16 KiB
title | weight |
---|---|
2019 | -2019 |
Archive of changes made in 2019
31st December 2019
The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I've also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published.
Most services are now moved, with the main exception of DNS and the GRC, both of which need more significant work. The website also now needs major updates to reflect the changes I've made.
The following new nodes are also open for peering:
- dn42-fr-rbx2
- dn42-fr-sbg1
- dn42-ch-zur1
- dn42-sg-sin1
- dn42-hk-hkg1
Happy New Year
24th December 2019
The last month has been spent redesigning my WAN and introducting a latency based metric for connectivity between nodes. This is now mostly complete, but not without its own follow on problems that need to be resolved.
Things still to do include:
- Fixing the service delivery layer as a software upgrade breaks IPv6 connectivity
- Adding documentation to the website on the new design
- Opening new nodes for peering
- Making the config public
Another new node will also be added, dn42-fr-rbx2 and dn42-fr-rbx1 will be retired.
Merry Christmas DN42
29th November 2019
Black friday is here and new nodes are on the way.
- dn42-fr-sbg1
- dn42-ch-zur1
- dn42-sg-sin1
- dn42-hk-hkg1
2nd November 2019
Retired dn42-us-lax2, dn42-us-chi2, dn42-ca-bhs1, dn42-tr-ist1 and dn42-no-osl1.
Restructured the internal confederations.
26th October 2019
New experimental node added hosted in the Oracle Cloud environment in Mumbai, India.
Users are welcome to peer and test the node, but should be aware there may be short notice changes or interruptions to service.
19th October 2019
After a few weeks of outage and putting up with influx using up a vast amount of resources, the monitoring service has finally moved to a federated prometheus architecture. Hopefully this will have better performance than the influx architecture used previously. At some point I'll update the monitoring page with details of the new configuration.
12th October 2019
The burble.dn42 wiki service is now part of the global anycast for wiki.dn42.
See the services page for more details.
2nd October 2019
The recursive DNS service now supports clearnet queries
15th September 2019
Stop supporting IPsec tunnels
21st August 2019
Removed sg-sin3 and vn-han1
13th August 2019
Added DN42 wiki service editable via dn42, readonly via clearnet.
Issued new Certificate Authority root certificate with a longer expiry date.
11th August 2019
Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass.
Influx ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed.
28th July 2019
Add dn42-us-mia2, which will replace dn42-us-mia1
25th July 2019
Add pingable.burble.dn42
21st July 2019
Decommissioning of dn42-ru-mos1 and dn42-us-sea1
17th July 2019
DoH! The DNS Service now support DNS over HTTPS.
22nd June 2019
Tidied up node information.
14th June 2019
A new host IRC web service has been added, based on thelounge.
See the services page for more details.
8th June 2019
The recursive DNS service now uses parallel queries across all five regional master nodes.
This approach takes advantage of the burble.dn42 global scale to reduce latencies,
improve resilience and prevent local connectivity problems from impacting the results.
See the DNS page for more info.
24th May 2019
Moved and extended the DN42 monitoring so that it is more independent and also clustered.
A writeup of the hosted grafana service and monitoring is available here.
21st May 2019
dn42-uk-lon1 is back again after being out of action for the day.
The host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node.
20th May 2019
Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities.
Added new peers
- AS4242421588 / TECH9 at dn42-us-lax2
- AS4242421166 / MTR at dn42-fr-rbx1 and dn42-de-fra1
15th May 2019
Updated my fork of bird-lg by merging Zhaofeng's Python2 to Python3 bird-lg updates and fixing a few outstanding problems.
The updated code is now live on the burble.dn42 looking glass.
13th May 2019
Moved the looking glass to its own container, in anticipation of future website changes
dn42-us-mia1 is offline again.
10th May 2019
dn42-us-chi2 was suspended by the provider on 8/5 due to 'NTP reflection attacks'.
This is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised vulnerabilities in stock NTPd.
My network uses chronyd rather than NTPd and it is simply not vulnerable to abuse in the same way as NTPd, I also regularly monitor and check the services. On the other hand, the server does see a large amount of NTP traffic and it can sometimes be difficult demonstrating that I'm specifically providing a service here and not under some kind of attack.
Apologies that the server was offline for a few days, but it should now finally be back again.
For info, here is the bandwidth graph of dn42-us-chi2 as it was suspended:
It's trivial to see that an amplification attack was not occuring, as the inbound and outbound traffic are both equal. It's a shame some providers don't consider this before suspending services, but, understandable that the economics of providing VPS services can prohibt this.
Added new peers:
- AS4242422322 / PLASMATRIX at dn42-de-fra1
5th May 2019
Added git service.
See the services page for more details.`<
1st May 2019
Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren't working.
Both are fixed now.
Added new peers:
30th April 2019
New node added and ready for peering
- dn42-ca-bhs2 (Beauharnois, Canada)
With the addition of several new nodes, the internal BGP confederations
have been re-orginised.
This new organisation should provide better balance and allow for more local services.
- The North American region has been split in two, becoming Central & West Coast and East Coast.
- lt-vil1 and at-vie1 have been moved to the East Europe region.
Added new peers:
- AS4242423581 / CLOUDYSKIES at dn42-us-lax2
- AS4242420141 / DEEPWATER at dn42-de-fra1
- AS4242420246 / XESXEN at dn42-fr-rbx1 and dn42-uk-lon1
- AS4242422543 / RESETTRAP at dn42-jp-tyo1
19th April 2019
New nodes added and ready for peering.
- dn42-at-vie1 (Vienna, Austria)
- dn42-us-nyc1 (New York, United States)
18th April 2019
Over the last week, and number of major changes have taken place to the burble.dn42 network.
These include:
- Configuring Jool to provide IPv4 to IPv6 SIIT for the new 172.20.129.0/27 prefix
The aim is for all internal services of the burble.dn42 network to be provided by IPv6, with SIIT taking place at the network edge for external IPv4 users. - Configuring Jool to provide a NAT64 service
So that internal, IPv6 only, services can access external IPv4 networks - Adding a new VXLAN to the WAN overlay
The new VXLAN segregates DN42 traffic from the internal traffic and enables a separate DN42 routing domain. As a side effect, this change also fixes the problem where internal IP addresses were being leaked and causing confusing traceroutes for DN42 users.
Over time, internal IPv4 services will be removed
12th April 2019
New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services.
172.20.129.0/27 will be used as anycast addresses for services. 172.20.129.160/27 will be used for burble.dn42 nodes
Added new peers:
- AS4242421063 / ZIIS at dn42-uk-lon1
- AS4242421475 / SIRMYSTERION at dn42-us-chi2
7th April 2019
Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability.
3rd April 2019
Added new peers:
- AS4242423974 / GIGGA at dn42-sg-sin3
31st March 2019
The DNS service has gone global, with every node in the burble.dn42 network
now participating in the DNS Anycast service.
More details can be found on the DNS page.
26rd March 2019
Added new peers:
- AS4242420568 / MARSHY at dn42-au-syd1
- AS4242423853 / CHENYAO2333 at dn42-ca-bhs1
- AS4242423328 / DEBOERDN2000 at dn42-ca-bhs1
- AS4242423924 / EVILZONE at dn42-sg-sin3
11th March 2019
New node added dn42-de-fra1
9th March 2019
Added new peers:
- AS4242420101 / HEXA at dn42-fr-rbx1
- AS4242423783 / OZARK at dn42-au-syd1
- AS4242420571 / CAICAI at dn42-vn-han1
A new instance of the registry explorer has been created that references the 'object-fix' branch of the DN42 registry. The main purpose of this is to support the new DNS system being developed.
A couple of the nodes on the network experienced some downtime over the week:
- dn42-us-mia1 was down to 2 days and had to be rebuilt as my VPS provider's storage array crashed.
- dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side
7th March 2019
Added new peers
- AS4242421955 / NOP at dn42-fr-rbx1
- AS4242420161 / ZZZ at dn42-jp-tyo1
26th February 2019
Initialised GRC website
Added new peers
- AS4242422626 / HANNIBAL at dn42-fr-rbx1
- AS4242423156 / BUROA at dn42-us-chi2
21st February 2019
The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv.
19th February 2019
New peer added:
- AS4242423975 / FELIX at dn42-fr-rbx1
18th February 2019
The internal and public ROA service has been moved over to using dn42regsrv.
See the services page for more details.
New peer added:
- AS4242423973 / TECHNOPOINT at dn42-sg-sin3
16th February 2019
New peers added:
- AS4242420182 / JAN at dn42-uk-lon1
- AS4242422042 / KLEEN at dn42-fr-rbx1
- AS4242423201 / DDPO at dn42-uk-lon1
10th February 2019
Updated the services to include new stuff::
- DNS
- Registry REST API and Explorer
- Global Route Collector
New peers added:
- AS4242420191 / TCDUE at dn42-uk-lon1
- AS4242422019 / HENOKV at dn42-fr-rbx1
- AS64713 / MARTIN89 at dn42-fr-rbx1
- AS4242423000 / RELROD at dn42-ca-bhs1
- AS4242421656 / PHIIVO at dn42-us-lax2
26th January 2019
New service !
A burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network.
A common, global route collector is in progress, see here
21st January 2019
New peer added:
- AS4242423306 / TIMK at dn42-au-syd1
13th January 2019
bgpmap updated to add MNT and prefix info for ASes.
New peers added:
- AS4242420415 / TYLER at dn42-us-lax2
- AS4242423569 / DHE at dn42-us-dal3
- AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1
12th January 2019
The Looking Glass now supports bgpmap again.
My bird-lg fixes are available on github.
New peer added:
- AS4242421501 / ADAMYI at dn42-au-syd1
11th January 2019
Some layout fixes to the Looking Glass, including fixing whois lookups.
3rd January 2019
First new peers of 2019:
- AS4242420505 / 42ISLIFE at dn42-ca-bhs1
- AS4242421114 / GRGR at dn42-us-chi2
- AS4242421050 / NAPSTERBATER at dn42-us-chi2
2nd January 2019
Consolidated number of anycast sessions.