burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/public/network/design/index.html
Simon Marsh 43d55c0d23
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details
rebuild updates
2025-01-21 14:28:03 +00:00

1203 lines
39 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head><script src="/livereload.js?mindelay=10&amp;v=2&amp;port=2010&amp;path=livereload" data-no-instant defer></script>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Network Design">
<title>Network Design | burble.dn42</title>
<link rel="icon" href="/favicon/favicon-32x32.png" type="image/x-icon">
<link rel="preload" as="font" href="/fonts/Metropolis.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans-Bold.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans-BoldItalic.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationSans-Italic.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/LiberationMono.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/DroidSans.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" as="font" href="/fonts/GeekdocIcons.woff2" type="font/woff2" crossorigin="anonymous">
<link rel="preload" href="/main-7a8a8dd1df.min.css" as="style">
<link rel="stylesheet" href="/main-7a8a8dd1df.min.css" media="all">
<link rel="preload" href="/mobile-2eb10ce87d.min.css" as="style">
<link rel="stylesheet" href="/mobile-2eb10ce87d.min.css" media="screen and (max-width: 45rem)">
<link rel="preload" href="/print-16259ad7b8.min.css" as="style">
<link rel="stylesheet" href="/print-16259ad7b8.min.css" media="print">
<link rel="preload" href="/custom.css" as="style">
<link rel="stylesheet" href="/custom.css" media="all">
<!-- Made with Geekdoc theme https://github.com/thegeeklab/hugo-geekdoc -->
</head>
<body>
<svg style="position: absolute; width: 0; height: 0; overflow: hidden;" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><symbol viewBox="-2.29 -2.29 28.57 28.57" id="arrow_back" xmlns="http://www.w3.org/2000/svg"><path d="M24 10.526v2.947H5.755l8.351 8.421-2.105 2.105-12-12 12-12 2.105 2.105-8.351 8.421H24z"/></symbol><symbol viewBox="-2.29 -2.29 28.57 28.57" id="arrow_left_alt" xmlns="http://www.w3.org/2000/svg"><path d="M5.965 10.526V6.035L0 12l5.965 5.965v-4.491H24v-2.947H5.965z"/></symbol><symbol viewBox="-2.29 -2.29 28.57 28.57" id="arrow_right_alt" xmlns="http://www.w3.org/2000/svg"><path d="M18.035 10.526V6.035L24 12l-5.965 5.965v-4.491H0v-2.947h18.035z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="bitbucket" xmlns="http://www.w3.org/2000/svg"><path d="M15.905 13.355c.189 1.444-1.564 2.578-2.784 1.839-1.375-.602-1.375-2.784-.034-3.403 1.151-.705 2.818.223 2.818 1.564zm1.907-.361c-.309-2.44-3.076-4.056-5.328-3.042-1.426.636-2.389 2.148-2.32 3.747.086 2.097 2.08 3.815 4.176 3.626s3.729-2.234 3.472-4.331zm4.108-9.315c-.756-.997-2.045-1.169-3.179-1.358-3.214-.516-6.513-.533-9.727.034-1.066.172-2.269.361-2.939 1.323 1.1 1.031 2.664 1.186 4.073 1.358 2.544.327 5.156.344 7.699.017 1.426-.172 3.008-.309 4.073-1.375zm.979 17.788c-.481 1.684-.206 3.953-1.994 4.932-3.076 1.701-6.806 1.89-10.191 1.289-1.787-.327-3.884-.894-4.864-2.578-.43-1.65-.705-3.334-.98-5.018l.103-.275.309-.155c5.121 3.386 12.288 3.386 17.427 0 .808.241.206 1.22.189 1.805zM26.01 4.951c-.584 3.764-1.255 7.51-1.908 11.257-.189 1.1-1.255 1.719-2.148 2.183-3.214 1.615-6.96 1.89-10.483 1.512-2.389-.258-4.829-.894-6.771-2.389-.911-.705-.911-1.908-1.083-2.922-.602-3.523-1.289-7.046-1.719-10.604.206-1.547 1.942-2.217 3.231-2.698C6.848.654 8.686.362 10.508.19c3.884-.378 7.854-.241 11.618.859 1.341.395 2.784.945 3.695 2.097.412.533.275 1.203.189 1.805z"/></symbol><symbol viewBox="-2.29 -2.29 28.57 28.57" id="bookmark" xmlns="http://www.w3.org/2000/svg"><path d="M15.268 4.392q.868 0 1.532.638t.664 1.506v17.463l-7.659-3.268-7.608 3.268V6.536q0-.868.664-1.506t1.532-.638h10.876zm4.34 14.144V4.392q0-.868-.638-1.532t-1.506-.664H6.537q0-.868.664-1.532T8.733 0h10.876q.868 0 1.532.664t.664 1.532v17.412z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="code" xmlns="http://www.w3.org/2000/svg"><path d="M9.917 24.5a1.75 1.75 0 10-3.501.001 1.75 1.75 0 003.501-.001zm0-21a1.75 1.75 0 10-3.501.001A1.75 1.75 0 009.917 3.5zm11.666 2.333a1.75 1.75 0 10-3.501.001 1.75 1.75 0 003.501-.001zm1.75 0a3.502 3.502 0 01-1.75 3.026c-.055 6.581-4.721 8.039-7.82 9.023-2.898.911-3.846 1.349-3.846 3.117v.474a3.502 3.502 0 011.75 3.026c0 1.932-1.568 3.5-3.5 3.5s-3.5-1.568-3.5-3.5c0-1.294.711-2.424 1.75-3.026V6.526A3.502 3.502 0 014.667 3.5c0-1.932 1.568-3.5 3.5-3.5s3.5 1.568 3.5 3.5a3.502 3.502 0 01-1.75 3.026v9.06c.93-.456 1.914-.766 2.807-1.039 3.391-1.075 5.323-1.878 5.359-5.687a3.502 3.502 0 01-1.75-3.026c0-1.932 1.568-3.5 3.5-3.5s3.5 1.568 3.5 3.5z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="date" xmlns="http://www.w3.org/2000/svg"><path d="M27.192 28.844V11.192H4.808v17.652h22.384zm0-25.689q1.277 0 2.253.976t.976 2.253v22.459q0 1.277-.976 2.216t-2.253.939H4.808q-1.352 0-2.291-.901t-.939-2.253V6.385q0-1.277.939-2.253t2.291-.976h1.577V.001h3.23v3.155h12.769V.001h3.23v3.155h1.577zm-3.155 11.267v3.155h-3.23v-3.155h3.23zm-6.46 0v3.155h-3.155v-3.155h3.155zm-6.384 0v3.155h-3.23v-3.155h3.23z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="download" xmlns="http://www.w3.org/2000/svg"><path d="M2.866 28.209h26.269v3.79H2.866v-3.79zm26.268-16.925L16 24.418 2.866 11.284h7.493V.001h11.283v11.283h7.493z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="email" xmlns="http://www.w3.org/2000/svg"><path d="M28.845 9.615v-3.23L16 14.422 3.155 6.385v3.23L16 17.577zm0-6.46q1.277 0 2.216.977T32 6.385v19.23q0 1.277-.939 2.253t-2.216.977H3.155q-1.277 0-2.216-.977T0 25.615V6.385q0-1.277.939-2.253t2.216-.977h25.69z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="git" xmlns="http://www.w3.org/2000/svg"><path d="M27.472 12.753L15.247.529a1.803 1.803 0 00-2.55 0l-2.84 2.84 2.137 2.137a2.625 2.625 0 013.501 3.501l3.499 3.499a2.625 2.625 0 11-1.237 1.237l-3.499-3.499c-.083.04-.169.075-.257.106v7.3a2.626 2.626 0 11-1.75 0v-7.3a2.626 2.626 0 01-1.494-3.607L8.62 4.606l-8.09 8.09a1.805 1.805 0 000 2.551l12.225 12.224a1.803 1.803 0 002.55 0l12.168-12.168a1.805 1.805 0 000-2.551z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="github" xmlns="http://www.w3.org/2000/svg"><path d="M16 .394c8.833 0 15.999 7.166 15.999 15.999 0 7.062-4.583 13.062-10.937 15.187-.813.146-1.104-.354-1.104-.771 0-.521.021-2.25.021-4.396 0-1.5-.5-2.458-1.083-2.958 3.562-.396 7.312-1.75 7.312-7.896 0-1.75-.625-3.167-1.646-4.291.167-.417.708-2.042-.167-4.25-1.333-.417-4.396 1.646-4.396 1.646a15.032 15.032 0 00-8 0S8.937 6.602 7.603 7.018c-.875 2.208-.333 3.833-.167 4.25-1.021 1.125-1.646 2.542-1.646 4.291 0 6.125 3.729 7.5 7.291 7.896-.458.417-.875 1.125-1.021 2.146-.917.417-3.25 1.125-4.646-1.333-.875-1.521-2.458-1.646-2.458-1.646-1.562-.021-.104.979-.104.979 1.042.479 1.771 2.333 1.771 2.333.938 2.854 5.396 1.896 5.396 1.896 0 1.333.021 2.583.021 2.979 0 .417-.292.917-1.104.771C4.582 29.455-.001 23.455-.001 16.393-.001 7.56 7.165.394 15.998.394zM6.063 23.372c.042-.083-.021-.187-.146-.25-.125-.042-.229-.021-.271.042-.042.083.021.187.146.25.104.062.229.042.271-.042zm.646.709c.083-.062.062-.208-.042-.333-.104-.104-.25-.146-.333-.062-.083.062-.062.208.042.333.104.104.25.146.333.062zm.625.937c.104-.083.104-.25 0-.396-.083-.146-.25-.208-.354-.125-.104.062-.104.229 0 .375s.271.208.354.146zm.875.875c.083-.083.042-.271-.083-.396-.146-.146-.333-.167-.417-.062-.104.083-.062.271.083.396.146.146.333.167.417.062zm1.187.521c.042-.125-.083-.271-.271-.333-.167-.042-.354.021-.396.146s.083.271.271.312c.167.062.354 0 .396-.125zm1.313.104c0-.146-.167-.25-.354-.229-.187 0-.333.104-.333.229 0 .146.146.25.354.229.187 0 .333-.104.333-.229zm1.208-.208c-.021-.125-.187-.208-.375-.187-.187.042-.312.167-.292.312.021.125.187.208.375.167s.312-.167.292-.292z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="gitlab" xmlns="http://www.w3.org/2000/svg"><path d="M1.629 11.034L14 26.888.442 17.048a1.09 1.09 0 01-.39-1.203l1.578-4.811zm7.217 0h10.309l-5.154 15.854zM5.753 1.475l3.093 9.559H1.63l3.093-9.559a.548.548 0 011.031 0zm20.618 9.559l1.578 4.811c.141.437-.016.922-.39 1.203l-13.558 9.84 12.371-15.854zm0 0h-7.216l3.093-9.559a.548.548 0 011.031 0z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="heart" xmlns="http://www.w3.org/2000/svg"><path d="M16 29.714a1.11 1.11 0 01-.786-.321L4.072 18.643c-.143-.125-4.071-3.714-4.071-8 0-5.232 3.196-8.357 8.535-8.357 3.125 0 6.053 2.464 7.464 3.857 1.411-1.393 4.339-3.857 7.464-3.857 5.339 0 8.535 3.125 8.535 8.357 0 4.286-3.928 7.875-4.089 8.035L16.785 29.392c-.214.214-.5.321-.786.321z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="keyborad_arrow_down" xmlns="http://www.w3.org/2000/svg"><path d="M3.281 5.36L14 16.079 24.719 5.36 28 8.641l-14 14-14-14z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="keyborad_arrow_left" xmlns="http://www.w3.org/2000/svg"><path d="M25.875 28.25L22.125 32 6.126 16.001 22.125.002l3.75 3.75-12.25 12.25z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="keyborad_arrow_right" xmlns="http://www.w3.org/2000/svg"><path d="M6.125 28.25L18.375 16 6.125 3.75 9.875 0l15.999 15.999L9.875 31.998z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="link" xmlns="http://www.w3.org/2000/svg"><path d="M24.037 7.963q3.305 0 5.634 2.366T32 16t-2.329 5.671-5.634 2.366h-6.46v-3.08h6.46q2.028 0 3.493-1.465t1.465-3.493-1.465-3.493-3.493-1.465h-6.46v-3.08h6.46zM9.615 17.578v-3.155h12.77v3.155H9.615zM3.005 16q0 2.028 1.465 3.493t3.493 1.465h6.46v3.08h-6.46q-3.305 0-5.634-2.366T0 16.001t2.329-5.671 5.634-2.366h6.46v3.08h-6.46q-2.028 0-3.493 1.465t-1.465 3.493z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="menu" xmlns="http://www.w3.org/2000/svg"><path d="M.001 5.334h31.998v3.583H.001V5.334zm0 12.416v-3.5h31.998v3.5H.001zm0 8.916v-3.583h31.998v3.583H.001z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="notification" xmlns="http://www.w3.org/2000/svg"><path d="M22.615 19.384l2.894 2.894v1.413H2.49v-1.413l2.894-2.894V12.25q0-3.365 1.716-5.856t4.745-3.231v-1.01q0-.875.606-1.514T13.999 0t1.548.639.606 1.514v1.01q3.029.74 4.745 3.231t1.716 5.856v7.134zM14 27.999q-1.211 0-2.053-.808t-.841-2.019h5.788q0 1.144-.875 1.986T14 27.999z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="path" xmlns="http://www.w3.org/2000/svg"><path d="M28 12.62h-9.793V8.414h-2.826v11.173h2.826v-4.206H28V26.62h-9.793v-4.206H12.62v-14H9.794v4.206H.001V1.381h9.793v4.206h8.413V1.381H28V12.62z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="person" xmlns="http://www.w3.org/2000/svg"><path d="M16 20.023q5.052 0 10.526 2.199t5.473 5.754v4.023H0v-4.023q0-3.555 5.473-5.754t10.526-2.199zM16 16q-3.275 0-5.614-2.339T8.047 8.047t2.339-5.661T16 0t5.614 2.386 2.339 5.661-2.339 5.614T16 16z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="search" xmlns="http://www.w3.org/2000/svg"><path d="M11.925 20.161q3.432 0 5.834-2.402t2.402-5.834-2.402-5.834-5.834-2.402-5.834 2.402-2.402 5.834 2.402 5.834 5.834 2.402zm10.981 0L32 29.255 29.255 32l-9.094-9.094v-1.458l-.515-.515q-3.26 2.831-7.721 2.831-4.976 0-8.45-3.432T.001 11.925t3.474-8.45 8.45-3.474 8.407 3.474 3.432 8.45q0 1.802-.858 4.075t-1.973 3.646l.515.515h1.458z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="shield" xmlns="http://www.w3.org/2000/svg"><path d="M22.167 15.166V3.5h-8.166v20.726c.93-.492 2.424-1.349 3.883-2.497 1.95-1.531 4.284-3.919 4.284-6.562zm3.499-13.999v14c0 7.674-10.737 12.523-11.192 12.724-.146.073-.31.109-.474.109s-.328-.036-.474-.109c-.456-.201-11.192-5.049-11.192-12.724v-14C2.334.529 2.863 0 3.501 0H24.5c.638 0 1.167.529 1.167 1.167z"/></symbol><symbol viewBox="-2.29 -2.29 32.57 32.57" id="tags" xmlns="http://www.w3.org/2000/svg"><path d="M6.606 7.549c0-1.047-.84-1.887-1.887-1.887s-1.887.84-1.887 1.887.84 1.887 1.887 1.887 1.887-.84 1.887-1.887zm15.732 8.493c0 .501-.206.988-.546 1.327l-7.239 7.254c-.354.339-.84.546-1.342.546s-.988-.206-1.327-.546L1.342 14.066C.59 13.329 0 11.899 0 10.852V4.718a1.9 1.9 0 011.887-1.887h6.134c1.047 0 2.477.59 3.229 1.342L21.792 14.7c.339.354.546.84.546 1.342zm5.661 0c0 .501-.206.988-.546 1.327l-7.239 7.254c-.354.339-.84.546-1.342.546-.767 0-1.15-.354-1.651-.87l6.93-6.93c.339-.339.546-.826.546-1.327s-.206-.988-.546-1.342L13.609 4.173c-.752-.752-2.182-1.342-3.229-1.342h3.303c1.047 0 2.477.59 3.229 1.342L27.454 14.7c.339.354.546.84.546 1.342z"/></symbol><symbol viewBox="-2.29 -2.29 36.57 36.57" id="telescope" xmlns="http://www.w3.org/2000/svg"><path d="M25.026 3.335a.466.466 0 00-.646-.238L13.362 8.91a.463.463 0 00-.216.575l.227.593-6.36 3.488a.462.462 0 00-.205.583l.211.508-6.755 3.228a.463.463 0 00-.228.595l1.386 3.341a.463.463 0 00.583.259l7.056-2.5.211.508a.462.462 0 00.557.267l6.733-1.941.202.527a.46.46 0 00.566.277l12.03-3.702a.46.46 0 00.293-.613L25.026 3.335zM2.109 21.061l-1.049-2.53 6.314-3.018 1.332 3.211-6.596 2.337zm7.857-1.708l-.22-.531-1.706-4.113-.22-.53 5.863-3.216 2.197 5.676.347.908-6.261 1.806zm7.505-1.146l-.188-.491c-.003-.01-.001-.022-.006-.032l-.572-1.478-2.549-6.668 10.201-5.381 4.249 10.624-11.136 3.428zm8.943-16.723a.463.463 0 00-.86.344l5.552 13.881a.464.464 0 00.602.258.464.464 0 00.258-.602L26.413 1.484zM16.268 20.627h-2.776c-1.055 0-1.851.796-1.851 1.851v1.217l-5.44 6.347a.462.462 0 10.702.602l5.415-6.316h2.101v6.015a.463.463 0 00.926 0v-6.015h2.101l5.414 6.316a.462.462 0 10.703-.602l-5.44-6.347v-1.148c0-1.076-.813-1.92-1.851-1.92zm.925 2.777h-4.627v-.925c0-.545.38-.925.925-.925h2.776c.527 0 .925.428.925.995v.856z"/></symbol></svg>
<div class="wrapper">
<input type="checkbox" class="hidden" id="menu-control" />
<header class="gdoc-header">
<div class="container flex align-center justify-between">
<label for="menu-control" class="gdoc-nav__control">
<svg class="icon menu"><use xlink:href="#menu"></use></svg>
<svg class="icon arrow-back"><use xlink:href="#arrow_back"></use></svg>
</label>
<a class="gdoc-header__link" href="http://localhost:2010/">
<span class="gdoc-brand flex align-center">
<img class="gdoc-brand__img" src="/burble-dn42-64.png" alt="" width=359 height=64>
</span>
</a>
</div>
</header>
<main class="container flex flex-even">
<aside class="gdoc-nav">
<nav>
<div class="gdoc-search">
<svg class="icon search"><use xlink:href="#search"></use></svg>
<input type="text" id="gdoc-search-input" class="gdoc-search__input" placeholder="Search..."
aria-label="Search" maxlength="64" />
<div class="gdoc-search__spinner spinner hidden"></div>
<ul id="gdoc-search-results" class="gdoc-search__list"></ul>
</div>
<section class="gdoc-nav--main">
<h2>Navigation</h2>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/network/" class="gdoc-nav__entry ">
Network
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/network/design/" class="gdoc-nav__entry is-active">
Network Design
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/peering/" class="gdoc-nav__entry ">
Peering with burble.dn42
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/nodes/" class="gdoc-nav__entry ">
Node Information
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/IPAM/" class="gdoc-nav__entry ">
IPAM
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/routing-policy/" class="gdoc-nav__entry ">
Routing Policy
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/communities/" class="gdoc-nav__entry ">
BGP Communities
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/status/" class="gdoc-nav__entry ">
Realtime Status
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/network/abuse/" class="gdoc-nav__entry ">
Abuse Policy
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/services/" class="gdoc-nav__entry ">
Services
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/services/dn42/" class="gdoc-nav__entry ">
DN42
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/public/" class="gdoc-nav__entry ">
Public Services
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/internal/" class="gdoc-nav__entry ">
Internal Services
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/dns/" class="gdoc-nav__entry ">
DNS
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/acme/" class="gdoc-nav__entry ">
ACME
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/shell/" class="gdoc-nav__entry ">
Shell Accounts
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/minio/" class="gdoc-nav__entry ">
S3 Object Storage
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/ca/" class="gdoc-nav__entry ">
Certificate Authority
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/services/ping/" class="gdoc-nav__entry ">
Ping Challenge
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/retro/" class="gdoc-nav__entry ">
Retro42
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/retro/modem/" class="gdoc-nav__entry ">
Dialup Service
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/retro/fake/" class="gdoc-nav__entry ">
Modem Emulator
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/additional/" class="gdoc-nav__entry ">
Additional Info
</a>
</span>
<ul class="gdoc-nav__list">
<li>
<input type="checkbox" id="navtree-fe66c08a" class="gdoc-nav__toggle" >
<label for="navtree-fe66c08a" class="flex justify-between">
<span class="flex">
<a href="/additional/maintlog/" class="gdoc-nav__entry ">
Maint. Log Archive
</a>
</span>
<svg class="icon keyborad_arrow_left"><use xlink:href="#keyborad_arrow_left"></use></svg>
<svg class="icon keyborad_arrow_down hidden"><use xlink:href="#keyborad_arrow_down"></use></svg>
</label>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<a href="/additional/maintlog/2020/" class="gdoc-nav__entry ">
2020
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/additional/maintlog/2019/" class="gdoc-nav__entry ">
2019
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/additional/maintlog/2018/" class="gdoc-nav__entry ">
2018
</a>
</span>
</li>
</ul>
</li>
<li>
<span class="flex">
<a href="/additional/other-stuff/" class="gdoc-nav__entry ">
Other stuff
</a>
</span>
</li>
<li>
<span class="flex">
<a href="/additional/things-to-do/" class="gdoc-nav__entry ">
Things to do in DN42
</a>
</span>
</li>
</ul>
</li>
</ul>
</section>
<section class="gdoc-nav--more">
<h2>More</h2>
<ul class="gdoc-nav__list">
<li>
<span class="flex">
<svg class="icon bookmark"><use xlink:href="#bookmark"></use></svg>
<a href="https://dn42.dev"
class="gdoc-nav__entry ">
DN42 Wiki
</a>
</span>
</li>
<li>
<span class="flex">
<svg class="icon git"><use xlink:href="#git"></use></svg>
<a href="https://git.dn42.dev"
class="gdoc-nav__entry ">
DN42 Registry
</a>
</span>
</li>
<li>
<span class="flex">
<svg class="icon git"><use xlink:href="#git"></use></svg>
<a href="https://git.burble.com"
class="gdoc-nav__entry ">
View Source
</a>
</span>
</li>
</ul>
</section>
</nav>
</aside>
<div class="gdoc-page">
<div class="gdoc-page__header flex flex-wrap justify-between hidden-mobile" itemscope itemtype="http://data-vocabulary.org/Breadcrumb">
<span>
<span class="breadcrumb">
<svg class="icon path"><use xlink:href="#path"></use></svg>
<a href='/'>burble.dn42</a> / <a href='/network/'>Network</a> / Network Design
</span>
</span>
<span>
</span>
</div>
<article class="gdoc-markdown">
<h1>Network Design</h1>
<blockquote class="gdoc-hint warning">
This page documents a previous iteration of the burble.dn42 network and
is currently out of date.
</blockquote>
<div class="gdoc-page__anchorwrap"><h2 id="tunnel-mesh">Tunnel Mesh<a data-clipboard-text="http://localhost:2010/network/design/#tunnel-mesh" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor Tunnel Mesh" href="#tunnel-mesh"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<figure><img src="/design/DN42-Tunnels.svg" width="80%">
</figure>
<p>Hosts within the burble.dn42 network are joined using an Wireguard/L2TP mesh.
Static, unmanaged, L2TP tunnels operate at the IP level and are configured
to create a full mesh between nodes. Wireguard is used to provide encryption
and encapsulate L2TP traffic in plain UDP such that it hides fragmentation
and allows packets to be processed within intermediate routers&rsquo; fast path.</p>
<p>Using L2TP allows for a large, virtual MTU of 4310 between nodes; this is
chosen to spread the encapsulation costs of higher layers across packets.
L2TP also allows for multiple tunnels between hosts and this can also be used
to separate low level traffic without incurring the additional overheads
of VXLANs (e.g. for NFS cross mounting).</p>
<p>Network configuration on hosts is managed by systemd-networkd and applied
with Ansible.</p>
<blockquote class="gdoc-hint info">
<p><b>Real Life Networks and Fragmentation.</b></p>
<p>Earlier designs for the burble.dn42 relied on passing fragmented packets
directly down to the clearnet layer (e.g. via ESP IPsec fragementation, or
UDP fragmentation with wireguard). In practice it was observed that
clearnet ISPs could struggle with uncommon packet types, with packet
loss seen particularly in the
<a href="https://blog.apnic.net/2021/04/23/ipv6-fragmentation-loss-in-2021/">IPv6 case</a>.
It seems likely that some providers&rsquo; anti-DDOS and load balancing platforms
had a particular impact at magnifying this problem.</p>
<p>To resolve this, the network was re-designed to ensure fragmentation took
place at the L2TP layer such that all traffic gets encapsulated in to standard
sized UDP packets. This design ensures all traffic is &rsquo;normal&rsquo; and can
remain within intermediate routers'
<a href="https://en.wikipedia.org/wiki/Fast_path">fast path</a>.</p>
</blockquote>
<blockquote class="gdoc-hint info">
<p><b>ISP Rate Limiting</b></p>
<p>The burble.dn42 network uses jumbo sized packets that are fragemented by
L2TP before being encapsulated by wireguard. This means a single packet in
the overlay layers can generate multiple wireguard UDP packets in quick
succession, appearing to be a high bandwidth, burst of traffic on the
outgoing clearnet interface. It&rsquo;s vital that all these packets arrive
at the destination, or the entire overlay packet will be corrupted.
For most networks this is not a problem and generally the approach
works very well.</p>
<p>However, if you have bandwidth limits with your ISP (e.g. a 100mbit bandwidth
allowance provided on a 1gbit port) packets may be generated at a high bit
rate and then decimated by the ISP to match the bandwidth allowance.
This would normally be fine, but if a fragmented packet is sent, the
burst of smaller packets is highly likely to exceed the bandwidth
allowance and the impact on upper layer traffic is brutal, causing
nearly all packets to get dropped.</p>
<p>The burble.dn42 network manages this issue by implementing traffic shaping
on the outgoing traffic using linux tc (via
<a href="https://firehol.org/tutorial/fireqos-new-user/">FireQOS</a>). This allows
outgoing packets to be queued at the correct rate, rather than being
arbitrarily decimated by the ISP.</p>
</blockquote>
<div class="gdoc-page__anchorwrap"><h2 id="bgp-evpn">BGP EVPN<a data-clipboard-text="http://localhost:2010/network/design/#bgp-evpn" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor BGP EVPN" href="#bgp-evpn"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<p><img src="/design/DN42-EVPN.svg" alt="EVPN diagram"></p>
<p>Overlaying the Wireguard/L2TP mesh is a set of VXLANs managed by a BGP EVPN.</p>
<p>The VXLANs are primarily designed to tag and isolate transit traffic, making
their use similar to MPLS.</p>
<p>The Babel routing protocol is used to discover loopback addresses between nodes;
Babel is configured to operate across the point to point L2TP tunnels and with a
static, latency based metric that is applied during deployment.</p>
<p>The BGP EVPN uses <a href="https://frrouting.org/">FRR</a> with two global route reflectors
located on different continents, for redundency. Once overheads are taken in to account
the MTU within each VXLAN is 4260.</p>
<div class="gdoc-page__anchorwrap"><h2 id="dn42-core-routing">dn42 Core Routing<a data-clipboard-text="http://localhost:2010/network/design/#dn42-core-routing" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor dn42 Core Routing" href="#dn42-core-routing"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<p><img src="/design/DN42-Core.svg" alt="EVPN diagram"></p>
<p>Each host in the network runs an unprivileged LXD container that acts as a dn42 router
for that host. The container uses <a href="https://bird.network.cz/">Bird2</a> and routes between
dn42 peer tunnels, local services on the same node and transit to the rest of the
burble.dn42 network via a single dn42 core VXLAN.</p>
<p>Local services and peer networks are fully dual stack IPv4/IPv6 however the transit
VXLAN uses purely IPv6 link-local addressing, making use of BGP multiprotocol and
extended next hop capabilities for IPv4.</p>
<p>The transit VXLAN and burble.dn42 services networks use an MTU of 4260, however the
dn42 BGP configuration includes internal communities to distribute destination MTU across
the network for per-route MTUs. This helps ensure path mtu discovery
takes place as early and efficiently as possible.</p>
<p>Local services on each host are provided by <a href="https://linuxcontainers.org/lxd/introduction/">LXD</a>
containers or VMs connecting to internal network bridges.<br>
These vary across hosts but typically include:</p>
<ul>
<li><strong>tier1</strong> - used for publically avialable services (DNS, web proxy, etc)</li>
<li><strong>tier2</strong> - used for internal services, with access restricted to burble.dn42 networks</li>
</ul>
<p>Other networks might include:</p>
<ul>
<li><strong>dmz</strong> - used for hosting untrusted services (e.g. the shell servers)</li>
<li><strong>dn42 services</strong> - for other networks, such as the registry services</li>
</ul>
<p>dn42 peer tunnels are created directly on the host and then injected in to the
container using a small script, allowing the router container itself to remain unprivileged.</p>
<p>The routers also run nftables for managing access to each of the networks,
<a href="https://github.com/czerwonk/bird_exporter">bird_exporter</a> for metrics and the
<a href="https://github.com/xddxdd/bird-lg-go">bird-lg-go</a> proxy for the
burble.dn42 <a href="https://lg.burble.com">looking glass</a>.</p>
<div class="gdoc-page__anchorwrap"><h2 id="host-configuration">Host Configuration<a data-clipboard-text="http://localhost:2010/network/design/#host-configuration" class="gdoc-page__anchor gdoc-page__anchor--right clip" aria-label="Anchor Host Configuration" href="#host-configuration"><svg class="icon link"><use xlink:href="#link"></use></svg></a></h2></div>
<p><img src="/design/DN42-Host.svg" alt="EVPN diagram"></p>
<p>burble.dn42 nodes are designed to have the minimum functionality at the host level,
with all major services being delivered via virtual networks, containers and VMs.</p>
<p>Hosts have three main functions:</p>
<ul>
<li>connecting in to the burble.dn42 Wireguard/L2TP mesh and BGP EVPN</li>
<li>providing internal bridges for virtual networks</li>
<li>hosting <a href="https://linuxcontainers.org/lxd/introduction/">LXD</a> containers and VMs</li>
</ul>
<p>Together these three capabilities allow for arbitary, isolated networks and services
to be created and hosted within the network.</p>
<p>The hosts also provide a few ancillary services:</p>
<ul>
<li>delivering clearnet access for internal containers/VMs using an internal bridge.
The host manages addressing and routing for the bridge to allow clearnet access independent
of the host capabilities (e.g. proxied vs routed IPv6 connectivity)</li>
<li>creating dn42 peer tunnels and injecting them in to the dn42 router container</li>
<li>monitoring via <a href="https://www.netdata.cloud/">netdata</a></li>
<li>backup using <a href="https://borgbackup.readthedocs.io/en/stable/">borg</a></li>
</ul>
</article>
<div class="gdoc-page__footer flex flex-wrap justify-between">
</div>
</div>
</main>
<footer class="gdoc-footer">
<div class="container flex flex-wrap">
<span class="gdoc-footer__item">
Built with <a href="https://gohugo.io/" class="gdoc-footer__link">Hugo</a> and
<svg class="icon heart"><use xlink:href="#heart"></use></svg>
</span>
<span class="gdoc-footer__item">
<a href="/privacy" class="gdoc-footer__link">Privacy Policy</a>
</span>
</div>
</footer>
</div>
<script defer src="/js/en.search.min.e007d2b2d3ce91fd1d3bd3c2acbc3420f9defed62096fea23225713d0269f5bc.js"></script>
<script defer src="/js/clipboard-af8ab36589.min.js"></script>
<script>
document.addEventListener("DOMContentLoaded", function(event) {
var clipboard = new ClipboardJS('.clip');
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink