv6 Link Local fe80::42:2601:36:1/64 Tunnel IPv6 ULA fd42:4242:2601:36::1/128 dn42-uk-lon1 Location Clouvider, London, UK Specs 4 core/8 thread, 32GB, 2 x 240GB SSD, 10TB bw Public Hostname dn42-uk-lon1. + http://localhost:2010/network/nodes/ + <p>Public peering nodes</p> <h2 id="europe">Europe</h2> <h3 id="dn42-fr-par1">dn42-fr-par1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>Scaleway/Online.net, Paris, France</td> </tr> <tr> <td><strong>Specs</strong></td> <td>E3-1230v2 - 4c/8t, 32GB, 2 x 1TB SSD, 1Gbit unmetered</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-fr-par1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>51.159.194.131</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2001:bc8:1201:50d:d6ae:52ff:fecc:c97</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.181/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:37:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:37::1/128</td> </tr> </tbody> </table> <h3 id="dn42-uk-lon1">dn42-uk-lon1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, London, UK</td> </tr> <tr> <td><strong>Specs</strong></td> <td>6 x EPYC 7513, 24GB, 270GB NVME, 40TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-uk-lon1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>45.91.93.104</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a0e:dc0:5:5::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.187/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:35:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:35::1/128</td> </tr> </tbody> </table> <h3 id="dn42-de-fra1">dn42-de-fra1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>Bero Host, Frankfurt, Germany</td> </tr> <tr> <td><strong>Specs</strong></td> <td>6 x EPYC 7443P, 24GB, 300GB NVME, 25TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-de-fra1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>5.180.253.211</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a0e:6a80:3:430::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.169/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:31:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:31::1/128</td> </tr> </tbody> </table> <h3 id="dn42-ch-zur1">dn42-ch-zur1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, Zurich, Switzerland</td> </tr> <tr> <td><strong>Specs</strong></td> <td>2 x E5-2690v2, 12GB, 60GB SSD, 10TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-ch-zur1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>45.91.92.111</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a0e:dc0:6:8::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.174/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:28:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:28::1/128</td> </tr> </tbody> </table> <h3 id="dn42-no-trd1">dn42-no-trd1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>Trondheim, Norway</td> </tr> <tr> <td><strong>Specs</strong></td> <td>2 shared cores, 2GB, 16GB SSD, 1gbit unmetered</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-no-trd1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>217.168.87.226</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2001:678:dd0:ffff::25</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.185/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:39:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:39::1/128</td> </tr> </tbody> </table> <h2 id="north-america">North America</h2> <h3 id="dn42-us-lax1">dn42-us-lax1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, Los Angeles, United States</td> </tr> <tr> <td><strong>Specs</strong></td> <td>2 x EPYC 7413, 8GB, 60GB NVME, 10TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-us-lax1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>45.67.219.3</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2a04:bdc7:100:4656::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.172/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:2a:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:2a::1/128</td> </tr> </tbody> </table> <h3 id="dn42-us-nyc1">dn42-us-nyc1</h3> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td><strong>Location</strong></td> <td>HostHatch, New York, United States</td> </tr> <tr> <td><strong>Specs</strong></td> <td>2 x EPYC 7443P, 8GB, 60GB NVME, 10TB @ 10gbit</td> </tr> <tr> <td><strong>Public Hostname</strong></td> <td>dn42-us-nyc1.burble.com</td> </tr> <tr> <td><strong>Public IPv4 Address</strong></td> <td>109.205.61.36</td> </tr> <tr> <td><strong>Public IPv6 Address</strong></td> <td>2605:4840:2:eed4::1</td> </tr> <tr> <td><strong>Tunnel IPv4 Peer Address</strong></td> <td>172.20.129.175/32</td> </tr> <tr> <td><strong>Tunnel IPv6 Link Local</strong></td> <td>fe80::42:2601:29:1/64</td> </tr> <tr> <td><strong>Tunnel IPv6 ULA</strong></td> <td>fd42:4242:2601:29::1/128</td> </tr> </tbody> </table> - IPAM - https://dn42.burble.com/network/IPAM/ + http://localhost:2010/network/IPAM/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/IPAM/ - IP address tables -General Ranges IPv4 IPv4 Address Range Purpose 172.20.129.0/27 burble.dn42 services 172.20.129.160/27 burble.dn42 nodes IPv6 IPv6 Address Range Purpose fd42:4242:2601:acXX::/64 Anycast services fd42:4242:2601:AA::/64 Public services for host AA fd42:4242:2601:AA00::/56 /56 routed to host AA fd42:4242:2601:AA02::/64 Tier2 services on host AA burble. + http://localhost:2010/network/IPAM/ + <p>IP address tables</p> <h2 id="general-ranges">General Ranges</h2> <h3 id="ipv4">IPv4</h3> <table> <thead> <tr> <th style="text-align: left">IPv4 Address Range</th> <th style="text-align: left">Purpose</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">172.20.129.0/27</td> <td style="text-align: left">burble.dn42 services</td> </tr> <tr> <td style="text-align: left">172.20.129.160/27</td> <td style="text-align: left">burble.dn42 nodes</td> </tr> </tbody> </table> <h3 id="ipv6">IPv6</h3> <table> <thead> <tr> <th style="text-align: left">IPv6 Address Range</th> <th style="text-align: left">Purpose</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">fd42:4242:2601:acXX::/64</td> <td style="text-align: left">Anycast services</td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>::/64</td> <td style="text-align: left">Public services for host <em>AA</em></td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>00::/56</td> <td style="text-align: left">/56 routed to host <em>AA</em></td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>02::/64</td> <td style="text-align: left">Tier2 services on host <em>AA</em></td> </tr> <tr> <td style="text-align: left">fd42:4242:2601:<em>AA</em>64::/64</td> <td style="text-align: left">NAT64 service related to host <em>AA</em></td> </tr> </tbody> </table> <h2 id="burbledn42-services">burble.dn42 Services</h2> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> <th style="text-align: left">Comment</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"> </td> <td style="text-align: left">172.20.129.0</td> <td style="text-align: left"> </td> <td style="text-align: left">Reserved</td> </tr> <tr> <td style="text-align: left">ns1.burble.dn42</td> <td style="text-align: left">172.20.129.1</td> <td style="text-align: left">fd42:4242:2601:ac53::1</td> <td style="text-align: left">Authoritative DNS Master</td> </tr> <tr> <td style="text-align: left">dns.burble.dn42</td> <td style="text-align: left">172.20.129.2</td> <td style="text-align: left">fd42:4242:2601:ac53::53</td> <td style="text-align: left">Recursive DNS Resolver</td> </tr> <tr> <td style="text-align: left"><a href="https://burble.dn42">burble.dn42</a><br/><a href="https://burble.dn42">www.burble.dn42</a></td> <td style="text-align: left">172.20.129.3</td> <td style="text-align: left">fd42:4242:2601:ac80::1</td> <td style="text-align: left">Website</td> </tr> <tr> <td style="text-align: left">collector.dn42</td> <td style="text-align: left">172.20.129.4</td> <td style="text-align: left">fd42:4242:2601:ac12::1</td> <td style="text-align: left">Global Route Collector</td> </tr> <tr> <td style="text-align: left">pingable.burble.dn42</td> <td style="text-align: left">172.20.129.5</td> <td style="text-align: left">fd42:4242:2601:ac05::1</td> <td style="text-align: left">Pingable IP Address</td> </tr> <tr> <td style="text-align: left">nats.burble.dn42</td> <td style="text-align: left">172.20.129.6</td> <td style="text-align: left">fd42:4242:2601:ac06::1</td> <td style="text-align: left">nats.io Cluster</td> </tr> <tr> <td style="text-align: left"> </td> <td style="text-align: left">172.20.129.7</td> <td style="text-align: left"> </td> <td style="text-align: left"><em>Unallocated</em></td> </tr> <tr> <td style="text-align: left">whois.burble.dn42</td> <td style="text-align: left">172.20.129.8</td> <td style="text-align: left">fd42:4242:2601:ac43::1</td> <td style="text-align: left">Whois service</td> </tr> <tr> <td style="text-align: left">voip.burble.dn42</td> <td style="text-align: left">172.20.129.9</td> <td style="text-align: left">fd42:4242:2601:37:216:3eff:fe8f:6211</td> <td style="text-align: left">Asterisk VOIP Service</td> </tr> <tr> <td style="text-align: left">shell.burble.dn42</td> <td style="text-align: left">172.20.129.10</td> <td style="text-align: left">fd42:4242:2601:ac22::1</td> <td style="text-align: left">Shell service</td> </tr> <tr> <td style="text-align: left"> </td> <td style="text-align: left">172.20.129.11</td> <td style="text-align: left"> </td> <td style="text-align: left"><em>Unallocated</em></td> </tr> <tr> <td style="text-align: left">traefik.burble.dn42</td> <td style="text-align: left">172.20.129.12</td> <td style="text-align: left">fd42:4242:2601:ac82::1</td> <td style="text-align: left">Global traefik cluster</td> </tr> <tr> <td style="text-align: left">traefik-eu.burble.dn42</td> <td style="text-align: left">172.20.129.13</td> <td style="text-align: left">fd42:4242:2601:ac83::1</td> <td style="text-align: left">Europe traefik cluster</td> </tr> <tr> <td style="text-align: left">traefik-na.burble.dn42</td> <td style="text-align: left">172.20.129.14</td> <td style="text-align: left">fd42:4242:2601:ac84::1</td> <td style="text-align: left">North America traefik cluster</td> </tr> <tr> <td style="text-align: left"> </td> <td style="text-align: left"><em>172.20.129.15-19</em></td> <td style="text-align: left"> </td> <td style="text-align: left"><em>Unallocated</em></td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.20/30</td> <td style="text-align: left"><em>n/a</em></td> <td style="text-align: left"><a href="http://localhost:2010/retro/modem/">Dialup Service</a> endpoints</td> </tr> <tr> <td style="text-align: left">shell.de.burble.dn42</td> <td style="text-align: left">172.20.129.24</td> <td style="text-align: left">fd42:4242:2601:100b:216:3eff:fe32:1a21</td> <td style="text-align: left">DE shell service</td> </tr> <tr> <td style="text-align: left">shell.uk.burble.dn42</td> <td style="text-align: left">172.20.129.25</td> <td style="text-align: left">fd42:4242:2601:1015:216:3eff:fe91:b943</td> <td style="text-align: left">UK shell service</td> </tr> <tr> <td style="text-align: left">shell.nyc.burble.dn42</td> <td style="text-align: left">172.20.129.26</td> <td style="text-align: left">fd42:4242:2601:101d:216:3eff:fefc:722</td> <td style="text-align: left">NYC shell service</td> </tr> <tr> <td style="text-align: left">shell.lax.burble.dn42</td> <td style="text-align: left">172.20.129.27</td> <td style="text-align: left">fd42:4242:2601:1018:216:3eff:feaa:7249</td> <td style="text-align: left">LAX shell service</td> </tr> <tr> <td style="text-align: left">shell.fr.burble.dn42</td> <td style="text-align: left">172.20.129.28</td> <td style="text-align: left">fd42:4242:2601:1017:216:3eff:fe01:2f1f</td> <td style="text-align: left">FR shell service</td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.30</td> <td style="text-align: left"></td> <td style="text-align: left"><em>shell service unassigned</em></td> </tr> <tr> <td style="text-align: left"></td> <td style="text-align: left">172.20.129.31</td> <td style="text-align: left"></td> <td style="text-align: left"><em>unassigned</em></td> </tr> </tbody> </table> <h2 id="burbledn42-nodes-dn42-addressing">burble.dn42 Nodes (DN42 Addressing)</h2> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> <th style="text-align: left">Comment</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><em>unassigned</em></td> <td style="text-align: left">172.20.129.164</td> <td style="text-align: left">fd42:4242:2601:3f::1</td> <td></td> </tr> <tr> <td style="text-align: left">us-nyc3.burble.dn42</td> <td style="text-align: left">172.20.129.165</td> <td style="text-align: left">fd42:4242:2601:3a::1</td> <td style="text-align: left">NYC Cluster</td> </tr> <tr> <td style="text-align: left">uk-lon2.burble.dn42</td> <td style="text-align: left">172.20.129.166</td> <td style="text-align: left">fd42:4242:2601:2e::1</td> <td style="text-align: left">UK Storage</td> </tr> <tr> <td style="text-align: left"><em>unassigned</em></td> <td style="text-align: left">172.20.129.167</td> <td style="text-align: left">fd42:4242:2601:2d::1</td> <td></td> </tr> <tr> <td style="text-align: left">nl-ams2.burble.dn42</td> <td style="text-align: left">172.20.129.168</td> <td style="text-align: left">fd42:4242:2601:34::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">de-fra1.burble.dn42</td> <td style="text-align: left">172.20.129.169</td> <td style="text-align: left">fd42:4242:2601:31::1</td> <td style="text-align: left">DE Public Peering</td> </tr> <tr> <td style="text-align: left">de-fra3.burble.dn42</td> <td style="text-align: left">172.20.129.170</td> <td style="text-align: left">fd42:4242:2601:2c::1</td> <td style="text-align: left">DE Dev Cluster</td> </tr> <tr> <td style="text-align: left">de-fra2.burble.dn42</td> <td style="text-align: left">172.20.129.171</td> <td style="text-align: left">fd42:4242:2601:2b::1</td> <td style="text-align: left">DE Cluster</td> </tr> <tr> <td style="text-align: left">us-lax1.burble.dn42</td> <td style="text-align: left">172.20.129.172</td> <td style="text-align: left">fd42:4242:2601:2a::1</td> <td style="text-align: left">LAX Public Peering</td> </tr> <tr> <td style="text-align: left">ch-zur2.burble.dn42</td> <td style="text-align: left">172.20.129.173</td> <td style="text-align: left">fd42:4242:2601:27::1</td> <td style="text-align: left">CH Cluster</td> </tr> <tr> <td style="text-align: left">ch-zur1.burble.dn42</td> <td style="text-align: left">172.20.129.174</td> <td style="text-align: left">fd42:4242:2601:28::1</td> <td style="text-align: left">CH Public Peering</td> </tr> <tr> <td style="text-align: left">us-nyc1.burble.dn42</td> <td style="text-align: left">172.20.129.175</td> <td style="text-align: left">fd42:4242:2601:29::1</td> <td style="text-align: left">NYC Public Peering</td> </tr> <tr> <td style="text-align: left">us-nyc2.burble.dn42</td> <td style="text-align: left">172.20.129.176</td> <td style="text-align: left">fd42:4242:2601:3d::1</td> <td style="text-align: left">NYC Cluster</td> </tr> <tr> <td style="text-align: left">uk-lon4.burble.dn42</td> <td style="text-align: left">172.20.129.177</td> <td style="text-align: left">fd42:4242:2601:25::1</td> <td style="text-align: left">UK Cluster</td> </tr> <tr> <td style="text-align: left">uk-lon5.burble.dn42</td> <td style="text-align: left">172.20.129.178</td> <td style="text-align: left">fd42:4242:2601:24::1</td> <td style="text-align: left">UK Cluster</td> </tr> <tr> <td style="text-align: left">de-fra4.burble.dn42</td> <td style="text-align: left">172.20.129.179</td> <td style="text-align: left">fd42:4242:2601:23::1</td> <td style="text-align: left">DE Dev Cluster</td> </tr> <tr> <td style="text-align: left">us-lax2.burble.dn42</td> <td style="text-align: left">172.20.129.180</td> <td style="text-align: left">fd42:4242:2601:38::1</td> <td style="text-align: left">LAX Cluster</td> </tr> <tr> <td style="text-align: left">de-nue1.burble.dn42</td> <td style="text-align: left">172.20.129.181</td> <td style="text-align: left">fd42:4242:2601:37::1</td> <td style="text-align: left">DE Cluster</td> </tr> <tr> <td style="text-align: left"><em>unassigned</em></td> <td style="text-align: left">172.20.129.182</td> <td style="text-align: left">fd42:4242:2601:3e::1</td> <td></td> </tr> <tr> <td style="text-align: left">nl-ams3.burble.dn42</td> <td style="text-align: left">172.20.129.183</td> <td style="text-align: left">fd42:4242:2601:3c::1</td> <td style="text-align: left">Experimental</td> </tr> <tr> <td style="text-align: left">uk-lon3.burble.dn42</td> <td style="text-align: left">172.20.129.184</td> <td style="text-align: left">fd42:4242:2601:30::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">no-trd1.burble.dn42</td> <td style="text-align: left">172.20.129.185</td> <td style="text-align: left">fd42:4242:2601:39::1</td> <td style="text-align: left">NO Public Peering</td> </tr> <tr> <td style="text-align: left">nl-ams1.burble.dn42</td> <td style="text-align: left">172.20.129.186</td> <td style="text-align: left">fd42:4242:2601:32::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left">uk-lon1.burble.dn42</td> <td style="text-align: left">172.20.129.187</td> <td style="text-align: left">fd42:4242:2601:35::1</td> <td style="text-align: left">UK Public Peering</td> </tr> <tr> <td style="text-align: left">fr-par1.burble.dn42</td> <td style="text-align: left">172.20.129.188</td> <td style="text-align: left">fd42:4242:2601:36::1</td> <td style="text-align: left">FR Public Peering</td> </tr> <tr> <td style="text-align: left"><em>unassigned</em></td> <td style="text-align: left">172.20.129.189</td> <td style="text-align: left">fd42:4242:2601:26::1</td> <td></td> </tr> <tr> <td style="text-align: left"><em>reserved</em></td> <td style="text-align: left">172.20.129.190</td> <td style="text-align: left">fd42:4242:2601:20::1</td> <td style="text-align: left">Private Node</td> </tr> <tr> <td style="text-align: left"><em>reserved</em></td> <td style="text-align: left">172.20.129.191</td> <td style="text-align: left">fd42:4242:2601:20::1</td> <td style="text-align: left">Private Node</td> </tr> </tbody> </table> <h2 id="burbledn42-nodes-public-addressing">burble.dn42 Nodes (Public Addressing)</h2> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">dn42-fr-par1.burble.com</td> <td style="text-align: left">51.159.194.131</td> <td style="text-align: left">2001:bc8:1201:50d:d6ae:52ff:fecc:c97</td> </tr> <tr> <td style="text-align: left">dn42-uk-lon1.burble.com</td> <td style="text-align: left">45.91.93.104</td> <td style="text-align: left">2a0e:dc0:5:5::1</td> </tr> <tr> <td style="text-align: left">dn42-de-fra1.burble.com</td> <td style="text-align: left">5.180.253.211</td> <td style="text-align: left">2a0e:6a80:3:430::1</td> </tr> <tr> <td style="text-align: left">dn42-ch-zur1.burble.com</td> <td style="text-align: left">45.91.92.111</td> <td style="text-align: left">2a0e:dc0:6:8::1</td> </tr> <tr> <td style="text-align: left">dn42-no-trd1.burble.com</td> <td style="text-align: left">217.168.87.226</td> <td style="text-align: left">2001:678:dd0:ffff::25</td> </tr> <tr> <td style="text-align: left">dn42-us-lax1.burble.com</td> <td style="text-align: left">45.67.219.3</td> <td style="text-align: left">2a04:bdc7:100:4656::1</td> </tr> <tr> <td style="text-align: left">dn42-us-nyc1.burble.com</td> <td style="text-align: left">109.205.61.36</td> <td style="text-align: left">2605:4840:2:eed4::1</td> </tr> </tbody> </table> <table> <thead> <tr> <th style="text-align: left">DNS</th> <th style="text-align: left">IPv4</th> <th style="text-align: left">IPv6</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">git.dn42.dev</td> <td style="text-align: left">45.91.93.104</td> <td style="text-align: left">2a0e:dc0:5:5:425d:6eff:feb4:6e2d</td> </tr> </tbody> </table> - Routing Policy - https://dn42.burble.com/network/routing-policy/ + http://localhost:2010/network/routing-policy/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/routing-policy/ - With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible. -Policy Objectives Direct routes for prefixes belonging to a peer should be given the highest priority. So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party Routes to the anycast prefixes should be prioritised through stable, low latency peers. + http://localhost:2010/network/routing-policy/ + <p>With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible.</p> <h2 id="policy-objectives">Policy Objectives</h2> <ol> <li>Direct routes for prefixes belonging to a peer should be given the highest priority. <ul> <li>So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party</li> </ul> </li> <li>Where prefixes are tagged with a DN42 region, they should be routed locally or within the burble.dn42 network. <ul> <li>To avoid sending traffic across regions when this could have been avoided.</li> <li>The AS path length is also increased between regions to pursuade external routers to also prefer local hosts.</li> </ul> </li> <li>Prioritise by shortest path, then lowest latency</li> </ol> <h2 id="policy-implementation">Policy Implementation</h2> <h3 id="bgp-local_pref">bgp local_pref</h3> <p>The local_pref for routes is set on entry, and then propogated across the whole network. This forces the network to prefer routes that, where possible, send traffic through the burble.dn42 network to a local peer, rather than sending cross regional traffic through external peers (aka <a href="https://en.wikipedia.org/wiki/Hot-potato_and_cold-potato_routing">Cold Potato Routing</a>).</p> - BGP Communities - https://dn42.burble.com/network/communities/ + http://localhost:2010/network/communities/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/communities/ - This page describes the use of BGP communities within the network. -DN42 Communities DN42 Communities are applied both internally and externally, and are used to influence the Routing Policy. - Community Description ( 64511 : 0 &lt; x &lt; 21 ) Max latency ( 64511 : 20 &lt; x &lt; 30 ) Min bandwidth ( 64511 : 30 &lt; x &lt; 35 ) Min encryption ( 64511 : 40 &lt; x &lt; 54 ) Route Origin Well Known BGP Communities The following well known communities are implemented. + http://localhost:2010/network/communities/ + <p>This page describes the use of BGP communities within the network.</p> <h2 id="dn42-communities">DN42 Communities</h2> <p>The <a href="https://dn42.net/howto/Bird-communities">DN42 Route Origin Community</a> is applied both internally and externally, and is used to influence the <a href="http://localhost:2010/network/routing-policy">Routing Policy</a>.</p> <table> <thead> <tr> <th style="text-align: left">Community  </th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">( 64511 : 40 &lt; x &lt; 54 )  </td> <td style="text-align: left">Route Origin</td> </tr> </tbody> </table> <p>The other DN42 communities are not used in burble.dn42:</p> <table> <thead> <tr> <th style="text-align: left">Community  </th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">( 64511 : 0 &lt; x &lt; 21 )  </td> <td style="text-align: left">Max latency</td> </tr> <tr> <td style="text-align: left">( 64511 : 20 &lt; x &lt; 30 )  </td> <td style="text-align: left">Min bandwidth</td> </tr> <tr> <td style="text-align: left">( 64511 : 30 &lt; x &lt; 35 )  </td> <td style="text-align: left">Min encryption</td> </tr> </tbody> </table> <h2 id="well-known-bgp-communities">Well Known BGP Communities</h2> <p>The following well known communities are implemented.</p> - Realtime Status - https://dn42.burble.com/network/status/ + http://localhost:2010/network/status/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/status/ - Uptime Robot https://dn42.status.burble.com/ (public internet link) All nodes are monitored using UptimeRobot. -Grafana Dashboards https://grafana.burble.com (public internet link) https://grafana.burble.dn42 (DN42 link) Netdata and Prometheus are used to monitor the network and stats are presented using a series of Grafana dashboards. -BGP and Peering Status https://lg.burble.com/ (public internet link) https://lg.burble.dn42/ (DN42 link) BGP status can be found through my looking glass. + http://localhost:2010/network/status/ + <h2 id="uptime-kuma">Uptime Kuma</h2> <ul> <li><a href="https://uptime.burble.dn42/status/bdn42">https://uptime.burble.dn42/status/bdn42</a> (dn42)</li> <li><a href="https://uptime.burble.com/status/bdn42">https://uptime.burble.com/status/bdn42</a> (com)</li> </ul> <p>A self-hosted instance of <a href="https://github.com/louislam/uptime-kuma">Uptime Kuma</a> provides the current status on many of the burble.dn42 services.</p> <h2 id="uptime-robot">Uptime Robot</h2> <ul> <li><a href="https://stats.uptimerobot.com/l2913c0R6">https://stats.uptimerobot.com/l2913c0R6</a> (public internet link)</li> </ul> <p>Major nodes are also monitored off-network using <a href="https://uptimerobot.com/">UptimeRobot</a>.</p> <h2 id="grafana-dashboards">Grafana Dashboards</h2> <ul> <li><a href="https://grafana.burble.com">https://grafana.burble.com</a> (public internet link)</li> <li><a href="https://grafana.burble.dn42">https://grafana.burble.dn42</a> (DN42 link)</li> </ul> <p><a href="https://www.netdata.cloud">Netdata</a> and <a href="https://prometheus.io">Prometheus</a> are used to monitor the network and stats are presented using a series of <a href="https://grafana.com">Grafana</a> dashboards.</p> <h2 id="bgp-and-peering-status">BGP and Peering Status</h2> <ul> <li><a href="https://lg.burble.com/">https://lg.burble.com/</a> (public internet link)</li> <li><a href="https://lg.burble.dn42/">https://lg.burble.dn42/</a> (DN42 link)</li> </ul> <p>BGP status can be found through my looking glass.</p> - - Overview - https://dn42.burble.com/network/overview/ + Abuse Policy + http://localhost:2010/network/abuse/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/network/overview/ - burble.dn42 is an experimental global network within DN42. -The network is well connected with a large number of peers, and hosts some of the DN42 core infrastructure. -Topology All nodes in the burble.dn42 network are fully meshed with wireguard tunnels. iBGP with BGP Confederations and a latency based metric are used as the interior routing protocol between nodes. iBGP is also fully meshed. and the configuration for both iBGP and wireguard tunnels is built using a number of Ansible scripts. + http://localhost:2010/network/abuse/ + <p>The burble.dn42 network has a zero tolerance policy on network abuse, both within burble.dn42 and across the wider DN42 network.</p> <p>Abuse could include, but is not limited to:</p> <ul> <li>Excessive use of resources</li> <li>Hacking, viruses, trojans etc or any other disruption that could harm or create risk to the services or its users</li> <li>Distribution of objectional content that could create a civil or criminal liability</li> </ul> <p>The burble.dn42 network owner is the sole arbiter for determining what is deemed abuse and for any mitigations taken.</p> + + + Network Design + http://localhost:2010/network/design/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/network/design/ + <p>This page documents some key elements of the current burble.dn42 design.</p> <h2 id="tunnel-mesh">Tunnel Mesh</h2> <figure><img src="http://localhost:2010/design/DN42-Tunnels.svg" width="80%"> </figure> <p>Hosts within the burble.dn42 network are joined using an Wireguard/L2TP mesh. Static, unmanaged, L2TP tunnels operate at the IP level and are configured to create a full mesh between nodes. Wireguard is used to provide encryption and encapsulate L2TP traffic in plain UDP such that it hides fragmentation and allows packets to be processed within intermediate routers&rsquo; fast path.</p> - diff --git a/public/network/nodes/index.html b/public/network/nodes/index.html index 699915d..c48a309 100644 --- a/public/network/nodes/index.html +++ b/public/network/nodes/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -776,633 +1007,399 @@ -

    Europe

    -

    dn42-fr-rbx1

    +

    Public peering nodes

    +

    Europe

    +

    dn42-fr-rbx1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationOVH (SoYouStart), Roubaix, France
    Specs4 core/8 thread, 32GB, 2 x 960GB SSD, 500mbit unmetered
    Public Hostnamedn42-fr-rbx1.burble.com
    Public IPv4 Address176.31.240.39
    Public IPv6 Address2001:41d0:8:127::1
    Tunnel IPv4 Peer Address172.20.129.188/32
    Tunnel IPv6 Link Localfe80::42:2601:36:1/64
    Tunnel IPv6 ULAfd42:4242:2601:36::1/128
    LocationOVH, Roubaix, France
    SpecsE5-1650v3, 64GB, 2 x 480GB SSD, 300mbit up/1Gbit down
    Public Hostnamedn42-fr-rbx1.burble.com
    Public IPv4 Address51.254.198.204
    Public IPv6 Address2001:41d0:1008:acc::1
    Tunnel IPv4 Peer Address172.20.129.189/32
    Tunnel IPv6 Link Localfe80::42:2601:26:1/64
    Tunnel IPv6 ULAfd42:4242:2601:26::1/128
    -

    dn42-uk-lon1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LocationClouvider, London, UK
    Specs4 core/8 thread, 32GB, 2 x 240GB SSD, 10TB bw
    Public Hostnamedn42-uk-lon1.burble.com
    Public IPv4 Address185.42.222.153
    Public IPv6 Address2a04:92c5:2::1
    Tunnel IPv4 Peer Address172.20.129.187/32
    Tunnel IPv6 Link Localfe80::42:2601:35:1/64
    Tunnel IPv6 ULAfd42:4242:2601:35::1/128
    -

    dn42-de-fra1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LocationPHP Friends, Frankfurt, Germany
    Specs4 dedicated EPYC cores, 20GB, 160GB NVME, 5TB bw
    Public Hostnamedn42-de-fra1.burble.com
    Public IPv4 Address193.41.237.149
    Public IPv6 Address2a0d:5941:1:17c::4e2a
    Tunnel IPv4 Peer Address172.20.129.169/32
    Tunnel IPv6 Link Localfe80::42:2601:31:1/64
    Tunnel IPv6 ULAfd42:4242:2601:31::1/128
    -

    dn42-ch-zur1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LocationHostHatch, Zurich, Switzerland
    Specs2 shared cores, 8GB, 40GB NVME, 5TB bw
    Public Hostnamedn42-ch-zur1.burble.com
    Public IPv4 Address45.91.92.111
    Public IPv6 Address2a0e:dc0:6:8::1
    Tunnel IPv4 Peer Address172.20.129.174/32
    Tunnel IPv6 Link Localfe80::42:2601:28:1/64
    Tunnel IPv6 ULAfd42:4242:2601:28::1/128
    -

    dn42-no-trd1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LocationTrondheim, Norway
    Specs2 shared cores, 2GB, 16GB SSD, 1gbit unmetered
    Public Hostnamedn42-no-trd1.burble.com
    Public IPv4 Address217.168.87.226
    Public IPv6 Address2001:678:dd0:ffff::25
    Tunnel IPv4 Peer Address172.20.129.185/32
    Tunnel IPv6 Link Localfe80::42:2601:39:1/64
    Tunnel IPv6 ULAfd42:4242:2601:39::1/128
    -
    - Available Q1 2021 +

    dn42-fr-par1

    +
    + fr-par1 is being decommissioned
    -

    dn42-es-mad1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationHostHatch, Madrid, Spain
    Specs1 shared core, 2GB, 20GB SSD, 2TB bw
    Public Hostnamedn42-es-mad1.burble.com
    Public IPv4 Address45.132.74.100
    Public IPv6 Address2a0e:dc0:9:5::ab2d
    Tunnel IPv4 Peer Address172.20.129.170/32
    Tunnel IPv6 Link Localfe80::42:2601:2c:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2c::1/128
    LocationScaleway/Online.net, Paris, France
    SpecsE3-1230v2 - 4c/8t, 32GB, 2 x 1TB SSD, 1Gbit unmetered
    Public Hostnamedn42-fr-par1.burble.com
    Public IPv4 Address51.159.194.131
    Public IPv6 Address2001:bc8:1201:50d:d6ae:52ff:fecc:c97
    Tunnel IPv4 Peer Address172.20.129.181/32
    Tunnel IPv6 Link Localfe80::42:2601:37:1/64
    Tunnel IPv6 ULAfd42:4242:2601:37::1/128
    -

    North America

    -

    dn42-ca-bhs2

    +

    dn42-uk-lon1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationOVH (SoYouStart), Beauharnois, Canada
    Specs4 core/8 thread, 32GB, 2 x 960GB SSD, 500mbit unmetered
    Public Hostnamedn42-ca-bhs2.burble.com
    Public IPv4 Address192.99.6.65
    Public IPv6 Address2607:5300:60:3741::1
    Tunnel IPv4 Peer Address172.20.129.167/32
    Tunnel IPv6 Link Localfe80::42:2601:2d:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2d::1/128
    LocationHostHatch, London, UK
    Specs6 x EPYC 7513, 24GB, 270GB NVME, 40TB @ 10gbit
    Public Hostnamedn42-uk-lon1.burble.com
    Public IPv4 Address45.91.93.104
    Public IPv6 Address2a0e:dc0:5:5::1
    Tunnel IPv4 Peer Address172.20.129.187/32
    Tunnel IPv6 Link Localfe80::42:2601:35:1/64
    Tunnel IPv6 ULAfd42:4242:2601:35::1/128
    -

    dn42-us-dal3

    +

    dn42-de-fra1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Locationdrserver, Dallas, United States
    Specs8 core, 8GB, 240GB SSD, 100mbit unmetered
    Public Hostnamedn42-us-dal3.burble.com
    Public IPv4 Address144.172.126.201
    Public IPv6 Address2602:fe64:8::4
    Tunnel IPv4 Peer Address172.20.129.172/32
    Tunnel IPv6 Link Localfe80::42:2601:2a:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2a::1/128
    LocationBeroHost, Frankfurt, Germany
    Specs6 x EPYC 7443P, 24GB, 300GB NVME, 25TB @ 10gbit
    Public Hostnamedn42-de-fra1.burble.com
    Public IPv4 Address5.180.253.211
    Public IPv6 Address2a0e:6a80:3:430::1
    Tunnel IPv4 Peer Address172.20.129.169/32
    Tunnel IPv6 Link Localfe80::42:2601:31:1/64
    Tunnel IPv6 ULAfd42:4242:2601:31::1/128
    -

    dn42-us-lax1

    +

    dn42-se-sto1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationLetBox, Los Angeles, United States
    Specs2 shared ryzen cores, 4GB, 15GB NVMe/250GB HDD, 5TB bw
    Public Hostnamedn42-us-lax1.burble.com
    Public IPv4 Address185.215.224.214
    Public IPv6 Address2a0b:ae40:1:4a0a::5a
    Tunnel IPv4 Peer Address172.20.129.165/32
    Tunnel IPv6 Link Localfe80::42:2601:3a:1/64
    Tunnel IPv6 ULAfd42:4242:2601:3a::1/128
    LocationHostHatch, Stockholm, Sweden
    Specs6 x EPYC 7542, 32GB, 340GB NVME, 10gbit
    Public Hostnamedn42-se-sto1.burble.com
    Public IPv4 Address176.126.84.199
    Public IPv6 Address2a0e:dc0:2:1e93::1
    Tunnel IPv4 Peer Address172.20.129.167/32
    Tunnel IPv6 Link Localfe80::42:2601:2d:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2d::1/128
    -

    Asia and Oceania

    -

    dn42-sg-sin2

    +

    North America

    +

    dn42-ca-bhs1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationOVH, Singapore
    Specs1 shared core, 2GB, 20GB SSD, 2TB bw
    Public Hostnamedn42-sg-sin2.burble.com
    Public IPv4 Address139.99.89.157
    Public IPv6 Address2402:1f00:8000:800::3bc
    Tunnel IPv4 Peer Address172.20.129.181/32
    Tunnel IPv6 Link Localfe80::42:2601:37:1/64
    Tunnel IPv6 ULAfd42:4242:2601:37::1/128
    LocationOVH, Beauharnois, Canada
    SpecsE5-1650v3, 64GB, 2 x 480GB SSD, 300mbit up/1Gbit down
    Public Hostnamedn42-ca-bhs1.burble.com
    Public IPv4 Address167.114.211.156
    Public IPv6 Address2607:5300:60:7a9c::1
    Tunnel IPv4 Peer Address172.20.129.170/32
    Tunnel IPv6 Link Localfe80::42:2601:2c:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2c::1/128
    -
    - Available Q1 2021 -
    - -

    dn42-hk-hgk1

    +

    dn42-us-ash1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationHostHatch, Hong Kong, CN
    Specs2 shared core, 8GB, 40GB SSD, 1TB bw
    Public Hostnamedn42-hk-hkg1.burble.com
    Public IPv4 Addresstbc
    Public IPv6 Addresstbc
    Tunnel IPv4 Peer Address172.20.129.179/32
    Tunnel IPv6 Link Localfe80::42:2601:23:1/64
    Tunnel IPv6 ULAfd42:4242:2601:23::1/128
    LocationGreenCloud, Ashburn, United States
    Specs8 x EPYC 7763, 32GB, 480GB NVME, 10gbit
    Public Hostnamedn42-us-ash1.burble.com
    Public IPv4 Address173.249.195.195
    Public IPv6 Address2607:9000:9000:10ae::a
    Tunnel IPv4 Peer Address172.20.129.181/32
    Tunnel IPv6 Link Localfe80::42:2601:37:1/64
    Tunnel IPv6 ULAfd42:4242:2601:37::1/128
    -

    Older Nodes

    -
    - The following nodes are still active but are being decommissioned -and are no longer open for new peerings. -
    - -

    dn42-au-syd1

    +

    dn42-us-lax1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationOVH, Sydney, Australia
    Public Hostnamedn42-au-syd1.burble.com
    - Decom. Date -
    -    		January 2021
    Public IPv4 Address139.99.237.85
    Public IPv6 Address2402:1f00:8100:400::279
    Tunnel IPv4 Peer Address172.20.129.180/32
    Tunnel IPv6 Link Localfe80::42:2601:38:1/64
    Tunnel IPv6 ULAfd42:4242:2601:38::1/128
    LocationHostHatch, Los Angeles, United States
    Specs2 x EPYC 7413, 8GB, 60GB NVME, 10TB @ 10gbit
    Public Hostnamedn42-us-lax1.burble.com
    Public IPv4 Address45.67.219.3
    Public IPv6 Address2a04:bdc7:100:4656::1
    Tunnel IPv4 Peer Address172.20.129.172/32
    Tunnel IPv6 Link Localfe80::42:2601:2a:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2a::1/128
    -

    dn42-us-nyc1

    +

    dn42-us-nyc1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LocationHostHatch, New York, United States
    Public Hostnamedn42-us-nyc1.burble.com
    - Decom. Date -
    -    		April 2021
    Public IPv4 Address185.213.26.143
    Public IPv6 Address2a0d:5600:33:b::1
    Tunnel IPv4 Peer Address172.20.129.168/32
    Tunnel IPv6 Link Localfe80::42:2601:34:1/64
    Tunnel IPv6 ULAfd42:4242:2601:34::1/128
    -

    dn42-us-chi1

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    LocationHostHatch, Chicago, United States
    Public Hostnamedn42-us-chi1.burble.com
    - Decom. Date -
    -    		May 2021
    Public IPv4 Address193.29.63.150
    Public IPv6 Address2605:4840:3:10::ab2d
    Tunnel IPv4 Peer Address172.20.129.166/32
    Tunnel IPv6 Link Localfe80::42:2601:2e:1/64
    Tunnel IPv6 ULAfd42:4242:2601:2e::1/128
    LocationHostHatch, New York, United States
    Specs2 x EPYC 7443P, 8GB, 60GB NVME, 10TB @ 10gbit
    Public Hostnamedn42-us-nyc1.burble.com
    Public IPv4 Address109.205.61.36
    Public IPv6 Address2605:4840:2:eed4::1
    Tunnel IPv4 Peer Address172.20.129.175/32
    Tunnel IPv6 Link Localfe80::42:2601:29:1/64
    Tunnel IPv6 ULAfd42:4242:2601:29::1/128
    @@ -1456,7 +1453,7 @@ and are no longer open for new peerings. - + diff --git a/public/network/peering/index.html b/public/network/peering/index.html index 30ba725..f727c12 100644 --- a/public/network/peering/index.html +++ b/public/network/peering/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -777,25 +1008,17 @@

    This page provides the information to get started on peering with the burble.dn42 network

    -

    burble.dn42 is a set of global POPs integrated to the dn42 network, -and new peering requests are welcome. A description of the network is available in the -Overview page.

    +

    burble.dn42 is a set of global POPs integrated to the dn42 network, +and new peering requests are welcome. Some details of the network are available in the +Design page.

    burble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42.
    Please ensure you read the information below before requesting to peer.

    -

    Peering Requests

    +

    Peering Requests

    Please mail dn42@burble.com if you’d like to peer with me.

    -

    Peering Requirements

    +

    Peering Requirements

    To peer with burble.dn42, you must meet the following requirements:

    • -

      You must have at least two peerings already established with other DN42 networks

      -

      Sorry, but burble.dn42 is not open to new starters. If you are a new starter in DN42 -please use the peerfinder or ask on -IRC; there are lots of other networks who will -be happy to peer with you, and some even offer automatic peering.

      -

      This is a tough restriction, but one that is in place to promote network diversity.

      -
      • -

    • You must support IPv6

    • @@ -808,22 +1031,29 @@ respond when contacted

      is ever evolving and failure to respond to change notices may result in your peering being suspended.

      • +
    • +

      Latency to your node must be reasonable, typically this means a latency less than 40ms.

      +

    At a minimum, I’ll need to know the following in order to establish a peering:

    • The burble.dn42 node you would like to peer with
    • Your ASN
    • The public address of your host
      • -
    • The tunnel parameters, e.g. +
    • The tunnel and BGP parameters, e.g.
      • Port number, if using wireguard or OpenVPN
      • Public key for wireguard
        • -
      • Any special config you need that is different to my defaults
        • +
      • Any special config you need that is different to my defaults + +
    • IP addresses of your end of the tunnel
        -
      • Typically these will be a single IPv4/32 and IPv6/128 from your DN42 allocation
        • +
      • Typically these will be a single IPv4/32 and Link-Local IPv6 address
    @@ -841,23 +1071,25 @@ peering may stop working when your IP address changes.

    Peering in Multiple Locations

    If you have multiple nodes, you are welcome to peer in several locations -to provide additional redundancy and route choice.

    -

    It’s highly recommended to peer with multiple users DN42 users though, it’s +to provide additional redundancy and route choice. Routes exported from the +network include a latency based MED attribute to help peers +optimise their routing (See the Routing Policy)

    +

    It’s highly recommended to peer with multiple DN42 users though, it’s lots of fun and you should never rely on just one user for your connectivity.

    -

    Supported Tunnel Types

    +

    Supported Tunnel Types

    I prefer to use wireguard, it’s simple to set up and just works. I also support OpenVPN tunnels.

    -

    Wireguard

    +

    Wireguard

    • The port number will be 2xxxx where xxxx is the last four digits of your ASN.
      • -
    • Each peer is assigned a unique encryption key, pre-shared keys are also supported.
      • +
    • Each peer is assigned a unique encryption key, pre-shared keys are also supported (but not enabled by default).
    • Endpoint names and IP addresses are detailed in the nodes page.

    My wireguard AllowedIPs are:

    -
    AllowedIPs=fe80::/64
+
    AllowedIPs=fe80::/64
 AllowedIPs=fd00::/8
 AllowedIPs=0.0.0.0/0
 
    
@@ -871,100 +1103,111 @@ within DN42.
    
 
 
    
 
-
    OpenVPN
    
+
    OpenVPN
    
 
      
 
    • The port number will be 2xxxx where xxxx is the last four digits of your ASN.
      • 
 
    
 
    By default I will configure the following OpenVPN parameters:
    
-
    comp-lzo
+
    comp-lzo
 cipher aes-256-cbc
 auth sha256
-
    Tunnel Configuration
    
-
    Allowed Traffic
    
-
    Only the network ranges will be forwarded through the DN42 network, all other
+
    Tunnel Configuration
    
+
    Allowed Traffic
    
+
    Only the following network ranges will be forwarded through the DN42 network, all other
 traffic will be dropped.
    
 
    IPv4
    
-
    172.16.0.0/12
+
    172.16.0.0/12
 10.0.0.0/8
 
    IPv6
    
-
    fd00::/8
+
    fd00::/8
 
    
   BGP peer addresses are more permissive to allow for link local or non-DN42
 IP addresses within the tunnel, but these will not be forwarded through the
 DN42 network.
 
    
 
-
    Flow Control and BGP Rate Limiting
    
+
    Flow Control and BGP Rate Limiting
    
 
    A typical BGP session in DN42 will use a trivial amount of traffic. However, for large networks like
 burble.dn42 some transient events, such as BGP flapping, can generate multi MB/sec traffic flows that
-damange the network and create instability across DN42.
    
-
    To protect the network from misconfigurations and prevent excessive updates from being propagated to the
-rest of DN42, the burble.dn42 network implements rate limiting on direct BGP sessions. The rate limiting
+damage the network and create instability across DN42.
    
+
    To protect the network from misconfigurations and prevent excessive updates from propagating to the
+rest of DN42, the burble.dn42 network implements rate limiting on BGP sessions. The rate limiting
 activates when a large amount of BGP traffic is seen (typically 10’s or 100’s of thousands of
 updates a second) over a sustained period and will typically reset automatically within an hour.
    
 
    There are no other controls applied to transit or non-BGP traffic.
    
-
    BGP Configuration
    
+
    BGP Configuration
    
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+  
+      
+          
+          
+      
+  
+  
+      
+          
+          
+      
+      
+          
+          
+      
+      
+          
+          
+      
+  
    Network NameBURBLE
    BURBLE-MNTdn42@burble.com
    ASNAS4242422601
    Network NameBURBLE
    BURBLE-MNTdn42@burble.com
    ASNAS4242422601
    
 
    
-
    BGP Feature Support
    
+
    BGP Feature Support
    
 
    The burble.dn42 network uses a custom build of
 bird 2, and the
 following features are supported:
    
 
 
    The source code for the custom bird used on the network is available on
 git.burble.dn42
    
-
    Route Filtering
    
+
    Default Extensions
    
+
    Multiprotocol BGP is preferred, however it is not enabled by default as not all
+peers can support it. Please let me know when peering if you can support a
+multiprotocol BGP session.
    
+
    Extended next hop and extended message support are both enabled by default.
    
+
    Route Filtering
    
 
    The network applies strict Route Origin Authorisation (ROA) filtering to all
 received and exported routes. This means any advertised route that does
 not have a corresponding route{,6} object in the DN42 registry will be dropped.
    
 
    
   
    ROA is implemented with updates through RPKI, using
-dn42regsrv and
+dn42regsrv and
 gortr.
    
 
    The DN42 ROA data is provided as a public service, see the Services page.
    
 
 
    
 
-
    Generic Allowed Prefixes:
    
+
    Generic Allowed Prefixes:
    
 
    IPv4
    
-
    172.20.0.0/14+
+
    172.20.0.0/14+
 10.0.0.0/8+
 
    IPv6
    
-
    fd00::/8{44,64}
-
    Testing
    
-
    Connectivity Testing
    
+
    fd00::/8{44,64}
+
    Testing
    
+
    Connectivity Testing
    
 
    Within the tunnel, hosts respond to ping and traceroute, but also have the
 echo (port 7) and daytime (port 13) services enabled. These can be used to check
 the tunnel is up and configured correctly.
    
-
    $ ping fe80::42:2601:32:1%wg0
+
    $ ping fe80::42:2601:32:1%wg0
 PING fe80::42:2601:32:1%wg0(fe80::42:2601:32:1%wg0) 56 data bytes
 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=1 ttl=64 time=4.44 ms
 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=2 ttl=64 time=4.52 ms
@@ -977,16 +1220,16 @@ $ netcat fe80::42:2601:32:1%wg0 13
 Sun Sep 23 09:57:26 2018
 ^C
 $
-
    Reachability Testing
    
+
    Reachability Testing
    
 
    Once peering is established I have a BGP looking glass (public
 internet link) and global route collector which can be used to
 check routing configuration. Looking glasses are a key, self-service resource for you
-to use when understanding how your routes are propogating around the DN42 network, please
+to use when understanding how your routes are propagating around the DN42 network, please
 take the time to learn how to use them.
    
-
    Speed Test
    
-
    burble.dn42 operates two speed test servers on central, high bandwidth nodes.
    
-See the services pages for more info.
    
-
    Automated Tests
    
+
    Speed Test
    
+
    burble.dn42 operates a speed test service at speedtest.burble.dn42,
+see the services pages for more info.
    
+
    Automated Tests
    
 
    pingable.burble.dn42 (172.20.129.5 / fd42:4242:2601:ac05::1) is a dedicated address
 that responds to ping and traceroute and may be used for automated reachability or
 link quality testing.
    
@@ -1051,7 +1294,7 @@ stats purposes.
    
 
 
 
-
+
 
 
 
diff --git a/public/network/routing-policy/index.html b/public/network/routing-policy/index.html
index 7204bb0..f8f6d4d 100644
--- a/public/network/routing-policy/index.html
+++ b/public/network/routing-policy/index.html
@@ -1,7 +1,7 @@
 
 
 
-
+
     
 
 
@@ -48,7 +48,7 @@
             
         
         
-        
+        
             
                 
             
@@ -119,8 +119,8 @@
             
             
                 
-                    
-                        Overview
+                    
+                        Network Design
                     
                 
             
@@ -281,6 +281,31 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Abuse Policy
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
     
 
             
@@ -421,6 +446,81 @@
             
             
 
+            
  • 
+            
+            
+                
+                    
+                        ACME
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Shell Accounts
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        S3 Object Storage
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
             
  • 
             
             
@@ -437,6 +537,114 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Ping Challenge
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+    
+
+            
+
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -777,18 +1008,13 @@

    With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible.

    -

    Policy Objectives

    +

    Policy Objectives

    1. Direct routes for prefixes belonging to a peer should be given the highest priority.
      • So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party
      2. -
    2. Routes to the anycast prefixes should be prioritised through stable, low latency peers. -
        -
      • To ensure stability within the network and provide good routes for well known destinations (e.g. DNS and the DN42 wiki)
        • -
      -
    3. Where prefixes are tagged with a DN42 region, they should be routed locally or within the burble.dn42 network.
      • To avoid sending traffic across regions when this could have been avoided.
        • @@ -797,51 +1023,87 @@
      • Prioritise by shortest path, then lowest latency
    -

    Policy Implementation

    -

    bgp local_pref

    +

    Policy Implementation

    +

    bgp local_pref

    The local_pref for routes is set on entry, and then propogated across the whole network. This forces the network to prefer routes that, where possible, send traffic through the burble.dn42 network to a local peer, rather than sending cross regional traffic through external peers (aka Cold Potato Routing).

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Local Pref  Route Class
    3000  burble.dn42 dynamic / anycast routes
    2000  burble.dn42 internal networks
    1000  Peer networks (AS path len = 1)
    500  Route received in same DN42 region as it originated
    100  Default
    Local Pref  Route Class
    3000  burble.dn42 dynamic / anycast routes
    2000  burble.dn42 internal networks
    1000  Peer networks (AS path len = 1)
    500  Route received in same DN42 region as it originated
    100  Default
    -

    bgp med

    +

    bgp med

    The med attribute is used to implement a latency based metric across the network. Scripts are used to gather the latency between nodes (using ping) and this is then incorporated in to the ansible scripting that generates the peer configuration for the internal mesh. The peer configuration sets the med to be the latency in ms between nodes (in milliseconds * 10). A penalty of 500 is added for each hop to encourange direct routing between nodes.

    -
    med = (latency between nodes in ms * 10) + (500 per hop)
+
    med = (latency between nodes in ms * 10) + (500 per hop)
 
    The med metric is exported to external peers to help them decide how to route traffic to the burble.dn42
 network.
    
+
    collector.dn42
    
+
    The global route collector is treated as a special case and does not follow the normal routing policy.
+The objective of the collector policy is to steer traffic directly to fr-par1 and reduce transit of GRC
+traffic over the burble.dn42 network. This is aggressively implemented for certain low bandwidth nodes
+to prevent any GRC traffic going through these nodes.
    
+
    To accomplish this, each node announces the GRC prefix in to DN42 with different levels of path prepending
+depending on the available bandwidth of that node. Some nodes with low bandwidth allocations do not
+announce the GRC prefix at all.
    
+
+  
+      
+          
+          
+      
+  
+  
+      
+          
+          
+      
+      
+          
+          
+      
+      
+          
+          
+      
+      
+          
+          
+      
+  
+
    Node capabilityAction Taken
    fr-par1Prefix announced without any prepending
    Other nodes with unlimited BW allowanceASN prepended once
    Nodes with BW limitsASN prepended twice
    Nodes with low BW limitsGRC prefix not announced
    
+
    As well as the external traffic engineering, the internal mesh policy also prevents transit of GRC
+traffic via low bandwidth nodes.
    
 
 
     
@@ -894,7 +1156,7 @@ network.
    
 
 
 
-
+
 
 
 
diff --git a/public/network/status/index.html b/public/network/status/index.html
index c80df21..3d237a9 100644
--- a/public/network/status/index.html
+++ b/public/network/status/index.html
@@ -1,7 +1,7 @@
 
 
 
-
+
     
 
 
@@ -48,7 +48,7 @@
             
         
         
-        
+        
             
                 
             
@@ -119,8 +119,8 @@
             
             
                 
-                    
-                        Overview
+                    
+                        Network Design
                     
                 
             
@@ -281,6 +281,31 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Abuse Policy
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
     
 
             
@@ -421,6 +446,81 @@
             
             
 
+            
  • 
+            
+            
+                
+                    
+                        ACME
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Shell Accounts
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        S3 Object Storage
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
             
  • 
             
             
@@ -437,6 +537,114 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Ping Challenge
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+    
+
+            
+
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -776,23 +1007,23 @@ -

    Uptime Robot

    +

    Uptime Robot

    -

    All nodes are monitored using UptimeRobot.

    -

    Grafana Dashboards

    +

    Major nodes are also monitored off-network using UptimeRobot.

    +

    Grafana Dashboards

    Netdata and Prometheus are used to monitor the network and stats are presented using a series of Grafana dashboards.

    -

    BGP and Peering Status

    +

    BGP and Peering Status

    BGP status can be found through my looking glass.

    @@ -847,7 +1078,7 @@ used to monitor the network and stats are presented using a series of - + diff --git a/public/other/homelab.jpg b/public/other/homelab.jpg new file mode 100644 index 0000000..0c492a0 Binary files /dev/null and b/public/other/homelab.jpg differ diff --git a/public/other/rubi.jpg b/public/other/rubi.jpg new file mode 100644 index 0000000..fada12d Binary files /dev/null and b/public/other/rubi.jpg differ diff --git a/public/peering/index.html b/public/peering/index.html index d963602..9b6eabc 100644 --- a/public/peering/index.html +++ b/public/peering/index.html @@ -1 +1,10 @@ -https://dn42.burble.com/network/peering/ \ No newline at end of file + + + + http://localhost:2010/network/peering/ + + + + + + diff --git a/public/privacy/index.html b/public/privacy/index.html index b7d7ec6..6a9e1f3 100644 --- a/public/privacy/index.html +++ b/public/privacy/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -812,7 +1043,7 @@ services you may contact dn42@burble.com. + diff --git a/public/retro/fake/index.html b/public/retro/fake/index.html new file mode 100644 index 0000000..ea86ccf --- /dev/null +++ b/public/retro/fake/index.html @@ -0,0 +1,1300 @@ + + + + + + + + +Modem Emulator | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Retro42 / Modem Emulator + + + + + + + + + + + + +
    + + +
    +

    Modem Emulator

    + + + + + + + +

    No modem ? no problem.

    +
    + Dialup services may or may not be available depending on rebuild progress. +
    + +

    If you don’t have a physical modem you can still get that retro vibe by +accessing dn42 using the modem emulator service. This service presents a +series of TCP/IP ports that emulate a subset of the Hayes AT command set +and which are speed limited to specific baud rates. The modem can dial +directly to the fr-par1 shell service for that CLI experience, or get +full dn42 access via a PPP session.

    +

    The service is intended to be used as a fake serial port in a retro VM or +connected to directly using a serial terminal.

    +

    Accessing the modem emulator service

    +
      +
    • dialup.burble.dn42:(10000 + baud/100)
      • +
    +

    The modem emulator is accessed by connecting to dialup.burble.dn42 +on ports corresponding to specific baud rates, as detailed in the table +below.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PortBAUDPortBAUDPortBAUD
    10003300100121200100242400
    1004848001009696001014414400
    101921920010288288001033633600
    105605600011150115000
    +
    + Low baud rates give a great experience when using a serial terminal and +the shell service but aren’t so much fun when using PPP. Conversely, using +a serial terminal and higher baud rates is a bit dull and they are better +suited to the PPP service. +
    + +

    The emulated modem is able to dial two services depending on the number used.

    + + + + + + + + + + + + + + + + + +
    Dial NumberService
    54311fr-par1 shell server
    4242PPP dialup service
    +

    Dialling the fr-par1 shell server

    +

    Use a terminal emulator and dial 54311 to access the fr-par1 shell server.

    +

    Once the modem connects, use your burble.dn42 username and password to log in.

    +
    + You can set a burble.dn42 password using the services portal. +
    + +
    + Don’t forget to set a terminal type once you’ve logged in, e.g. export TERM=vt102 +
    + +

    Dialing the PPP server

    +
      +
    • Dial 4242 to access the PPP server.
      • +
    • Use username: dn42, password: dn42 to log in.
      • +
    • Once you see the PPP initiation string, connect your PPP client.
      • +
    • PPP authentication should not be required.
      • +
    +

    Example shell session using socat and minicom

    +

    Example on how to connect to the shell server using socat and minicom at 2400 baud

    +
    $ socat -d -d pty,rawer tcp:dialup.burble.dn42:10024 &
+...
+... socat[xxx] N PTY is /dev/pts/2
+...
+$ minicom -D /dev/pts/2
+

    Within minicom type ATDT54311 to dial the shell server.

    +
    Welcome to minicom 2.8
+
+OPTIONS: I18n 
+Port /dev/pts/2, 14:01:58
+
+Press CTRL-A Z for help on special keys
+
+ATDT54311
+CONNECT 2400
+Ubuntu 22.04.1 LTS
+shell-fr-par1 login: 
+

    You can now log in using your burble.dn42 username and password.

    +

    Example PPP connection using QEMU and Windows XP

    +

    Add a virtual serial port to QEMU using -chardev and -device.

    +

    e.g. for windows XP connecting at 115k

    +
    qemu-system-i386 -enable-kvm -cpu host -m 1024 -vga std -device AC97 -hda winxp.img -chardev socket,id=bdn42,port=11150,host=dialup.burble.dn42,server=off -device pci-serial,chardev=bdn42
+

    Create a PPP dialup connection with username dn42 and password dn42, enable the option +to prompt for username and password on connect.

    +

    Enable chat prompt

    +

    Start the connection and when then chat box opens:

    +
      +
    • Type ATDT4242 to dial the PPP service
      • +
    • Log in using username dn42 / password dn42
      • +
    • Hit continue when you see the PPP connect string
      • +
    +

    +

    The following chat script provided by 04dco should provide automatic login for win95 onwards:

    +
    ;
+; This is a script file that automatically logs you in
+; to establish a dn42 dial-up PPP connection.
+;
+
+; Main entry point to script
+;
+proc main
+
+   integer nTries = 3
+
+   ; This is the login prompt and timeout values
+
+   string szLogin = "modem-server Login: "
+   integer nLoginTimeout = 5
+
+   ; This is the password prompt and timeout values
+
+   string szPW = "Password: "
+   integer nPWTimeout = 5
+
+   ; This is the prompt once your password is verified
+
+   string szPrompt = "Last login: "
+
+   ; Attempt to login at most 'nTries' times
+
+   while 0 < nTries do
+
+      ; Wait for the login prompt before entering
+      ; the user ID, timeout after x seconds
+
+      waitfor szLogin then DoLogin 
+        until nLoginTimeout
+
+TryAgain:
+      transmit "^M"        ; ping
+      nTries = nTries - 1
+
+   endwhile
+
+   goto BailOut
+
+DoLogin:
+   ; Enter user ID
+
+   transmit $USERID, raw
+   transmit "^M"
+
+   ; Wait for the password prompt 
+
+   waitfor szPW until nPWTimeout
+   if FALSE == $SUCCESS then
+      goto TryAgain
+   endif
+
+   ; Send the password
+
+   transmit $PASSWORD, raw
+   transmit "^M"
+
+   ; Wait for the prompt
+
+   waitfor szPrompt
+
+   goto Done
+
+BailOut:
+   ; Something isn't responding.  Halt the script
+   ; and let the user handle it manually.
+
+   set screen keyboard on
+   halt
+
+Done:
+
+endproc
+

    Source code

    +

    The modem emulator is a small golang server and the source code is available on the +burble.dn42 git server

    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/retro/index.html b/public/retro/index.html new file mode 100644 index 0000000..95481c6 --- /dev/null +++ b/public/retro/index.html @@ -0,0 +1,1076 @@ + + + + + + + + +Retro42 | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + burble.dn42 / Retro42 + + + + + + + + + + +
    + +
    +

    Retro42

    + + + + + + + +

    dn42 like its the 1990’s

    +

    +

    Dialup Service

    +

    burble.dn42 has a full dialup service using real physical modems served +over VOIP.

    +

    Modem Emulator

    +

    If you don’t have a physical modem you can use the modem emulator to get +a retro terminal experience or connect in to dn42 from your retro VMs.

    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/retro/index.xml b/public/retro/index.xml new file mode 100644 index 0000000..fd43a48 --- /dev/null +++ b/public/retro/index.xml @@ -0,0 +1,25 @@ + + + + Retro42 on burble.dn42 + http://localhost:2010/retro/ + Recent content in Retro42 on burble.dn42 + Hugo + en-gb + + + Dialup Service + http://localhost:2010/retro/modem/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/retro/modem/ + <p>Connect in to dn42 using a real physical modem.</p> <blockquote class="gdoc-hint danger"> <p><strong>06/02/23</strong> - The modem service is currently unavailable and will remain offline until later in the year.</p> <p>In the meantime, the <a href="https://wdev.burble.dn42/retro/fake/">modem emulator</a> service is still available.</p> </blockquote> <blockquote class="gdoc-hint warning"> <strong>Health warning</strong>: dialing in to dn42 can be rewarding and great fun, but using modems over VoIP is flakey at the best of times and getting it to work can be a frustrating experience. This is very much an experimental service. </blockquote> <p>The burble.dn42 dialup service allows you to dial in to dn42 via a modem. The modem is reachable via VoIP and connected to a PPP server, allowing you to log in and obtain full dn42 IPv4 connectivity.</p> + + + Modem Emulator + http://localhost:2010/retro/fake/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/retro/fake/ + <p>No modem ? no problem.</p> <blockquote class="gdoc-hint danger"> Dialup services may or may not be available depending on rebuild progress. </blockquote> <p>If you don&rsquo;t have a physical modem you can still get that retro vibe by accessing dn42 using the modem emulator service. This service presents a series of TCP/IP ports that emulate a subset of the Hayes AT command set and which are speed limited to specific baud rates. The modem can dial directly to the fr-par1 shell service for that CLI experience, or get full dn42 access via a PPP session.</p> + + + diff --git a/public/retro/intro.webm b/public/retro/intro.webm new file mode 100644 index 0000000..1001466 Binary files /dev/null and b/public/retro/intro.webm differ diff --git a/public/retro/modem.webm b/public/retro/modem.webm new file mode 100644 index 0000000..be4d6b1 Binary files /dev/null and b/public/retro/modem.webm differ diff --git a/public/retro/modem/index.html b/public/retro/modem/index.html new file mode 100644 index 0000000..eb2a00d --- /dev/null +++ b/public/retro/modem/index.html @@ -0,0 +1,1150 @@ + + + + + + + + +Dialup Service | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Retro42 / Dialup Service + + + + + + + + + + + + +
    + + +
    +

    Dialup Service

    + + + + + + + +

    Connect in to dn42 using a real physical modem.

    +
    +

    06/02/23 - The modem service is currently unavailable and will remain offline until later in the year.

    +

    In the meantime, the modem emulator service is still available.

    + +
    + +
    + Health warning: dialing in to dn42 can be rewarding and great fun, but using modems +over VoIP is flakey at the best of times and getting it to work can be a +frustrating experience. This is very much an experimental service. +
    + +

    The burble.dn42 dialup service allows you to dial in to dn42 via a modem. The +modem is reachable via VoIP and connected to a PPP server, allowing you to log in +and obtain full dn42 IPv4 connectivity.

    +

    Endpoints

    +

    The dialup service can be reached via the following endpoints:

    + + + + + + + + + + + + + + + + + + + + + +
    EndpointNetwork
    424026019@voip.burble.dn42dn42
    tbcclearnet
    tbcPSTN
    +

    PPP Server Log In Details

    +
      +
    • Username: dn42
      • +
    • Password: dn42
      • +
    +

    See also the the modem emulator for more details on +how the PPP server is configured, together with an automatic login +script for windows variants.

    +

    Connection Tips

    +
      +
    • Ensure that T.38 Fax Mode is disabled or set to passthrough
      • +
    • Ensure that Re-invite after Fax Tone is disabled
      • +
    • Ensure that all Echo Cancelation is disabled
      • +
    • Ensure VAD (Voice Activity Detection) is disabled
      • +
    • Disable all call features (voicemail, call waiting etc.)
      • +
    • Use G.711 ALAW
      • +
    • G.711 ULAW may work if ALAW isn’t available, but do not use any other codecs
      • +
    • Experiment with Disabling/Fixed/Adaptive Jitter buffers and different jitter buffer lengths
      • +
    • Experiment with different gain settings
      • +
    • Reduce modulation rates, you can’t connect at anything above V.34 anyway +
        +
      • Use AT+MS? to see the current modulation settings on your modem.
        • +
      • Start at V.34 (AT+MS=V34)
        • +
      • Try V.32bis (AT+MS=V32b) or even V.32 (AT+MS=V32)
        • +
      +
      • +
    • The modems are located on a residential DSL connection and will experience more jitter when the DSL is in use, try connecting at different times and specifically during UK night time or early mornings.
      • +
    • The PPP log in process is the same as the modem emulator so you can use the +emulator to check your process before connecting using the modem.
      • +
    +

    Example connection from linux

    +

    The video shows an example connecting using minicom and pppd on linux.

    +

    +

    Using a software modem

    +

    JerryXiao has created instructions for connecting using D-Modem, a software modem that can connect directly over VoIP. The instructions and D-Modem software are available in the dn42 gitea repository.

    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/retro/xpconfig.png b/public/retro/xpconfig.png new file mode 100644 index 0000000..52435ce Binary files /dev/null and b/public/retro/xpconfig.png differ diff --git a/public/retro/xpconnect.webm b/public/retro/xpconnect.webm new file mode 100644 index 0000000..9596b65 Binary files /dev/null and b/public/retro/xpconnect.webm differ diff --git a/public/services/acme/index.html b/public/services/acme/index.html new file mode 100644 index 0000000..ed35155 --- /dev/null +++ b/public/services/acme/index.html @@ -0,0 +1,1221 @@ + + + + + + + + +ACME | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Services / ACME + + + + + + + + + + + + +
    + + +
    +

    ACME

    + + + + + + + +

    burble.dn42 provides an ACME +service using an intermediate certificate issued by the +dn42 certificate authority and implemented using +a HashiCorp Vault cluster to provide a highly available service.

    +

    The following ACME challenge types are supported:

    +
      +
    • http-01
      • +
    • dns-01
      • +
    • tls-alpn-01
      • +
    +

    dn42 endpoint

    + +

    The dn42 endpoint serves certificates signed by an intermediate certificate issued by the +dn42 certificate authority.

    +
    +

    Note that certificates are issued with a validity period of 30 days, which is +shorter than most clearnet ACME services.

    +

    The recommended interval to check for expiry is 5 days.

    + +
    + +

    Staging endpoint

    + +

    The staging endpoint can be used for testing and issues junk certificates. +The service uses an internal certificate authority that is specific to the staging service +and should not be trusted.

    +

    The staging service issues short lived certificates with a validity period of a few days.

    +

    Certificate Transparency

    +

    TODO A simpler process will be provided at a future stage, in the meantime the vault +API can be queried manually to list issued certificates.

    +

    +

    Vault provides an API for listing issued certificates, however the process for doing this +is somewhat complicated if you have not used vault before. The instructions below detail +how to interrogate the service using the vault CLI, however it is also possible to run +through the same process via the +HTTP API.

    +
    # The API endpoint to list issued certificates is an authenticated
+# endpoint that requires a vault token to access it.
+# 
+# The burble.dn42 service includes an anonymous login that can be
+# used to obtain a suitable token.
+
+# set the VAULT_ADDR environment variable to the ACME service
+
+$ export VAULT_ADDR="https://acme.burble.dn42"
+
+# you can also set VAULT_SKIP_VERIFY=1 if you do not have the
+# dn42 certificate authority installed.
+
+# Issue an anonymous token and store it in the VAULT_TOKEN env variable
+
+$ export VAULT_TOKEN=$(vault write -field token auth/approle/login role_id=anonymous)
+
+# now the vault API can be accessed
+
+
+# list issued certificates
+
+$ vault list dn42/certs
+
+Keys
+----
+06:72:54:74:02:eb:68:da:62:76:14:92:b4:84:19:36:b1:d1:d0:5c
+0c:bb:39:a0:0a:aa:9c:d9:06:e8:9e:87:ff:54:73:c4:a6:42:9c:f0
+13:91:4f:f7:3a:0b:ca:38:cd:c6:6e:7d:4d:fb:c5:7c:ed:b0:79:1b
+39:5c:46:16:27:d8:f7:30:cc:64:1a:3c:6c:ff:c4:ac:f9:3c:3c:9c
+4b:24:32:48:d0:64:55:3b:dd:b3:00:c6:33:2d:0f:3e:eb:d7:50:02
+4c:8f:ce:e6:18:7a:05:c1:a3:11:45:c9:3c:34:0f:50:e0:75:6d:fd
+5a:03:a9:5b:07:60:d0:fb:25:28:4b:e9:93:a8:22:cd:78:d1:29:b2
+5d:26:b4:47:59:0c:0a:e9:88:b6:97:1d:2a:2b:e5:cb:d2:90:34:9e
+65:c8:33:07:fc:9a:aa:fd:85:6b:fd:b4:de:29:71:e3:8e:6c:f2:11
+68:e1:a6:4a:e1:58:ee:71:c7:a6:12:48:e2:7a:c5:84:c1:7c:21:5e
+75:cf:16:f9:06:71:ea:86:1c:51:95:89:c9:1d:ea:a1:eb:f5:6f:83
+76:91:6e:6a:23:14:00:7c:5f:c7:de:91:c4:40:73:d9:51:b4:f8:4d
+
+# view an invidual certificate
+
+$ vault read -field certificate "dn42/cert/76:91:6e:6a:23:14:00:7c:5f:c7:de:91:c4:40:73:d9:51:b4:f8:4d"
+
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUdpFuaiMUAHxfx96RxEBz2VG0+E0wDQYJKoZIhvcNAQEL
+BQAwVTELMAkGA1UEBhMCWEQxDTALBgNVBAoTBGRuNDIxFDASBgNVBAsTC2J1cmJs
+
+...snip...
+
+yait1CFFq4g9/bvsNfIsvN6EJ/BGXqqww6BzKt/ioSLj
+-----END CERTIFICATE-----
+
+# human readable output using the step CLI (https://smallstep.com/)
+
+$ vault read -field certificate "dn42/cert/06:72:54:74:02:eb:68:da:62:76:14:92:b4:84:19:36:b1:d1:d0:5c" | step certificate inspect
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 36803586486229131299250018793512622456839458908 (0x672547402eb68da62761492b4841936b1d1d05c)
+    Signature Algorithm: SHA256-RSA
+        Issuer: C=XD,O=dn42,OU=burble.dn42,CN=burble.dn42 staging ACME
+        Validity
+            Not Before: Oct 2 18:21:36 2023 UTC
+            Not After : Nov 3 18:22:06 2023 UTC
+        Subject: CN=drone.git.dn42
+        Subject Public Key Info:
+            Public Key Algorithm: RSA
+                Public-Key: (4096 bit)
+                Modulus:
+...snip...                
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Extended Key Usage:
+                Server Authentication
+            X509v3 Subject Key Identifier:
+                01:4A:7E:02:F3:B7:78:03:66:F9:21:97:4B:31:34:7C:31:DE:BB:86
+            X509v3 Authority Key Identifier:
+                keyid:94:D1:C3:60:C7:88:81:A6:8C:37:AE:40:42:22:48:6B:5F:36:8F:CC
+            Authority Information Access:
+                OCSP - URI:https://acme.burble.dn42/v1/dn42/ocsp
+                CA Issuers - URI:https://acme.burble.dn42/v1/dn42/ca
+            X509v3 Subject Alternative Name:
+                DNS:drone.git.dn42
+            X509v3 CRL Distribution Points:
+                Full Name:
+                  URI:https://acme.burble.dn42/v1/dn42/crl
+    Signature Algorithm: SHA256-RSA
+...snip...
+

    Implementation

    +

    The ACME implementation is provided by a 3-node HashiCorp Vault +cluster behind the burble.dn42 traefik load balancer. Together they provide a global, +high availability service.

    +

    The cluster currently runs on the following nodes:

    +
      +
    • uk-lon1
      • +
    • de-fra1
      • +
    • fr-par1
      • +
    +

    At any time the cluster has one leader which processes all requests and replicates state to the +cluster members. The leader node automatically switches to one of the backup servers should +a failure occur.

    +

    The traefik load balancer runs health checks against the vault servers and automatically redirects +users to the vault cluster leader.

    +

    See the vault HA reference architecture for more details.

    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/services/ca/index.html b/public/services/ca/index.html index 90f2c4c..f289e21 100644 --- a/public/services/ca/index.html +++ b/public/services/ca/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -778,63 +1009,71 @@

    burble.dn42 maintains a PKI infarstructure for its services, using Hashicorp Vault

    -

    CA details

    +

    CA details

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    countryNameGB
    stateOrProvinceName   dn42
    organizationNameburble.dn2
    commonNameca.burble.dn42
    emailAddressdn42@burble.com
    countryNameGB
    stateOrProvinceName   dn42
    organizationNameburble.dn2
    commonNameca.burble.dn42
    emailAddressdn42@burble.com
    -

    CA Download

    -

    burble-dn42-ca.pem

    -
    -----BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIJAIZWD8xmHTYFMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV
-BAYTAkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUG
-A1UEAwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxl
-LmNvbTAeFw0xODEyMjIwOTIxMDhaFw0yMDEyMjEwOTIxMDhaMGsxCzAJBgNVBAYT
-AkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUGA1UE
-AwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxlLmNv
-bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEsUm0KtuwZjrMeWl/x
-t8f5XCLdDdBAm9KWfJWl9fwxTFkwYEMaXMLjhsmoLKuyXejs7X72VAA/Ctz9KuiQ
-l/teuGKvt8gNbq3IXVH9KxW8uiSWJIUklZ801qLjUX4kzWJlCgug7Xd2Q0LsevvC
-QMSNa2Blfh6ieMtjeQNaRhoyy3xEn7t/CNkn5U+bVFTUYE31fREWyEJe2avX2KIs
-y55GxlkUmOZZPAsMs9at+NmfDWsxOYJSYBOeLsyzJnHWX0g+X9sBf14CDPL3KVxq
-NdGlPGYmJXr8Q5bNUv6diHSGd4nW/ft/IRGPpgXpwzcQNQHfneZUGSC9L+0B4LR4
-sqkCAwEAAaNTMFEwHQYDVR0OBBYEFN8+6wkXTKajsoezC1nzvBe+YZscMB8GA1Ud
-IwQYMBaAFN8+6wkXTKajsoezC1nzvBe+YZscMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQELBQADggEBAEdmCZyKaEk2AOcgVkQ9OMAR+AaGIUCazvWKGx2DXAJI
-2zmeEKx1tkRAkEQkzoUo7vor+X8/f3FVmtVF5bxbI9y7LsrXSNZB62z+Voyj36Id
-rOx05MN9FPbz6FAD5a7vTWCK7hRgGTaUGwYVyVXy9iiSA8Oqm8sqblvfk9jz3E5Y
-TJP6b8Y/Dq9BLpciozqSLo2zPOvl7kaN3kS3eufzA4O9LKfFIxXIcqfsSzFlbQyu
-afBrjiG18FVCNPQW3kCBk2oOWl7z/SJjB1oG/ZcDhSdHYPj+1gTsnzTKAB8qJikh
-gGwJMRLy1L5Bd0p63in5SNX9LXVsY+8YiA7sa3yAhWc=
+
    CA Download
    
+
    -----BEGIN CERTIFICATE-----
+MIIFYzCCA0ugAwIBAgIUDFQuqm9Jd1nKLsvx0mFD0sOo5ZIwDQYJKoZIhvcNAQEL
+BQAwLDEUMBIGA1UEChMLYnVyYmxlLmRuNDIxFDASBgNVBAMTC2J1cmJsZS5kbjQy
+MCAXDTI0MTIwNTE0MDgzM1oYDzIwNzQxMTIzMTQwOTAyWjAsMRQwEgYDVQQKEwti
+dXJibGUuZG40MjEUMBIGA1UEAxMLYnVyYmxlLmRuNDIwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDBU5+AhFEIgQb8HpV6DWTyHCEFsSLHfYElV7Su+q/R
+5RxeLSoYbNrzfsKzoWdVS7lHhmxSsjsY4fM6P3mxhns4QmUOobvB0tuDWtWnudKU
+oOqT2U5XCZZ05342F5isnEHdGYZPolMnFkv4Diiy4Bx+fgFElyqA7yJpIvuHXK1W
+upy9V5NC6zcUBs6S3grOKRJ4Wk1PZMjGj++wt5B8wc+eqOt/P/V33dqdou6vvQgE
+9TAPn36dYLsY3ifIZCSf4VWEtkJTsuEx/eGGnbkH6Q6Qwqz6gMFE9ICHadSpxBDR
+GMFRBYAaDE3m/YQxezkQ3rJIj88crKzM/UgM2xB6W6Z69tUZWJU39c5SP96/nxaY
+qhBw1IwfPborpBx0iWNOa9sZwWlJPUDeRvqyFeZSsza8luGXd8SnXFL4YGscZUzn
+Y19nrfy4xzkwrGRQw1cQiYa6mvfxcZtRFDbNu+k4nBXrLwdUtvyGImkGhNVJxu4T
+RTAi3YOf8cm5Vibr6nL2iDZBXpc0NRZJGteHlyvU7QV5iXBq7aB8oBTu2mJ4xHLn
+qdokBlEblcmDDJGzKV6Y2RXVDsUeZjnSfuYUQ7+UvzWu3upWcXIw9+SPJJGFAZqh
+39YC2R0kvMhE81TfIe+G80pTXNOkvaWb+ubkJaKyIKvlC3AnHcFOzeM3r0Sp9wy9
+1wIDAQABo3sweTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUhCbuFSi7v4bKCY8nWJMIYsd6XPYwHwYDVR0jBBgwFoAUhCbuFSi7v4bK
+CY8nWJMIYsd6XPYwFgYDVR0RBA8wDYILYnVyYmxlLmRuNDIwDQYJKoZIhvcNAQEL
+BQADggIBAIBX61fUiNS9N9xxksuwnGPgJSVdGIGFKexYDbVEG2NsyF55K1XuyWWP
+bh059agAZoTrJRVINCTTwe0Ox+J87RqoozGMR6/xKd83hCVMTZHEcKJzR5N0s/PR
+PAnzRFUPWXkHjjY+9NrVQ8taLVIRpnkTt08RRcvvaFaC2Am5kUZRqc7U5vNkOX1U
+Jgl2G88TJphsxf8HgFBB0VFOxvo04Ub6v+RIVDy+hDWllx8t6KOn2hketSeCsQOc
+0g9WGn86ofSvWgLvpd6w4RnIWVggSNd+vcOXJhpBN4FvrJXU4XYADj/sf3x1GHkj
+ODs0CPzsI2sR3JBxDUJwK/10qQyCnvJ5cKPT+OgpJlf3swLRyapE/p5jcs22iIBF
+ZIHLePCgfv7QSntLuf9ahx4NAMmz/R23im4tcUD3alZ6iTPvPtcGi+FeAOBXChWr
+ItpNnlrPEPdqTKKmmfFdrehOYYVoX+Ch4WOdftpXr2KEECjiZhMEMywhgXecjnCM
+c691Tpa+sdCrQ56kD5I1xGzZKINcHpuiek0H/S7dPUE4PjH8ol0ccSxawgeA/Udm
+FtM7hk85EYPUESzQGFEbUoQ6RS9r087zYKwowZN2rJ/MrCF/i7WIqt03YG87V8J3
+BUtApScN9rpa7AdP0egAoNdPohO3yIahwvfDvecSERcmg5AeTQu5
 -----END CERTIFICATE-----
 
    
-  Certificate Expiry Date: May 12 10:08:49 2029 GMT
+  Certificate Expiry Date: Nov 23 14:09:02 2074
 
    
 
 
@@ -889,7 +1128,7 @@ gGwJMRLy1L5Bd0p63in5SNX9LXVsY+8YiA7sa3yAhWc=
 
 
 
-
+
 
 
 
diff --git a/public/services/dn42/index.html b/public/services/dn42/index.html
index eb88b25..c2bd218 100644
--- a/public/services/dn42/index.html
+++ b/public/services/dn42/index.html
@@ -1,7 +1,7 @@
 
 
 
-
+
     
 
 
@@ -48,7 +48,7 @@
             
         
         
-        
+        
             
                 
             
@@ -119,8 +119,8 @@
             
             
                 
-                    
-                        Overview
+                    
+                        Network Design
                     
                 
             
@@ -281,6 +281,31 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Abuse Policy
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
     
 
             
@@ -421,6 +446,81 @@
             
             
 
+            
  • 
+            
+            
+                
+                    
+                        ACME
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Shell Accounts
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        S3 Object Storage
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
             
  • 
             
             
@@ -437,6 +537,114 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Ping Challenge
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+    
+
+            
+
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -777,53 +1008,53 @@

    burble.dn42 hosts a number of DN42 infrastructure services.

    -

    DNS

    +

    DNS

    - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + +
    ServiceNameIP
    DN42 Masterb.master.delegation-servers.dn42fd42:180:3de0:30::1
    Authoritative Serviceb.delegation-servers.dn42172.20.129.1
    fd42:4242:2601:ac53::1
    Recursive Serviceb.recursive-servers.dn42172.20.129.2
    fd42:4242:2601:ac53::53
    ServiceNameIP
    DN42 Masterb.master.delegation-servers.dn42fd42:180:3de0:30::1
    Authoritative Serviceb.delegation-servers.dn42172.20.129.1
    fd42:4242:2601:ac53::1
    Recursive Serviceb.recursive-servers.dn42172.20.129.2
    fd42:4242:2601:ac53::53

    burble.dn42 provides a local, anycast, authoritative and recursive DNS service.
    The DNS Service has it’s own page.

    -

    DN42 Wiki Mirror

    +

    DN42 Wiki Mirror

    - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + +
    Mirror URLs
    wiki.dn42
    wiki.burble.dn42     		(editable via DN42)
    dn42.dev
    wiki.burble.com     		(read-only via public internet)
    Mirror URLs
    wiki.dn42
    wiki.burble.dn42     		(editable via DN42)
    dn42.dev
    wiki.burble.com     		(read-only via public internet)

    burble.dn42 maintains a globally distributed mirror of the DN42 Wiki, and is part of the wiki.dn42 anycast group. @@ -832,17 +1063,18 @@ The DN42 services (wiki.dn42 and views (dn42.dev and wiki.burble.com) are read-only.

    Please note that updates to the wiki may take several hours to sync with other mirrors.

    -

    The service is provided by regional mirrors fronted by an nginx proxy that is itself -anycasted across burble.dn42. The service is fully meshed and will continue to -operate as long as at least one proxy and mirror is available.

    -

    Mirrors are located in the following locations:

    +

    The wiki service is delivered using the burble.dn42 nomad cluster.

    +

    ACME

    -

    Whois Service

    +

    burble.dn42 provides an ACME +service using an intermediate certificate issued by the +dn42 certificate authority and implemented using +a HashiCorp Vault cluster to provide a highly available service.

    +

    More details can be found on the ACME service page.

    +

    Whois Service

    • whois.burble.dn42
    • fd42:4242:2601:ac43::1
      • @@ -852,10 +1084,8 @@ operate as long as at least one proxy and mirror is available.

      DN42 registry. The WHOIS service is also anycasted across the network.

      The source code for the service is available in the burble.dn42 git.

      -

      Global Route Collector

      +

      Global Route Collector

        -
      • https://grc.burble.com/ (public internet link)
        • -
      • https://lg-grc.burble.com/ (public internet link)
      • https://collector.dn42/ (DN42 link)
      • https://lg.collector.dn42/ (DN42 link)
      • ssh shell@collector.dn42
        • @@ -866,9 +1096,9 @@ All users are invited to join the collector and help provide stats for the netwo

        The route collector can currently be queried by using ssh to connect a bird shell or via a looking glass.
        Additional services and stats are expected to be developed in the future.

        -

        DN42 Infrastructure Monitoring

        -

        burble.dn42 hosts monitoring and alerting of key DN42 services, see the -grafana service for more details.

        +

        DN42 Infrastructure Monitoring

        +

        burble.dn42 hosts monitoring and alerting of key DN42 services at +https://grafana.burble.dn42.

        @@ -921,7 +1151,7 @@ Additional services and stats are expected to be developed in the future.

        - + diff --git a/public/services/dns/index.html b/public/services/dns/index.html index f43ff9b..9e9918b 100644 --- a/public/services/dns/index.html +++ b/public/services/dns/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
      • + + + + + Abuse Policy + + + + + + +
        • + + +
      @@ -421,6 +446,81 @@ +
    • + + + + + ACME + + + + + + +
      • + + + + + + + + + + + + +
    • + + + + + Shell Accounts + + + + + + +
      • + + + + + + + + + + + + +
    • + + + + + S3 Object Storage + + + + + + +
      • + + + + + + + + + + + +
    • @@ -437,6 +537,114 @@ + + + + + + + + + +
    • + + + + + Ping Challenge + + + + + + +
      • + + + +
    + + +
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -779,67 +1010,67 @@

    burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure.

    - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + +
    RoleNames
    DN42 DNS Masterb.master.delegation-servers.dn42
    Authoritative DNS Serviceb.delegation-servers.dn42
    ns1.burble.dn42
    Recursive DNS Serviceb.recursive-servers.dn42
    dns.burble.dn42
    dns64 Servicedns64.burble.dn42
    RoleNames
    DN42 DNS Masterb.master.delegation-servers.dn42
    Authoritative DNS Serviceb.delegation-servers.dn42
    ns1.burble.dn42
    Recursive DNS Serviceb.recursive-servers.dn42
    dns.burble.dn42
    dns64 Servicedns64.burble.dn42

    Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. The services support DNSSEC and are available over UDP, TCP, DNS over HTTPs and DNS over TLS.

    -

    DN42 DNS Master

    +

    DN42 DNS Master

    - - - - - - - - - - - - + + + + + + + + + + + +
    NameIP
    b.master.delegation-servers.dn42fd42:180:3de0:30::1
    NameIP
    b.master.delegation-servers.dn42fd42:180:3de0:30::1

    burble.dn42 runs one of the two master servers that support the DN42 DNS infrastructure.
    See the wiki for more information on the role of the master service.

    -

    The master is hosted on us-dal3, providing geographic and network redundancy against the other DN42 master service, hosted in Europe.

    -

    Authoritative DNS Service

    +

    The master is hosted on ca-bhs2, providing geographic and network redundancy against the other DN42 master service, hosted in Europe.

    +

    Authoritative DNS Service

    - - - - - - - - - - - - + + + + + + + + + + + +
    NameIP
    ns1.burble.dn42
    b.delegation-servers.dn42    		172.20.129.1
    fd42:4242:2601:ac53::1
    NameIP
    ns1.burble.dn42
    b.delegation-servers.dn42    		172.20.129.1
    fd42:4242:2601:ac53::1

    ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides DNSSEC signed, authoritative data for DN42 related zones.

    @@ -848,7 +1079,7 @@ that returned DNS records are traceable via DNSSEC to the DN42 registry. The ser also supports AXFR and may be used as a master to a local, slaved, root zone.

    Note that ns1.burble.dn42 will not forward DNS queries.
    Forwarding is provided by the recursive service, dns.burble.dn42.

    -

    Slaved DN42 zones

    +

    Slaved DN42 zones

    • .dn42
    • .recursive-servers.dn42
      • @@ -862,83 +1093,83 @@ Forwarding is provided by the recursive service, dns.burble.dn42.

    • 31.172.in-addr.arpa.
    • 10.in-addr.arpa.
    -

    Mastered Zones

    +

    Mastered Zones

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ZoneRole
    burble.dn42burble.dn42 forward zone
    collector.dn42Global Route Collector forward zone
    1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpaburble.dn42 IPv6 reverse zone
    0/27.129.20.172.in-addr.arpaburble.dn42 services IPv4 reverse zone
    160/27.129.20.172.in-addr.arpaburble.dn42 nodes IPv4 reverse zone
    0.3.0.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpaDNS Master reverse zone
    0.0.1.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpaRegistry services IPv6 reverse zone
    0/28.63.22.172.in-addr.arpaRegister services, IPv4 reverse zone
    ZoneRole
    burble.dn42burble.dn42 forward zone
    collector.dn42Global Route Collector forward zone
    1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpaburble.dn42 IPv6 reverse zone
    0/27.129.20.172.in-addr.arpaburble.dn42 services IPv4 reverse zone
    160/27.129.20.172.in-addr.arpaburble.dn42 nodes IPv4 reverse zone
    0.3.0.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpaDNS Master reverse zone
    0.0.1.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpaRegistry services IPv6 reverse zone
    0/28.63.22.172.in-addr.arpaRegister services, IPv4 reverse zone
    -

    Recursive DNS Service

    +

    Recursive DNS Service

    - - - - - - - - - - - - + + + + + + + + + + + +
    NameIP
    dns.burble.dn42
    b.recursive-servers.dn42    		172.20.129.2
    fd42:4242:2601:ac53::53
    NameIP
    dns.burble.dn42
    b.recursive-servers.dn42    		172.20.129.2
    fd42:4242:2601:ac53::53

    dns.burble.dn42 is a caching, recursive DNS service that returns results for both DN42 -and clearnet domains. The service issues parallel queries from five regional masters, the +and clearnet domains. The service issues parallel queries from regional masters, the recursive service takes advantage of the burble.dn42 global scale to reduce latency and avoid local connectivity problems.

    The recursor is DNSSEC enabled and validates all queries.

    -

    Using the recursive DNS service

    +

    Using the recursive DNS service

    Users are encouraged to consult recursive-servers.dn42 to obtain a list of recursive DNS services and configure at least two independent resolvers to obtain the best resilience.

    See also the DN42 Wiki for general guidelines and best practice for setting up DNS in DN42.

    -
    $ host -t SRV _dns._udp.recursive-servers.dn42
+
    $ host -t SRV _dns._udp.recursive-servers.dn42
 _dns._udp.recursive-servers.dn42 has SRV record 10 10 53 a3.recursive-servers.dn42.
 _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 b.recursive-servers.dn42.
 _dns._udp.recursive-servers.dn42 has SRV record 10 10 53 a0.recursive-servers.dn42.
 _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 j.recursive-servers.dn42.
 _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 k.recursive-servers.dn42.
 
    Example resolv.conf using IPv6 with IPv4 fallback
    
-
    # DN42 resolve.conf
+
    # DN42 resolve.conf
 
 search dn42
 
@@ -948,41 +1179,41 @@ nameserver fd42:4242:2601:ac53::53
 
 # j.recursive-servers.dn42
 nameserver 172.20.1.19
-
    DNS64 Service
    
+
    DNS64 Service
    
 
-
-
-
-
-
-
-
-
-
-
-
-
+  
+      
+          
+          
+      
+  
+  
+      
+          
+          
+      
+  
    NameIP
    dns64.burble.dn42fd42:4242:2601:ac53::64
    NameIP
    dns64.burble.dn42fd42:4242:2601:ac53::64
    
 
    
 
    The dns64 service operates in a similar way to the main recursive service but also provides
 dns64 translation for hostnames that only have IPv4 addresses.
    
 
    The service will return IPv4 mapped to the rfc6052
 well-known prefix - 64:ff9b::/96
    
-
    DNS over HTTPS (DoH)
    
-
    DNS over TLS
    
+
    DNS over HTTPS (DoH)
    
+
    DNS over TLS
    
 
    The burble.dn42 services support queries via DNS over HTTPS (on port 443) and
 DNS over TLS (on port 843). The HTTPS service is signed by the burble.dn42
 Certificate Authority, and the CA certificate
 will be required by the client in order to use the service.
    
 
    example
    
-
    $ doh burble.dn42 https://[fd42:4242:2601:ac53::53]/dns-query
+
    $ doh burble.dn42 https://[fd42:4242:2601:ac53::53]/dns-query
 burble.dn42 from https://[fd42:4242:2601:ac53::53]/dns-query
 TTL: 3600 seconds
 A: 172.20.129.3
 AAAA: fd42:4242:2601:ac80:0000:0000:0000:0001
-
    Implementation
    
+
    Implementation
    
 
    The DNS service is implemented as a tiered, anycast service with each node
 in the network providing a local cache in front of regional, slave nodes.
    
-
    dns-edge
    
+
    dns-edge
    
 
    Edge nodes provide a caching function for the slaves.
    
 
    Recursive services (dns.burble.dn42 and dns64.burble.dn42) are provided by
 dnsmasq
@@ -997,43 +1228,33 @@ and also cached.
    
 
    Clearnet queries are forwarded on the edge nodes to a combination of
 Google and Cloudflare services.
    
 
    The edge services are monitored and anycast routes automatically injected (or
-removed) using GoBGP and a health checking script.
    
-
    dns-slave
    
+removed) with a health checking script.
    
+
    dns-slave
    
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+  
+      
+          
+          
+          
+      
+  
+  
+      
+          
+          
+          
+      
+      
+          
+          
+          
+      
+      
+          
+          
+          
+      
+  
    RegionHostLocation
    Europedns-slave.de-fra1.burble.dn42PHP Friends, Frankfurt, Germany
    Americas (East)dns-slave.ca-bhs2.burble.dn42OVH, Beauharnois, Canada
    Americas (Mid)  dns-slave.us-dal3.burble.dn42DrServer, Dallas, USA
    Americas (West)  dns-slave.us-lax1.burble.dn42LetBox, Los Angeles, USA
    Asia and Oceaniadns-slave.sg-sin2.burble.dn42OVH, Singapore
    RegionHostLocation
    Europedns-slave.de-fra1.burble.dn42PHP Friends, Frankfurt, Germany
    Americas (East)dns-slave.ca-bhs2.burble.dn42OVH, Beauharnois, Canada
    Americas (West)dns-slave.us-lax1.burble.dn42Alvin Servers, Los Angeles, USA
    
 
    
 
    The slave nodes are implemented using PowerDNS.
    
 
    The Authoritative DNS servers are configured as slaves replicating from the
@@ -1041,7 +1262,7 @@ DN42 master for .dn42 related zones and a hidden master located on the private,
 internal network for burble.dn42 zones.
    
 
    The recursive service is provided by the pdns-recursor configured with DNSSEC
 validation and additional caching.
    
-
    dns-master
    
+
    dns-master
    
 
    The DN42 DNS master is a custom java program
 running on us-dal3.
    
 
@@ -1096,7 +1317,7 @@ running on us-dal3.
    
 
 
 
-
+
 
 
 
diff --git a/public/services/index.html b/public/services/index.html
index 4d7ae6f..6582dcc 100644
--- a/public/services/index.html
+++ b/public/services/index.html
@@ -1,7 +1,7 @@
 
 
 
-
+
     
 
 
@@ -31,7 +31,7 @@
 
 
 
-
+
 
 
 
@@ -49,7 +49,7 @@
             
         
         
-        
+        
             
                 
             
@@ -120,8 +120,8 @@
             
             
                 
-                    
-                        Overview
+                    
+                        Network Design
                     
                 
             
@@ -282,6 +282,31 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Abuse Policy
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
     
 
             
@@ -422,6 +447,81 @@
             
             
 
+            
  • 
+            
+            
+                
+                    
+                        ACME
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Shell Accounts
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        S3 Object Storage
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+            
+            
+
+            
+            
+            
+            
+            
+
             
  • 
             
             
@@ -438,6 +538,114 @@
             
             
         
+            
+            
+
+            
+            
+            
+            
+            
+
+            
  • 
+            
+            
+                
+                    
+                        Ping Challenge
+                    
+                
+            
+            
+
+            
+            
    • 
+            
+            
+        
+    
+
+            
+
    • + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -482,13 +690,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -837,6 +1068,51 @@ +
  • + + + ACME: ACME Service + + + + + +
    • + + + + + +
  • + + + Shell Accounts: burble.dn42 Shell Services + + + + + +
    • + + + + + +
  • + + + S3 Object Storage: S3 Object Service + + + + + +
    • + + + + +
  • @@ -850,6 +1126,21 @@ + + +
  • + + + Ping Challenge: The burble.dn42 Ping Challenge + + + + + +
    • + + + @@ -910,7 +1201,7 @@ - + diff --git a/public/services/index.xml b/public/services/index.xml index 9f60d62..9da2b63 100644 --- a/public/services/index.xml +++ b/public/services/index.xml @@ -2,67 +2,73 @@ Services on burble.dn42 - https://dn42.burble.com/services/ + http://localhost:2010/services/ Recent content in Services on burble.dn42 - Hugo -- gohugo.io - en-gb + Hugo + en-gb + DN42 - https://dn42.burble.com/services/dn42/ + http://localhost:2010/services/dn42/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/dn42/ - burble.dn42 hosts a number of DN42 infrastructure services. -DNS Service Name IP DN42 Master b.master.delegation-servers.dn42 fd42:180:3de0:30::1 Authoritative Service b.delegation-servers.dn42 172.20.129.1fd42:4242:2601:ac53::1 Recursive Service b.recursive-servers.dn42 172.20.129.2fd42:4242:2601:ac53::53 burble.dn42 provides a local, anycast, authoritative and recursive DNS service. -The DNS Service has it&rsquo;s own page. -DN42 Wiki Mirror Mirror URLs wiki.dn42wiki.burble.dn42  (editable via DN42) dn42. + http://localhost:2010/services/dn42/ + <p>burble.dn42 hosts a number of DN42 infrastructure services.</p> <h2 id="dns">DNS</h2> <table> <thead> <tr> <th style="text-align: left">Service</th> <th style="text-align: left">Name</th> <th style="text-align: left">IP</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">DN42 Master</td> <td style="text-align: left">b.master.delegation-servers.dn42</td> <td style="text-align: left">fd42:180:3de0:30::1</td> </tr> <tr> <td style="text-align: left">Authoritative Service</td> <td style="text-align: left">b.delegation-servers.dn42</td> <td style="text-align: left">172.20.129.1<br/>fd42:4242:2601:ac53::1</td> </tr> <tr> <td style="text-align: left">Recursive Service</td> <td style="text-align: left">b.recursive-servers.dn42</td> <td style="text-align: left">172.20.129.2<br/>fd42:4242:2601:ac53::53</td> </tr> </tbody> </table> <p>burble.dn42 provides a local, anycast, authoritative and recursive DNS service.<br> The <a href="http://localhost:2010/services/dns">DNS Service</a> has it&rsquo;s own page.</p> <h2 id="dn42-wiki-mirror">DN42 Wiki Mirror</h2> <table> <thead> <tr> <th style="text-align: left">Mirror URLs</th> <th></th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="https://wiki.dn42/">wiki.dn42</a><br/><a href="https://wiki.burble.dn42/">wiki.burble.dn42</a> </td> <td style="text-align: left">(editable via DN42)</td> </tr> <tr> <td style="text-align: left"><a href="https://dn42.dev/">dn42.dev</a><br/><a href="https://wiki.burble.com/">wiki.burble.com</a> </td> <td style="text-align: left">(read-only via public internet)</td> </tr> </tbody> </table> <p>burble.dn42 maintains a globally distributed mirror of the DN42 Wiki, and is part of the wiki.dn42 anycast group. The DN42 services (<a href="https://wiki.dn42/">wiki.dn42</a> and <a href="https://wiki.burble.dn42/">wiki.burble.dn42</a>) are editable, whilst the public internet views (<a href="https://dn42.dev/">dn42.dev</a> and <a href="https://wiki.burble.com/">wiki.burble.com</a>) are read-only.</p> - Public Services - https://dn42.burble.com/services/public/ + http://localhost:2010/services/public/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/public/ - Services provided for use within DN42 -Website burble.dn42 (dn42 link) dn42.burble.com (public internet link) This website is built using Hugo and is distributed across burble.dn42 core nodes. -The public internet site is hosted on de-fra1 behind CloudFlare and the source for the website is published in the burble.dn42 git. -Issue Log A public issue log is maintained on the DN42 Registry. - Issue Log Users are welcome to raise issues or enhancements via the log. + http://localhost:2010/services/public/ + <p>Services provided for use within DN42</p> <h2 id="website">Website</h2> <ul> <li><a href="https://burble.dn42/">burble.dn42</a> (dn42 link)</li> <li><a href="https://dn42.burble.com/">dn42.burble.com</a> (public internet link)</li> </ul> <p>This website is built using <a href="https://gohugo.io/">Hugo</a> and is <a href="http://localhost:2010/services/internal/#rproxyburbledn42">distributed</a> across burble.dn42 core nodes.</p> <p>The public internet site is a <a href="https://www.cloudflare.com">CloudFlare</a> pages application and the source is <a href="https://git.burble.com/burble.dn42/www">published</a> in the burble.dn42 git.</p> <h2 id="service-administration-portal">Service Administration Portal</h2> <ul> <li><a href="https://svc.burble.dn42/">svc.burble.dn42</a></li> </ul> <p>The service portal allows you to configure your burble.dn42 services.</p> <p>Functionality includes:</p> <ul> <li>Setting or changing a burble.dn42 LDAP password</li> <li>Changing your shell for the shell services</li> <li>Viewing peering information</li> </ul> <h2 id="diagnostic-services">Diagnostic Services</h2> <h3 id="looking-glass">Looking Glass</h3> <ul> <li><a href="https://lg.burble.com">lg.burble.com</a> (public internet link)</li> <li><a href="https://lg.burble.dn42">lg.burble.dn42</a> (dn42 link)</li> </ul> <p>The burble.dn42 looking glass is based on <a href="https://github.com/xddxdd/bird-lg-go">bird-lg-go</a> with some local customisations. The source code for the looking glass is available on the <a href="https://git.burble.com/burble.dn42/bird-lg-go">burble.dn42 git</a>.</p> - Internal Services - https://dn42.burble.com/services/internal/ + http://localhost:2010/services/internal/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/internal/ - This page provides some documenation on other services used within burble.dn42 that are not directly available for public use. -rproxy.burble.dn42 Core nodes run an nginx container that acts as a reverse proxy for services hosted in tier2. -The reverse proxy is distributed to improve local response times and is anycast as rproxy.burble.dn42. Most web services provided by burble.dn42 are simply CNAMEs to the reverse proxy which then balances and forwards the request to the actual service. + http://localhost:2010/services/internal/ + <p>This page provides some documenation on other services used within burble.dn42 that are not directly available for public use.</p> <h2 id="traefik--traefik-eu--traefik-na">traefik / traefik-eu / traefik-na</h2> <p>burble.dn42 runs a global <a href="https://traefik.io/traefik/">traefik</a> cluster which acts as a reverse proxy and load balancer for burble.dn42 web services.</p> <p>The traefik instances are anycast globally (traefik.burble.dn42), but also have regional load balancing groups for Europe (traefik-eu.burble.dn42) and North America (traefik-na.burble.dn42). This regional split helps to direct users to local services where possible.</p> - DNS - https://dn42.burble.com/services/dns/ + http://localhost:2010/services/dns/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/dns/ - burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure. - Role Names DN42 DNS Master b.master.delegation-servers.dn42 Authoritative DNS Service b.delegation-servers.dn42 -ns1.burble.dn42 Recursive DNS Service b.recursive-servers.dn42dns.burble.dn42 dns64 Service dns64.burble.dn42 Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. + http://localhost:2010/services/dns/ + <p>burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure.</p> <table> <thead> <tr> <th style="text-align: left">Role</th> <th style="text-align: left">Names</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">DN42 DNS Master</td> <td style="text-align: left">b.master.delegation-servers.dn42</td> </tr> <tr> <td style="text-align: left">Authoritative DNS Service</td> <td style="text-align: left">b.delegation-servers.dn42<br>ns1.burble.dn42</td> </tr> <tr> <td style="text-align: left">Recursive DNS Service</td> <td style="text-align: left">b.recursive-servers.dn42<br/>dns.burble.dn42</td> </tr> <tr> <td style="text-align: left">dns64 Service</td> <td style="text-align: left">dns64.burble.dn42</td> </tr> </tbody> </table> <p>Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. The services support DNSSEC and are available over UDP, TCP, DNS over HTTPs and DNS over TLS.</p> + + + ACME + http://localhost:2010/services/acme/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/acme/ + <p>burble.dn42 provides an <a href="https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment">ACME</a> service using an intermediate certificate issued by the <a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a> and implemented using a <a href="https://vaultproject.io/">HashiCorp Vault</a> cluster to provide a highly available service.</p> <p>The following ACME challenge types are supported:</p> <ul> <li>http-01</li> <li>dns-01</li> <li>tls-alpn-01</li> </ul> <h2 id="dn42-endpoint">dn42 endpoint</h2> <ul> <li><a href="https://acme.burble.dn42/v1/dn42/acme/directory">https://acme.burble.dn42/v1/dn42/acme/directory</a></li> </ul> <p>The dn42 endpoint serves certificates signed by an intermediate certificate issued by the <a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a>.</p> <blockquote class="gdoc-hint info"> <p>Note that certificates are issued with a validity period of <strong>30 days</strong>, which is shorter than most clearnet ACME services.</p> + + + Shell Accounts + http://localhost:2010/services/shell/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/shell/ + <p>burble.dn42 provides shell accounts on the following servers:</p> <ul> <li>shell.fr.burble.dn42</li> <li>shell.uk.burble.dn42</li> <li>shell.de.burble.dn42</li> <li>shell.lax.burble.dn42</li> <li>shell.nyc.burble.dn42</li> </ul> <p>There is also an anycast address <a href="https://shell.burble.dn42">shell.burble.dn42</a> that will route to the closest server.</p> <h2 id="accessing-the-service">Accessing the Service</h2> <p>The shell service imports user information from the dn42 registry allowing any MNTNER to log in to the servers. Usernames are constructed by lowercasing and removing the &lsquo;-MNT&rsquo; suffix.</p> <h3 id="using-an-ssh-public-key">Using an SSH public key</h3> <p>If you have an <code>auth</code> attribute with an SSH public key, this will be imported from the registry and you can use the SSH key to log in to the shell server.</p> + + + S3 Object Storage + http://localhost:2010/services/minio/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/minio/ + <p>burble.dn42 provides an S3 compatible storage service based on <a href="https://min.io/">min.io</a>.</p> <ul> <li><a href="https://minio.burble.dn42">https://minio.burble.dn42</a> - Web interface</li> <li>s3.burble.dn42 - S3 compatible interface</li> </ul> <blockquote class="gdoc-hint warning"> <p>Remember that the storage service is provided for the dn42 community and the <a href="http://localhost:2010/network/abuse/">burble.dn42 abuse policy</a> applies.</p> <p>Be considerate in your usage so that others will get the same benefits as you are enjoying now. Clean up files that you no longer need, do not use the service for illegal or objectional content and don&rsquo;t be stupid.</p> - Certificate Authority - https://dn42.burble.com/services/ca/ + http://localhost:2010/services/ca/ Mon, 01 Jan 0001 00:00:00 +0000 - - https://dn42.burble.com/services/ca/ - burble.dn42 maintains a PKI infarstructure for its services, using Hashicorp Vault -CA details countryName GB stateOrProvinceName dn42 organizationName burble.dn2 commonName ca.burble.dn42 emailAddress dn42@burble.com CA Download burble-dn42-ca.pem ------BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIJAIZWD8xmHTYFMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV BAYTAkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUG A1UEAwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxl LmNvbTAeFw0xODEyMjIwOTIxMDhaFw0yMDEyMjEwOTIxMDhaMGsxCzAJBgNVBAYT AkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUGA1UE AwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxlLmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEsUm0KtuwZjrMeWl/x t8f5XCLdDdBAm9KWfJWl9fwxTFkwYEMaXMLjhsmoLKuyXejs7X72VAA/Ctz9KuiQ l/teuGKvt8gNbq3IXVH9KxW8uiSWJIUklZ801qLjUX4kzWJlCgug7Xd2Q0LsevvC QMSNa2Blfh6ieMtjeQNaRhoyy3xEn7t/CNkn5U+bVFTUYE31fREWyEJe2avX2KIs y55GxlkUmOZZPAsMs9at+NmfDWsxOYJSYBOeLsyzJnHWX0g+X9sBf14CDPL3KVxq NdGlPGYmJXr8Q5bNUv6diHSGd4nW/ft/IRGPpgXpwzcQNQHfneZUGSC9L+0B4LR4 sqkCAwEAAaNTMFEwHQYDVR0OBBYEFN8+6wkXTKajsoezC1nzvBe+YZscMB8GA1Ud IwQYMBaAFN8+6wkXTKajsoezC1nzvBe+YZscMA8GA1UdEwEB/wQFMAMBAf8wDQYJ KoZIhvcNAQELBQADggEBAEdmCZyKaEk2AOcgVkQ9OMAR+AaGIUCazvWKGx2DXAJI 2zmeEKx1tkRAkEQkzoUo7vor+X8/f3FVmtVF5bxbI9y7LsrXSNZB62z+Voyj36Id rOx05MN9FPbz6FAD5a7vTWCK7hRgGTaUGwYVyVXy9iiSA8Oqm8sqblvfk9jz3E5Y TJP6b8Y/Dq9BLpciozqSLo2zPOvl7kaN3kS3eufzA4O9LKfFIxXIcqfsSzFlbQyu afBrjiG18FVCNPQW3kCBk2oOWl7z/SJjB1oG/ZcDhSdHYPj+1gTsnzTKAB8qJikh gGwJMRLy1L5Bd0p63in5SNX9LXVsY+8YiA7sa3yAhWc= -----END CERTIFICATE----- Certificate Expiry Date: May 12 10:08:49 2029 GMT + http://localhost:2010/services/ca/ + <p>burble.dn42 maintains a PKI infarstructure for its services, using <a href="http://localhost:2010/services/internal/#vaultburbledn42">Hashicorp Vault</a></p> <h2 id="ca-details">CA details</h2> <table> <thead> <tr> <th></th> <th></th> </tr> </thead> <tbody> <tr> <td>countryName</td> <td>GB</td> </tr> <tr> <td>stateOrProvinceName   </td> <td>dn42</td> </tr> <tr> <td>organizationName</td> <td>burble.dn2</td> </tr> <tr> <td>commonName</td> <td>ca.burble.dn42</td> </tr> <tr> <td>emailAddress</td> <td><a href="mailto:dn42@burble.com">dn42@burble.com</a></td> </tr> </tbody> </table> <h2 id="ca-download">CA Download</h2> <p><a href="http://localhost:2010/burble-dn42-ca.pem">burble-dn42-ca.pem</a></p> <pre tabindex="0"><code>-----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIUBIkK5f6OppmInBEKnG0xiNTn7lIwDQYJKoZIhvcNAQEL BQAwazELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJs ZS5kbjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYP ZG40MkBidXJibGUuY29tMB4XDTE5MDgxMzEwMDg0OVoXDTI5MDUxMjEwMDg0OVow azELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJsZS5k bjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYPZG40 MkBidXJibGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSxS bQq27BmOsx5aX/G3x/lcIt0N0ECb0pZ8laX1/DFMWTBgQxpcwuOGyagsq7Jd6Ozt fvZUAD8K3P0q6JCX+164Yq+3yA1urchdUf0rFby6JJYkhSSVnzTWouNRfiTNYmUK C6Dtd3ZDQux6+8JAxI1rYGV+HqJ4y2N5A1pGGjLLfESfu38I2SflT5tUVNRgTfV9 ERbIQl7Zq9fYoizLnkbGWRSY5lk8Cwyz1q342Z8NazE5glJgE54uzLMmcdZfSD5f 2wF/XgIM8vcpXGo10aU8ZiYlevxDls1S/p2IdIZ3idb9+38hEY+mBenDNxA1Ad+d 5lQZIL0v7QHgtHiyqQIDAQABo1MwUTAdBgNVHQ4EFgQU3z7rCRdMpqOyh7MLWfO8 F75hmxwwHwYDVR0jBBgwFoAU3z7rCRdMpqOyh7MLWfO8F75hmxwwDwYDVR0TAQH/ BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAm2hdaRx7CESeeWpvQIUmWysYWZ5r tLsDkU0PdM2vQSB42MbngKNGi2GU1CXgQhNiYDieoIMhtfMf1Zl6PBm13XE11COg HKCbs828G5X6HrlCnVAfqQiaa0HLZ0vFO94RVknn/wqr2VoHKNLdA46gMD67FWGm KGyeD480JbIOiM69r/4JGzuJSh384CxH6KPCX7dUywxgI9zbW99SaKTQNJ8Z+O04 qPtmh+qW0L8a7lTuaR/SEbloDA+ztDYyEPsgmVpvM+e2PtJdmygGaUc8Y15TevJR PGauY9oPLMXdxRYsqjQeKjBXv7Ms0CQB8XNHQ7zPsM83EZD5Eq68wLIvUA== -----END CERTIFICATE----- </code></pre><blockquote class="gdoc-hint danger"> Certificate Expiry Date: <code>May 12 10:08:49 2029 GMT</code> </blockquote> + + + Ping Challenge + http://localhost:2010/services/ping/ + Mon, 01 Jan 0001 00:00:00 +0000 + http://localhost:2010/services/ping/ + <p>Can you solve the burble.dn42 ping challenge ?</p> <h2 id="to-start">To start</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">$ ping -s <span class="m">0</span> -c <span class="m">1</span> fd42:4242:2601:31f0::1 </span></span></code></pre></div><h2 id="hints">Hints</h2> <ul> <li>Use <code>-c 1</code> to only return one ping, <em>unless instructed otherwise</em></li> <li>Use <code>-s 0</code> to create a zero sized ping, <em>unless instructed otherwise</em></li> <li>Packet capture is your friend</li> <li>You may also find a <a href="http://kioubit.dn42/cyber/">CyberChef</a> useful</li> <li>The server maintains state based on your source IP and will time out idle clients after several days. There are ways to check the status (revealed during the challenge) but if your state times out you will need to restart from the nearest checkpoint.</li> </ul> - diff --git a/public/services/internal/index.html b/public/services/internal/index.html index a951963..ea1b50a 100644 --- a/public/services/internal/index.html +++ b/public/services/internal/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -778,42 +1009,29 @@

    This page provides some documenation on other services used within burble.dn42 that are not directly available for public use.

    -

    rproxy.burble.dn42

    -

    Core nodes run an nginx container that acts as a reverse proxy -for services hosted in tier2.

    -

    The reverse proxy is distributed to improve local response times and is -anycast as rproxy.burble.dn42. Most web services provided by burble.dn42 are -simply CNAMEs to the reverse proxy which then balances and forwards the -request to the actual service.

    -

    As well as a reverse proxy, nginx also provides:

    -
      -
    • TLS termination
      • -
    • A local page cache to act as a poor man’s CDN
      • -
    • Static content server
      • -
    -

    n8n.burble.dn42

    -

    n8n is used to provide an automation and workflow service.

    -

    As an example, n8n is used to update dn42regsrv -and [ROA tables](/services/public#ROA Tables) when the -registry changes.

    -

    n8n-workflow

    -

    vault.burble.dn42

    +

    traefik / traefik-eu / traefik-na

    +

    burble.dn42 runs a global traefik cluster which +acts as a reverse proxy and load balancer for burble.dn42 web services.

    +

    The traefik instances are anycast globally (traefik.burble.dn42), but also +have regional load balancing groups for Europe (traefik-eu.burble.dn42) and +North America (traefik-na.burble.dn42). This regional split helps to direct +users to local services where possible.

    +

    vault.burble.dn42

    Hashicorp Vault is used to handle secrets across the burble.dn42 network.
    Vault is deployed as a 3 node cluster across the Europe core nodes -and uses Consul as the cluster back end.

    -

    TLS Certificate Authority

    +and uses the internal raft database as a back end.

    +

    TLS Certificate Authority

    Vault acts as the main certificate authority for burble.dn42 -PKI, however there is also an intermediate ACME server based on -smallstep CA.

    +PKI.

    Vault allows for regular, automated renewal of certificates on short timeframes (typically a rolling week or monthly basis).

    -

    SSH Certificate Authority

    +

    SSH Certificate Authority

    Vault also acts as an SSH certificate authority, verifying both users and servers within the network.

    Server certificates are generated during deployment, whilst user (or role) certificates are short lived and generated on demand.

    -

    Deployment Secrets

    +

    Deployment Secrets

    Vault holds secrets used during node and service deployments.

    Most burble.dn42 are built as stateless container images and secrets are pushed from vault in to the live containers at runtime. This ensures the @@ -826,21 +1044,18 @@ instances on deployment.

    user token during the deployment process. This ensures that even if access was gained to the deployment server, secrets could still not be accessed without also having access to a live user token.

    -

    ci.burble.dn42

    +

    nomad.burble.dn42

    +

    burble.dn42 runs a global HashiCorp Nomad cluster +that is used primarily for web application workloads. Nomad integrates with +containerd, +vault and +traefik +to provide resilient, globally available applications.

    +

    ci.burble.dn42

    The burble.dn42 git has an associated CI/CD service based on drone.

    The CI/CD service is used to manage DNS, build and publish applications and the burble.dn42 website.

    -

    minio.burble.dn42

    -

    min.io is used as an S3 compatible block storage service. -For example, min.io is used for storing build artifacts from CI pipelines.

    -

    As well as a central storage server, min.io is deployed in ‘gateway’ mode -to provide local, regional caches for the block storage.

    -

    The min.io services uses a global etcd cluster for credential -management.

    -

    lounge.burble.dn42

    -

    For lurking on #dn42 I use -thelounge, a web based IRC client.

    @@ -893,7 +1108,7 @@ management.

    - + diff --git a/public/services/minio/index.html b/public/services/minio/index.html new file mode 100644 index 0000000..214ad37 --- /dev/null +++ b/public/services/minio/index.html @@ -0,0 +1,1169 @@ + + + + + + + + +S3 Object Storage | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Services / S3 Object Storage + + + + + + + + + + + + +
    + + +
    +

    S3 Object Storage

    + + + + + + + +

    burble.dn42 provides an S3 compatible storage service based on min.io.

    + +
    +

    Remember that the storage service is provided for the dn42 community and +the burble.dn42 abuse policy applies.

    +

    Be considerate in your usage so that others will get the same benefits as +you are enjoying now. Clean up files that you no longer need, do not use the service for +illegal or objectional content and don’t be stupid.

    + +
    + +

    Accessing the Service

    +

    The object storage service is available for all users who have set a burble.dn42 +password via the service portal.

    +

    Web Interface

    + +

    The minio web console can be accessed by logging in using your burble.dn42 +username (lowercase of your MNTNER without the -MNT suffix) and password.

    +

    From the web interface users can create your own buckets, upload or download +files, and create access keys for the S3 service.

    +
    +

    Any buckets you create must start with your lowercase MNTNER name followed by a dash.

    +

    For example, for FOOBAR-MNT buckets must start with ‘foobar-’

    +

    Valid bucket names

    +
    foobar-mybucket
+foobar-bucket1
+

    Invalid bucket names

    +
    foobar
+foobarmnt-bucket
+notfoobar-bucket
+
    +
    + +

    S3 API

    +
      +
    • s3.burble.dn42
      • +
    +

    An S3 compatible API is accessible via https://s3.burble.dn42. The S3 region is uk-lon2

    +
    + Don’t use your burble.dn42 username and password.
    +Use the web interface on https://minio.burble.dn42 to create a unique access and secret key when using the S3 API. +
    + +

    SFTP

    +
      +
    • sftp -P 8022 @minio.burble.dn42
      • +
    +

    The minio instance can also be accessed via SFTP on port 8022. +Log in to the SFTP server using your burble.dn42 username (MNTNER name in lowercase) and password.

    +

    Example usage

    +

    Using the minio client utility

    +
      +
    1. Install the minio client
      2. +
    2. Log in to the web console at https://minio.burble.dn42 using your burble.dn42 username and password
      3. +
    3. Create yourself a bucket, remember to start the bucket with your mntner e.g. ‘foobar-’
      4. +
    4. Create an acccess and secret key pair
      5. +
    5. Log out the web interface and return back to the cli
      6. +
    6. Create an alias in the client using the access and secret key pair generated in step 4
      7. +
    +
    mc alias set burble https://s3.burble.dn42 ACCESS_KEY SECRET KEY
+
      +
    1. You can now use the client to access your bucket
      2. +
    +
    mc ls burble/foobar-mybucket
+

    Using the S3 API to mount buckets using rclone

    +

    The burble.dn42 shell servers include rclone which you can use to mount +buckets directly in your shell account.

    +
      +
    1. Log in to the web console at https://minio.burble.dn42 using your burble.dn42 username and password
      2. +
    2. Create yourself a bucket, remember to start the bucket with your mntner e.g. ‘foobar-’
      3. +
    3. Create an acccess and secret key pair
      4. +
    4. Log out the web interface and and log in to your shell account
      5. +
    5. Use rclone config to configure rclone
      6. +
    +
      +
    • Use https://s3.burble.dn42 as the endpoint and uk-lon2 as the region
      • +
    • Use the access and secret key pair created in step 3 for authentication
      • +
    +

    You can now use rclone to mount your buckets in the shell

    +
    $ mkdir tmp
+$ rclone mount burble: tmp
+

    Using SFTP

    +

    Simply use your burble.dn42 username and password to access the SFTP server on port 8022.

    +
    $ sftp -P 8022 burble@minio.burble.dn42
+burble@minio.burble.dn42's password: 
+Connected to minio.burble.dn42.
+sftp> dir
+burble-images  
+sftp> exit
+
    + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/services/ping/index.html b/public/services/ping/index.html new file mode 100644 index 0000000..228cec7 --- /dev/null +++ b/public/services/ping/index.html @@ -0,0 +1,1086 @@ + + + + + + + + +Ping Challenge | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + + + + + + + + +
    +
    + + +
    + + +
    + + + + + + + + + + + +
    + + + + + + + + + + + + + + + + + + + burble.dn42 / Services / Ping Challenge + + + + + + + + + + + + +
    + + +
    +

    Ping Challenge

    + + + + + + + +

    Can you solve the burble.dn42 ping challenge ?

    +

    To start

    +
    $ ping -s 0 -c 1 fd42:4242:2601:31f0::1
+

    Hints

    +
      +
    • Use -c 1 to only return one ping, unless instructed otherwise
      • +
    • Use -s 0 to create a zero sized ping, unless instructed otherwise
      • +
    • Packet capture is your friend
      • +
    • You may also find a CyberChef useful
      • +
    • The server maintains state based on your source IP and will time out idle clients after several days. There are ways to check the status (revealed during the challenge) but if your state times out you will need to restart from the nearest checkpoint.
      • +
    + + +
    + + + + + + + + + + + + + + + + + + + +
    + + +
    + +
    +
    + + + +
    + + + + + + + + + + + + + + + + diff --git a/public/services/public/index.html b/public/services/public/index.html index ddc0378..56e7103 100644 --- a/public/services/public/index.html +++ b/public/services/public/index.html @@ -1,7 +1,7 @@ - + @@ -48,7 +48,7 @@ - + @@ -119,8 +119,8 @@ - - Overview + + Network Design @@ -281,6 +281,31 @@ + + + + + + + + + +
  • + + + + + Abuse Policy + + + + + + +
    • + + + @@ -421,6 +446,81 @@ +
  • + + + + + ACME + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + Shell Accounts + + + + + + +
    • + + + + + + + + + + + + +
  • + + + + + S3 Object Storage + + + + + + +
    • + + + + + + + + + + + +
  • @@ -437,6 +537,114 @@ + + + + + + + + + +
  • + + + + + Ping Challenge + + + + + + +
    • + + + + + + + + + + + + + + + + + + + +
  • + + + + + Retro42 + + + + + + + + + + @@ -481,13 +689,13 @@
  • - -
  • + + + + + Other stuff + + + + + + +
    • + + + + + + + + + +
  • @@ -777,7 +1008,7 @@

    Services provided for use within DN42

    -

    Website

    +

    Website

    • burble.dn42 (dn42 link)
    • dn42.burble.com (public internet link)
      • @@ -785,35 +1016,34 @@

      This website is built using Hugo and is distributed across burble.dn42 core nodes.

      -

      The public internet site is hosted on de-fra1 behind -CloudFlare and the source for the website -is published in the burble.dn42 git.

      -

      Issue Log

      -

      A public issue log is maintained on the DN42 Registry.

      +

      The public internet site is a CloudFlare pages +application and the source is published +in the burble.dn42 git.

      +

      Service Administration Portal

      -

      Users are welcome to raise issues or enhancements via the log.

      -

      Diagnostic Services

      -

      Looking Glass

      +

      The service portal allows you to configure your burble.dn42 services.

      +

      Functionality includes:

      +
        +
      • Setting or changing a burble.dn42 LDAP password
        • +
      • Changing your shell for the shell services
        • +
      • Viewing peering information
        • +
      +

      Diagnostic Services

      +

      Looking Glass

      The burble.dn42 looking glass is based on -bird-lg with patches by -Zhaofeng, -tds and -myself to fix formating, bird2 -compatibility and other tweaks.

      -

      A fork of sileht/bird-lg that includes all of our fixes is available on -GitHub.

      -

      DN42 registry data in the BGP Map part of the looking glass uses -lgregmapper -to interface with dn42regsrv.

      -

      The looking glass is hosted on de-fra1 and the public version is +bird-lg-go with some local +customisations. The source code for the looking glass is available +on the +burble.dn42 git.

      +

      The looking glass is replicated via the nomad cluster, with the public version behind CloudFlare.

      -

      Pingable IP address

      +

      Pingable IP address

      • pingable.burble.dn42
      • 172.20.129.5
        • @@ -827,74 +1057,93 @@ please be considerate and configure a reasonable test frequency.

        In all cases, do not set the ping frequency to be higher than once a second. -

        Speed Test Service

        -

        A speed test service is available in France and Canada.
        -Note that the service is currently available over IPv6 only at this time.

        +

        Speed Test

        -
        - If the service ends up loading or disrupting the rest of the network then I may end up -removing it, so remember this service is provided for your benefit and use responsibly. +

        The speed test service provides a way for you to measure your latency and bandwidth +to the core burble.dn42 service clusters.

        +

        The service is based on is OpenSpeedTest.

        +
        + The speedtest service is delivered via the internal +traefik and +nomad clusters which are +anycasted and have internal load balancing. This means that the particular +server providing the speedtest is non-deterministic and you may get different +results across speedtest runs.
        -

        Network Status and Reporting

        -

        Grafana Dashboards

        +
        + The speedtest service is provided for your benefit, please don’t abuse +the service or using excessive bandwidth. +
        + +

        Network Status and Reporting

        +

        Grafana Dashboards

        -

        The hosted grafana service has it’s own page here.

        -

        Uptime monitoring

        +

        Uptime monitoring

        -

        Each node in the network is monitored by UptimeRobot with alerts -if a node becomes unavailable.

        -

        Internal monitoring

        +

        Major nodes are also monitored off-network by UptimeRobot.

        +

        Anycast / Dynamic Route Monitoring

        + +

        Realtime dashboard for anycast / dynamic services. Anycast status is reported every +minute to the nats.io cluster and the dashboard is a live visualtion of the current status.

        +

        Internal monitoring

        Internally, nodes are measured by netdata which provides a real time view of each node. prometheus is then used to collect and store that data for historical reporting. grafana is used for visualisation.

        Syslogs are exported in real time to a central logging node on the internal network.

        -

        DNS

        +

        Shell Accounts

        +

        The burble.dn42 shell service provides shell accounts for dn42 users who +have a burble.dn42 password or SSH auth methods in the registry.
        +See the Shell Accounts page.

        +

        S3 Compatible Object Store

        + +

        A min.io instance provides S3 compatible storage space for users +that have registered a burble.dn42 password.
        +See the S3 Object Storage page for more information and examples.

        +

        DNS

        - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + +
        ServiceNameIP
        Authoritative Servicens1.burble.dn42172.20.129.1
        fd42:4242:2601:ac53::1
        Recursive Servicedns.burble.dn42172.20.129.2
        fd42:4242:2601:ac53::53
        DNS64 Servicedns64.burble.dn42fd42:4242:2601:ac53::64
        ServiceNameIP
        Authoritative Servicens1.burble.dn42172.20.129.1
        fd42:4242:2601:ac53::1
        Recursive Servicedns.burble.dn42172.20.129.2
        fd42:4242:2601:ac53::53
        DNS64 Servicedns64.burble.dn42fd42:4242:2601:ac53::64

        burble.dn42 provides a local, anycast, authoritative and recursive DNS service.
        The DNS Service has it’s own page.

        -
        -

        DNS over HTTPs (DoH)

        -

        DNS over TLS

        -

        All services support DNS over HTTPs on port 443, and DNS over TLS on port 843. -

        - -

        Registry API Service and Explorer

        +

        Registry API Service and Explorer

        • https://explorer.burble.com/ (public internet link)
        • https://explorer.burble.dn42/ (DN42 link)
          • @@ -903,81 +1152,162 @@ The DNS Service has it’s own page.

          that provides a bridge between interactive applications and the registry.

          As well as the main REST API to the DN42 registry, the server can also generate ROA tables and provides a small web application for exploring registry data.

          -

          ROA Data

          +

          ROA Data

          Route Origin Authorisation (ROA) tables are generated using dn42regsrv and published to the dn42.burble.com website for general use.

          The JSON output file can be used with gortr to implement ROA checks via RPKI.
          The Bird files can be used directly with Bird to implement ROA checks as detailed -in the DN42 Wiki (Bird1 / Bird2).

          +in the DN42 Wiki (Bird1 / Bird2).
          +The OpenBGPD files can be used directly with OpenBGPD to implement ROA checks as details in the DN42 Wiki +OpenBGPD

          - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          URL IPv4/IPv6 Description
          https://dn42.burble.com/roa/dn42_roa_46.json   Both   DN42 ROA data in JSON format
          https://dn42.burble.com/roa/dn42_roa_bird1_46.conf   Both   DN42 ROA data for use with Bird1
          https://dn42.burble.com/roa/dn42_roa_bird1_4.conf   IPv4 Only   DN42 ROA data for use with Bird1
          https://dn42.burble.com/roa/dn42_roa_bird1_6.conf   IPv6 Only   DN42 ROA data for use with Bird1
          https://dn42.burble.com/roa/dn42_roa_bird2_46.conf   Both   DN42 ROA data for use with Bird2
          https://dn42.burble.com/roa/dn42_roa_bird2_4.conf   IPv4 Only   DN42 ROA data for use with Bird2
          https://dn42.burble.com/roa/dn42_roa_bird2_6.conf   IPv6 Only   DN42 ROA data for use with Bird2
          URL IPv4/IPv6 Description
          https://dn42.burble.com/roa/dn42_roa_46.json   Both   DN42 ROA data in JSON format
          https://dn42.burble.com/roa/dn42_roa_bird1_46.conf   Both   DN42 ROA data for use with Bird1
          https://dn42.burble.com/roa/dn42_roa_bird1_4.conf   IPv4 Only   DN42 ROA data for use with Bird1
          https://dn42.burble.com/roa/dn42_roa_bird1_6.conf   IPv6 Only   DN42 ROA data for use with Bird1
          https://dn42.burble.com/roa/dn42_roa_bird2_46.conf   Both   DN42 ROA data for use with Bird2
          https://dn42.burble.com/roa/dn42_roa_bird2_4.conf   IPv4 Only   DN42 ROA data for use with Bird2
          https://dn42.burble.com/roa/dn42_roa_bird2_6.conf   IPv6 Only   DN42 ROA data for use with Bird2
          https://dn42.burble.com/roa/dn42_roa_obgpd_46.conf   Both   DN42 ROA data for use with OpenBGPD
          https://dn42.burble.com/roa/dn42_roa_obgpd_4.conf   IPv4 Only   DN42 ROA data for use with OpenBGPD
          https://dn42.burble.com/roa/dn42_roa_obgpd_6.conf   IPv6 Only   DN42 ROA data for use with OpenBGPD
          -

          ROA data is cached via Cloudflare to provide fast local access, and an -n8n script is used to update ROA data immediately following -registry changes.

          -

          Git

          +

          ROA data is cached via Cloudflare to provide fast local access.

          +

          Git

          burble.dn42 related code and configuration is maintained in a local gitea repository.

          -

          PrivateBin Instance

          +

          VOIP

          +
            +
          • voip.burble.dn42
            • +
          +

          burble.dn42 runs an asterisk based VOIP service, primarily to support +the Retro42 service.
          +The VOIP service has a number of public endpoints available for testing:

          + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          SIP EndpointService
          424026010@voip.burble.dn42Time Announcement
          424026011@voip.burble.dn42Announces your caller ID
          424026012@voip.burble.dn42Echo Service
          424026013@voip.burble.dn42Randomised music
          424026017@voip.burble.dn42Dials Modem 1 directly (currently offline and used for testing)
          424026018@voip.burble.dn42Dials Modem 2 directly
          424026019@voip.burble.dn42Dialup service endpoint - dials both modems
          +

          PrivateBin Instance

          burble.dn42 PrivateBin instance.

          -

          NTP Service

          +

          NTP Service

          All servers in burble.dn42 provide a stable, high stratum NTP service using chrony.

          The NTP service is exposed over DN42, and users are welcome to use any server in the burble.dn42 network as an NTP time server on either the public or DN42 networks.

          +

          clicker.burble.dn42

          + +

          Waste your time with this dn42 themed, browser based idle game.

          +

          lounge.burble.dn42

          + +

          thelounge is a web based IRC client that is integrated +with the LDAP backend.

          +

          Log in using your burble.dn42 username/password to lurk on +#dn42.
          +(set a password using the the burble.dn42 service portal)

          +

          Invidious instance

          + +

          burble.dn42 instance of Invidious the open source +alternative front-end to YouTube.

          @@ -1030,7 +1360,7 @@ in the burble.dn42 network as an NTP time server on either the public or DN42 ne - + diff --git a/public/services/shell/index.html b/public/services/shell/index.html new file mode 100644 index 0000000..8d845e8 --- /dev/null +++ b/public/services/shell/index.html @@ -0,0 +1,1214 @@ + + + + + + + + +Shell Accounts | burble.dn42 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
          + +
          +
          + + + + + + + + +
          +
          + + +
          + + +
          + + + + + + + + + + + +
          + + + + + + + + + + + + + + + + + + + burble.dn42 / Services / Shell Accounts + + + + + + + + + + + + +
          + + +
          +

          Shell Accounts

          + + + + + + + +

          burble.dn42 provides shell accounts on the following servers:

          +
            +
          • shell.fr-rbx1.burble.dn42
            • +
          • shell.uk-lon1.burble.dn42
            • +
          • shell.de-fra2.burble.dn42
            • +
          • shell.ca-bhs1.burble.dn42
            • +
          • shell.us-ash1.burble.dn42
            • +
          • shell.us-lax2.burble.dn42
            • +
          • shell.us-nyc2.burble.dn42
            • +
          +

          There is also an anycast address shell.burble.dn42 +that will route to the closest server.

          +

          Accessing the Service

          +

          The shell service imports user information from the dn42 registry allowing +any MNTNER to log in to the servers. Usernames are constructed by +lowercasing and removing the ‘-MNT’ suffix.

          +

          Using an SSH public key

          +

          If you have an auth attribute with an SSH public key, this will be +imported from the registry and you can use the SSH key to log in to the +shell server.

          +

          Using a password

          +

          MNTNERs without an SSH key must first use the +burble.dn42 service portal to set an account password.

          +

          Connection Example

          +

          For mntner FOO-MNT

          +

          Log in to the closest server using your ssh key or burble.dn42 password:

          +
          ssh foo@shell.burble.dn42
+

          or log in to a specific server:

          +
          ssh foo@shell.fr-rbx1.burble.dn42
+

          Your home directory is created automatically on first access and will then +persist across logins.

          +
          + Home directories are not replicated across servers. +
          + +

          Key Services

          +

          Installed Packages

          +

          A broad set of command line tools, applications and games are available; +the aim is to provide a comprehensive environment that is useful and +fun to tinker with.

          +

          The current set of packages can be found in the shell config repo:

          + +

          Requests for additional packages are welcome, please raise these as +issues in the repo.

          +

          Webserver

          +

          The shell servers include a webserver with user directories (~/public_html/) +and CGI (~/public_html/cgi-bin/) enabled. The webserver is accessed over https +and has a dn42 certificate.

          +
            +
          • https://shell.burble.dn42/~<username>/
            • +
          • https://shell.fr-rbx1.burble.dn42/~<username>/
            • +
          • https://shell.uk-lon1.burble.dn42/~<username>/
            • +
          • https://shell.de-fra2.burble.dn42/~<username>/
            • +
          • https://shell.ca-bhs1.burble.dn42/~<username>/
            • +
          • https://shell.us-ash1.burble.dn42/~<username>/
            • +
          • https://shell.us-lax2.burble.dn42/~<username>/
            • +
          • https://shell.us-nyc2.burble.dn42/~<username>/
            • +
          +
          +

          Remember that any files need to be accessible by the webserver, +which runs as user/group www-data/www-data; CGI scripts must also be executable. +The default umask of 077 means that the webserver won’t be able to +read your public_html folder or any files within it without changing permissions.

          +

          A simplistic approach would be to make your home directory, and +public_html directory world readable:

          +
          chmod a+x ~
+chmod -R a+rX ~/public_html
+chmod -R a+rx ~/public_html/cgi-bin
+

          A more secure way of allowing access would be to use posix ACLs:

          +
          setfacl -m "u:www-data:x" ~
+setfacl -Rdm "u:www-data:rX" ~/public_html
+setfacl -Rdm "u:www-data:rx" ~/public_html/cgi-bin
+
          +
          + +
          +

          Note also that home directories are not replicated across each shell server.

          +

          If you want to provide services using the anycast address you must copy your code +between servers yourself.

          + +
          + +

          Login Shell

          +

          You can change your login shell using the +burble.dn42 service portal.

          +

          Classic Games

          +

          The shells have a number of classic text games installed:

          +

          Colossal Cave Adventure
          +Get lost in a twisty little maze of passages
          +$ adventure

          +

          Trek
          +$ trek

          +

          NetHack
          +The original time sink
          +$ nethack

          +

          Zork
          +Zork 1, 2 and 3 are available in /usr/local/frotz/
          +$ frotz /usr/local/frotz/ZORK1.DAT
          +$ frotz /usr/local/frotz/ZORK2.DAT
          +$ frotz /usr/local/frotz/ZORK3.DAT

          +

          Take a look in /usr/games for more text games.

          +

          Cron, Batch and Services

          +

          Cron and other batch or long running tasks are ok, but be a nice neighbour +and prioritise other users’ interactive use.

          +

          Schedule crons to run at random or obscure times to avoid stampeding herds +and control your resource usage using tools like nice and ionice.

          +

          Clearnet

          +

          Clearnet access is provided. Rate limiting allows for a small amount of +burst traffic, but then bandwidth is quickly limited to 10mbit/sec. In general, +you should be better off using your own clearnet access for large downloads.

          +

          Connection Forwarding

          +

          SSH forwarding is enabled on the servers.

          +

          For example, this means you are able to use the shell servers as a +resilient, anycast jump host:

          +
          ssh -J shell.burble.dn42 my.other.host.dn42
+

          There are also a small number of X11 apps installed on the servers:

          +
          ssh -X shell.burble.dn42 -f 'xterm & xeyes'
+

          Integration with S3 object storage

          +

          The shell servers include rclone which can be used to access +the S3 object storage service.
          +See the +S3 storage example +for details.

          +

          Acceptable Use

          +

          In general, as long as you are not risking the service or other users you +should be ok. These services are provided free for your benefit, and the +objective is to provide a fun, open environment for dn42 users. +Please be considerate in your usage and remember that abusing the +service just spoils it for everyone else.

          +

          See also the main Abuse Policy.

          +

          Source Code and Configuration

          +

          Configuration for the shell servers is maintained in a git repo:

          + +

          The repository may be used for raising issues or requesting additional +software to be installed.

          + + +
          + + + + + + + + + + + + + + + + + + + +
          + + +
          + +
          +
          + + + +
          + + + + + + + + + + + + + + + + diff --git a/public/sitemap.xml b/public/sitemap.xml index 5495ced..5a34627 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -1,102 +1,73 @@ - - https://dn42.burble.com/additional/maintlog/2020/ - - - - https://dn42.burble.com/additional/maintlog/2019/ - - - - https://dn42.burble.com/additional/maintlog/2018/ - - - - https://dn42.burble.com/network/ - - - - https://dn42.burble.com/network/peering/ - - - - https://dn42.burble.com/services/dn42/ - - - - https://dn42.burble.com/network/nodes/ - - - - https://dn42.burble.com/services/public/ - - - - https://dn42.burble.com/services/ - - - - https://dn42.burble.com/additional/ - - - - https://dn42.burble.com/services/internal/ - - - - https://dn42.burble.com/network/IPAM/ - - - - https://dn42.burble.com/network/routing-policy/ - - - - https://dn42.burble.com/network/communities/ - - - - https://dn42.burble.com/services/dns/ - - - - https://dn42.burble.com/services/ca/ - - - - https://dn42.burble.com/network/status/ - - - - https://dn42.burble.com/privacy/ + http://localhost:2010/additional/maintlog/2020/ + + http://localhost:2010/additional/maintlog/2019/ + + http://localhost:2010/additional/maintlog/2018/ + + http://localhost:2010/retro/modem/ + + http://localhost:2010/network/ + + http://localhost:2010/network/peering/ + + http://localhost:2010/services/dn42/ + + http://localhost:2010/retro/fake/ + + http://localhost:2010/network/nodes/ + + http://localhost:2010/services/public/ + + http://localhost:2010/services/ + + http://localhost:2010/retro/ + + http://localhost:2010/additional/ + + http://localhost:2010/services/internal/ + + http://localhost:2010/network/IPAM/ + + http://localhost:2010/network/routing-policy/ + + http://localhost:2010/network/communities/ + + http://localhost:2010/services/dns/ + + http://localhost:2010/services/acme/ + + http://localhost:2010/services/shell/ + + http://localhost:2010/services/minio/ + + http://localhost:2010/services/ca/ + + http://localhost:2010/services/ping/ + + http://localhost:2010/network/status/ + + http://localhost:2010/network/abuse/ + + http://localhost:2010/ 2020-12-18T00:00:00+00:00 + + http://localhost:2010/privacy/ + 2020-12-18T00:00:00+00:00 + + http://localhost:2010/categories/ + + http://localhost:2010/additional/maintlog/ + + http://localhost:2010/network/design/ + + http://localhost:2010/additional/other-stuff/ + + http://localhost:2010/tags/ + + http://localhost:2010/additional/things-to-do/ - - - https://dn42.burble.com/ - - - - https://dn42.burble.com/categories/ - - - - https://dn42.burble.com/additional/maintlog/ - - - - https://dn42.burble.com/network/overview/ - - - - https://dn42.burble.com/tags/ - - - - https://dn42.burble.com/additional/things-to-do/ - - diff --git a/public/tags/index.xml b/public/tags/index.xml index 325b8e8..f1fc509 100644 --- a/public/tags/index.xml +++ b/public/tags/index.xml @@ -2,9 +2,10 @@ Tags on burble.dn42 - https://dn42.burble.com/tags/ + http://localhost:2010/tags/ Recent content in Tags on burble.dn42 - Hugo -- gohugo.io - en-gb + Hugo + en-gb +