Since the first confinement, I’ve been spending part of my free time developing my dn42 AS.
dn42 (decentralized network 42) could be defined as a smaller-scale reproduction of a network similar to the Internet. The main difference is that it is mainly built on VPN tunnels rather than physical links (cables or fibers between different locations/operators).
It therefore uses the (traditional) Internet to establish VPN tunnels. That’s why it’s called an overlay network.
The first step is to create a number of administrative objects:
- mntner ;
- person.
The second step is to request resources. Rather than requesting, it’s more a question of allocating resources that are still free.
For my part, I’ve requested :
- an ASN (4242422575) ;
- an ipv4 prefix (172.23.186.32/27) ;
- an ipv6 prefix (fd45:1b93:dddf::/48) ;
- a domain name (androw.dn42).
The final step is to create route objects to declare that your ASN has the right to advertise your prefixes. Indeed, on dn42, many networks implement ROAs to check that these elements exist. This prevents anyone else from announcing your prefixes.
These three steps are very well presented on the wiki: Getting-Started
Unlike the Internet, most people here use ipv6. There are even a number of networks that only support ipv6.
Once our objects have been created/assigned, we need to start using them. To do this, you’ll need a router that knows how to speak BGP: either a hardware router (Cisco, etc…) or a simple server that could play this role. BGP is the protocol used on dn42 (and on the Internet) to exchange routes between AS.
For my part, my first router was an OVH cloud server (which unfortunately perished in the Strasbourg fire). I decided to install bird2 to talk to my peers.
The wiki shows a simple configuration that works without a hitch: Bird2. It also presents the configuration to be used for certain routers or other BGP daemons.
Once all this has been configured, you need to find your first peers, i.e. your first neighbor with whom you’re going to exchange routes and therefore traffic. To do this, go to the peerfinder: https://dn42.us/peers/
Based on your public ipv4/ipv6 address, this tool will send you a list of routers that have a low ping with your server, and with whom it is then more optimal to peer. It also indicates the way to contact this peer, usually an IRC nickname or a site with the necessary information.
For my part, I’ve decided to opt solely for peering through Wireguard tunnels, for simplicity’s sake. Here again, the wiki is a great help: wireguard
You then need to provide all the information to your peer. You can find an example of the necessary information on ./net/.
The Networksettings page provides information on the options that need to be enabled for everything to work properly. It is also necessary to adapt iptables rules so that packets can be transferred between the various interfaces relating to dn42.