burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
master
www/public/js/en.search-data.min.024a430941d7ce20ffedb836e1742cf07cc3f2797b18c0cf1aaeb87101f0c23d.js
Simon Marsh 3970981f1b
All checks were successful
continuous-integration/drone/push Build is passing
Details
test pipeline
2021-12-27 14:15:48 +00:00

1 line
77 KiB
JavaScript
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

'use strict';(function(){const indexCfg={};indexCfg.doc={id:'id',field:['title','content'],store:['title','href','parent'],};const index=FlexSearch.create(indexCfg);window.geekdocSearchIndex=index;index.add({'id':0,'href':'/additional/maintlog/2020/','title':"2020",'parent':"Maintenance Log",'content':"Archive of changes made in 2020\n13th December 2020 Issue Log\nburble.dn42 now has a public issue log, hosted on the DN42 Registry.\n Issue Log Feel free to raise issues or enhancements on the log.\nSpeedtest Service\nAn experimental speed test service has been introduced:\n France: https://speedtest.fr-rbx1.burble.dn42 Canada: https://speedtest.ca-bhs2.burble.dn42 The two services are currently only accessible over IPv6 but are hosted on dedicated servers with plenty of available bandwidth. If the service ends up loading or disrupting the rest of the network then I may end up removing it, so use responsibly.\nn8n Automation\nThe burble.dn42 network now has an instance of n8n to help automate internal workflows.\nWhilst this isn\u0026rsquo;t a public service the first visibile benefit is that the Explorer and ROA files now update immediately following registry changes. Previously changes were polled and could take up to an hour to be updated.\n6th December 2020 ca-bhs2 and fr-rbx1 have been migrated to their new servers. If you are peering with these nodes please make sure you update any IP addresses on your side as required.\ngit.dn42.dev is hosted on ca-bhs2 and so was also migrated and upgraded to v1.13.0.\n28th November 2020 Black Friday has been been and gone and this means that a few nodes have now reached the end of their contract and are being retired:\n fr-sbg1 us-sea2 jp-tyo1 sg-sin1 us-mia2 However, the good news is that Black Friday also delivered a few shiny new nodes for the burble.dn42 network:\n ca-bhs2 will be replaced with a new node that has SSD rather than HDD storage new nodes expected in Hong Kong and Madrid, eta Jan 2021 Users of ca-bhs2 will be migrated to the new node, with details to be confirmed.\n12th September 2020 uk-lon1 has been upgraded. If you are peered on this node, please update your IP address accordingly.\nburble.dn42 now includes some limited protection against ghost route updates. See the communities page for more details.\n9th September 2020 uk-lon1 will be upgraded this weekend (12/13th September), but unfortunately this does mean that the IP address for the server is going to change.\nThe hostname will be changed to match the new address, but if you use the IP address in your configuration (e.g. for firewall rules), you will need to update them, as detailed below.\ndn42-uk-lon1.burble.com\n IPv4: 185.42.222.153 IPv6: 2a04:92c5:2::42 All other peering details, such as encryption keys and tunnel IP addresses will remain the same, and the new server is in the same datacentre so there should be no changes to connectivity or latency.\n28th August 2020 Changes to the burble.dn42 network\nOver the next year the focus of the burble.dn42 network will change focus to providing high quality, reliable services for DN42. As part of this change, a number of the current \u0026lsquo;edge\u0026rsquo; nodes will be decommissioned to reduce admin overhead and allow concentration on the core, service nodes.\nThe following nodes will be decommissioned and are no longer available for new peerings:\n Node Decommissioning Date us-mia2 Immediately sg-sin1 November 2020 us-sea2 November 2020 fr-sbg1 Nocember 2020 jp-tyo1 December 2020 au-syd1 January 2021 us-nyc1 April 2021 us-chi1 May 2021 The current core nodes will continue to operate and some will also be upgraded. The number of services provided by the network will also expand.\nCore nodes\n Node Future Plans fr-rbx1 Increase in services offered ca-bhs2 Upgrade to ssd disks ~November 2020 de-fra1 Upgraded in August to 4 x Epyc / 20G RAM / NVMe us-dal3 Increase in services offered / potential for upgrade us-lax1 Increase in services offered sg-sin2 Take over services from sg-sin1 Other Nodes\n Node Future Plans uk-lon1 Upgrade before January 2021 ch-zur1 No changes planned no-trd1 No changes planned 22nd August 2020 de-fra1 has been replaced with a shiny, upgraded, new node.\nIf you are peered on de-fra1, please check your configuration and ensure you are using the new IP addresses\n IPv4: 193.41.237.149 IPv6: 2a0d:5941:1:17c::4e2a All other peering parameters remain the same.\n15th August 2020 The DN42 registry now supports automated pipelines using Drone CI.\nDetails will be published on the DN42 wiki.\n25th July 2020 us-mia1 and us-mia2 have been swapped. The provider for the old us-mia2 (Stockservers) appears to have ceased trading, so the node has been swapped in case the original server disappears at short notice.\nEDIT: seems the new provider wasn\u0026rsquo;t better, so us-mia2 is back on the old server until it dies completely.\nno-trd1 has been added, courtesy of jastrup.\nlt-vil1 is being decommissioned and users will need to migrate to a different node to maintain service.\n5th July 2020 A busy weekend supporting the move of the DN42 registry to its new host.\nRemember to join the new mailing list at https://groups.io/g/dn42 and create yourself an account on the new registry https://git.dn42.dev\n10th June 2020 Website moved again, and new paste.burble.dn42 service added.\n6th June 2020 The global route collector has had a long overdue upgrade. Please let me know if you spot any residual issues.\n25th May 2020 The new DNS implementation has been deployed across all nodes. The DNS service now supports:\n Authoritative DNS for DN42 domains (b.delegation-servers.dn42) Recursive DNS (b.recursive-servers.dn42) DNS64 (dns64.burble.dn42) All services support UDP, TCP, DNS over HTTPS and DNS over TLS queries. See the DNS page for more info.\n23rd May 2020 A new implementation of the edge DNS service is currently being tested across a few nodes, please let me know if you spot any DNS oddness.\n18th May 2020 Added whois.burble.dn42 service, see the services page for more details.\nhttps://explorer.burble.dn42 now has regional mirrors so should be significantly faster for anyone not in Europe.\n16th May 2020 Approximately 40 old or inactive peers have been deleted as part of a spring cleaning exercise.\nIf you\u0026rsquo;ve been accidently deleted and still want to peer with me, just give me a shout and I will re-instate the configuration.\n11th May 2020 Rate limiting on BGP sessions has been implemented to protect the network from major route flapping events. The rate limiting should only kick in after 30+ minutes of extremely high updates (or even longer for milder events), but please let me know if this causes any issues.\n8th May 2020 us-lax1 has been migrated. If you peer with me please remember to update the clearnet IP addresses on your side:\ndn42-us-lax1\nIPv4: 185.215.224.214\nIPv6: 2a0b:ae40:1:4a0a::5a\n5th May 2020 us-lax1 is being upgraded !\nApologies for the short notice, but us-lax1 will be upgraded over the weekend of 9th/10th May. The upgrade will allow for more services to be provided from the node, to provide enabling a better response for users in Asia and West Coast US.\nUnfortunately the upgrade means that IP address of the node will change and peers will need to update their config accordingly. The encryption keys and tunnel addresses should not need to change.\n4th May 2020 Several of the burble.dn42 core nodes have been upgraded to Ubuntu 20.04. This required a short outage, but will allow for a refactoring of a few services in the future.\n13th April 2020 Bugs have been fixed and both instances of the burble.dn42 website are now running in a new environment with the latest grav.\nThe new website instance is the first burble.dn42 application running on Ubuntu 20.04 (Focal Fossa).\n11th April 2020 The clearnet version of this website is running with a new instance that has the latest grav.\nPlease let me know if you spot any problems.\nThe DN42 instance continues to run with the previous version.\n4th April 2020 Well, that was fun; burble.dn42 had a number of outages over this evening, caused by trying to perform a rolling upgrade across the network. The biggest of these took out the burble.dn42 DNS service for an extended period, impacting DNS resolution across DN42.\nThe plan had been to perform a full upgrade and reboot for every burble.dn42 node. To minimise disruption I perform updates across groups of servers that are chosen to be independent so that service resilience should not be impacted.\nHowever, this time there were two key failures:\n The provider configuration for ca-bhs2 meant that it could not mount all of its disks when rebooted and it ended up in maintenance mode. The server needed to be recovered via the IPMI console. Whilst global services continued to be provided by other nodes, peers on ca-bhs2 lost connectivity whilst the node was recovered.\n The new pdns-recursor that was implemented at the end of March (see below) had a different runtime path than the default OS install. This meant that when each of the core nodes was restarted the pdns-recursor failed to restart as the runtime path was missing. Since the DNS service is resilient, it continued to operate without problems until the last core node was restarted, at which point the entire service failed. Without DNS, most of the remaining burble.dn42 failed or could not be restarted and recovery was also hampered by having to work without having DNS available.\n 1st April 2020 at-vie1 will be decommissioned by 14th April. If you are peered on this node, please contact me to move the peering to another node.\n28th March 2020 The patched pdns recursor is now deployed to all core nodes.\nPlease let me know immediately if you notice odd DNS behaviour.\n24th March 2020 fr-sbg1 (which hosts the europe region core DNS service) is currently testing a special pdns recursor build in order to try and fix this issue.\nThe server is likely to be used for most recursive DNS lookups across Europe that use the new DNS anycast addresses, or my service directly. Please let me know immediately if you notice odd DNS behaviour.\n26th January 2019 This weekend has been a huge maintenance weekend for burble.dn42, with the following updates taking place:\n A number of nodes have been built and swapped in to the network to upgrade and manage renewals fr-rbx1 replaced by fr-rbx2 fr-rbx2 was a much faster node ca-bhs2 replaced with a new node the replacement is also much faster us-dal3 replaced by us-dal1 us-dal3 was a poor performer and has been replaced with a dedicated server au-syd1 replaced with a new node memory increased from 1G to 2G sg-sin2 replaced with a new node memory increased from 1G to 2G Node renewals are now mostly sorted until November, which will be a nice break for my wallet.\n The build of ca-bhs2 introduced a new disk layout for my core nodes, which is intended to provide more flexibility for new features. uk-lon3, a private storage node, was also rebuilt for the new design. A bad decision around backups meant that I also had to re-create all the services on fr-rbx2 and us-dal1 as they were swapped in to their new roles. As a result, the services on these boxes were also flattened and rebuilt to the new disk layout.\nAt some future point, fr-sbg1 will follow and also change to the new layout.\n The burble.dn42 is organised around a core network of servers in each region, the updates this weekend complete a series of changes to upgrade the core nodes that has been taking place since November 2019. A lot of the recent work has been to update the services so they are on, or point to, the new core nodes. The core network looked like this prior to November 2019:\n Name CPU Memory Disk Network Descr fr-rbx1 i5-2400 (4/8 x 3.4Ghz) 16G 2TB Consumer HDD 100mbps un-metered Kimsufi KS-10 ca-bhs2 i5-3570S (4/8 x 3.8Ghz) 16G 2TB Consumer HDD 100mbps un-metered Kimsufi KS-10 sg-sin2 virtual (1 x 3.5Ghz) 1G 30GB HDD 1TB @ 1gbit OVH VPS us-dal3 virtual (2 x 3.4Ghz) 5G 120GB HDD 5TB @ 10gbit HostDoc VPS Following the upgrades, the core now consists of the following servers:\n Name CPU Memory Disk Network Descr fr-sbg1 E5-1620 (4/8 x 3.7Ghz) 32G 3 x 480GB SSD 500mbps un-metered OVH SYS fr-rbx1 E3-1245 (4/8 x 3.4Ghz) 32G 2 x 480GB SSD 500mbps un-metered OVH SYS uk-lon3 virtual (2 x 3Ghz) 3G 3TB HDD 10TB @ 1gbit HostHatch ca-bhs2 E5-1620 (4/8 x 3.7Ghz) 32G 2 x 2TB Ent. HDD 500mbps un-metered OVH SYS us-dal3 C2750 (8 x 2.4Ghz) 8G 240GB SSD 100mbps un-metered drserver sg-sin1 virtual (4 x 2.2Ghz) 4G 24GB SSD 1gbit un-metered ITLDC VPS "});index.add({'id':1,'href':'/additional/maintlog/2019/','title':"2019",'parent':"Maintenance Log",'content':"Archive of changes made in 2019\n31st December 2019 The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I\u0026rsquo;ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published.\nMost services are now moved, with the main exception of DNS and the GRC, both of which need more significant work. The website also now needs major updates to reflect the changes I\u0026rsquo;ve made.\nThe following new nodes are also open for peering:\n dn42-fr-rbx2 dn42-fr-sbg1 dn42-ch-zur1 dn42-sg-sin1 dn42-hk-hkg1 Happy New Year\n24th December 2019 The last month has been spent redesigning my WAN and introducting a latency based metric for connectivity between nodes. This is now mostly complete, but not without its own follow on problems that need to be resolved.\nThings still to do include:\n Fixing the service delivery layer as a software upgrade breaks IPv6 connectivity Adding documentation to the website on the new design Opening new nodes for peering Making the config public Another new node will also be added, dn42-fr-rbx2 and dn42-fr-rbx1 will be retired.\nMerry Christmas DN42\n29th November 2019 Black friday is here and new nodes are on the way.\n dn42-fr-sbg1 dn42-ch-zur1 dn42-sg-sin1 dn42-hk-hkg1 2nd November 2019 Retired dn42-us-lax2, dn42-us-chi2, dn42-ca-bhs1, dn42-tr-ist1 and dn42-no-osl1.\nRestructured the internal confederations.\n26th October 2019 New experimental node added hosted in the Oracle Cloud environment in Mumbai, India.\nUsers are welcome to peer and test the node, but should be aware there may be short notice changes or interruptions to service.\n19th October 2019 After a few weeks of outage and putting up with influx using up a vast amount of resources, the monitoring service has finally moved to a federated prometheus architecture. Hopefully this will have better performance than the influx architecture used previously. At some point I\u0026rsquo;ll update the monitoring page with details of the new configuration.\n12th October 2019 The burble.dn42 wiki service is now part of the global anycast for wiki.dn42.\nSee the services page for more details.\n2nd October 2019 The recursive DNS service now supports clearnet queries\n15th September 2019 Stop supporting IPsec tunnels\n21st August 2019 Removed sg-sin3 and vn-han1\n13th August 2019 Added DN42 wiki service editable via dn42, readonly via clearnet.\nIssued new Certificate Authority root certificate with a longer expiry date.\n11th August 2019 Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass.\nInflux ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed.\n28th July 2019 Add dn42-us-mia2, which will replace dn42-us-mia1\n25th July 2019 Add pingable.burble.dn42\n21st July 2019 Decommissioning of dn42-ru-mos1 and dn42-us-sea1\n17th July 2019 DoH! The DNS Service now support DNS over HTTPS.\n22nd June 2019 Tidied up node information.\n14th June 2019 A new host IRC web service has been added, based on thelounge.\nSee the services page for more details.\n8th June 2019 The recursive DNS service now uses parallel queries across all five regional master nodes.\nThis approach takes advantage of the burble.dn42 global scale to reduce latencies, improve resilience and prevent local connectivity problems from impacting the results. See the DNS page for more info.\n24th May 2019 Moved and extended the DN42 monitoring so that it is more independent and also clustered.\nA writeup of the hosted grafana service and monitoring is available here.\n21st May 2019 dn42-uk-lon1 is back again after being out of action for the day.\nThe host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node.\n20th May 2019 Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities.\nAdded new peers\n AS4242421588 / TECH9 at dn42-us-lax2 AS4242421166 / MTR at dn42-fr-rbx1 and dn42-de-fra1 15th May 2019 Updated my fork of bird-lg by merging Zhaofeng\u0026rsquo;s Python2 to Python3 bird-lg updates and fixing a few outstanding problems.\nThe updated code is now live on the burble.dn42 looking glass.\n13th May 2019 Moved the looking glass to its own container, in anticipation of future website changes\ndn42-us-mia1 is offline again.\n10th May 2019 dn42-us-chi2 was suspended by the provider on 8/5 due to \u0026lsquo;NTP reflection attacks\u0026rsquo;.\nThis is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised vulnerabilities in stock NTPd.\nMy network uses chronyd rather than NTPd and it is simply not vulnerable to abuse in the same way as NTPd, I also regularly monitor and check the services. On the other hand, the server does see a large amount of NTP traffic and it can sometimes be difficult demonstrating that I\u0026rsquo;m specifically providing a service here and not under some kind of attack.\nApologies that the server was offline for a few days, but it should now finally be back again.\nFor info, here is the bandwidth graph of dn42-us-chi2 as it was suspended:\nIt\u0026rsquo;s trivial to see that an amplification attack was not occuring, as the inbound and outbound traffic are both equal. It\u0026rsquo;s a shame some providers don\u0026rsquo;t consider this before suspending services, but, understandable that the economics of providing VPS services can prohibt this.\nAdded new peers:\n AS4242422322 / PLASMATRIX at dn42-de-fra1 5th May 2019 Added git service.\nSee the services page for more details.`\u0026lt;\n1st May 2019 Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren\u0026rsquo;t working.\nBoth are fixed now.\nAdded new peers:\n AS76140 / FEUERROT at dn42-de-fra1 30th April 2019 New node added and ready for peering\n dn42-ca-bhs2 (Beauharnois, Canada) With the addition of several new nodes, the internal BGP confederations have been re-orginised.\nThis new organisation should provide better balance and allow for more local services.\n The North American region has been split in two, becoming Central \u0026amp; West Coast and East Coast. lt-vil1 and at-vie1 have been moved to the East Europe region. Added new peers:\n AS4242423581 / CLOUDYSKIES at dn42-us-lax2 AS4242420141 / DEEPWATER at dn42-de-fra1 AS4242420246 / XESXEN at dn42-fr-rbx1 and dn42-uk-lon1 AS4242422543 / RESETTRAP at dn42-jp-tyo1 19th April 2019 New nodes added and ready for peering.\n dn42-at-vie1 (Vienna, Austria) dn42-us-nyc1 (New York, United States) 18th April 2019 Over the last week, and number of major changes have taken place to the burble.dn42 network.\nThese include:\n Configuring Jool to provide IPv4 to IPv6 SIIT for the new 172.20.129.0/27 prefix\nThe aim is for all internal services of the burble.dn42 network to be provided by IPv6, with SIIT taking place at the network edge for external IPv4 users. Configuring Jool to provide a NAT64 service\nSo that internal, IPv6 only, services can access external IPv4 networks Adding a new VXLAN to the WAN overlay\nThe new VXLAN segregates DN42 traffic from the internal traffic and enables a separate DN42 routing domain. As a side effect, this change also fixes the problem where internal IP addresses were being leaked and causing confusing traceroutes for DN42 users. Over time, internal IPv4 services will be removed\n12th April 2019 New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services.\n172.20.129.0/27 will be used as anycast addresses for services. 172.20.129.160/27 will be used for burble.dn42 nodes\nAdded new peers:\n AS4242421063 / ZIIS at dn42-uk-lon1 AS4242421475 / SIRMYSTERION at dn42-us-chi2 7th April 2019 Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability.\n3rd April 2019 Added new peers:\n AS4242423974 / GIGGA at dn42-sg-sin3 31st March 2019 The DNS service has gone global, with every node in the burble.dn42 network now participating in the DNS Anycast service.\nMore details can be found on the DNS page.\n26rd March 2019 Added new peers:\n AS4242420568 / MARSHY at dn42-au-syd1 AS4242423853 / CHENYAO2333 at dn42-ca-bhs1 AS4242423328 / DEBOERDN2000 at dn42-ca-bhs1 AS4242423924 / EVILZONE at dn42-sg-sin3 11th March 2019 New node added dn42-de-fra1\n9th March 2019 Added new peers:\n AS4242420101 / HEXA at dn42-fr-rbx1 AS4242423783 / OZARK at dn42-au-syd1 AS4242420571 / CAICAI at dn42-vn-han1 A new instance of the registry explorer has been created that references the \u0026lsquo;object-fix\u0026rsquo; branch of the DN42 registry. The main purpose of this is to support the new DNS system being developed.\nhttp://grc.burble.dn42:8043/\nA couple of the nodes on the network experienced some downtime over the week:\n dn42-us-mia1 was down to 2 days and had to be rebuilt as my VPS provider\u0026rsquo;s storage array crashed. dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side 7th March 2019 Added new peers\n AS4242421955 / NOP at dn42-fr-rbx1 AS4242420161 / ZZZ at dn42-jp-tyo1 26th February 2019 Initialised GRC website\nAdded new peers\n AS4242422626 / HANNIBAL at dn42-fr-rbx1 AS4242423156 / BUROA at dn42-us-chi2 21st February 2019 The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv.\n19th February 2019 New peer added:\n AS4242423975 / FELIX at dn42-fr-rbx1 18th February 2019 The internal and public ROA service has been moved over to using dn42regsrv.\nSee the services page for more details.\nNew peer added:\n AS4242423973 / TECHNOPOINT at dn42-sg-sin3 16th February 2019 New peers added:\n AS4242420182 / JAN at dn42-uk-lon1 AS4242422042 / KLEEN at dn42-fr-rbx1 AS4242423201 / DDPO at dn42-uk-lon1 10th February 2019 Updated the services to include new stuff::\n DNS Registry REST API and Explorer Global Route Collector New peers added:\n AS4242420191 / TCDUE at dn42-uk-lon1 AS4242422019 / HENOKV at dn42-fr-rbx1 AS64713 / MARTIN89 at dn42-fr-rbx1 AS4242423000 / RELROD at dn42-ca-bhs1 AS4242421656 / PHIIVO at dn42-us-lax2 26th January 2019 New service !\nA burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network.\nA common, global route collector is in progress, see here\n21st January 2019 New peer added:\n AS4242423306 / TIMK at dn42-au-syd1 13th January 2019 bgpmap updated to add MNT and prefix info for ASes.\nNew peers added:\n AS4242420415 / TYLER at dn42-us-lax2 AS4242423569 / DHE at dn42-us-dal3 AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1 12th January 2019 The Looking Glass now supports bgpmap again.\nMy bird-lg fixes are available on github.\nNew peer added:\n AS4242421501 / ADAMYI at dn42-au-syd1 11th January 2019 Some layout fixes to the Looking Glass, including fixing whois lookups.\n3rd January 2019 First new peers of 2019:\n AS4242420505 / 42ISLIFE at dn42-ca-bhs1 AS4242421114 / GRGR at dn42-us-chi2 AS4242421050 / NAPSTERBATER at dn42-us-chi2 2nd January 2019 Consolidated number of anycast sessions.\n"});index.add({'id':2,'href':'/additional/maintlog/2018/','title':"2018",'parent':"Maintenance Log",'content':"Archive of changes made in 2018\n30th December 2018 Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3.\n27th December 2018 Added Certificate Authority details.\n26th December 2018 Upgraded the looking glass with Zhaofeng bird-lg fixes.\nROA data is available through the burble.dn42 website, see the Services page.\nRPKI service is now replicated across regions to provide additional resiliency.\nNew version of bird2 deployed, including RPKI fixes from JRB0001.\n24th December 2018 Added new peers:\n AS4242422255/LINUXGEMINI at dn42-tr-ist1 AS4242421191/YAMAKAJA at dn42-fr-rbx1 AS4242423230/RASP at dn42-au-syd1 Updated the Services page to include more implementation details.\nReworked intra-confederation peering to provide more resilience.\nImplemented ROA via RPKI updates using roasrv by Yamakaja and gortr\n16th December 2018 New node !\ndn42-jp-tyo1 has been commissioned and is open for new peers in Tokyo, Japan.\n14th December 2018 Updated host information and network map with new nodes.\n10th December 2018 New peers added:\n AS4242423090/HEIAS at dn42-fr-rbx1 AS4242421979/MDUCHARME at dn42-us-sea2 dn42-us-sea2 is now operational and available for peering.\n2nd December 2018 tinc + babeld is not a winning combination. Since introducing babeld, the burble.dn42 WAN overlay has experienced a number of periods of instability, with nodes dropping on and off the network.\nThe WAN has been updated to use a Wireguard mesh with OSPF as IGP, and is now significantly more stable again.\n1st December 2018 New peers added:\n AS4242420260/GISH at dn42-au-syd1 AS4242421009/KLARA at dn42-no-osl1 AS4242420058/ILL at dn42-au-syd1 AS4242422547/LANTIAN at dn42-fr-rbx1 / dn42-us-lax2 / dn42-sg-sin3 30th November 2018 Three new nodes will be available for peering soon:\n dn42-us-chi2 - Chicago, United States dn42-us-sea2 - Seattle, United States dn42-us-dal3 - Dallas, United States 29th November 2018 dn42-us-dal1 locked up, and has been restarted.\n28th November 2018 dn42-uk-lon1, dn42-lt-vil1, dn42-sg-sin1 and dn42-us-mia1 all locked up at 03:00 UTC and have now been restarted.\n23nd November 2018 Black Friday has delivered four new nodes to the burble.dn42 network:\n dn42-vn-han1 - Hanoi, Vietnam dn42-no-osl1 - Oslo, Norway dn42-ca-bhs1 - Beauharnois, Canada dn42-us-lax2 - Los Angeles, United States dn42-sg-sin3 - Singapore All nodes are open to new peers, so just contact dn42@burble.com if you\u0026rsquo;d like to connect to the network.\n22nd November 2018 New peers added:\n AS4242420165/ZAICA at dn42-fr-rbx1 AS42424222673/CORESTORAGE at dn42-uk-lon1 18th November 2018 Updates to reverse DNS.\n17th November 2018 Added new peers\n AS4242423640/HESSENET at dn42-fr-rbx1 AS4242420149/NIRF at dn42-lt-vil1 17th November 2018 The internal routing protocol (IGP) for burble.dn42 has moved from OSPF to using babeld.\nAll nodes on the burble.dn42 network are inter-connected with a tinc mesh. Despite the network physically spanning across contintents, OSPF saw the tinc overlay network as being flat which prevented effective use of technologies such as anycast and forced the use of central resources. The hope is that babel, configured to use an RTT metric, will allow better use of regional services.\nPlease let me know if you observe any issues due to the new IGP.\n16th November 2018 New node in Istanbul, Turkey.\ndn42-tr-ist1 has been commissioned and is now open for new peers. See the peering page for more details.\n"});index.add({'id':3,'href':'/network/','title':"Network",'parent':"burble.dn42",'content':"Information about the burble.dn42 network.\n Overview: Introduction to the burble.dn42 network Peering with burble.dn42: How to peer with burble.dn42 Node Information: Detailed Node Information IPAM: IP Address Lists Routing Policy: Description of the network routing policy BGP Communities: BGP communities used in the network Realtime Status: Network Status "});index.add({'id':4,'href':'/network/peering/','title':"Peering with burble.dn42",'parent':"Network",'content':"This page provides the information to get started on peering with the burble.dn42 network\nburble.dn42 is a set of global POPs integrated to the dn42 network, and new peering requests are welcome. A description of the network is available in the Overview page.\nburble.dn42 is a large network and there are some restrictions in place to protect the network and the rest of the DN42. Please ensure you read the information below before requesting to peer.\nPeering Requests Please mail dn42@burble.com if you\u0026rsquo;d like to peer with me.\nPeering Requirements To peer with burble.dn42, you must meet the following requirements:\n You must have at least two peerings already established with other DN42 networks\nSorry, but burble.dn42 is not open to new starters. If you are a new starter in DN42 please use the peerfinder or ask on IRC; there are lots of other networks who will be happy to peer with you, and some even offer automatic peering.\nThis is a tough restriction, but one that is in place to promote network diversity.\n You must support IPv6\n You must implement ROA checks\n Contact information in the registry must always be up to date and admins must respond when contacted\nContacts must also be reachable in case of problems. In addition, the network is ever evolving and failure to respond to change notices may result in your peering being suspended.\n At a minimum, I\u0026rsquo;ll need to know the following in order to establish a peering:\n The burble.dn42 node you would like to peer with Your ASN The public address of your host The tunnel parameters, e.g. Port number, if using wireguard or OpenVPN Public key for wireguard Any special config you need that is different to my defaults IP addresses of your end of the tunnel Typically these will be a single IPv4/32 and IPv6/128 from your DN42 allocation All peerings will be configured as a full transit session.\nResidential ISPs and Dynamic IP Addresses\nA 24/7 connection, with static IP addresses are the norm for DN42. If you are connecting from a residential ISP or otherwise have a dynamic IP please let me know so that I can configure my side appropriately. If you don\u0026rsquo;t do tell me, the peering may stop working when your IP address changes.\n Peering in Multiple Locations\nIf you have multiple nodes, you are welcome to peer in several locations to provide additional redundancy and route choice.\nIt\u0026rsquo;s highly recommended to peer with multiple users DN42 users though, it\u0026rsquo;s lots of fun and you should never rely on just one user for your connectivity.\n Supported Tunnel Types I prefer to use wireguard, it\u0026rsquo;s simple to set up and just works. I also support OpenVPN tunnels.\nWireguard The port number will be 2xxxx where xxxx is the last four digits of your ASN. Each peer is assigned a unique encryption key, pre-shared keys are also supported. Endpoint names and IP addresses are detailed in the nodes page. My wireguard AllowedIPs are:\nAllowedIPs=fe80::/64 AllowedIPs=fd00::/8 AllowedIPs=0.0.0.0/0 Use of wg-quick\nUsing wg-quick is not recommended as it does not support adding a peer address. If you want to use wg-quick you will need to delete and re-add the wireguard interface IP address and configure it as a point to point address or you will run in to next-hop problems when using BGP. You must read the DN42 Wiki on how to set up wg-quick for use within DN42.\n OpenVPN The port number will be 2xxxx where xxxx is the last four digits of your ASN. By default I will configure the following OpenVPN parameters:\ncomp-lzo cipher aes-256-cbc auth sha256 Tunnel Configuration Allowed Traffic Only the network ranges will be forwarded through the DN42 network, all other traffic will be dropped.\nIPv4\n172.16.0.0/12 10.0.0.0/8 IPv6\nfd00::/8 BGP peer addresses are more permissive to allow for link local or non-DN42 IP addresses within the tunnel, but these will not be forwarded through the DN42 network. Flow Control and BGP Rate Limiting A typical BGP session in DN42 will use a trivial amount of traffic. However, for large networks like burble.dn42 some transient events, such as BGP flapping, can generate multi MB/sec traffic flows that damange the network and create instability across DN42.\nTo protect the network from misconfigurations and prevent excessive updates from being propagated to the rest of DN42, the burble.dn42 network implements rate limiting on direct BGP sessions. The rate limiting activates when a large amount of BGP traffic is seen (typically 10\u0026rsquo;s or 100\u0026rsquo;s of thousands of updates a second) over a sustained period and will typically reset automatically within an hour.\nThere are no other controls applied to transit or non-BGP traffic.\nBGP Configuration Network Name BURBLE BURBLE-MNT dn42@burble.com ASN AS4242422601 BGP Feature Support The burble.dn42 network uses a custom build of bird 2, and the following features are supported:\n Multiprotocol BGP RFC 4760 BGP Large Communities RFC 8092 BGP Confederations RFC 5065 DN42 Route Origin Authorisation (ROA - see below section on Route Filtering) DN42 BGP communities burble.dn42 custom large communities burble.dn42 Routing Policy The source code for the custom bird used on the network is available on git.burble.dn42\nRoute Filtering The network applies strict Route Origin Authorisation (ROA) filtering to all received and exported routes. This means any advertised route that does not have a corresponding route{,6} object in the DN42 registry will be dropped.\nROA is implemented with updates through RPKI, using dn42regsrv and gortr.\nThe DN42 ROA data is provided as a public service, see the Services page.\n Generic Allowed Prefixes: IPv4\n172.20.0.0/14+ 10.0.0.0/8+ IPv6\nfd00::/8{44,64} Testing Connectivity Testing Within the tunnel, hosts respond to ping and traceroute, but also have the echo (port 7) and daytime (port 13) services enabled. These can be used to check the tunnel is up and configured correctly.\n$ ping fe80::42:2601:32:1%wg0 PING fe80::42:2601:32:1%wg0(fe80::42:2601:32:1%wg0) 56 data bytes 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=1 ttl=64 time=4.44 ms 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=2 ttl=64 time=4.52 ms 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=3 ttl=64 time=4.96 ms ^C --- fe80::42:2601:32:1%wg0 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 4.445/4.643/4.961/0.233 ms $ netcat fe80::42:2601:32:1%wg0 13 Sun Sep 23 09:57:26 2018 ^C $ Reachability Testing Once peering is established I have a BGP looking glass (public internet link) and global route collector which can be used to check routing configuration. Looking glasses are a key, self-service resource for you to use when understanding how your routes are propogating around the DN42 network, please take the time to learn how to use them.\nSpeed Test burble.dn42 operates two speed test servers on central, high bandwidth nodes. See the services pages for more info.\nAutomated Tests pingable.burble.dn42 (172.20.129.5 / fd42:4242:2601:ac05::1) is a dedicated address that responds to ping and traceroute and may be used for automated reachability or link quality testing.\nPlease be considerate when configuring automated tests and set a reasonable test frequency.\nIn all cases, the frequency must not be more than once a second. Please consider this if your router automatically pings its tunnel endpoint for stats purposes.\n "});index.add({'id':5,'href':'/services/dn42/','title':"DN42",'parent':"Services",'content':"burble.dn42 hosts a number of DN42 infrastructure services.\nDNS Service Name IP DN42 Master b.master.delegation-servers.dn42 fd42:180:3de0:30::1 Authoritative Service b.delegation-servers.dn42 172.20.129.1fd42:4242:2601:ac53::1 Recursive Service b.recursive-servers.dn42 172.20.129.2fd42:4242:2601:ac53::53 burble.dn42 provides a local, anycast, authoritative and recursive DNS service.\nThe DNS Service has it\u0026rsquo;s own page.\nDN42 Wiki Mirror Mirror URLs wiki.dn42wiki.burble.dn42  (editable via DN42) dn42.devwiki.burble.com  (read-only via public internet) burble.dn42 maintains a globally distributed mirror of the DN42 Wiki, and is part of the wiki.dn42 anycast group. The DN42 services (wiki.dn42 and wiki.burble.dn42) are editable, whilst the public internet views (dn42.dev and wiki.burble.com) are read-only.\nPlease note that updates to the wiki may take several hours to sync with other mirrors.\nThe service is provided by regional mirrors fronted by an nginx proxy that is itself anycasted across burble.dn42. The service is fully meshed and will continue to operate as long as at least one proxy and mirror is available.\nMirrors are located in the following locations:\n dn42-de-fra1 dn42-ca-bhs2 dn42-us-dal3 dn42-us-lax1 Whois Service whois.burble.dn42 fd42:4242:2601:ac43::1 172.20.129.8 WHOIS service providing data from the DN42 registry. The WHOIS service is also anycasted across the network.\nThe source code for the service is available in the burble.dn42 git.\nGlobal Route Collector https://grc.burble.com/ (public internet link) https://lg-grc.burble.com/ (public internet link) https://collector.dn42/ (DN42 link) https://lg.collector.dn42/ (DN42 link) ssh shell@collector.dn42 The global route collector provides a central bird instance that collects routes from peers across the DN42 network.\nAll users are invited to join the collector and help provide stats for the network.\nThe route collector can currently be queried by using ssh to connect a bird shell or via a looking glass.\nAdditional services and stats are expected to be developed in the future.\nDN42 Infrastructure Monitoring burble.dn42 hosts monitoring and alerting of key DN42 services, see the grafana service for more details.\n"});index.add({'id':6,'href':'/network/nodes/','title':"Node Information",'parent':"Network",'content':"Europe dn42-fr-rbx1 Location OVH (SoYouStart), Roubaix, France Specs 4 core/8 thread, 32GB, 2 x 960GB SSD, 500mbit unmetered Public Hostname dn42-fr-rbx1.burble.com Public IPv4 Address 176.31.240.39 Public IPv6 Address 2001:41d0:8:127::1 Tunnel IPv4 Peer Address 172.20.129.188/32 Tunnel IPv6 Link Local fe80::42:2601:36:1/64 Tunnel IPv6 ULA fd42:4242:2601:36::1/128 dn42-uk-lon1 Location Clouvider, London, UK Specs 4 core/8 thread, 32GB, 2 x 240GB SSD, 10TB bw Public Hostname dn42-uk-lon1.burble.com Public IPv4 Address 185.42.222.153 Public IPv6 Address 2a04:92c5:2::1 Tunnel IPv4 Peer Address 172.20.129.187/32 Tunnel IPv6 Link Local fe80::42:2601:35:1/64 Tunnel IPv6 ULA fd42:4242:2601:35::1/128 dn42-de-fra1 Location PHP Friends, Frankfurt, Germany Specs 4 dedicated EPYC cores, 20GB, 160GB NVME, 5TB bw Public Hostname dn42-de-fra1.burble.com Public IPv4 Address 193.41.237.149 Public IPv6 Address 2a0d:5941:1:17c::4e2a Tunnel IPv4 Peer Address 172.20.129.169/32 Tunnel IPv6 Link Local fe80::42:2601:31:1/64 Tunnel IPv6 ULA fd42:4242:2601:31::1/128 dn42-ch-zur1 Location HostHatch, Zurich, Switzerland Specs 2 shared cores, 8GB, 40GB NVME, 5TB bw Public Hostname dn42-ch-zur1.burble.com Public IPv4 Address 45.91.92.111 Public IPv6 Address 2a0e:dc0:6:8::1 Tunnel IPv4 Peer Address 172.20.129.174/32 Tunnel IPv6 Link Local fe80::42:2601:28:1/64 Tunnel IPv6 ULA fd42:4242:2601:28::1/128 dn42-no-trd1 Location Trondheim, Norway Specs 2 shared cores, 2GB, 16GB SSD, 1gbit unmetered Public Hostname dn42-no-trd1.burble.com Public IPv4 Address 217.168.87.226 Public IPv6 Address 2001:678:dd0:ffff::25 Tunnel IPv4 Peer Address 172.20.129.185/32 Tunnel IPv6 Link Local fe80::42:2601:39:1/64 Tunnel IPv6 ULA fd42:4242:2601:39::1/128 Available Q1 2021 dn42-es-mad1 Location HostHatch, Madrid, Spain Specs 1 shared core, 2GB, 20GB SSD, 2TB bw Public Hostname dn42-es-mad1.burble.com Public IPv4 Address 45.132.74.100 Public IPv6 Address 2a0e:dc0:9:5::ab2d Tunnel IPv4 Peer Address 172.20.129.170/32 Tunnel IPv6 Link Local fe80::42:2601:2c:1/64 Tunnel IPv6 ULA fd42:4242:2601:2c::1/128 North America dn42-ca-bhs2 Location OVH (SoYouStart), Beauharnois, Canada Specs 4 core/8 thread, 32GB, 2 x 960GB SSD, 500mbit unmetered Public Hostname dn42-ca-bhs2.burble.com Public IPv4 Address 192.99.6.65 Public IPv6 Address 2607:5300:60:3741::1 Tunnel IPv4 Peer Address 172.20.129.167/32 Tunnel IPv6 Link Local fe80::42:2601:2d:1/64 Tunnel IPv6 ULA fd42:4242:2601:2d::1/128 dn42-us-dal3 Location drserver, Dallas, United States Specs 8 core, 8GB, 240GB SSD, 100mbit unmetered Public Hostname dn42-us-dal3.burble.com Public IPv4 Address 144.172.126.201 Public IPv6 Address 2602:fe64:8::4 Tunnel IPv4 Peer Address 172.20.129.172/32 Tunnel IPv6 Link Local fe80::42:2601:2a:1/64 Tunnel IPv6 ULA fd42:4242:2601:2a::1/128 dn42-us-lax1 Location LetBox, Los Angeles, United States Specs 2 shared ryzen cores, 4GB, 15GB NVMe/250GB HDD, 5TB bw Public Hostname dn42-us-lax1.burble.com Public IPv4 Address 185.215.224.214 Public IPv6 Address 2a0b:ae40:1:4a0a::5a Tunnel IPv4 Peer Address 172.20.129.165/32 Tunnel IPv6 Link Local fe80::42:2601:3a:1/64 Tunnel IPv6 ULA fd42:4242:2601:3a::1/128 Asia and Oceania dn42-sg-sin2 Location OVH, Singapore Specs 1 shared core, 2GB, 20GB SSD, 2TB bw Public Hostname dn42-sg-sin2.burble.com Public IPv4 Address 139.99.89.157 Public IPv6 Address 2402:1f00:8000:800::3bc Tunnel IPv4 Peer Address 172.20.129.181/32 Tunnel IPv6 Link Local fe80::42:2601:37:1/64 Tunnel IPv6 ULA fd42:4242:2601:37::1/128 Available Q1 2021 dn42-hk-hgk1 Location HostHatch, Hong Kong, CN Specs 2 shared core, 8GB, 40GB SSD, 1TB bw Public Hostname dn42-hk-hkg1.burble.com Public IPv4 Address tbc Public IPv6 Address tbc Tunnel IPv4 Peer Address 172.20.129.179/32 Tunnel IPv6 Link Local fe80::42:2601:23:1/64 Tunnel IPv6 ULA fd42:4242:2601:23::1/128 Older Nodes The following nodes are still active but are being decommissioned and are no longer open for new peerings. dn42-au-syd1 Location OVH, Sydney, Australia Public Hostname dn42-au-syd1.burble.com Decom. Date January 2021 Public IPv4 Address 139.99.237.85 Public IPv6 Address 2402:1f00:8100:400::279 Tunnel IPv4 Peer Address 172.20.129.180/32 Tunnel IPv6 Link Local fe80::42:2601:38:1/64 Tunnel IPv6 ULA fd42:4242:2601:38::1/128 dn42-us-nyc1 Location HostHatch, New York, United States Public Hostname dn42-us-nyc1.burble.com Decom. Date April 2021 Public IPv4 Address 185.213.26.143 Public IPv6 Address 2a0d:5600:33:b::1 Tunnel IPv4 Peer Address 172.20.129.168/32 Tunnel IPv6 Link Local fe80::42:2601:34:1/64 Tunnel IPv6 ULA fd42:4242:2601:34::1/128 dn42-us-chi1 Location HostHatch, Chicago, United States Public Hostname dn42-us-chi1.burble.com Decom. Date May 2021 Public IPv4 Address 193.29.63.150 Public IPv6 Address 2605:4840:3:10::ab2d Tunnel IPv4 Peer Address 172.20.129.166/32 Tunnel IPv6 Link Local fe80::42:2601:2e:1/64 Tunnel IPv6 ULA fd42:4242:2601:2e::1/128 "});index.add({'id':7,'href':'/services/public/','title':"Public Services",'parent':"Services",'content':"Services provided for use within DN42\nWebsite burble.dn42 (dn42 link) dn42.burble.com (public internet link) This website is built using Hugo and is distributed across burble.dn42 core nodes.\nThe public internet site is hosted on de-fra1 behind CloudFlare and the source for the website is published in the burble.dn42 git.\nIssue Log A public issue log is maintained on the DN42 Registry.\n Issue Log Users are welcome to raise issues or enhancements via the log.\nDiagnostic Services Looking Glass lg.burble.com (public internet link) lg.burble.dn42 (dn42 link) The burble.dn42 looking glass is based on bird-lg with patches by Zhaofeng, tds and myself to fix formating, bird2 compatibility and other tweaks.\nA fork of sileht/bird-lg that includes all of our fixes is available on GitHub.\nDN42 registry data in the BGP Map part of the looking glass uses lgregmapper to interface with dn42regsrv.\nThe looking glass is hosted on de-fra1 and the public version is behind CloudFlare.\nPingable IP address pingable.burble.dn42 172.20.129.5 fd42:4242:2601:ac05::1 pingable.burble.dn42 is a single IP address that will respond to ping and traceroute requests across the entire network.\nThis address may be used for automated reachability or latency tests, however please be considerate and configure a reasonable test frequency.\nIn all cases, do not set the ping frequency to be higher than once a second. Speed Test Service A speed test service is available in France and Canada. Note that the service is currently available over IPv6 only at this time.\n France: https://speedtest.fr-rbx1.burble.dn42 Canada: https://speedtest.ca-bhs2.burble.dn42 If the service ends up loading or disrupting the rest of the network then I may end up removing it, so remember this service is provided for your benefit and use responsibly. Network Status and Reporting Grafana Dashboards https://grafana.burble.dn42 dn42 link https://grafana.burble.com public internet link The hosted grafana service has it\u0026rsquo;s own page here.\nUptime monitoring dn42.status.burble.com Each node in the network is monitored by UptimeRobot with alerts if a node becomes unavailable.\nInternal monitoring Internally, nodes are measured by netdata which provides a real time view of each node. prometheus is then used to collect and store that data for historical reporting. grafana is used for visualisation.\nSyslogs are exported in real time to a central logging node on the internal network.\nDNS Service Name IP Authoritative Service ns1.burble.dn42 172.20.129.1fd42:4242:2601:ac53::1 Recursive Service dns.burble.dn42 172.20.129.2fd42:4242:2601:ac53::53 DNS64 Service dns64.burble.dn42 fd42:4242:2601:ac53::64 burble.dn42 provides a local, anycast, authoritative and recursive DNS service.\nThe DNS Service has it\u0026rsquo;s own page.\nDNS over HTTPs (DoH) DNS over TLS All services support DNS over HTTPs on port 443, and DNS over TLS on port 843. Registry API Service and Explorer https://explorer.burble.com/ (public internet link) https://explorer.burble.dn42/ (DN42 link) dn42regsrv is a REST API for the DN42 registry that provides a bridge between interactive applications and the registry.\nAs well as the main REST API to the DN42 registry, the server can also generate ROA tables and provides a small web application for exploring registry data.\nROA Data Route Origin Authorisation (ROA) tables are generated using dn42regsrv and published to the dn42.burble.com website for general use.\nThe JSON output file can be used with gortr to implement ROA checks via RPKI.\nThe Bird files can be used directly with Bird to implement ROA checks as detailed in the DN42 Wiki (Bird1 / Bird2).\n URL  IPv4/IPv6  Description https://dn42.burble.com/roa/dn42_roa_46.json  Both   DN42 ROA data in JSON format https://dn42.burble.com/roa/dn42_roa_bird1_46.conf  Both   DN42 ROA data for use with Bird1 https://dn42.burble.com/roa/dn42_roa_bird1_4.conf  IPv4 Only   DN42 ROA data for use with Bird1 https://dn42.burble.com/roa/dn42_roa_bird1_6.conf  IPv6 Only   DN42 ROA data for use with Bird1 https://dn42.burble.com/roa/dn42_roa_bird2_46.conf  Both   DN42 ROA data for use with Bird2 https://dn42.burble.com/roa/dn42_roa_bird2_4.conf  IPv4 Only   DN42 ROA data for use with Bird2 https://dn42.burble.com/roa/dn42_roa_bird2_6.conf  IPv6 Only   DN42 ROA data for use with Bird2 ROA data is cached via Cloudflare to provide fast local access, and an n8n script is used to update ROA data immediately following registry changes.\nGit git.burble.dn42 (dn42 link) git.burble.com (public internet link) burble.dn42 related code and configuration is maintained in a local gitea repository.\nPrivateBin Instance paste.burble.dn42 (dn42 link) paste.burble.com (public internet link) burble.dn42 PrivateBin instance.\nNTP Service All servers in burble.dn42 provide a stable, high stratum NTP service using chrony.\nThe NTP service is exposed over DN42, and users are welcome to use any server in the burble.dn42 network as an NTP time server on either the public or DN42 networks.\n"});index.add({'id':8,'href':'/services/','title':"Services",'parent':"burble.dn42",'content':"Information about burble.dn42 services.\n DN42: DN42 Infrastructure Services Public Services: List of public services Internal Services: Documentation for Non-public applications DNS: DNS services Certificate Authority: burble.dn42 certificate authority "});index.add({'id':9,'href':'/additional/','title':"Additional Info",'parent':"burble.dn42",'content':" Maintenance Log: A log of changes to the burble.dn42 network 2020 2019 2018 Things to do in DN42: Stuck for inspiration ? "});index.add({'id':10,'href':'/services/internal/','title':"Internal Services",'parent':"Services",'content':"This page provides some documenation on other services used within burble.dn42 that are not directly available for public use.\nrproxy.burble.dn42 Core nodes run an nginx container that acts as a reverse proxy for services hosted in tier2.\nThe reverse proxy is distributed to improve local response times and is anycast as rproxy.burble.dn42. Most web services provided by burble.dn42 are simply CNAMEs to the reverse proxy which then balances and forwards the request to the actual service.\nAs well as a reverse proxy, nginx also provides:\n TLS termination A local page cache to act as a poor man\u0026rsquo;s CDN Static content server n8n.burble.dn42 n8n is used to provide an automation and workflow service.\nAs an example, n8n is used to update dn42regsrv and [ROA tables](/services/public#ROA Tables) when the registry changes.\nvault.burble.dn42 Hashicorp Vault is used to handle secrets across the burble.dn42 network. Vault is deployed as a 3 node cluster across the Europe core nodes and uses Consul as the cluster back end.\nTLS Certificate Authority Vault acts as the main certificate authority for burble.dn42 PKI, however there is also an intermediate ACME server based on smallstep CA.\nVault allows for regular, automated renewal of certificates on short timeframes (typically a rolling week or monthly basis).\nSSH Certificate Authority Vault also acts as an SSH certificate authority, verifying both users and servers within the network.\nServer certificates are generated during deployment, whilst user (or role) certificates are short lived and generated on demand.\nDeployment Secrets Vault holds secrets used during node and service deployments.\nMost burble.dn42 are built as stateless container images and secrets are pushed from vault in to the live containers at runtime. This ensures the container images do not contain secrets and that secrets can be applied per instance even when using a common image.\nVault also manages database credentials (using the mysql/mariadb integration), and these are also automatically generated and pushed in to container instances on deployment.\nThe authority to access deployment secrets is inherited, on demand, from the user token during the deployment process. This ensures that even if access was gained to the deployment server, secrets could still not be accessed without also having access to a live user token.\nci.burble.dn42 The burble.dn42 git has an associated CI/CD service based on drone.\nThe CI/CD service is used to manage DNS, build and publish applications and the burble.dn42 website.\nminio.burble.dn42 min.io is used as an S3 compatible block storage service. For example, min.io is used for storing build artifacts from CI pipelines.\nAs well as a central storage server, min.io is deployed in \u0026lsquo;gateway\u0026rsquo; mode to provide local, regional caches for the block storage.\nThe min.io services uses a global etcd cluster for credential management.\nlounge.burble.dn42 For lurking on #dn42 I use thelounge, a web based IRC client.\n"});index.add({'id':11,'href':'/network/IPAM/','title':"IPAM",'parent':"Network",'content':"IP address tables\nGeneral Ranges IPv4 IPv4 Address Range Purpose 172.20.129.0/27 burble.dn42 services 172.20.129.160/27 burble.dn42 nodes IPv6 IPv6 Address Range Purpose fd42:4242:2601:acXX::/64 Anycast services fd42:4242:2601:AA::/64 Public services for host AA fd42:4242:2601:AA00::/56 /56 routed to host AA fd42:4242:2601:AA02::/64 Tier2 services on host AA burble.dn42 Services DNS IPv4 IPv6 Comment 172.20.129.0 Reserved ns1.burble.dn42 172.20.129.1 fd42:4242:2601:ac53::1 Authoritative DNS Master dns.burble.dn42 172.20.129.2 fd42:4242:2601:ac53::53 Recursive DNS Resolver burble.dn42www.burble.dn42 172.20.129.3 fd42:4242:2601:ac80::1 Website collector.dn42 172.20.129.4 fd42:4242:2601:ac12::1 Global Route Collector pingable.burble.dn42 172.20.129.5 fd42:4242:2601:ac05::1 Pingable IP Address wiki.burble.dn42 172.20.129.6 fd42:4242:2601:ac81::1 DN42 Wiki Mirror rproxy.burble.dn42 172.20.129.7 fd42:4242:2601:acf0::1 Distributed NGINX Reverse Proxy whois.burble.dn42 172.20.129.8 fd42:4242:2601:ac43::1 Whois service 172.20.129.10-31 Unallocated burble.dn42 Nodes (DN42 Addressing) DNS IPv4 IPv6 Comment unassigned 172.20.129.164 fd42:4242:2601:3f::1 dn42-us-lax1.burble.dn42 172.20.129.165 fd42:4242:2601:3a::1 dn42-us-chi1.burble.dn42 172.20.129.166 fd42:4242:2601:2e::1 Decom. May 2021 dn42-ca-bhs2.burble.dn42 172.20.129.167 fd42:4242:2601:2d::1 dn42-us-nyc1.burble.dn42 172.20.129.168 fd42:4242:2601:34::1 Decom. April 2021 dn42-de-fra1.burble.dn42 172.20.129.169 fd42:4242:2601:31::1 dn42-es-mad1 172.20.129.170 fd42:4242:2601:2c::1 dn42-us-phx1.burble.dn42 172.20.129.171 fd42:4242:2601:2b::1 Private Node dn42-us-dal3.burble.dn42 172.20.129.172 fd42:4242:2601:2a::1 unassigned 172.20.129.173 fd42:4242:2601:3b::1 dn42-ch-zur1.burble.dn42 172.20.129.174 fd42:4242:2601:28::1 dn42-uk-lon4.burble.dn42 172.20.129.175 fd42:4242:2601:29::1 Private Node ca-bhs1.burble.dn42 172.20.129.176 fd42:4242:2601:26::1 Temporary replacement of ca-bhs2 unassigned 172.20.129.177 fd42:4242:2601:25::1 dn42-uk-lon2.burble.dn42 172.20.129.178 fd42:4242:2601:24::1 Private Node dn42-hk-hkg1 172.20.129.179 fd42:4242:2601:23::1 Available Q1 2021 dn42-au-syd1.burble.dn42 172.20.129.180 fd42:4242:2601:38::1 Decom. Jan 2021 dn42-sg-sin2.burble.dn42 172.20.129.181 fd42:4242:2601:37::1 unassigned 172.20.129.182 fd42:4242:2601:3e::1 unassigned 172.20.129.183 fd42:4242:2601:3c::1 unassigned 172.20.129.184 fd42:4242:2601:22::1 dn42-no-trd1.burble.dn42 172.20.129.185 fd42:4242:2601:39::1 dn42-fr-rbx2.burble.dn42 172.20.129.186 fd42:4242:2601:32::1 Use fr-rbx1 dn42-uk-lon1.burble.dn42 172.20.129.187 fd42:4242:2601:35::1 dn42-fr-rbx1.burble.dn42 172.20.129.188 fd42:4242:2601:36::1 unassigned 172.20.129.189 fd42:4242:2601:3d::1 dn42-uk-bri1.burble.dn42 172.20.129.190 fd42:4242:2601:20::1 Private Node 172.20.129.191 Reserved dn42-uk-lon3.burble.dn42 fd42:4242:2601:27::1 Private Node dn42-uk-lon4.burble.dn42 fd42:4242:2601:29::1 Private Node dn42-uk-lon5.burble.dn42 fd42:4242:2601:30::1 Private Node dn42-nl-ams1.burble.dn42 fd42:4242:2601:33::1 Private Node burble.dn42 Nodes (Public Addressing) DNS IPv4 IPv6 dn42-fr-rbx1.burble.com 176.31.240.39 2001:41d0:8:127::1 dn42-uk-lon1.burble.com 185.42.222.153 2a04:92c5:2::1 dn42-de-fra1.burble.com 193.41.237.149 2a0d:5941:1:17c::4e2a dn42-ch-zur1.burble.com 45.91.92.111 2a0e:dc0:6:8::1 dn42-no-trd1.burble.com 217.168.87.226 2001:678:dd0:ffff::25 dn42-es-mad1.burble.com 45.132.74.100 2a0e:dc0:9:5::ab2d dn42-ca-bhs2.burble.com 192.99.6.65 2607:5300:60:3741::1 dn42-us-nyc1.burble.com 185.213.26.143 2a0d:5600:33:b::1 dn42-us-chi1.burble.com 193.29.63.150 2605:4840:3:10::ab2d dn42-us-dal3.burble.com 144.172.126.201 2602:fe64:8::4 dn42-us-lax1.burble.com 185.215.224.214 2a0b:ae40:1:4a0a::5a dn42-sg-sin2.burble.com 139.99.89.157 2402:1f00:8000:800::3bc dn42-hk-hkg1.burble.com tbc tbc dn42-au-syd1.burble.com 139.99.237.85 2402:1f00:8100:400::279 "});index.add({'id':12,'href':'/network/routing-policy/','title':"Routing Policy",'parent':"Network",'content':"With a global network and multiple peers, the burble.dn42 network typically has many alternative route paths for reaching a particular destination. The routing policy aims to keep route selection sane, and avoid sending traffic outside of a region where possible.\nPolicy Objectives Direct routes for prefixes belonging to a peer should be given the highest priority. So that traffic to peer networks is routed over the burble.dn42 network directly to the peer and not via an external 3rd party Routes to the anycast prefixes should be prioritised through stable, low latency peers. To ensure stability within the network and provide good routes for well known destinations (e.g. DNS and the DN42 wiki) Where prefixes are tagged with a DN42 region, they should be routed locally or within the burble.dn42 network. To avoid sending traffic across regions when this could have been avoided. The AS path length is also increased between regions to pursuade external routers to also prefer local hosts. Prioritise by shortest path, then lowest latency Policy Implementation bgp local_pref The local_pref for routes is set on entry, and then propogated across the whole network. This forces the network to prefer routes that, where possible, send traffic through the burble.dn42 network to a local peer, rather than sending cross regional traffic through external peers (aka Cold Potato Routing).\n Local Pref Route Class 3000 burble.dn42 dynamic / anycast routes 2000 burble.dn42 internal networks 1000 Peer networks (AS path len = 1) 500 Route received in same DN42 region as it originated 100 Default bgp med The med attribute is used to implement a latency based metric across the network. Scripts are used to gather the latency between nodes (using ping) and this is then incorporated in to the ansible scripting that generates the peer configuration for the internal mesh. The peer configuration sets the med to be the latency in ms between nodes (in milliseconds * 10). A penalty of 500 is added for each hop to encourange direct routing between nodes.\nmed = (latency between nodes in ms * 10) + (500 per hop) The med metric is exported to external peers to help them decide how to route traffic to the burble.dn42 network.\n"});index.add({'id':13,'href':'/network/communities/','title':"BGP Communities",'parent':"Network",'content':"This page describes the use of BGP communities within the network.\nDN42 Communities DN42 Communities are applied both internally and externally, and are used to influence the Routing Policy.\n Community Description ( 64511 : 0 \u0026lt; x \u0026lt; 21 ) Max latency ( 64511 : 20 \u0026lt; x \u0026lt; 30 ) Min bandwidth ( 64511 : 30 \u0026lt; x \u0026lt; 35 ) Min encryption ( 64511 : 40 \u0026lt; x \u0026lt; 54 ) Route Origin Well Known BGP Communities The following well known communities are implemented.\n Community Description Action ( 65535 : 65281 ) No Export Prefix should not be exported outside of AS4242422601 ( 65535 : 65282 ) No Advertise Prefix should not be exported to any peers ( 65535 : 65283 ) Local-AS Prefix should not be exported outside of region burble.dn42 Specific Communities burble.dn42 implements large BGP communities, with ISO 3166-1 / UNSD country, and UNSD region codes.\nInformational Communities Community Description ( 4242422601 : 120 : host code ) Route learned on this host ( 4242422601 : 130 : 1 ) Route is a direct peer ( 4242422601 : 140 : DN42 region ) Route learned in this DN42 region Internal Ghost Route Protection In a large network like burble.dn42 it can take some time for route updates to be distributed and for the network to settle following changes. As changes ripple through the network it can create a cascade of ghost updates, each with an increasing internal path length, or adjusted latency metric. Worse the cascade of updates can also be re-distributed to peers, creating a significant multiplier for the number of updates from a single change.\nTo protect against ghost routes, a community is used to track how many internal hops a route has. In a fully meshed network like burble.dn42, a genuine route should never have more than two internal hops, so an export filter is used to prevent distribution of longer paths.\n Community Description ( 4242422601 : 100 : 1 ) Added on first internal re-distribution ( 4242422601 : 100 : 2 ) Added on second re-distribution and prevents further re-distribution within burble.dn42 The ( 4242422601 : 100 : x ) communities are not exported to peers.\n"});index.add({'id':14,'href':'/services/dns/','title':"DNS",'parent':"Services",'content':"burble.dn42 provides a suite of DNS services, including running one of the two DN42 DNS master nodes that exports registry information to the DNS infrastructure.\n Role Names DN42 DNS Master b.master.delegation-servers.dn42 Authoritative DNS Service b.delegation-servers.dn42\nns1.burble.dn42 Recursive DNS Service b.recursive-servers.dn42dns.burble.dn42 dns64 Service dns64.burble.dn42 Apart from the Master, all DNS services are anycast across every node to provide fast, local responses network wide. The services support DNSSEC and are available over UDP, TCP, DNS over HTTPs and DNS over TLS.\nDN42 DNS Master Name IP b.master.delegation-servers.dn42 fd42:180:3de0:30::1 burble.dn42 runs one of the two master servers that support the DN42 DNS infrastructure.\nSee the wiki for more information on the role of the master service.\nThe master is hosted on us-dal3, providing geographic and network redundancy against the other DN42 master service, hosted in Europe.\nAuthoritative DNS Service Name IP ns1.burble.dn42b.delegation-servers.dn42 172.20.129.1fd42:4242:2601:ac53::1 ns1.burble.dn42 is slaved to master.delegation-servers.dn42, and provides DNSSEC signed, authoritative data for DN42 related zones.\nThe authoritative service may be used as the root for a local DNS resolver, with the assurance that returned DNS records are traceable via DNSSEC to the DN42 registry. The service also supports AXFR and may be used as a master to a local, slaved, root zone.\nNote that ns1.burble.dn42 will not forward DNS queries.\nForwarding is provided by the recursive service, dns.burble.dn42.\nSlaved DN42 zones .dn42 .recursive-servers.dn42 .delegation-servers.dn42 .registry-sync.dn42 d.f.ip6.arpa. 20.172.in-addr.arpa. 21.172.in-addr.arpa. 22.172.in-addr.arpa. 23.172.in-addr.arpa. 31.172.in-addr.arpa. 10.in-addr.arpa. Mastered Zones Zone Role burble.dn42 burble.dn42 forward zone collector.dn42 Global Route Collector forward zone 1.0.6.2.2.4.2.4.2.4.d.f.ip6.arpa burble.dn42 IPv6 reverse zone 0/27.129.20.172.in-addr.arpa burble.dn42 services IPv4 reverse zone 160/27.129.20.172.in-addr.arpa burble.dn42 nodes IPv4 reverse zone 0.3.0.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpa DNS Master reverse zone 0.0.1.0.0.e.d.3.0.8.1.0.2.4.d.f.ip6.arpa Registry services IPv6 reverse zone 0/28.63.22.172.in-addr.arpa Register services, IPv4 reverse zone Recursive DNS Service Name IP dns.burble.dn42b.recursive-servers.dn42 172.20.129.2fd42:4242:2601:ac53::53 dns.burble.dn42 is a caching, recursive DNS service that returns results for both DN42 and clearnet domains. The service issues parallel queries from five regional masters, the recursive service takes advantage of the burble.dn42 global scale to reduce latency and avoid local connectivity problems.\nThe recursor is DNSSEC enabled and validates all queries.\nUsing the recursive DNS service Users are encouraged to consult recursive-servers.dn42 to obtain a list of recursive DNS services and configure at least two independent resolvers to obtain the best resilience.\nSee also the DN42 Wiki for general guidelines and best practice for setting up DNS in DN42.\n$ host -t SRV _dns._udp.recursive-servers.dn42 _dns._udp.recursive-servers.dn42 has SRV record 10 10 53 a3.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 b.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 10 10 53 a0.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 j.recursive-servers.dn42. _dns._udp.recursive-servers.dn42 has SRV record 20 10 53 k.recursive-servers.dn42. Example resolv.conf using IPv6 with IPv4 fallback\n# DN42 resolve.conf search dn42 # burble.dn42 service # b.recursive-servers.dn42 nameserver fd42:4242:2601:ac53::53 # j.recursive-servers.dn42 nameserver 172.20.1.19 DNS64 Service Name IP dns64.burble.dn42 fd42:4242:2601:ac53::64 The dns64 service operates in a similar way to the main recursive service but also provides dns64 translation for hostnames that only have IPv4 addresses.\nThe service will return IPv4 mapped to the rfc6052 well-known prefix - 64:ff9b::/96\nDNS over HTTPS (DoH) DNS over TLS The burble.dn42 services support queries via DNS over HTTPS (on port 443) and DNS over TLS (on port 843). The HTTPS service is signed by the burble.dn42 Certificate Authority, and the CA certificate will be required by the client in order to use the service.\nexample\n$ doh burble.dn42 https://[fd42:4242:2601:ac53::53]/dns-query burble.dn42 from https://[fd42:4242:2601:ac53::53]/dns-query TTL: 3600 seconds A: 172.20.129.3 AAAA: fd42:4242:2601:ac80:0000:0000:0000:0001 Implementation The DNS service is implemented as a tiered, anycast service with each node in the network providing a local cache in front of regional, slave nodes.\ndns-edge Edge nodes provide a caching function for the slaves.\nRecursive services (dns.burble.dn42 and dns64.burble.dn42) are provided by dnsmasq configured using the \u0026lsquo;all-servers\u0026rsquo; mode. DN42 queries are forwarded to all regional slaves in parallel and the first response received is then returned. This approach ensures users get the lowest latency results possible, regardless of location, and that any local connectivity issues do not impact the results.\nThe authoritive service as well as DNS over HTTPS and DNS over TLS services are provided by dnsdist acting as a proxy. Requests are forwarded to either the regional slaves or local recursor services as appropriate and also cached.\nClearnet queries are forwarded on the edge nodes to a combination of Google and Cloudflare services.\nThe edge services are monitored and anycast routes automatically injected (or removed) using GoBGP and a health checking script.\ndns-slave Region Host Location Europe dns-slave.de-fra1.burble.dn42 PHP Friends, Frankfurt, Germany Americas (East) dns-slave.ca-bhs2.burble.dn42 OVH, Beauharnois, Canada Americas (Mid) dns-slave.us-dal3.burble.dn42 DrServer, Dallas, USA Americas (West) dns-slave.us-lax1.burble.dn42 LetBox, Los Angeles, USA Asia and Oceania dns-slave.sg-sin2.burble.dn42 OVH, Singapore The slave nodes are implemented using PowerDNS.\nThe Authoritative DNS servers are configured as slaves replicating from the DN42 master for .dn42 related zones and a hidden master located on the private, internal network for burble.dn42 zones.\nThe recursive service is provided by the pdns-recursor configured with DNSSEC validation and additional caching.\ndns-master The DN42 DNS master is a custom java program running on us-dal3.\n"});index.add({'id':15,'href':'/services/ca/','title':"Certificate Authority",'parent':"Services",'content':"burble.dn42 maintains a PKI infarstructure for its services, using Hashicorp Vault\nCA details countryName GB stateOrProvinceName dn42 organizationName burble.dn2 commonName ca.burble.dn42 emailAddress dn42@burble.com CA Download burble-dn42-ca.pem\n-----BEGIN CERTIFICATE----- MIIDrDCCApSgAwIBAgIJAIZWD8xmHTYFMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV BAYTAkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUG A1UEAwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxl LmNvbTAeFw0xODEyMjIwOTIxMDhaFw0yMDEyMjEwOTIxMDhaMGsxCzAJBgNVBAYT AkdCMQ0wCwYDVQQIDARkbjQyMRQwEgYDVQQKDAtidXJibGUuZG40MjEXMBUGA1UE AwwOY2EuYnVyYmxlLmRuNDIxHjAcBgkqhkiG9w0BCQEWD2RuNDJAYnVyYmxlLmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEsUm0KtuwZjrMeWl/x t8f5XCLdDdBAm9KWfJWl9fwxTFkwYEMaXMLjhsmoLKuyXejs7X72VAA/Ctz9KuiQ l/teuGKvt8gNbq3IXVH9KxW8uiSWJIUklZ801qLjUX4kzWJlCgug7Xd2Q0LsevvC QMSNa2Blfh6ieMtjeQNaRhoyy3xEn7t/CNkn5U+bVFTUYE31fREWyEJe2avX2KIs y55GxlkUmOZZPAsMs9at+NmfDWsxOYJSYBOeLsyzJnHWX0g+X9sBf14CDPL3KVxq NdGlPGYmJXr8Q5bNUv6diHSGd4nW/ft/IRGPpgXpwzcQNQHfneZUGSC9L+0B4LR4 sqkCAwEAAaNTMFEwHQYDVR0OBBYEFN8+6wkXTKajsoezC1nzvBe+YZscMB8GA1Ud IwQYMBaAFN8+6wkXTKajsoezC1nzvBe+YZscMA8GA1UdEwEB/wQFMAMBAf8wDQYJ KoZIhvcNAQELBQADggEBAEdmCZyKaEk2AOcgVkQ9OMAR+AaGIUCazvWKGx2DXAJI 2zmeEKx1tkRAkEQkzoUo7vor+X8/f3FVmtVF5bxbI9y7LsrXSNZB62z+Voyj36Id rOx05MN9FPbz6FAD5a7vTWCK7hRgGTaUGwYVyVXy9iiSA8Oqm8sqblvfk9jz3E5Y TJP6b8Y/Dq9BLpciozqSLo2zPOvl7kaN3kS3eufzA4O9LKfFIxXIcqfsSzFlbQyu afBrjiG18FVCNPQW3kCBk2oOWl7z/SJjB1oG/ZcDhSdHYPj+1gTsnzTKAB8qJikh gGwJMRLy1L5Bd0p63in5SNX9LXVsY+8YiA7sa3yAhWc= -----END CERTIFICATE----- Certificate Expiry Date: May 12 10:08:49 2029 GMT "});index.add({'id':16,'href':'/network/status/','title':"Realtime Status",'parent':"Network",'content':"Uptime Robot https://dn42.status.burble.com/ (public internet link) All nodes are monitored using UptimeRobot.\nGrafana Dashboards https://grafana.burble.com (public internet link) https://grafana.burble.dn42 (DN42 link) Netdata and Prometheus are used to monitor the network and stats are presented using a series of Grafana dashboards.\nBGP and Peering Status https://lg.burble.com/ (public internet link) https://lg.burble.dn42/ (DN42 link) BGP status can be found through my looking glass.\n"});index.add({'id':17,'href':'/privacy/','title':"Privacy Policy",'parent':"burble.dn42",'content':"In common with most websites, the burble.dn42 site and associated services may log any access you make and these logs contain your source IP address together with the page or service being accessed. If you are required to log in to access a burble.dn42 service, you should assume that the user id used for the service is also logged. Website and service logs are accessible only by the network administrators and used purely for diagnostic reasons and to prevent abuse. They are not shared in any way. Log retention varies depending on the service, but is at most, 1 month.\nburble.dn42 services are provided by servers operating globally. Data processing may take place in any country where the network has a pop or presence.\nThe services provided by burble.dn42 make use of data contained within the DN42 Registry. This data may contain personal data that has been provided voluntarily by users of DN42 and which is then made public by this website or associated services. Please refer to the DN42 registry privacy policy for more information.\nIf you have any data privacy concerns or requests regarding burble.dn42 services you may contact dn42@burble.com.\n"});index.add({'id':18,'href':'/','title':"burble.dn42",'parent':'','content':"An experiment in global networking.\n"});index.add({'id':19,'href':'/categories/','title':"Categories",'parent':"burble.dn42",'content':""});index.add({'id':20,'href':'/additional/maintlog/','title':"Maintenance Log",'parent':"Additional Info",'content':"A log of changes to the burble.dn42 network.\n 18th December 2020 New static website built using Hugo.\n22nd December 2020 es-mad1 in Madrid, Spain has been deployed and is now open for peering.\n Historical changes from previous years 2020 2019 2018 "});index.add({'id':21,'href':'/network/overview/','title':"Overview",'parent':"Network",'content':"burble.dn42 is an experimental global network within DN42.\nThe network is well connected with a large number of peers, and hosts some of the DN42 core infrastructure.\nTopology All nodes in the burble.dn42 network are fully meshed with wireguard tunnels. iBGP with BGP Confederations and a latency based metric are used as the interior routing protocol between nodes. iBGP is also fully meshed. and the configuration for both iBGP and wireguard tunnels is built using a number of Ansible scripts.\nThe current network design was introduced in December 2019; previous designs for the network have included a VXLAN overlay over the wireguard mesh to create a single layer 2 network, together with the use of OSPF as the IGP. Other variations have included using BABEL, and tinc.\nCore Technologies A selection of key technologies used within the network\n Ubuntu - node operating system Bird2 - routing daemon LXD - for virtualisation and containers Packer - for container builds Alpine Linux - used for containers Ansible - for deploying configuration "});index.add({'id':22,'href':'/tags/','title':"Tags",'parent':"burble.dn42",'content':""});index.add({'id':23,'href':'/additional/things-to-do/','title':"Things to do in DN42",'parent':"Additional Info",'content':"What can you do in DN42 ? Ultimately, you\u0026rsquo;ll get out of DN42 what you put in to it, but I\u0026rsquo;ve listed here a few ideas that may serve as inspiration and the spark an idea.\nThis is deliberately not a set of instructions or a guide and it\u0026rsquo;s not a checklist of stuff you must do. If you are interested in something there is plenty of public information available on all these topics.\nGetting Started Read up on how Internet peering works, and the tools and protocols that are used Register your details in the DN42 registry Do read the DN42 getting started guide Do browse through the registry itself and use what other people did as examples Do look through recent Pull Requests to see what is required and how to do it Join the mailing list and #dn42 on hackint DN42 is a great community with many knowledgable members. You can learn a lot from what other people are doing, or the problems they have, as well as getting your own network working Get your first peer use the peerfinder to find peers close to you, or ask on IRC ping something on DN42 use a DN42 service Congratulations, you\u0026rsquo;re connected to DN42 !\nThe Basics Get more peers Add 4 or 5 different peers having several peers prevents having a dependency on a single peer and adds redundancy provides you with a variety of different routes learn how different peers manage their networks How do you see which routes are being advertised and selected ? Change route metrics and see how this influences selected routes Optimise your routes across your peers What is an optimal route anyway ? How is your network being distributed across DN42 ? How do you find out ? Change how your routes are advertised to peers to influence the routing to your network across DN42 Set up DNS and resolve a host in the .dn42 hierarchy Set up your own DNS server Register a domain; set up forward and reverse DNS Set up a blog/wiki and document your network Make the pages available over DN42 and the Internet Add your network to the peerfinder Learn something new and add it to the DN42 Wiki Intermediate Secure your network Distribute DN42 routes to another, internal node Learn how to use an IGP and iBGP Add two or more nodes to DN42 and peer with multiple AS Distribute routes from all peers across the nodes in your network How do you decide which routes are \u0026lsquo;best\u0026rsquo; across the network ? Optimise your routes to DN42 How do you manage multiple entry points to your network ? What do other networks see ? How do other networks decide which node to route to ? Configure your network so that one node is preferred Optimise how DN42 sees your network Add two or more nodes in different continents Why is that different ? How do you optimise your network now ? Implement ROA Implement BGP communities Help a new joiner connect to DN42 Resolve someone elses DN42 problem Set up a looking glass Set up a service that can be used by the rest of the DN42 community Make it a \u0026lsquo;production\u0026rsquo; service, add HA, monitoring and alerting Secure your service Use the DN42 CA Add it to the wiki Complex Connect multiple nodes to the same peer AS in different geographic locations Optimise the routes to the AS Optimise the routes that the peer AS has to you Monitor your network How do you know it\u0026rsquo;s working well ? (what does \u0026lsquo;working well\u0026rsquo; mean ?) provide public metrics Create a virtual environmment to test changes How do you make your virtual environment representative of DN42 ? Volunteer to help with DN42 core services System administration and automation Patching and maintenance Implement backups and DR Automate the set up and configuration of your nodes Automate adding peers Even more Make something new What\u0026rsquo;s the latest software or network trend ? implement it and learn how to use it Make something experimental Try out a cutting edge service or network technology and see if you can get it to work What are the current challenges faced by the Internet ? How are they being solved ? Can you replicate the problem and potential solutions in DN42 ? Make something social Create and share a community resource Make something stable Fine tune your network and nodes DN42 changes all the time, how do you protect your network from other people breaking things ? Make something small Take something huge (DNS, CDNs, gmail, distributed computing, serverless, AI \u0026hellip;) and shrink it down to your network, but using the same techniques as the global players to manage things scale it up, and down Make something corporate Replicate a multi-datacentre corporate/organisation design Grab your next job based on your experience ;) "});})();
Reference in New Issue View Git Blame Copy Permalink