burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/pages/01.home/maintenance-log/default.md
Simon Marsh 4005be41d7
Add wiki.dn42 service
2019-10-12 21:29:52 +01:00

18 KiB
Executable File
Raw Blame History

title: 'Maintenance Log' visible: true

A log of changes to the burble.dn42 network.

e===

burble.dn42 Maintenance Log

12th October 2019

The burble.dn42 wiki service is now part of the global anycast for wiki.dn42.

See the services page for more details.

2nd October 2019

The recursive DNS service now supports clearnet queries

15th September 2019

Stop supporting IPsec tunnels

21st August 2019

Removed sg-sin3 and vn-han1

13th August 2019

Added DN42 wiki service editable via dn42, readonly via clearnet.

Issued new Certificate Authority root certificate with a longer expiry date.

11th August 2019

Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass.

Influx ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed.

28th July 2019

Add dn42-us-mia2, which will replace dn42-us-mia1

25th July 2019

Add pingable.burble.dn42

21st July 2019

Decommissioning of dn42-ru-mos1 and dn42-us-sea1

17th July 2019

DoH! The DNS Service now support DNS over HTTPS.

22nd June 2019

Tidied up node information.

14th June 2019

A new host IRC web service has been added, based on thelounge.

See the services page for more details.

8th June 2019

The recursive DNS service now uses parallel queries across all five regional master nodes.
This approach takes advantage of the burble.dn42 global scale to reduce latencies, improve resilience and prevent local connectivity problems from impacting the results. See the DNS page for more info.

24th May 2019

Moved and extended the DN42 monitoring so that it is more independent and also clustered.

A writeup of the hosted grafana service and monitoring is available here.

21st May 2019

dn42-uk-lon1 is back again after being out of action for the day.

The host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node.

20th May 2019

Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities.

Added new peers

15th May 2019

Updated my fork of bird-lg by merging Zhaofeng's Python2 to Python3 bird-lg updates and fixing a few outstanding problems.

The updated code is now live on the burble.dn42 looking glass.

13th May 2019

Moved the looking glass to its own container, in anticipation of future website changes

dn42-us-mia1 is offline again.

10th May 2019

dn42-us-chi2 was suspended by the provider on 8/5 due to 'NTP reflection attacks'.

This is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised vulnerabilities in stock NTPd.

My network uses chronyd rather than NTPd and it is simply not vulnerable to abuse in the same way as NTPd, I also regularly monitor and check the services. On the other hand, the server does see a large amount of NTP traffic and it can sometimes be difficult demonstrating that I'm specifically providing a service here and not under some kind of attack.

Apologies that the server was offline for a few days, but it should now finally be back again.

For info, here is the bandwidth graph of dn42-us-chi2 as it was suspended:

Bandwidth Graph

It's trivial to see that an amplification attack was not occuring, as the inbound and outbound traffic are both equal. It's a shame some providers don't consider this before suspending services, but, understandable that the economics of providing VPS services can prohibt this.

Added new peers:

5th May 2019

Added git service.
See the services page for more details.`<

1st May 2019

Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren't working.
Both are fixed now.

Added new peers:

30th April 2019

New node added and ready for peering

  • dn42-ca-bhs2 (Beauharnois, Canada)

With the addition of several new nodes, the internal BGP confederations have been re-orginised.
This new organisation should provide better balance and allow for more local services.

  • The North American region has been split in two, becoming Central & West Coast and East Coast.
  • lt-vil1 and at-vie1 have been moved to the East Europe region.

Added new peers:

19th April 2019

New nodes added and ready for peering.

  • dn42-at-vie1 (Vienna, Austria)
  • dn42-us-nyc1 (New York, United States)

18th April 2019

Over the last week, and number of major changes have taken place to the burble.dn42 network.
These include:

  • Configuring Jool to provide IPv4 to IPv6 SIIT for the new 172.20.129.0/27 prefix
    The aim is for all internal services of the burble.dn42 network to be provided by IPv6, with SIIT taking place at the network edge for external IPv4 users.
  • Configuring Jool to provide a NAT64 service
    So that internal, IPv6 only, services can access external IPv4 networks
  • Adding a new VXLAN to the WAN overlay
    The new VXLAN segregates DN42 traffic from the internal traffic and enables a separate DN42 routing domain. As a side effect, this change also fixes the problem where internal IP addresses were being leaked and causing confusing traceroutes for DN42 users.

Over time, internal IPv4 services will be removed

12th April 2019

New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services.

172.20.129.0/27 will be used as anycast addresses for services. 172.20.129.160/27 will be used for burble.dn42 nodes

Added new peers:

7th April 2019

Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability.

3rd April 2019

Added new peers:

31st March 2019

The DNS service has gone global, with every node in the burble.dn42 network now participating in the DNS Anycast service.
More details can be found on the DNS page.

26rd March 2019

Added new peers:

11th March 2019

New node added dn42-de-fra1

9th March 2019

Added new peers:

A new instance of the registry explorer has been created that references the 'object-fix' branch of the DN42 registry. The main purpose of this is to support the new DNS system being developed.

http://grc.burble.dn42:8043/

A couple of the nodes on the network experienced some downtime over the week:

  • dn42-us-mia1 was down to 2 days and had to be rebuilt as my VPS provider's storage array crashed.
  • dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side

7th March 2019

Added new peers

26th February 2019

Initialised GRC website

Added new peers

21st February 2019

The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv.

19th February 2019

New peer added:

18th February 2019

The internal and public ROA service has been moved over to using dn42regsrv.
See the services page for more details.

New peer added:

16th February 2019

New peers added:

10th February 2019

Updated the services to include new stuff::

  • DNS
  • Registry REST API and Explorer
  • Global Route Collector

New peers added:

26th January 2019

New service !

A burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network.

A common, global route collector is in progress, see here

21st January 2019

New peer added:

  • AS4242423306 / TIMK at dn42-au-syd1

13th January 2019

bgpmap updated to add MNT and prefix info for ASes.

New peers added:

  • AS4242420415 / TYLER at dn42-us-lax2
  • AS4242423569 / DHE at dn42-us-dal3
  • AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1

12th January 2019

The Looking Glass now supports bgpmap again.
My bird-lg fixes are available on github.

New peer added:

  • AS4242421501 / ADAMYI at dn42-au-syd1

11th January 2019

Some layout fixes to the Looking Glass, including fixing whois lookups.

3rd January 2019

First new peers of 2019:

  • AS4242420505 / 42ISLIFE at dn42-ca-bhs1
  • AS4242421114 / GRGR at dn42-us-chi2
  • AS4242421050 / NAPSTERBATER at dn42-us-chi2

2nd January 2019

Consolidated number of anycast sessions.

30th December 2018

Migrated US anycast services from dn42-us-dal1 to dn42-us-dal3.

27th December 2018

Added Certificate Authority details.

26th December 2018

Upgraded the looking glass with Zhaofeng bird-lg fixes.
ROA data is available through the burble.dn42 website, see the Services page.
RPKI service is now replicated across regions to provide additional resiliency.
New version of bird2 deployed, including RPKI fixes from JRB0001.

24th December 2018

Added new peers:

  • AS4242422255/LINUXGEMINI at dn42-tr-ist1
  • AS4242421191/YAMAKAJA at dn42-fr-rbx1
  • AS4242423230/RASP at dn42-au-syd1

Updated the Services page to include more implementation details.
Reworked intra-confederation peering to provide more resilience.
Implemented ROA via RPKI updates using roasrv by Yamakaja and gortr

16th December 2018

New node !

dn42-jp-tyo1 has been commissioned and is open for new peers in Tokyo, Japan.

14th December 2018

Updated host information and network map with new nodes.

10th December 2018

New peers added:

  • AS4242423090/HEIAS at dn42-fr-rbx1
  • AS4242421979/MDUCHARME at dn42-us-sea2

dn42-us-sea2 is now operational and available for peering.

2nd December 2018

tinc + babeld is not a winning combination. Since introducing babeld, the burble.dn42 WAN overlay has experienced a number of periods of instability, with nodes dropping on and off the network.

The WAN has been updated to use a Wireguard mesh with OSPF as IGP, and is now significantly more stable again.

1st December 2018

New peers added:

  • AS4242420260/GISH at dn42-au-syd1
  • AS4242421009/KLARA at dn42-no-osl1
  • AS4242420058/ILL at dn42-au-syd1
  • AS4242422547/LANTIAN at dn42-fr-rbx1 / dn42-us-lax2 / dn42-sg-sin3

30th November 2018

Three new nodes will be available for peering soon:

  • dn42-us-chi2 - Chicago, United States
  • dn42-us-sea2 - Seattle, United States
  • dn42-us-dal3 - Dallas, United States

29th November 2018

dn42-us-dal1 locked up, and has been restarted.

28th November 2018

dn42-uk-lon1, dn42-lt-vil1, dn42-sg-sin1 and dn42-us-mia1 all locked up at 03:00 UTC and have now been restarted.

23nd November 2018

Black Friday has delivered four new nodes to the burble.dn42 network:

  • dn42-vn-han1 - Hanoi, Vietnam
  • dn42-no-osl1 - Oslo, Norway
  • dn42-ca-bhs1 - Beauharnois, Canada
  • dn42-us-lax2 - Los Angeles, United States
  • dn42-sg-sin3 - Singapore

All nodes are open to new peers, so just contact dn42@burble.com if you'd like to connect to the network.

22nd November 2018

New peers added:

  • AS4242420165/ZAICA at dn42-fr-rbx1
  • AS42424222673/CORESTORAGE at dn42-uk-lon1

18th November 2018

Updates to reverse DNS.

17th November 2018

Added new peers

  • AS4242423640/HESSENET at dn42-fr-rbx1
  • AS4242420149/NIRF at dn42-lt-vil1

17th November 2018

The internal routing protocol (IGP) for burble.dn42 has moved from OSPF to using babeld.

All nodes on the burble.dn42 network are inter-connected with a tinc mesh. Despite the network physically spanning across contintents, OSPF saw the tinc overlay network as being flat which prevented effective use of technologies such as anycast and forced the use of central resources. The hope is that babel, configured to use an RTT metric, will allow better use of regional services.

Please let me know if you observe any issues due to the new IGP.

16th November 2018

New node in Istanbul, Turkey.

dn42-tr-ist1 has been commissioned and is now open for new peers. See the peering page for more details.