burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/pages/02.peering/default.md
Simon Marsh 19b992e35c
Remove a few nodes
2019-11-02 20:10:47 +00:00

14 KiB
Executable File
Raw Blame History

title
peering

Peering with burble.dn42

This page provides the information to get started on peering with the burble.dn42 network.
burble.dn42 is a set of global POPs integrated to the dn42 network, and new peering requests are welcome, whether you are a new starter or already have an established network. A description of the network is available in the about page.

####Peering Requests

Please mail dn42@burble.com if you'd like to peer with me.

By default, I'll configure a full transit connection with you which could mean I end up routing traffic over your network, but just let me know if you'd prefer a different peering arrangment.

At a minimum, I'll need to know the following in order to establish a peering:

  • The burble.dn42 node you would like to peer with
  • Your ASN
  • The public address of your host
  • The tunnel parameters, e.g.
    • Port number, if using wireguard or OpenVPN
    • Public key for wireguard
    • Any special config you need that is different to my defaults
  • IP addresses of your end of the tunnel
    • Typically these will be a single IPv4/32 and IPv6/128 from your DN42 allocation

Residential ISPs and Dynamic IP addresses

A 24/7 connection, with static IP addresses are the norm for DN42, and by default I will add firewall rules to limit tunnel traffic to your specific IP address. If you are connecting from a residential ISP or otherwise have a dynamic IP please let me know so that I can configure my side appropriately. If you don't do tell me, the peering will stop working when your IP address changes.

Supported Tunnel Types

I prefer to use wireguard, it's simple to set up and just works. I have experience with each of the tunnel types listed below, but if you really want to use something else, just drop me an email and we'll work it out.

  • Wireguard

    I use a random port number and unique key for each Wireguard peer, so just mail me to confirm the port number and public key.
    Endpoint names and IP addresses are detailed below.

    My wireguard AllowedIPs are:

AllowedIPs=fe80::/64 AllowedIPs=fd00::/8 AllowedIPs=0.0.0.0/0


Note that wg-quick does not support adding a peer address. If you want to use wg-quick you will
need to delete and re-add the wireguard interface IP address and configure it as a point to point
address or you will run in to next-hop problems when using BGP. See the
[DN42 Wiki](https://dn42.dev/howto/wireguard) on how to use iproute2 to configure a point to point
address.
  
* **[OpenVPN](https://openvpn.net/)**

By default I will configure the following OpenVPN parameters, with a random OpenVPN port number and shared key.

comp-lzo cipher aes-256-cbc auth sha256


####Allowed Traffic

Only the network ranges will be forwarded through the DN42 network, all other traffic will be dropped. 

**IPv4**

172.16.0.0/12 10.0.0.0/8


**IPv6**

fd00::/8


BGP peer addresses are more permissive to allow for link local or non-DN42 IP addresses within the tunnel, but these will not be forwarded through the DN42 network.

#### BGP Configuration

The burble.dn42 network is divided in to a number of BGP confederations
(see the [about](/about) page). The confederations use internal ASNs that are not
valid on DN42 and the network is presented as a single AS using the assigned DN42
ASN (AS4242422601) to external peers.

|||
|---|---|
|**Network Name** |BURBLE|
|**BURBLE-MNT**|dn42@burble.com|
|**ASN**|AS4242422601|
 

The burble.dn42 network uses [bird 2](https://bird.network.cz/?get_doc&f=bird.html&v=20), and the following features are supported:

* Multiprotocol BGP [RFC 4760](https://www.rfc-editor.org/info/rfc4760)
* BGP Large Communities [RFC 8092](http://www.rfc-editor.org/info/rfc8092)
* BGP Confederations [RFC 5065](https://www.rfc-editor.org/info/rfc5065)
* DN42 Route Origin Authorisation (ROA - see below section on Route Filtering) 
* DN42 [BGP communities](https://wiki.dn42.us/howto/Bird-communities)
* burble.dn42 custom [large communities](/home/bgp-communities)
* burble.dn42 [Routing Policy](/home/routing-policy)

**Route Filtering**

Incoming routes are filtered according the rules in the dn42 registry (data/filter.txt and data/filter6.txt).

Additionally Route Origin Authorisation (ROA) is implemented with updates through RPKI,
using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv) and
[gortr](https://github.com/cloudflare/gortr). This means any advertised prefix that does
not have a corresponding route{,6} object in the DN42 registry will be dropped.

The DN42 ROA data is provided as a public service, see the [Services](/home/burble-dn42-services) page.

Generic Allowed Prefixes:

IPv4

172.20.0.0/14{21,29}, # dn42 172.20.0.0/24{28,32}, # dn42 Anycast 172.21.0.0/24{28,32}, # dn42 Anycast 172.22.0.0/24{28,32}, # dn42 Anycast 172.23.0.0/24{28,32}, # dn42 Anycast 172.31.0.0/16+, # ChaosVPN 10.100.0.0/14+, # ChaosVPN 10.0.0.0/8{15,24} # Freifunk.net


IPv6

fd00::/8{44,64}


**Peering with Multiple Nodes**

Users are welcome to peer with more than one node in the burble.dn42 network.

Note that the regional routing policy means that peering with multiple nodes within the same
DN42 region will help provide resiliency, but is unlikely to provide additional route paths.
Peering with nodes in different regions and implementing the DN42
[BGP communities](https://wiki.dn42.us/howto/Bird-communities) will help provide more optimal
and varied routes.

#### Testing

Within the tunnel, hosts respond to ping and traceroute, but also have the echo (port 7) and daytime (port 13) services enabled. These can be used to check the tunnel is up and configured correctly.

$ ping fe80::42:2601:32:1%wg0 PING fe80::42:2601:32:1%wg0(fe80::42:2601:32:1%wg0) 56 data bytes 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=1 ttl=64 time=4.44 ms 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=2 ttl=64 time=4.52 ms 64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=3 ttl=64 time=4.96 ms ^C --- fe80::42:2601:32:1%wg0 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 4.445/4.643/4.961/0.233 ms $ netcat fe80::42:2601:32:1%wg0 13 Sun Sep 23 09:57:26 2018 ^C $


Once peering is established I have a BGP looking glass [here](https://lg.burble.com/) (public internet link) and global route [collector](https://collector.burble.com) which can be used to check routing.

#### Automated reachability and latency testing

pingable.burble.dn42 (172.20.129.5 / fd42:4242:2601:ac05::1) is a dedicated address
that responds to ping and traceroute and may be used for automated reachability or
link quality testing. Please be considerate when configuring automated tests and
set a reasonable test frequency. In all cases, the frequency must not be more
than once a second.

---
#### Network Information  
The burble.dn42 is fully meshed between nodes using wireguard tunnels and VXLAN. However, the network is configured as a number of sub-AS regions within a single BGP confederation to allow for regional services and to reduce the number of iBGP sessions. See the [about](/about) page for more details and a network diagram.

The internal, confederation ASNs documented here are *for information only* as they are not valid DN42 ASNs.  
When peering with burble.dn42 the DN42 assigned AS4242422601 should always be used.

|||
|---|---|
|**IPv4 Prefix (Services)**  |172.20.129.0/27|
|**IPv4 Prefix (Nodes)**  |172.20.129.160/27|
|**IPv6 Prefix**|fd42:4242:2601::/48|

### Europe
Internal ASN: AS4226010150

####dn42-fr-rbx1
|||
|---|---|
|**Location**|OVH, Roubaix, France|
|**Alias**|sunflower|
|**Public Hostname**|dn42-fr-rbx1.burble.com|
|**Public IPv4 Address**|91.121.7.182|
|**Public IPv6 Address**|2001:41d0:1:5ab6::1|
|**Tunnel IPv4 Peer Address**|172.20.129.188/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:36:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:36::1/128|

####dn42-uk-lon1
|||
|---|---|
|**Location**|Inception Hosting, London, UK|
|**Alias**|bode|
|**Public Hostname**|dn42-uk-lon1.burble.com|
|**Public IPv4 Address**|185.121.25.242|
|**Public IPv6 Address**|2a04:92c7:e:bd2::e6b9|
|**Tunnel IPv4 Peer Address**|172.20.129.187/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:35:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:35::1/128|

####dn42-de-fra1
|||
|---|---|
|**Location**|PHP Friends, Frankfurt, Germany|
|**Alias**|abell|
|**Public Hostname**|dn42-de-fra1.burble.com|
|**Public IPv4 Address**|176.96.138.245|
|**Public IPv6 Address**|2a0d:5940:1:c3::b35c|
|**Tunnel IPv4 Peer Address**|172.20.129.169/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:31:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:31::1/128|

####dn42-lt-vil1
|||
|---|---|
|**Location**|Time4VPS, Vilnius, Lithuania|
|**Alias**|cosmos|
|**Public Hostname**|dn42-lt-vil1.burble.com|
|**Public IPv4 Address**|195.181.241.93|
|**Public IPv6 Address**|2a02:7b40:c3b5:f15d::1|
|**Tunnel IPv4 Peer Address**|172.20.129.189/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:3d:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:3d::1/128|

####dn42-at-vie1
|||
|---|---|
|**Location**|HostHatch, Vienna, Austria|
|**Alias**|tadpole|
|**Public Hostname**|dn42-at-vie1.burble.com|
|**Public IPv4 Address**|185.175.58.235|
|**Public IPv6 Address**|2a0d:5600:31:7::1|
|**Tunnel IPv4 Peer Address**|172.20.129.185/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:39:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:39::1/128|

### North America
Internal ASN: AS4226010021

####dn42-ca-bhs2
|||
|---|---|
|**Location**|OVH, Beauharnois, Canada|
|**Alias**|draco|
|**Public Hostname**|dn42-ca-bhs2.burble.com|
|**Public IPv4 Address**|192.99.2.172|
|**Public IPv6 Address**|2607:5300:60:33ac::1|
|**Tunnel IPv4 Peer Address**|172.20.129.167/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:2d:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:2d::1/128|

####dn42-us-chi1

|||
|---|---|
|**Location**|HostHatch, Chicago, United States|
|**Alias**|hydra|
|**Public Hostname**|dn42-us-chi1.burble.com|
|**Public IPv4 Address**|193.29.63.150|
|**Public IPv6 Address**|2605:4840:3:10::ab2d|
|**Tunnel IPv4 Peer Address**|172.20.129.166/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:2e:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:2e::1/128|

####dn42-us-mia2

|||
|---|---|
|**Location**|StockServers, Miami, United States|
|**Alias**|malin|
|**Public Hostname**|dn42-us-mia2.burble.com|
|**Public IPv4 Address**|216.126.233.109|
|**Public IPv6 Address**|2a09:be40:2908:bc43::1|
|**Tunnel IPv4 Peer Address**|172.20.129.164/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:3f:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:3f::1/128|

####dn42-us-nyc1
|||
|---|---|
|**Location**|HostHatch, New York, United States|
|**Alias**|sombrero|
|**Public Hostname**|dn42-us-nyc1.burble.com|
|**Public IPv4 Address**|185.213.26.143|
|**Public IPv6 Address**|2a0d:5600:33:b::1|
|**Tunnel IPv4 Peer Address**|172.20.129.168/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:34:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:34::1/128|

####dn42-us-dal1
|||
|---|---|
|**Location**|drserver, Dallas, United States|
|**Alias**|mayall|
|**Public Hostname**|dn42-us-dal1.burble.com|
|**Public IPv4 Address**|144.172.126.201|
|**Public IPv6 Address**|`IPv4 Only`|
|**Tunnel IPv4 Peer Address**|172.20.129.173/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:3b:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:3b::1/128|

####dn42-us-dal3
|||
|---|---|
|**Location**|HostDoc, Dallas, United States|
|**Alias**|lacertae|
|**Public Hostname**|dn42-us-dal3.burble.com|
|**Public IPv4 Address**|107.155.79.108|
|**Public IPv6 Address**|2604:880:398:353::1|
|**Tunnel IPv4 Peer Address**|172.20.129.172/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:2a:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:2a::1/128|

####dn42-us-lax1
|||
|---|---|
|**Location**|HostHatch, Los Angeles, United States|
|**Alias**|cartwheel|
|**Public Hostname**|dn42-us-lax1.burble.com|
|**Public IPv4 Address**|185.198.26.172|
|**Public IPv6 Address**|2a04:bdc7:100:14::ab2d|
|**Tunnel IPv4 Peer Address**|172.20.129.165/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:3a:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:3a::1/128|

####dn42-us-sea2
|||
|---|---|
|**Location**|Virmach, Seattle, United States|
|**Alias**|centaurus|
|**Public Hostname**|dn42-us-sea2.burble.com|
|**Public IPv4 Address**|96.8.121.205|
|**Public IPv6 Address**|`IPv4 Only`|
|**Tunnel IPv4 Peer Address**|172.20.129.170/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:2c:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:2c::1/128|

### Asia and Oceania
Internal ASN: AS4226010009

####dn42-sg-sin2

|||
|---|---|
|**Location**|OVH, Singapore|
|**Alias**|hoag|
|**Public Hostname**|dn42-sg-sin2.burble.com|
|**Public IPv4 Address**|139.99.97.88|
|**Public IPv6 Address**|2402:1f00:8000:800::8d2|
|**Tunnel IPv4 Peer Address**|172.20.129.181/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:37:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:37::1/128|

####dn42-au-syd1
|||
|---|---|
|**Location**|OVH, Sydney, Australia|
|**Alias**|mice|
|**Public Hostname**|dn42-au-syd1.burble.com|
|**Public IPv4 Address**|139.99.194.24|
|**Public IPv6 Address**|2402:1f00:8100:400::986|
|**Tunnel IPv4 Peer Address**|172.20.129.180/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:38:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:38::1/128|

####dn42-jp-tyo1

|||
|---|---|
|**Location**|GreenCloudVPS, Tokyo, Japan|
|**Alias**|blackeye|
|**Public Hostname**|dn42-jp-tyo1.burble.com|
|**Public IPv4 Address**|172.93.221.101|
|**Public IPv6 Address**|2403:71c0:2000::d:8b97|
|**Tunnel IPv4 Peer Address**|172.20.129.182/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:3e:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:3e::1/128|

####dn42-in-mum1

`Experimental`  

|||
|---|---|
|**Location**|Oracle Cloud, Mumbai, India|
|**Public Hostname**|dn42-in-mum1.burble.com|
|**Public IPv4 Address**|140.238.164.236|
|**Public IPv6 Address**|`IPv4 Only`|
|**Tunnel IPv4 Peer Address**|172.20.129.183/32|
|**Tunnel IPv6 Link Local**|fe80::42:2601:3c:1/64|
|**Tunnel IPv6 ULA**|fd42:4242:2601:3c::1/128|