Peering with burble.dn42

This page provides the information to get started on peering with the burble.dn42 network.
burble.dn42 is a set of global POPs integrated to the dn42 network, and new peering requests are welcome. A description of the network is available in the about page.

burble.dn42 is a large network and there are some restrictions in place to protect both this network and the rest of the DN42 network.
Please ensure you read the information below before requesting to peer.

Peering Requests

Please mail [email protected] if you'd like to peer with me.

Peering Requirements

To peer with burble.dn42, you must meet the following requirements:

  • You must have at least two peerings already established with other DN42 networks

    Sorry, but burble.dn42 is not open to new starters. If you are a new starter in DN42 please use the peerfinder or ask on IRC; there are lots of other networks who will be happy to peer with you, and some even offer automatic peering.
    This is a tough restriction, but one that is in place to promote network diversity.

  • You must support IPv6
  • You must implement ROA checks

  • Contact information in the registry must always be up to date and admins must repond when contacted

    Contacts must also be reachable in case of problems. In addition, the network is ever evolving and failure to respond to change notices may result in your peering being suspended.

At a minimum, I'll need to know the following in order to establish a peering:

  • The burble.dn42 node you would like to peer with
  • Your ASN
  • The public address of your host
  • The tunnel parameters, e.g.
    • Port number, if using wireguard or OpenVPN
    • Public key for wireguard
    • Any special config you need that is different to my defaults
  • IP addresses of your end of the tunnel
    • Typically these will be a single IPv4/32 and IPv6/128 from your DN42 allocation

All peerings will be configured as a full transit session.

Residential ISPs and Dynamic IP addresses

A 24/7 connection, with static IP addresses are the norm for DN42. If you are connecting from a residential ISP or otherwise have a dynamic IP please let me know so that I can configure my side appropriately. If you don't do tell me, the peering will stop working when your IP address changes.

Supported Tunnel Types

I prefer to use wireguard, it's simple to set up and just works. I also support OpenVPN tunnels.

  • Wireguard

    I use a random port number and unique key for each Wireguard peer, so mail me to confirm the port number and public key.
    Endpoint names and IP addresses are detailed below.

    My wireguard AllowedIPs are:

    AllowedIPs=fe80::/64
    AllowedIPs=fd00::/8
    AllowedIPs=0.0.0.0/0

    Note that wg-quick does not support adding a peer address. If you want to use wg-quick you will need to delete and re-add the wireguard interface IP address and configure it as a point to point address or you will run in to next-hop problems when using BGP. See the DN42 Wiki on how to use iproute2 to configure a point to point address.

  • OpenVPN

    By default I will configure the following OpenVPN parameters, with a random OpenVPN port number and shared key.

    comp-lzo
    cipher aes-256-cbc
    auth sha256

Allowed Traffic

Only the network ranges will be forwarded through the DN42 network, all other traffic will be dropped.

IPv4

172.16.0.0/12
10.0.0.0/8

IPv6

fd00::/8

BGP peer addresses are more permissive to allow for link local or non-DN42 IP addresses within the tunnel, but these will not be forwarded through the DN42 network.

Flow Control and BGP Rate Limiting

A typical BGP session in DN42 will use a trivial amount of traffic. However, for large networks like burble.dn42 some transient events, such as BGP flapping, can generate multi MB/sec traffic flows that damange the network and create instability across DN42.

To protect the network from misconfigurations and prevent excessive updates from being propagated to the rest of DN42, the burble.dn42 network implements rate limiting on direct BGP sessions. The rate limiting activates when a large amount of BGP traffic is seen (typically 10's or 100's of thousands of updates a second) over a sustained period and will typically reset automatically within an hour.

There are no other controls applied to transit or non-BGP traffic.

BGP Configuration

Network Name BURBLE
BURBLE-MNT [email protected]
ASN AS4242422601

 

The burble.dn42 network uses a custom build of bird 2, and the following features are supported:

The source code for the custom bird used on the network is available on git.burble.dn42

Route Filtering

The network applies strict Route Origin Authorisation (ROA) filtering to all received and exported routes. This means any advertised route that does not have a corresponding route{,6} object in the DN42 registry will be dropped.

ROA is implemented with updates through RPKI, using dn42regsrv and gortr.

The DN42 ROA data is provided as a public service, see the Services page.

Generic Allowed Prefixes:

IPv4

172.20.0.0/14+
10.0.0.0/8+

IPv6

fd00::/8{44,64}

Peering with Multiple Nodes

Users are welcome to peer with more than one node in the burble.dn42 network to provide additional redundancy and route choice. It's highly recommended to peer with multiple users DN42 users though, it's lots of fun and you should never rely on just one user for your connectivity.

Testing

Within the tunnel, hosts respond to ping and traceroute, but also have the echo (port 7) and daytime (port 13) services enabled. These can be used to check the tunnel is up and configured correctly.

$ ping fe80::42:2601:32:1%wg0
PING fe80::42:2601:32:1%wg0(fe80::42:2601:32:1%wg0) 56 data bytes
64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=1 ttl=64 time=4.44 ms
64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=2 ttl=64 time=4.52 ms
64 bytes from fe80::42:2601:32:1%wg0: icmp_seq=3 ttl=64 time=4.96 ms
^C
--- fe80::42:2601:32:1%wg0 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 4.445/4.643/4.961/0.233 ms
$ netcat fe80::42:2601:32:1%wg0 13
Sun Sep 23 09:57:26 2018
^C
$

Once peering is established I have a BGP looking glass here (public internet link) and global route collector which can be used to check routing. The looking glass is a key resource for you to use when understanding how your routes are propogating around the DN42 network.

Automated reachability and latency testing

pingable.burble.dn42 (172.20.129.5 / fd42:4242:2601:ac05::1) is a dedicated address that responds to ping and traceroute and may be used for automated reachability or link quality testing.

Please be considerate when configuring automated tests and set a reasonable test frequency. In all cases, the frequency must not be more than once a second. Please consider this if your router automatically pings its tunnel endpoint for stats purposes.


Network Information

The burble.dn42 is fully meshed between nodes using wireguard tunnels.

IPv4 Prefix (Services) 172.20.129.0/27
IPv4 Prefix (Nodes) 172.20.129.160/27
IPv6 Prefix fd42:4242:2601::/48

Europe

dn42-fr-rbx1

Location OVH, Roubaix, France
Public Hostname dn42-fr-rbx1.burble.com
Public IPv4 Address 37.59.47.71
Public IPv6 Address 2001:41d0:8:6a47::1
Tunnel IPv4 Peer Address 172.20.129.188/32
Tunnel IPv6 Link Local fe80::42:2601:36:1/64
Tunnel IPv6 ULA fd42:4242:2601:36::1/128

dn42-fr-sbg1

Location OVH, Strasbourg, France
Public Hostname dn42-fr-sbg1.burble.com
Public IPv4 Address 37.187.174.185
Public IPv6 Address 2001:41d0:d:db9::1
Tunnel IPv4 Peer Address 172.20.129.179/32
Tunnel IPv6 Link Local fe80::42:2601:23:1/64
Tunnel IPv6 ULA fd42:4242:2601:23::1/128

dn42-uk-lon1

Location Inception Hosting, London, UK
Public Hostname dn42-uk-lon1.burble.com
Public IPv4 Address 185.121.25.242
Public IPv6 Address 2a04:92c7:e:bd2::e6b9
Tunnel IPv4 Peer Address 172.20.129.187/32
Tunnel IPv6 Link Local fe80::42:2601:35:1/64
Tunnel IPv6 ULA fd42:4242:2601:35::1/128

dn42-de-fra1

Location PHP Friends, Frankfurt, Germany
Public Hostname dn42-de-fra1.burble.com
Public IPv4 Address 176.96.138.245
Public IPv6 Address 2a0d:5940:1:c3::b35c
Tunnel IPv4 Peer Address 172.20.129.169/32
Tunnel IPv6 Link Local fe80::42:2601:31:1/64
Tunnel IPv6 ULA fd42:4242:2601:31::1/128

dn42-lt-vil1

Location Time4VPS, Vilnius, Lithuania
Public Hostname dn42-lt-vil1.burble.com
Public IPv4 Address 195.181.241.93
Public IPv6 Address 2a02:7b40:c3b5:f15d::1
Tunnel IPv4 Peer Address 172.20.129.189/32
Tunnel IPv6 Link Local fe80::42:2601:3d:1/64
Tunnel IPv6 ULA fd42:4242:2601:3d::1/128

dn42-ch-zur1

Location HostHatch, Zurich, Switzerland
Public Hostname dn42-ch-zur1.burble.com
Public IPv4 Address 45.91.92.111
Public IPv6 Address 2a0e:dc0:6:8::1
Tunnel IPv4 Peer Address 172.20.129.174/32
Tunnel IPv6 Link Local fe80::42:2601:28:1/64
Tunnel IPv6 ULA fd42:4242:2601:28::1/128

North America

dn42-ca-bhs2

Location OVH, Beauharnois, Canada
Public Hostname dn42-ca-bhs2.burble.com
Public IPv4 Address 158.69.248.26
Public IPv6 Address 2607:5300:120:81a::1
Tunnel IPv4 Peer Address 172.20.129.167/32
Tunnel IPv6 Link Local fe80::42:2601:2d:1/64
Tunnel IPv6 ULA fd42:4242:2601:2d::1/128

dn42-us-chi1

Location HostHatch, Chicago, United States
Public Hostname dn42-us-chi1.burble.com
Public IPv4 Address 193.29.63.150
Public IPv6 Address 2605:4840:3:10::ab2d
Tunnel IPv4 Peer Address 172.20.129.166/32
Tunnel IPv6 Link Local fe80::42:2601:2e:1/64
Tunnel IPv6 ULA fd42:4242:2601:2e::1/128

dn42-us-mia2

Location StockServers, Miami, United States
Public Hostname dn42-us-mia2.burble.com
Public IPv4 Address 216.126.233.109
Public IPv6 Address 2a09:be40:2908:bc43::1
Tunnel IPv4 Peer Address 172.20.129.164/32
Tunnel IPv6 Link Local fe80::42:2601:3f:1/64
Tunnel IPv6 ULA fd42:4242:2601:3f::1/128

dn42-us-nyc1

Location HostHatch, New York, United States
Public Hostname dn42-us-nyc1.burble.com
Public IPv4 Address 185.213.26.143
Public IPv6 Address 2a0d:5600:33:b::1
Tunnel IPv4 Peer Address 172.20.129.168/32
Tunnel IPv6 Link Local fe80::42:2601:34:1/64
Tunnel IPv6 ULA fd42:4242:2601:34::1/128

dn42-us-dal3

Location drserver, Dallas, United States
Public Hostname dn42-us-dal3.burble.com
Public IPv4 Address 144.172.126.201
Public IPv6 Address 2602:fe64:8::4
Tunnel IPv4 Peer Address 172.20.129.172/32
Tunnel IPv6 Link Local fe80::42:2601:2a:1/64
Tunnel IPv6 ULA fd42:4242:2601:2a::1/128

dn42-us-lax1

Location LetBox, Los Angeles, United States
Public Hostname dn42-us-lax1.burble.com
Public IPv4 Address 185.215.224.214
Public IPv6 Address 2a0b:ae40:1:4a0a::5a
Tunnel IPv4 Peer Address 172.20.129.165/32
Tunnel IPv6 Link Local fe80::42:2601:3a:1/64
Tunnel IPv6 ULA fd42:4242:2601:3a::1/128

dn42-us-sea2

Location Virmach, Seattle, United States
Public Hostname dn42-us-sea2.burble.com
Public IPv4 Address 96.8.121.205
Public IPv6 Address IPv4 Only
Tunnel IPv4 Peer Address 172.20.129.170/32
Tunnel IPv6 Link Local fe80::42:2601:2c:1/64
Tunnel IPv6 ULA fd42:4242:2601:2c::1/128

Asia and Oceania

dn42-sg-sin1

Location ITLDC, Singapore
Public Hostname dn42-sg-sin1.burble.com
Public IPv4 Address 5.34.177.110
Public IPv6 Address 2a05:9401:0:acdc::210
Tunnel IPv4 Peer Address 172.20.129.177/32
Tunnel IPv6 Link Local fe80::42:2601:25:1/64
Tunnel IPv6 ULA fd42:4242:2601:25::1/128

dn42-sg-sin2

Location OVH, Singapore
Public Hostname dn42-sg-sin2.burble.com
Public IPv4 Address 139.99.89.157
Public IPv6 Address 2402:1f00:8000:800::3bc
Tunnel IPv4 Peer Address 172.20.129.181/32
Tunnel IPv6 Link Local fe80::42:2601:37:1/64
Tunnel IPv6 ULA fd42:4242:2601:37::1/128

dn42-au-syd1

Location OVH, Sydney, Australia
Public Hostname dn42-au-syd1.burble.com
Public IPv4 Address 139.99.237.85
Public IPv6 Address 2402:1f00:8100:400::279
Tunnel IPv4 Peer Address 172.20.129.180/32
Tunnel IPv6 Link Local fe80::42:2601:38:1/64
Tunnel IPv6 ULA fd42:4242:2601:38::1/128

dn42-jp-tyo1

Location GreenCloudVPS, Tokyo, Japan
Public Hostname dn42-jp-tyo1.burble.com
Public IPv4 Address 172.93.221.101
Public IPv6 Address 2403:71c0:2000::d:8b97
Tunnel IPv4 Peer Address 172.20.129.182/32
Tunnel IPv6 Link Local fe80::42:2601:3e:1/64
Tunnel IPv6 ULA fd42:4242:2601:3e::1/128