baee9af8e108d0da8b31a0975390870315232342
howto/Getting-Started.md
... | ... | @@ -22,7 +22,7 @@ You must create several objects in the DN42 registry: <https://git.dn42.dev/dn42 |
22 | 22 | |
23 | 23 | The registry is a git repository, objects are created by creating a branch in the main repository, making your changes and then submitting a pull request for review. There are detailed instructions in the registry [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) how to do this. See also the the generic git documentation [git documentation](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) and guides on [github](https://help.github.com/en/github/using-git) for how to use git to work with remote repositories. |
24 | 24 | |
25 | -When submitting your pull request, please squash your commits, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this. |
|
25 | +When submitting your pull request, you must squash multiple changes to a single commit, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this. |
|
26 | 26 | |
27 | 27 | Remember to add authentication to your `mntner` object, and [sign your commit](/howto/Registry-Authentication) |
28 | 28 | |
... | ... | @@ -31,12 +31,13 @@ The registry includes a number of scripts to help check your request: |
31 | 31 | - `fmt-my-stuff <FOO>-MNT`: automatically fixes minor formatting errors |
32 | 32 | - `check-my-stuff <FOO>-MNT`: validates your objects against the registry schema |
33 | 33 | - `check-pol origin/master <FOO>-MNT`: checks for policy violations |
34 | + - `squash-my-commits`: automatically update and squash your local commits |
|
34 | 35 | |
35 | -The registry maintainers run all three scripts against each request, so please run these yourself first to check for simple errors. |
|
36 | +The registry maintainers run the checking scripts against each request, so please run these yourself first to check for simple errors. |
|
36 | 37 | |
37 | 38 | Do browse through the registry and look at the [pull request queue](https://git.dn42.dev/dn42/registry/pulls) to see examples, understand how the process works and see the types of questions asked by the registry maintainers. |
38 | 39 | |
39 | -*Whilst it is possible to use the web interface to edit files, you are encouraged to clone your repo locally and use the command line git tools. It's easy to do and learning how to use git is a skill worth knowing. Using the web interface creates a large number of commits and prevents you from checking your changes with the registry scripts* |
|
40 | +*You should not use the gitea web interface to edit files, doing so would create a large number of commits and prevents running of the registry scripts* |
|
40 | 41 | |
41 | 42 | --- |
42 | 43 | |
... | ... | @@ -83,6 +84,11 @@ Create a `person` object in `data/person/` for **yourself** (not your organisat |
83 | 84 | - you may wish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on. |
84 | 85 | - don't forget to set `mnt-by` to `<FOO>-MNT`. |
85 | 86 | |
87 | +**Data Privacy** |
|
88 | + |
|
89 | +Contact attributes are optional but DN42 is a dynamic network and being able to contact users is really important if there are changes or problems. However, please also be aware that the DN42 registry is a public resource and you must assume that any details provided will be made public and cannot be fully removed. If this is a concern for you, please do not provide bogus contact details; simply provide anonymous details that are specific for use within DN42 or leave them out entirely. |
|
90 | + |
|
91 | + |
|
86 | 92 | Example: data/person/FOO-DN42 |
87 | 93 | ``` |
88 | 94 | person: John Doe |
... | ... | @@ -116,7 +122,7 @@ mnt-by: FOO-MNT |
116 | 122 | source: DN42 |
117 | 123 | ``` |
118 | 124 | |
119 | -### Guidelines for future objects |
|
125 | +### Guidelines for resource objects |
|
120 | 126 | |
121 | 127 | From now on, you should use: |
122 | 128 | |
... | ... | @@ -128,7 +134,7 @@ This applies to AS numbers, network prefixes, routes, DNS records... |
128 | 134 | |
129 | 135 | ### Register an AS number |
130 | 136 | |
131 | -To register an AS number, simply create an `aut-num` object in `data/aut-num/`. |
|
137 | +To register an AS number, create an `aut-num` object in `data/aut-num/`. |
|
132 | 138 | `as-name` should be a name for your AS. |
133 | 139 | |
134 | 140 | Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-block objects](https://git.dn42.dev/dn42/registry/src/master/data/as-block) in the registry. |
... | ... | @@ -137,7 +143,9 @@ Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-bloc |
137 | 143 | |
138 | 144 | For a list of currently assigned AS numbers browse the registry data/aut-num/ directory or [online](https://explorer.burble.com/#/aut-num/). |
139 | 145 | |
140 | -If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/). |
|
146 | +If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). |
|
147 | + |
|
148 | +Internet ASNs may be used, but you must take care to clearly separate Internet and DN42 routes and prevent routes leaking between the networks. For Internet ASNs, the `source` attribute must be the originating registry and you will be required to prove you are the owner of the ASN. |
|
141 | 149 | |
142 | 150 | If unsure, ask on the mailing list or IRC. |
143 | 151 |
howto/vyos.md
... | ... | @@ -149,4 +149,68 @@ This example allows all routes in unless they are marked invalid or in other wor |
149 | 149 | ``` |
150 | 150 | set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map import DN42-ROA |
151 | 151 | set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA |
152 | -``` |
|
... | ... | \ No newline at end of file |
0 | +``` |
|
1 | + |
|
2 | +## Example Route Map |
|
3 | +### No RPKI/ROA and Internal Network Falls Into DN42 Range |
|
4 | +``` |
|
5 | +##Build prefix list to match personal internal network |
|
6 | +set policy prefix-list BlockIPConflicts description 'Prevent Conflicting Routes' |
|
7 | +set policy prefix-list BlockIPConflicts rule 10 action 'permit' |
|
8 | +set policy prefix-list BlockIPConflicts rule 10 description 'Internal IP Space' |
|
9 | +set policy prefix-list BlockIPConflicts rule 10 le '32' |
|
10 | +set policy prefix-list BlockIPConflicts rule 10 prefix '10.10.0.0/16' |
|
11 | + |
|
12 | + |
|
13 | +##Build prefix list to match personal internal network |
|
14 | +set policy prefix-list6 BlockIPConflicts-v6 description 'Prevent Conflicting Routes' |
|
15 | +set policy prefix-list6 BlockIPConflicts-v6 rule 10 action 'permit' |
|
16 | +set policy prefix-list6 BlockIPConflicts-v6 rule 10 description 'Internal IP Space' |
|
17 | +set policy prefix-list6 BlockIPConflicts-v6 rule 10 le '128' |
|
18 | +set policy prefix-list6 BlockIPConflicts-v6 rule 10 prefix 'fd42:4242:1111::/48' |
|
19 | + |
|
20 | + |
|
21 | + |
|
22 | +##Build prefix list to match DN42's IPv4 network |
|
23 | +set policy prefix-list DN42-Network rule 10 action 'permit' |
|
24 | +set policy prefix-list DN42-Network rule 10 le '32' |
|
25 | +set policy prefix-list DN42-Network rule 10 prefix '172.20.0.0/14' |
|
26 | +set policy prefix-list DN42-Network rule 20 action 'permit' |
|
27 | +set policy prefix-list DN42-Network rule 20 le '32' |
|
28 | +set policy prefix-list DN42-Network rule 20 prefix '10.0.0.0/8' |
|
29 | + |
|
30 | + |
|
31 | +##Build prefix list to match DN42's IPv6 network |
|
32 | +set policy prefix-list6 DN42-Network-v6 rule 10 action 'permit' |
|
33 | +set policy prefix-list6 DN42-Network-v6 rule 10 le '128' |
|
34 | +set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8' |
|
35 | + |
|
36 | + |
|
37 | + |
|
38 | + |
|
39 | +##Block prefixes within internal network range, then allow everything else within DN42, then block everything else. |
|
40 | +set policy route-map Default-Peering rule 10 action 'deny' |
|
41 | +set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts' |
|
42 | +set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts' |
|
43 | +set policy route-map Default-Peering rule 11 action 'deny' |
|
44 | +set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts' |
|
45 | +set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6' |
|
46 | +set policy route-map Default-Peering rule 20 action 'permit' |
|
47 | +set policy route-map Default-Peering rule 20 description 'Allow DN42-Network' |
|
48 | +set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network' |
|
49 | +set policy route-map Default-Peering rule 21 action 'permit' |
|
50 | +set policy route-map Default-Peering rule 21 description 'Allow DN42-Network' |
|
51 | +set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6' |
|
52 | +set policy route-map Default-Peering rule 99 action 'deny' |
|
53 | + |
|
54 | + |
|
55 | +##Apply the route-map on import/export |
|
56 | + |
|
57 | +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering' |
|
58 | +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering' |
|
59 | +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering' |
|
60 | +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering' |
|
61 | +``` |
|
62 | + |
|
63 | + |
|
64 | +This page is a work-in-progress by Owens Research. If you have any suggestions or questions please reach out. |
|
... | ... | \ No newline at end of file |
internal/Internal-Services.md
... | ... | @@ -149,6 +149,7 @@ Repository Mirrors are listed on another page: [Repository Mirrors](/services/Re |
149 | 149 | | mc.jerry.dn42 | Minecraft | spigot 1.16.1 | |
150 | 150 | | ttd.jerry.dn42 / ttd.jerry.neo | OpenTTD | latest version | |
151 | 151 | | stk.jerry.dn42:2759 / stk.jerry.neo:2759 | SuperTuxKart | latest version, ipv4 only | |
152 | +| ns1.deltaman.dn42 (172.22.134.131, fd1b:7f7d:dd55:4600:219:ff:fe00:fafe) | OpenTTD | 1.10.3, Hosted in NL | |
|
152 | 153 | |
153 | 154 | ## Shell |
154 | 155 | |
... | ... | @@ -173,7 +174,6 @@ Providers of shell access: |
173 | 174 | | https://git.dn42[.us]/pubkeys/[username] | Get ssh public keys from Git Users of git.dn42. | |
174 | 175 | | http://wiki.dn42, http://internal.dn42, [dn42.i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) (i2p), jsptropkiix3ki5u.onion | This wiki! Web Hosted by [xuu](https://xuu.dn42). Git Repo hosted on git.dn42 | |
175 | 176 | | http://jack.pyropeter.eu/dn42/routecount/ | Statistics about the number of v4/v6 routes seen by AS76115 (Since Aug. 2014) | |
176 | -| https://git.zotan.dn42 | Git Repository Hosting, open signup (Powered by gitea)| |
|
177 | 177 | |
178 | 178 | ### Usenet Servers / News |
179 | 179 | There are some News Servers available [here](/services/News) |
services/Looking-Glasses.md
... | ... | @@ -38,6 +38,7 @@ Please sort by AS number. |
38 | 38 | | 4242422341 | ext: https://lg.dn42.zotan.network <br> dn42: https://lg.zotan.dn42 | UP | |
39 | 39 | | 4242422428 | ext: https://lg.0l.de <br> IPv4 and IPv6 | UP | |
40 | 40 | | 4242423078 | ext: https://lg.hexanet.dev <br> dn42: http://lg.hex.dn42 <br> Interactive (traceroute, BGP-map) <br> IPv6 only | UP | |
41 | +| 4242421224 | dn42: http://lg.bit.dn42 | UP | |
|
41 | 42 | |
42 | 43 | |
43 | 44 | ## Down |