UsmanNet 2022 - An Overview of my Network

Logical Overview

Network Infrastructure Breakdown:

• My network mainly consists of two Ubiquiti EdgeRouter Xs, two Cisco Catalyst switches, and cloud VPSs.

• WireGuard is used as the VPN tunneling protocol, to connect sites and VPS Instances.

• DN42 BGP: I’m a member of the DN42 BGP project.

  • fr-lil1, uk-lon1, us-west1 act as the eBGP edge routers, peering peering with various providers, and allowing access the to the DN42 private network.
  • iBGP between fr-lil1, uk-lon1 & us-west1 (exchanging only external DN42 BGP routes).
  • Prefixes from eBGP peers are filtered using RPKI-ROA (docker), such that invalid prefixed are removed. See my other post for more info.

• OSPF:

  • OSPF area 0 between erx.usman & fr-lil1 (advertising only internal routes).
  • fr-lil1 is the OSPF ABR.
  • OSPF area 1 between fr-lil1, uk-lon1 & us-west1.
  • Using MultiArea OSPF, so that a full DN42 BGP route table isn’t redistributed into OSPF.
  • 172.20.0.0/14 is summarised into area 0, at the OSPF ABR (fr-lil1).

• Source NAT on erx.usman such that traffic destined for DN42 services (172.20.0.0/14), is translated into a DN42 IP (from my range).

• Authoritative DNS records (for the .lan TLD) are running on pi.usman.lan & plex.usman.lan, as Unbound Docker Containers.

• Partly deployed using Drone CI/CD and my own Python Configuration Management Framework.

• See github.com/usman-u/network-automation and github.com/usman-u/usmannet for more info.

LibreNMS Weathermap

Click here to see a live version of the weathermap.

More Info:

My Home LAN

• Ubiquiti Edgerouter X - erx.usman.lan

  • WireGuard VPNs to and dn42-vps.lan.
  • OSPF area 1 neighbors with and dn42-vps.lan.
  • Source NAT on VPN interfaces, such that any outbound traffic destined for DN42, is NATed to a DN42 IP.
  • Router-On-A-Stick VLANs - with a VLAN trunk down to the Cisco 2960G.

• Cisco 2960G - usman-cisco.lan

  • Basic Layer 2 switching to normal end user hosts.

• Raspberry Pi 4 8GB - pi.usman.lan

  • Some of the Docker Applications I host:
    • BIND9 DNS Server DNS A and PTR records, for the .usman.network. domain.
    • Plex Media Server
    • Radarr, Sonarr, Jackett, qBittorrent.
    • Syncthing.
    • NGINX Proxy Manager - routes a few of the mentioned services through Cloudfare’s WAF, for DDOS mitigation and public IP obfuscation.

• WD 8TB NAS - nas.usman.lan

  • SMB Shares.
  • Plex Media Server

My DN42 Nodes

• My DN42 nodes are hosted on cloud infrastructure.
• See my DN42 peering page for more info.