UsmanNet 2022 - An Overview of my Network
Logical Overview Network Infrastructure Breakdown: My network mainly consists of two Ubiquiti EdgeRouter Xs, two Cisco Catalyst switches, and cloud VPSs. WireGuard is used as the VPN tunneling protocol, to connect sites and VPS Instances. DN42 BGP: I’m a member of the DN42 BGP project. fr-lil1, uk-lon1, us-west1 act as the eBGP edge routers, peering peering with various providers, and allowing access the to the DN42 private network. iBGP between fr-lil1, uk-lon1 & us-west1 (exchanging only external DN42 BGP routes)....
DN42 Part 3: BGP ROA/RPKI Filtering using Docker
What is ROA/RPKI? Route Origin Authentication (ROA) - is a way to verify whether an IP prefix advertised, is actually owned by the Autonomous System (AS) that advertised it. Resource Public Key Infrastructure (RPKI) - is a protocol that facilitates the exchange of ROA and other related information between ASes. How does ROA/RPKI work? Essentially, there are central databases which contain a list of all ASes and the IP prefixes that they are allowed to advertise....
Hurricane Electric IPv6 Tunnel Broker On a Ubiquiti EdgeRouter
What is Tunnel Broker? Tunnel Broker (provided by Hurricane Electric) is a service that allows users to connect the IPv6 internet, over IPv4. How it works It essentially works by establishing a GRE tunnel to one of Hurricane Electric’s PoPs, via the IPv4 internet, and then running IPv6 ranges over it. Why Tunnel Broker? Accessibility I decided to setup Tunnel Broker, as my ISP doesn’t support IPv6. This would allow access to IPv6-only services on the internet....
DN42 Part 2: Conecting an AWS VPS to DN42, using iBGP and WireGuard.
I recently connected to the DN42 BGP mesh, a big network which employs WAN technologies to create an internet like mesh. Read my first most for more info on DN42. In this post, I’ll go over how I: Provisioned an AWS Linux VPS. Created a WireGuard Site2Site VPN Connection between my Ubiquiti EdgeRouter and VPS. Utilized the BIRD internet routing daemon to handle internal BGP routing over that VPN connection. The end goal was to have the AWS VPS be able to access the DN42 mesh (using iBGP) via my EdgeRouter, and then through the EdgeRouter’s 5 eBGP peerings (see diagram)....
DN42 Part 1: Connecting to the DN42 BGP Mesh
What is DN42? DN42 is a big network, which employs WAN technologies (BGP, whois database, DNS, etc) to create an internet like mesh. Members connect to each other using VPN tunnels (GRE, OpenVPN, WireGuard, IPsec) and exchange routes via BGP. DN42 currently has 410 nodes/users, advertising ~600 prefixes. realtime map Why DN42? DN42 allows you to experiment with mentioned internet technologies, without the logistical difficulties and high expenses of registering with real AS registries, on the live internet....
Wireguard VPN on a Ubiquiti EdgeRouter
What is Wireguard? WireGuard is an extremely simple yet fast and modern VPN that utilizes modern cryptography. It aims to be faster, simpler, leaner, and more useful than alternatives such as IPsec & OpenVPN. WireGuard’s codebase has only 4,000 lines of code, which is considerably less than OpenVPN’s, which has 600,000. WireGuard’s Performance WireGuard’s speed and elegance are the main reasons for its popularity, it is significantly faster than OpenVPN & IPsec - in terms of raw throughput, authentication speed and latency....