howto/Getting-Started.md
... ...
@@ -22,7 +22,7 @@ You must create several objects in the DN42 registry: <https://git.dn42.dev/dn42
22 22
23 23
The registry is a git repository, objects are created by creating a branch in the main repository, making your changes and then submitting a pull request for review. There are detailed instructions in the registry [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) how to do this. See also the the generic git documentation [git documentation](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) and guides on [github](https://help.github.com/en/github/using-git) for how to use git to work with remote repositories.
24 24
25
-When submitting your pull request, please squash your commits, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this.
25
+When submitting your pull request, you must squash multiple changes to a single commit, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this.
26 26
27 27
Remember to add authentication to your `mntner` object, and [sign your commit](/howto/Registry-Authentication)
28 28
... ...
@@ -31,12 +31,13 @@ The registry includes a number of scripts to help check your request:
31 31
- `fmt-my-stuff <FOO>-MNT`: automatically fixes minor formatting errors
32 32
- `check-my-stuff <FOO>-MNT`: validates your objects against the registry schema
33 33
- `check-pol origin/master <FOO>-MNT`: checks for policy violations
34
+ - `squash-my-commits`: automatically update and squash your local commits
34 35
35
-The registry maintainers run all three scripts against each request, so please run these yourself first to check for simple errors.
36
+The registry maintainers run the checking scripts against each request, so please run these yourself first to check for simple errors.
36 37
37 38
Do browse through the registry and look at the [pull request queue](https://git.dn42.dev/dn42/registry/pulls) to see examples, understand how the process works and see the types of questions asked by the registry maintainers.
38 39
39
-*Whilst it is possible to use the web interface to edit files, you are encouraged to clone your repo locally and use the command line git tools. It's easy to do and learning how to use git is a skill worth knowing. Using the web interface creates a large number of commits and prevents you from checking your changes with the registry scripts*
40
+*You should not use the gitea web interface to edit files, doing so would create a large number of commits and prevents running of the registry scripts*
40 41
41 42
---
42 43
... ...
@@ -83,6 +84,11 @@ Create a `person` object in `data/person/` for **yourself** (not your organisat
83 84
- you may wish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on.
84 85
- don't forget to set `mnt-by` to `<FOO>-MNT`.
85 86
87
+**Data Privacy**
88
+
89
+Contact attributes are optional but DN42 is a dynamic network and being able to contact users is really important if there are changes or problems. However, please also be aware that the DN42 registry is a public resource and you must assume that any details provided will be made public and cannot be fully removed. If this is a concern for you, please do not provide bogus contact details; simply provide anonymous details that are specific for use within DN42 or leave them out entirely.
90
+
91
+
86 92
Example: data/person/FOO-DN42
87 93
```
88 94
person: John Doe
... ...
@@ -116,7 +122,7 @@ mnt-by: FOO-MNT
116 122
source: DN42
117 123
```
118 124
119
-### Guidelines for future objects
125
+### Guidelines for resource objects
120 126
121 127
From now on, you should use:
122 128
... ...
@@ -128,7 +134,7 @@ This applies to AS numbers, network prefixes, routes, DNS records...
128 134
129 135
### Register an AS number
130 136
131
-To register an AS number, simply create an `aut-num` object in `data/aut-num/`.
137
+To register an AS number, create an `aut-num` object in `data/aut-num/`.
132 138
`as-name` should be a name for your AS.
133 139
134 140
Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-block objects](https://git.dn42.dev/dn42/registry/src/master/data/as-block) in the registry.
... ...
@@ -137,7 +143,9 @@ Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-bloc
137 143
138 144
For a list of currently assigned AS numbers browse the registry data/aut-num/ directory or [online](https://explorer.burble.com/#/aut-num/).
139 145
140
-If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/).
146
+If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc).
147
+
148
+Internet ASNs may be used, but you must take care to clearly separate Internet and DN42 routes and prevent routes leaking between the networks. For Internet ASNs, the `source` attribute must be the originating registry and you will be required to prove you are the owner of the ASN.
141 149
142 150
If unsure, ask on the mailing list or IRC.
143 151
howto/vyos.md
... ...
@@ -149,4 +149,68 @@ This example allows all routes in unless they are marked invalid or in other wor
149 149
```
150 150
set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map import DN42-ROA
151 151
set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA
152
-```
... ...
\ No newline at end of file
0
+```
1
+
2
+## Example Route Map
3
+### No RPKI/ROA and Internal Network Falls Into DN42 Range
4
+```
5
+##Build prefix list to match personal internal network
6
+set policy prefix-list BlockIPConflicts description 'Prevent Conflicting Routes'
7
+set policy prefix-list BlockIPConflicts rule 10 action 'permit'
8
+set policy prefix-list BlockIPConflicts rule 10 description 'Internal IP Space'
9
+set policy prefix-list BlockIPConflicts rule 10 le '32'
10
+set policy prefix-list BlockIPConflicts rule 10 prefix '10.10.0.0/16'
11
+
12
+
13
+##Build prefix list to match personal internal network
14
+set policy prefix-list6 BlockIPConflicts-v6 description 'Prevent Conflicting Routes'
15
+set policy prefix-list6 BlockIPConflicts-v6 rule 10 action 'permit'
16
+set policy prefix-list6 BlockIPConflicts-v6 rule 10 description 'Internal IP Space'
17
+set policy prefix-list6 BlockIPConflicts-v6 rule 10 le '128'
18
+set policy prefix-list6 BlockIPConflicts-v6 rule 10 prefix 'fd42:4242:1111::/48'
19
+
20
+
21
+
22
+##Build prefix list to match DN42's IPv4 network
23
+set policy prefix-list DN42-Network rule 10 action 'permit'
24
+set policy prefix-list DN42-Network rule 10 le '32'
25
+set policy prefix-list DN42-Network rule 10 prefix '172.20.0.0/14'
26
+set policy prefix-list DN42-Network rule 20 action 'permit'
27
+set policy prefix-list DN42-Network rule 20 le '32'
28
+set policy prefix-list DN42-Network rule 20 prefix '10.0.0.0/8'
29
+
30
+
31
+##Build prefix list to match DN42's IPv6 network
32
+set policy prefix-list6 DN42-Network-v6 rule 10 action 'permit'
33
+set policy prefix-list6 DN42-Network-v6 rule 10 le '128'
34
+set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'
35
+
36
+
37
+
38
+
39
+##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.
40
+set policy route-map Default-Peering rule 10 action 'deny'
41
+set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'
42
+set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'
43
+set policy route-map Default-Peering rule 11 action 'deny'
44
+set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'
45
+set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'
46
+set policy route-map Default-Peering rule 20 action 'permit'
47
+set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'
48
+set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'
49
+set policy route-map Default-Peering rule 21 action 'permit'
50
+set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'
51
+set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'
52
+set policy route-map Default-Peering rule 99 action 'deny'
53
+
54
+
55
+##Apply the route-map on import/export
56
+
57
+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'
58
+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'
59
+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'
60
+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'
61
+```
62
+
63
+
64
+This page is a work-in-progress by Owens Research. If you have any suggestions or questions please reach out.
... ...
\ No newline at end of file
internal/Internal-Services.md
... ...
@@ -149,6 +149,7 @@ Repository Mirrors are listed on another page: [Repository Mirrors](/services/Re
149 149
| mc.jerry.dn42 | Minecraft | 1.16.1, IPv4 & IPv6 |
150 150
| ttd.jerry.dn42 | OpenTTD | latest, IPv4 & IPv6, NeoNetwork users please use ttd.jerry.neo |
151 151
| stk.jerry.dn42:2759 | SuperTuxKart | latest, IPv4 only, NeoNetwork users please use stk.jerry.neo |
152
+| ns1.deltaman.dn42 (172.22.134.131, fd1b:7f7d:dd55:4600:219:ff:fe00:fafe) | OpenTTD | 1.10.3, Hosted in NL |
152 153
153 154
## Shell
154 155
... ...
@@ -156,7 +157,8 @@ Providers of shell access:
156 157
157 158
| Person | Hostname | Net | Description | Contact |
158 159
|:------------- |:------------------------------------ |:---------------- |:----------- |:------------- |
159
-| mc36 | telnet test.nop.dn42 | dn42 only |looking glass| - |
160
+| mc36 | telnet test.nop.dn42 | dn42 only |looking glass| - |
161
+| JerryXiao | ssh [email protected] | dn42 and neonet |looking glass| - |
160 162
161 163
## Misc
162 164
... ...
@@ -172,7 +174,6 @@ Providers of shell access:
172 174
| https://git.dn42[.us]/pubkeys/[username] | Get ssh public keys from Git Users of git.dn42. |
173 175
| http://wiki.dn42, http://internal.dn42, [dn42.i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) (i2p), jsptropkiix3ki5u.onion | This wiki! Web Hosted by [xuu](https://xuu.dn42). Git Repo hosted on git.dn42 |
174 176
| http://jack.pyropeter.eu/dn42/routecount/ | Statistics about the number of v4/v6 routes seen by AS76115 (Since Aug. 2014) |
175
-| https://git.zotan.dn42 | Git Repository Hosting, open signup (Powered by gitea)|
176 177
177 178
### Usenet Servers / News
178 179
There are some News Servers available [here](/services/News)
services/Looking-Glasses.md
... ...
@@ -38,6 +38,7 @@ Please sort by AS number.
38 38
| 4242422341 | ext: https://lg.dn42.zotan.network <br> dn42: https://lg.zotan.dn42 | UP |
39 39
| 4242422428 | ext: https://lg.0l.de <br> IPv4 and IPv6 | UP |
40 40
| 4242423078 | ext: https://lg.hexanet.dev <br> dn42: http://lg.hex.dn42 <br> Interactive (traceroute, BGP-map) <br> IPv6 only | UP |
41
+| 4242421224 | dn42: http://lg.bit.dn42 | UP |
41 42
42 43
43 44
## Down