doing "real networking" on dn42

Posted by Wxcafé on Mon 29 January 2018

So if you’re interested in learning about internet-scale networking and experimenting with BGP and stuff on “real” networks, you have two basic options.

The first one, of course, is to register with a LIR to get an AS number, an IPv4 prefix, and an IPv6 prefix, then rent 1U in a DC nearby and put a server there, and then get a cross-connect to your local IXP to start peering with people.

The problem with this, obviously, is that it’s gonna cost you:

  • for the ASN and the IPv4/IPv6 prefixes
  • for the DC space
  • for the cross-connect
  • for the IXP port

so potentially, quite a lot of money, and quite a lot of time to get started too. The upside is that you’ll be a real organization on the real internet, and that you’ll contribute to the IPv4 shortage, which is pretty good (it’s also probably quite a good investment? I guess. Don’t register an AS just for that tho. Please).

The other one is to get multiple routers (or servers) and have them on a switch, and then build multiple networks with them using private addresses and ASN. This works fine as long as you’re just experimenting, but it’s a little limited, a lot more work (since you have to setup multiple ASNs and routers etc), and not as fun at all.

So both of these aren’t great to use. There must be a better solution, some way to run production networks with other network operators without spending a lot of money, some way to use real IP addresses and AS numbers without disrupting the existing net.

Well, rejoice, neighbor, because there is! And it’s really simple too, honestly. It’s… an overlay network! The concept is simple: instead of using real connections between the different networks, you use a VPN that acts functionally the same way, over the public internet. Then, you use IP addresses from an RFC1918 range, private ASNs, and private v6 addresses, and start doing BGP with other users of the overlay network. It has the advantage of costing next to nothing (you only need a VM to have it run) and actually working with other network operators. The only downside is that you’re not on the actual internet, which isn’t that much of a downside for experimenting with these kind of tech.

There are a few overlay networks, some of them connected with one another, some private, and you can even start one with your friends (it’s not that useful, but you can at least use it as an encrypted, hidden communications channel, I guess). But the one I use (and, consequently, the one I’m suggesting you should be using) is dn42.

My setup is very simple: I got a VPS from vultr, installed OpenBSD on it (you can upload ISOs to vultr to do your install manually), and from then installed all required tools to work on the system (vim, git, zsh, …) and a few VPN tools (OpenVPN, tinc, …). I went on the dn42 irc channel and said I was looking for peers, and started talking to the first person who answered, who also was looking for their first peer. I’m running OpenBGPd and they’re using Bird on Linux, so the process of getting our sessions (v4 and v6) up and running took a bit of time, and once it started working they leaked all their prefixes to me (which was swiftly corrected with filters and maxprefs 😁)

Anyway, I encourage you to try it if you’re interested in networks, come talk to me on mastodon or twitter (or IRC) if you want some more details, some info to get started, or to peer with me! My ASN is 4242421441, and you can find more info on there by clicking on the 🗺️ (map) icon

Hoping to peer with you soon!