dn42 peering
I will peer with any other network with a point of presence in the same city area as one of mine. Additionally, I may accept fake "customers" from anywhere. That hasn't happened yet.
| Location | Hosting provider | Notes |
|---|---|---|
| Helsinki | Hetzner | Other Hetzner Europe locations may also be accepted, due to unlimited internal traffic |
| Stockholm | Hosthatch | I have two redundant nodes with roughly equal network performance |
| Zurich | Hosthatch | |
| Nuremberg/Nürnberg | Netcup | |
| Chicago | Hosthatch | I have two nodes here but they are not a redundant pair. Only one is used for peering. |
| London | OVH | |
| Montreal | OVH | |
| Sydney | OVH |
A link from Helsinki to a peering partner in Frankfurt is currently grandfathered in.
Requirements for connecting (general)
For general information, see the Getting Started page on the dn42 wiki. To summarize: step one is to establish some kind of virtual connection (a tunnel) and step two is to link our networks through the new connection, as if we first plugged in a cable from one to the other at a common data center, and then configured each of our routers to utilize the new link.Requirements marked "SHOULD" are negotiable or recommended. "MUST" requirements are not negotiable. "MAY" are completely optional.
To establish a tunnel:
- Wireguard tunnels are standard. Other types (such as IPsec, OpenVPN, tinc) are probably available upon special request. You should find me on IRC for this.
- For Wireguard: you SHOULD support PresharedKey. It's the same on both sides, so whoever contacts the other first generates it. (It doesn't have to be kept super secret, because private and public keys are still used for security when PresharedKey is set.)
- You SHOULD have IPv6.
- You SHOULD have a static address.
- We MUST exchange IP address and port (unless your end is a dynamic IP), PublicKey, and agree on PresharedKey.
- You MUST support BGP over IPv6. Link-local or anycast IPv4 may be an option in the future, only if you are using something exotic that requires it. A tunnel set up with IPv4 can still carry IPv6 traffic inside, so this usually isn't an issue.
- You SHOULD support link-local IPv6 addresses for BGP.
- You SHOULD support multiprotocol BGP and extended next hop - otherwise the connection will only support IPv6. (Anycast IPv4 next hop may be an option in the future, only if you are using something exotic that requires it)
- You MUST tell me your AS number and have some way to verify it (a message signed according to the registry, or receiving emails at your registered contact address).
- You MUST tell me your router's address for BGP. This isn't the same as the real-internet address that creates the tunnel.
- My AS number is 4242421855. My BGP address is fe80::1855 on most tunnels.
- This is a toy network. All "services" are "provided" non-commercially and without any liability or guarantee.
- If you expect to transfer a large amount of traffic (1000 GB/month or more) inform me when making the connection. This would be unusual for a toy network though.
- I MUST have some idea who you are - if you're not registered in the dn42 registry (why wouldn't you be?), then you have your own internet domain or you're active on IRC or you're a member of a hackerspace or something.
- Find me as "immibis" on IRC (hackint, libera, OFTC or esper) or email dn42 at this website address (no www).
Requirements for connecting as a peer
- You MUST have a router in any city listed above OR any other European location of Hetzner (due to the exception). Other exceptions are unlikely to be granted. This isn't for any technical reason but just seems more fun that way.
- We MUST establish a tunnel and BGP connection, following the general requirements.
- You SHOULD have ROA filtering. Note that it is considered mandatory on many other networks. I have it enabled and will reject unregistered routes from you.
- Multicast or other interesting features such as MPLS may be supported in the future. Let me know if interested.
- (For Linux) make sure you have IP forwarding enabled and rp_filter disabled, but you already knew that or your network wouldn't work.
Requirements for connecting as a "customer"
- There is no location limitation.
- We MUST establish a tunnel connection, following the general requirements.
- If you don't have your own ASN, you MAY anyway choose to establish a BGP connection to receive routing information, using a private ASN number outside the dn42 range.
- IPv6: Bring your own range from the dn42 registry or get a sub-allocation from me (/64 by default, up to /61 without justification)
- IPv4: a small number of "public" IPv4 addresses are available - otherwise bring your own from the registry, or use CGNAT