2019

Archive of changes made in 2019

31st December 2019

The Christmas period has been a really busy period for burble.dn42, with integration and transfer of services over to the new nodes. Primarily, this has meant moving services from fr-rbx1 and sg-sin2 to fr-rbx2, fr-sbg1 and sg-sin1. As part of the rebuilding, I’ve also taken the opportunity to re-create most of my ansible scripting, with the intent that this will eventually be published.

Most services are now moved, with the main exception of DNS and the GRC, both of which need more significant work. The website also now needs major updates to reflect the changes I’ve made.

The following new nodes are also open for peering:

dn42-fr-rbx2
dn42-fr-sbg1
dn42-ch-zur1
dn42-sg-sin1
dn42-hk-hkg1

Happy New Year

24th December 2019

The last month has been spent redesigning my WAN and introducting a latency based metric for connectivity between nodes. This is now mostly complete, but not without its own follow on problems that need to be resolved.

Things still to do include:

Fixing the service delivery layer as a software upgrade breaks IPv6 connectivity
Adding documentation to the website on the new design
Opening new nodes for peering
Making the config public

Another new node will also be added, dn42-fr-rbx2 and dn42-fr-rbx1 will be retired.

Merry Christmas DN42

29th November 2019

Black friday is here and new nodes are on the way.

dn42-fr-sbg1
dn42-ch-zur1
dn42-sg-sin1
dn42-hk-hkg1

2nd November 2019

Retired dn42-us-lax2, dn42-us-chi2, dn42-ca-bhs1, dn42-tr-ist1 and dn42-no-osl1.
Restructured the internal confederations.

26th October 2019

New experimental node added hosted in the Oracle Cloud environment in Mumbai, India.

Users are welcome to peer and test the node, but should be aware there may be short notice changes or interruptions to service.

19th October 2019

After a few weeks of outage and putting up with influx using up a vast amount of resources, the monitoring service has finally moved to a federated prometheus architecture. Hopefully this will have better performance than the influx architecture used previously. At some point I’ll update the monitoring page with details of the new configuration.

12th October 2019

The burble.dn42 wiki service is now part of the global anycast for wiki.dn42.

See the services page for more details.

2nd October 2019

The recursive DNS service now supports clearnet queries

15th September 2019

Stop supporting IPsec tunnels

21st August 2019

Removed sg-sin3 and vn-han1

13th August 2019

Added DN42 wiki service editable via dn42, readonly via clearnet.

Issued new Certificate Authority root certificate with a longer expiry date.

11th August 2019

Added a couple of Python 3 updates for bird-lg that fixes broken BGP map functionality in the looking glass.

Influx ate all the memory (10gb!) on de-fra1, so is currently offline until it can be fixed.

28th July 2019

Add dn42-us-mia2, which will replace dn42-us-mia1

25th July 2019

Add pingable.burble.dn42

21st July 2019

Decommissioning of dn42-ru-mos1 and dn42-us-sea1

17th July 2019

DoH! The DNS Service now support DNS over HTTPS.

22nd June 2019

Tidied up node information.

14th June 2019

A new host IRC web service has been added, based on thelounge.

See the services page for more details.

8th June 2019

The recursive DNS service now uses parallel queries across all five regional master nodes.
This approach takes advantage of the burble.dn42 global scale to reduce latencies, improve resilience and prevent local connectivity problems from impacting the results. See the DNS page for more info.

24th May 2019

Moved and extended the DN42 monitoring so that it is more independent and also clustered.

A writeup of the hosted grafana service and monitoring is available here.

21st May 2019

dn42-uk-lon1 is back again after being out of action for the day.

The host server apparently threw a disk after being updated to cover the MDS vulnerability and the provider has spent the day recovering the node.

20th May 2019

Some nodes may have outages over the next few days as providers deal with the recent MDS vulnerabilities.

Added new peers

AS4242421588 / TECH9 at dn42-us-lax2
AS4242421166 / MTR at dn42-fr-rbx1 and dn42-de-fra1

15th May 2019

Updated my fork of bird-lg by merging Zhaofeng’s Python2 to Python3 bird-lg updates and fixing a few outstanding problems.

The updated code is now live on the burble.dn42 looking glass.

13th May 2019

Moved the looking glass to its own container, in anticipation of future website changes

dn42-us-mia1 is offline again.

10th May 2019

dn42-us-chi2 was suspended by the provider on 8/5 due to ‘NTP reflection attacks’.

This is a hazard of running a busy NTP server as part of the NTP Pool; providers can get twitchy when they see a large amount of NTP traffic, due to the well publicised vulnerabilities in stock NTPd.

My network uses chronyd rather than NTPd and it is simply not vulnerable to abuse in the same way as NTPd, I also regularly monitor and check the services. On the other hand, the server does see a large amount of NTP traffic and it can sometimes be difficult demonstrating that I’m specifically providing a service here and not under some kind of attack.

Apologies that the server was offline for a few days, but it should now finally be back again.

For info, here is the bandwidth graph of dn42-us-chi2 as it was suspended:

Bandwidth Graph

It’s trivial to see that an amplification attack was not occuring, as the inbound and outbound traffic are both equal. It’s a shame some providers don’t consider this before suspending services, but, understandable that the economics of providing VPS services can prohibt this.

Added new peers:

AS4242422322 / PLASMATRIX at dn42-de-fra1

5th May 2019

Added git service.
See the services page for more details.`<

1st May 2019

Seems traceroutes and some Europe Region, IPv4 related DNS lookups weren’t working.
Both are fixed now.

Added new peers:

AS76140 / FEUERROT at dn42-de-fra1

30th April 2019

New node added and ready for peering

dn42-ca-bhs2 (Beauharnois, Canada)

With the addition of several new nodes, the internal BGP confederations have been re-orginised.
This new organisation should provide better balance and allow for more local services.

The North American region has been split in two, becoming Central & West Coast and East Coast.
lt-vil1 and at-vie1 have been moved to the East Europe region.

Added new peers:

AS4242423581 / CLOUDYSKIES at dn42-us-lax2
AS4242420141 / DEEPWATER at dn42-de-fra1
AS4242420246 / XESXEN at dn42-fr-rbx1 and dn42-uk-lon1
AS4242422543 / RESETTRAP at dn42-jp-tyo1

19th April 2019

New nodes added and ready for peering.

dn42-at-vie1 (Vienna, Austria)
dn42-us-nyc1 (New York, United States)

18th April 2019

Over the last week, and number of major changes have taken place to the burble.dn42 network.
These include:

Configuring Jool to provide IPv4 to IPv6 SIIT for the new 172.20.129.0/27 prefix
The aim is for all internal services of the burble.dn42 network to be provided by IPv6, with SIIT taking place at the network edge for external IPv4 users.
Configuring Jool to provide a NAT64 service
So that internal, IPv6 only, services can access external IPv4 networks
Adding a new VXLAN to the WAN overlay
The new VXLAN segregates DN42 traffic from the internal traffic and enables a separate DN42 routing domain. As a side effect, this change also fixes the problem where internal IP addresses were being leaked and causing confusing traceroutes for DN42 users.

Over time, internal IPv4 services will be removed

12th April 2019

New prefix 172.20.129.0/27 registered to provide space for more nodes and additional services.

172.20.129.0/27 will be used as anycast addresses for services. 172.20.129.160/27 will be used for burble.dn42 nodes

Added new peers:

AS4242421063 / ZIIS at dn42-uk-lon1
AS4242421475 / SIRMYSTERION at dn42-us-chi2

7th April 2019

Added an old node in to the DN42 network, dn42-sg-sin2. RPKI and DNS services have been moved to the node from dn42-sg-sin2 which should improve diversification and stability.

3rd April 2019

Added new peers:

AS4242423974 / GIGGA at dn42-sg-sin3

31st March 2019

The DNS service has gone global, with every node in the burble.dn42 network now participating in the DNS Anycast service.
More details can be found on the DNS page.

26rd March 2019

Added new peers:

AS4242420568 / MARSHY at dn42-au-syd1
AS4242423853 / CHENYAO2333 at dn42-ca-bhs1
AS4242423328 / DEBOERDN2000 at dn42-ca-bhs1
AS4242423924 / EVILZONE at dn42-sg-sin3

11th March 2019

New node added dn42-de-fra1

9th March 2019

Added new peers:

AS4242420101 / HEXA at dn42-fr-rbx1
AS4242423783 / OZARK at dn42-au-syd1
AS4242420571 / CAICAI at dn42-vn-han1

A new instance of the registry explorer has been created that references the ‘object-fix’ branch of the DN42 registry. The main purpose of this is to support the new DNS system being developed.

http://grc.burble.dn42:8043/

A couple of the nodes on the network experienced some downtime over the week:

dn42-us-mia1 was down to 2 days and had to be rebuilt as my VPS provider’s storage array crashed.
dn42-us-dal3 was also down for a few hours, the provider accidently suspended the VPS due to a billing error on their side

7th March 2019

Added new peers

AS4242421955 / NOP at dn42-fr-rbx1
AS4242420161 / ZZZ at dn42-jp-tyo1

26th February 2019

Initialised GRC website

Added new peers

AS4242422626 / HANNIBAL at dn42-fr-rbx1
AS4242423156 / BUROA at dn42-us-chi2

21st February 2019

The Looking Glass has been udpated to use lgregmapper and data from dn42regsrv.

19th February 2019

New peer added:

AS4242423975 / FELIX at dn42-fr-rbx1

18th February 2019

The internal and public ROA service has been moved over to using dn42regsrv.
See the services page for more details.

New peer added:

AS4242423973 / TECHNOPOINT at dn42-sg-sin3

16th February 2019

New peers added:

AS4242420182 / JAN at dn42-uk-lon1
AS4242422042 / KLEEN at dn42-fr-rbx1
AS4242423201 / DDPO at dn42-uk-lon1

10th February 2019

Updated the services to include new stuff::

DNS
Registry REST API and Explorer
Global Route Collector

New peers added:

AS4242420191 / TCDUE at dn42-uk-lon1
AS4242422019 / HENOKV at dn42-fr-rbx1
AS64713 / MARTIN89 at dn42-fr-rbx1
AS4242423000 / RELROD at dn42-ca-bhs1
AS4242421656 / PHIIVO at dn42-us-lax2

26th January 2019

New service !

A burble.dn42 route collector has been added, together with some interesting stats showing reachability of DN42 from the burble.dn42 network.

A common, global route collector is in progress, see here

21st January 2019

New peer added:

AS4242423306 / TIMK at dn42-au-syd1

13th January 2019

bgpmap updated to add MNT and prefix info for ASes.

New peers added:

AS4242420415 / TYLER at dn42-us-lax2
AS4242423569 / DHE at dn42-us-dal3
AS4242423585 / JD52RU at dn42-fr-rbx1 and dn42-uk-lon1

12th January 2019

The Looking Glass now supports bgpmap again.
My bird-lg fixes are available on github.

New peer added:

AS4242421501 / ADAMYI at dn42-au-syd1

11th January 2019

Some layout fixes to the Looking Glass, including fixing whois lookups.

3rd January 2019

First new peers of 2019:

AS4242420505 / 42ISLIFE at dn42-ca-bhs1
AS4242421114 / GRGR at dn42-us-chi2
AS4242421050 / NAPSTERBATER at dn42-us-chi2

2nd January 2019

Consolidated number of anycast sessions.