Changes in baee9af: merge

				howto/Getting-Started.md
			
          @@ -22,7 +22,7 @@ You must create several objects in the DN42 registry: <https://git.dn42.dev/dn42

           The registry is a git repository, objects are created by creating a branch in the main repository, making your changes and then submitting a pull request for review. There are detailed instructions in the registry [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) how to do this. See also the the generic git documentation [git documentation](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) and guides on [github](https://help.github.com/en/github/using-git) for how to use git to work with remote repositories.

          -When submitting your pull request, please squash your commits, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this. 

          +When submitting your pull request, you must squash multiple changes to a single commit, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this. 

           Remember to add authentication to your `mntner` object, and [sign your commit](/howto/Registry-Authentication)

          @@ -31,12 +31,13 @@ The registry includes a number of scripts to help check your request:

            - `fmt-my-stuff <FOO>-MNT`: automatically fixes minor formatting errors

            - `check-my-stuff <FOO>-MNT`: validates your objects against the registry schema

            - `check-pol origin/master <FOO>-MNT`: checks for policy violations

          + - `squash-my-commits`: automatically update and squash your local commits

          -The registry maintainers run all three scripts against each request, so please run these yourself first to check for simple errors. 

          +The registry maintainers run the checking scripts against each request, so please run these yourself first to check for simple errors. 

           Do browse through the registry and look at the [pull request queue](https://git.dn42.dev/dn42/registry/pulls) to see examples, understand how the process works and see the types of questions asked by the registry maintainers.

          -*Whilst it is possible to use the web interface to edit files, you are encouraged to clone your repo locally and use the command line git tools. It's easy to do and learning how to use git is a skill worth knowing. Using the web interface creates a large number of commits and prevents you from checking your changes with the registry scripts*

          +*You should not use the gitea web interface to edit files, doing so would create a large number of commits and prevents running of the registry scripts*

           ---

          @@ -83,6 +84,11 @@ Create a  `person` object in `data/person/` for **yourself** (not your organisat

           - you may wish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on.

           - don't forget to set `mnt-by` to `<FOO>-MNT`.

          +**Data Privacy**

          +

          +Contact attributes are optional but DN42 is a dynamic network and being able to contact users is really important if there are changes or problems. However, please also be aware that the DN42 registry is a public resource and you must assume that any details provided will be made public and cannot be fully removed. If this is a concern for you, please do not provide bogus contact details; simply provide anonymous details that are specific for use within DN42 or leave them out entirely.

          +

          +

           Example: data/person/FOO-DN42

           ```

           person:             John Doe

          @@ -116,7 +122,7 @@ mnt-by:             FOO-MNT

           source:             DN42

           ```

          -### Guidelines for future objects

          +### Guidelines for resource objects

           From now on, you should use:

          @@ -128,7 +134,7 @@ This applies to AS numbers, network prefixes, routes, DNS records...

           ### Register an AS number

          -To register an AS number, simply create an `aut-num` object in `data/aut-num/`.  

          +To register an AS number, create an `aut-num` object in `data/aut-num/`.  

           `as-name` should be a name for your AS.

           Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-block objects](https://git.dn42.dev/dn42/registry/src/master/data/as-block) in the registry. 

          @@ -137,7 +143,9 @@ Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-bloc

           For a list of currently assigned AS numbers browse the registry data/aut-num/ directory or [online](https://explorer.burble.com/#/aut-num/). 

          -If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/).

          +If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). 

          +

          +Internet ASNs may be used, but you must take care to clearly separate Internet and DN42 routes and prevent routes leaking between the networks. For Internet ASNs, the `source` attribute must be the originating registry and you will be required to prove you are the owner of the ASN. 

           If unsure, ask on the mailing list or IRC.

				howto/vyos.md
			
          @@ -149,4 +149,68 @@ This example allows all routes in unless they are marked invalid or in other wor

           ```

           set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map import DN42-ROA  

           set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA   

          -```

          \ No newline at end of file

          +```

          + 

          +## Example Route Map

          +### No RPKI/ROA and Internal Network Falls Into DN42 Range

          +```

          +##Build prefix list to match personal internal network

          +set policy prefix-list BlockIPConflicts description 'Prevent Conflicting Routes'

          +set policy prefix-list BlockIPConflicts rule 10 action 'permit'

          +set policy prefix-list BlockIPConflicts rule 10 description 'Internal IP Space'

          +set policy prefix-list BlockIPConflicts rule 10 le '32'

          +set policy prefix-list BlockIPConflicts rule 10 prefix '10.10.0.0/16'

          +

          +

          +##Build prefix list to match personal internal network

          +set policy prefix-list6 BlockIPConflicts-v6 description 'Prevent Conflicting Routes'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 action 'permit'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 description 'Internal IP Space'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 le '128'

          +set policy prefix-list6 BlockIPConflicts-v6 rule 10 prefix 'fd42:4242:1111::/48'

          +

          +

          +

          +##Build prefix list to match DN42's IPv4 network

          +set policy prefix-list DN42-Network rule 10 action 'permit'

          +set policy prefix-list DN42-Network rule 10 le '32'

          +set policy prefix-list DN42-Network rule 10 prefix '172.20.0.0/14'

          +set policy prefix-list DN42-Network rule 20 action 'permit'

          +set policy prefix-list DN42-Network rule 20 le '32'

          +set policy prefix-list DN42-Network rule 20 prefix '10.0.0.0/8'

          +

          +

          +##Build prefix list to match DN42's IPv6 network

          +set policy prefix-list6 DN42-Network-v6 rule 10 action 'permit'

          +set policy prefix-list6 DN42-Network-v6 rule 10 le '128'

          +set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'

          +

          +

          +

          +

          +##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.

          +set policy route-map Default-Peering rule 10 action 'deny'

          +set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'

          +set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'

          +set policy route-map Default-Peering rule 11 action 'deny'

          +set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'

          +set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'

          +set policy route-map Default-Peering rule 20 action 'permit'

          +set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'

          +set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'

          +set policy route-map Default-Peering rule 21 action 'permit'

          +set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'

          +set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'

          +set policy route-map Default-Peering rule 99 action 'deny'

          +

          +

          +##Apply the route-map on import/export

          +

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'

          +set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'

          +```

          +

          +

          +This page is a work-in-progress by Owens Research.  If you have any suggestions or questions please reach out.

          \ No newline at end of file

				internal/Internal-Services.md
			
          @@ -149,6 +149,7 @@ Repository Mirrors are listed on another page: [Repository Mirrors](/services/Re

           | mc.jerry.dn42                            | Minecraft         | spigot 1.16.1             |

           | ttd.jerry.dn42 / ttd.jerry.neo           | OpenTTD           | latest version            |

           | stk.jerry.dn42:2759 / stk.jerry.neo:2759 | SuperTuxKart      | latest version, ipv4 only |

          +| ns1.deltaman.dn42 (172.22.134.131, fd1b:7f7d:dd55:4600:219:ff:fe00:fafe) | OpenTTD      | 1.10.3, Hosted in NL   |

           ## Shell

          @@ -173,7 +174,6 @@ Providers of shell access:

           | https://git.dn42[.us]/pubkeys/[username]          | Get ssh public keys from Git Users of git.dn42. |

           | http://wiki.dn42, http://internal.dn42, [dn42.i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) (i2p), jsptropkiix3ki5u.onion  | This wiki! Web Hosted by [xuu](https://xuu.dn42). Git Repo hosted on git.dn42  |                

           | http://jack.pyropeter.eu/dn42/routecount/         | Statistics about the number of v4/v6 routes seen by AS76115 (Since Aug. 2014)  |

          -| https://git.zotan.dn42                            | Git Repository Hosting, open signup (Powered by gitea)|               

           ### Usenet Servers / News

           There are some News Servers available [here](/services/News)

				services/Looking-Glasses.md
			
          @@ -38,6 +38,7 @@ Please sort by AS number.

           | 4242422341 | ext: https://lg.dn42.zotan.network <br> dn42: https://lg.zotan.dn42 | UP |

           | 4242422428 | ext: https://lg.0l.de <br> IPv4 and IPv6 | UP |

           | 4242423078 | ext: https://lg.hexanet.dev <br> dn42: http://lg.hex.dn42 <br> Interactive (traceroute, BGP-map) <br> IPv6 only | UP |

          +| 4242421224 | dn42: http://lg.bit.dn42 | UP |

           ## Down

...	...	@@ -22,7 +22,7 @@ You must create several objects in the DN42 registry: <https://git.dn42.dev/dn42
22	22
23	23	The registry is a git repository, objects are created by creating a branch in the main repository, making your changes and then submitting a pull request for review. There are detailed instructions in the registry [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) how to do this. See also the the generic git documentation [git documentation](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) and guides on [github](https://help.github.com/en/github/using-git) for how to use git to work with remote repositories.
24	24
25		-When submitting your pull request, please squash your commits, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this.
	25	+When submitting your pull request, you must squash multiple changes to a single commit, again there are instructions in the [README](https://git.dn42.dev/dn42/registry/src/branch/master/README.md) for how to do this.
26	26
27	27	Remember to add authentication to your `mntner` object, and [sign your commit](/howto/Registry-Authentication)
28	28
...	...	@@ -31,12 +31,13 @@ The registry includes a number of scripts to help check your request:
31	31	- `fmt-my-stuff <FOO>-MNT`: automatically fixes minor formatting errors
32	32	- `check-my-stuff <FOO>-MNT`: validates your objects against the registry schema
33	33	- `check-pol origin/master <FOO>-MNT`: checks for policy violations
	34	+ - `squash-my-commits`: automatically update and squash your local commits
34	35
35		-The registry maintainers run all three scripts against each request, so please run these yourself first to check for simple errors.
	36	+The registry maintainers run the checking scripts against each request, so please run these yourself first to check for simple errors.
36	37
37	38	Do browse through the registry and look at the [pull request queue](https://git.dn42.dev/dn42/registry/pulls) to see examples, understand how the process works and see the types of questions asked by the registry maintainers.
38	39
39		-Whilst it is possible to use the web interface to edit files, you are encouraged to clone your repo locally and use the command line git tools. It's easy to do and learning how to use git is a skill worth knowing. Using the web interface creates a large number of commits and prevents you from checking your changes with the registry scripts
	40	+You should not use the gitea web interface to edit files, doing so would create a large number of commits and prevents running of the registry scripts
40	41
41	42	---
42	43
...	...	@@ -83,6 +84,11 @@ Create a `person` object in `data/person/` for yourself (not your organisat
83	84	- you may wish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on.
84	85	- don't forget to set `mnt-by` to `<FOO>-MNT`.
85	86
	87	+Data Privacy
	88	+
	89	+Contact attributes are optional but DN42 is a dynamic network and being able to contact users is really important if there are changes or problems. However, please also be aware that the DN42 registry is a public resource and you must assume that any details provided will be made public and cannot be fully removed. If this is a concern for you, please do not provide bogus contact details; simply provide anonymous details that are specific for use within DN42 or leave them out entirely.
	90	+
	91	+
86	92	Example: data/person/FOO-DN42
87	93	```
88	94	person: John Doe
...	...	@@ -116,7 +122,7 @@ mnt-by: FOO-MNT
116	122	source: DN42
117	123	```
118	124
119		-### Guidelines for future objects
	125	+### Guidelines for resource objects
120	126
121	127	From now on, you should use:
122	128
...	...	@@ -128,7 +134,7 @@ This applies to AS numbers, network prefixes, routes, DNS records...
128	134
129	135	### Register an AS number
130	136
131		-To register an AS number, simply create an `aut-num` object in `data/aut-num/`.
	137	+To register an AS number, create an `aut-num` object in `data/aut-num/`.
132	138	`as-name` should be a name for your AS.
133	139
134	140	Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-block objects](https://git.dn42.dev/dn42/registry/src/master/data/as-block) in the registry.
...	...	@@ -137,7 +143,9 @@ Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-bloc
137	143
138	144	For a list of currently assigned AS numbers browse the registry data/aut-num/ directory or [online](https://explorer.burble.com/#/aut-num/).
139	145
140		-If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/).
	146	+If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc).
	147	+
	148	+Internet ASNs may be used, but you must take care to clearly separate Internet and DN42 routes and prevent routes leaking between the networks. For Internet ASNs, the `source` attribute must be the originating registry and you will be required to prove you are the owner of the ASN.
141	149
142	150	If unsure, ask on the mailing list or IRC.
143	151

...	...	@@ -149,4 +149,68 @@ This example allows all routes in unless they are marked invalid or in other wor
149	149	```
150	150	set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map import DN42-ROA
151	151	set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA
152		-```
...	...	\ No newline at end of file
	0	+```
	1	+
	2	+## Example Route Map
	3	+### No RPKI/ROA and Internal Network Falls Into DN42 Range
	4	+```
	5	+##Build prefix list to match personal internal network
	6	+set policy prefix-list BlockIPConflicts description 'Prevent Conflicting Routes'
	7	+set policy prefix-list BlockIPConflicts rule 10 action 'permit'
	8	+set policy prefix-list BlockIPConflicts rule 10 description 'Internal IP Space'
	9	+set policy prefix-list BlockIPConflicts rule 10 le '32'
	10	+set policy prefix-list BlockIPConflicts rule 10 prefix '10.10.0.0/16'
	11	+
	12	+
	13	+##Build prefix list to match personal internal network
	14	+set policy prefix-list6 BlockIPConflicts-v6 description 'Prevent Conflicting Routes'
	15	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 action 'permit'
	16	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 description 'Internal IP Space'
	17	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 le '128'
	18	+set policy prefix-list6 BlockIPConflicts-v6 rule 10 prefix 'fd42:4242:1111::/48'
	19	+
	20	+
	21	+
	22	+##Build prefix list to match DN42's IPv4 network
	23	+set policy prefix-list DN42-Network rule 10 action 'permit'
	24	+set policy prefix-list DN42-Network rule 10 le '32'
	25	+set policy prefix-list DN42-Network rule 10 prefix '172.20.0.0/14'
	26	+set policy prefix-list DN42-Network rule 20 action 'permit'
	27	+set policy prefix-list DN42-Network rule 20 le '32'
	28	+set policy prefix-list DN42-Network rule 20 prefix '10.0.0.0/8'
	29	+
	30	+
	31	+##Build prefix list to match DN42's IPv6 network
	32	+set policy prefix-list6 DN42-Network-v6 rule 10 action 'permit'
	33	+set policy prefix-list6 DN42-Network-v6 rule 10 le '128'
	34	+set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'
	35	+
	36	+
	37	+
	38	+
	39	+##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.
	40	+set policy route-map Default-Peering rule 10 action 'deny'
	41	+set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'
	42	+set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'
	43	+set policy route-map Default-Peering rule 11 action 'deny'
	44	+set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'
	45	+set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'
	46	+set policy route-map Default-Peering rule 20 action 'permit'
	47	+set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'
	48	+set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'
	49	+set policy route-map Default-Peering rule 21 action 'permit'
	50	+set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'
	51	+set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'
	52	+set policy route-map Default-Peering rule 99 action 'deny'
	53	+
	54	+
	55	+##Apply the route-map on import/export
	56	+
	57	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'
	58	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'
	59	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'
	60	+set protocols bgp 4242421099 neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'
	61	+```
	62	+
	63	+
	64	+This page is a work-in-progress by Owens Research. If you have any suggestions or questions please reach out.
...	...	\ No newline at end of file

...	...	@@ -149,6 +149,7 @@ Repository Mirrors are listed on another page: [Repository Mirrors](/services/Re
149	149	\| mc.jerry.dn42 \| Minecraft \| spigot 1.16.1 \|
150	150	\| ttd.jerry.dn42 / ttd.jerry.neo \| OpenTTD \| latest version \|
151	151	\| stk.jerry.dn42:2759 / stk.jerry.neo:2759 \| SuperTuxKart \| latest version, ipv4 only \|
	152	+\| ns1.deltaman.dn42 (172.22.134.131, fd1b:7f7d:dd55:4600:219:ff:fe00:fafe) \| OpenTTD \| 1.10.3, Hosted in NL \|
152	153
153	154	## Shell
154	155
...	...	@@ -173,7 +174,6 @@ Providers of shell access:
173	174	\| https://git.dn42[.us]/pubkeys/[username] \| Get ssh public keys from Git Users of git.dn42. \|
174	175	\| http://wiki.dn42, http://internal.dn42, [dn42.i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) (i2p), jsptropkiix3ki5u.onion \| This wiki! Web Hosted by [xuu](https://xuu.dn42). Git Repo hosted on git.dn42 \|
175	176	\| http://jack.pyropeter.eu/dn42/routecount/ \| Statistics about the number of v4/v6 routes seen by AS76115 (Since Aug. 2014) \|
176		-\| https://git.zotan.dn42 \| Git Repository Hosting, open signup (Powered by gitea)\|
177	177
178	178	### Usenet Servers / News
179	179	There are some News Servers available [here](/services/News)

...	...	@@ -38,6 +38,7 @@ Please sort by AS number.
38	38	\| 4242422341 \| ext: https://lg.dn42.zotan.network <br> dn42: https://lg.zotan.dn42 \| UP \|
39	39	\| 4242422428 \| ext: https://lg.0l.de <br> IPv4 and IPv6 \| UP \|
40	40	\| 4242423078 \| ext: https://lg.hexanet.dev <br> dn42: http://lg.hex.dn42 <br> Interactive (traceroute, BGP-map) <br> IPv6 only \| UP \|
	41	+\| 4242421224 \| dn42: http://lg.bit.dn42 \| UP \|
41	42
42	43
43	44	## Down