ansible-dn42

This repository contains the configs for AS4242421080 / HIGHDEF-AS on dn42. For more details, see https://highdef.network/

Network topology

This iteration of the network uses the Babel IGP and a full mesh of iBGP sessions over WireGuard. Internal costs between nodes are periodically generated based off latency and packet loss.

Routing Policy

Config structure

Here I use Ansible to configure the following components on Debian 11 hosts:

• Wireguard (roles/config-wireguard/) via ifupdown
• OpenVPN 2.x
• BIRD 2 (roles/config-bird2/)
• bird-lg-go looking glass
• nginx + Let's Encrypt (certbot): frontend reverse proxy to bird-lg, Netdata, and a custom splash site
• dn42 Peerfinder (cron job)
• Anycast DNS via PowerDNS:
  • Authoritative server for highdef.dn42 and PTR zones
  • Public recursive resolver (dn42, clearnet, and interconnected networks) @ dns.highdef.dn42 / 172.23.0.53 / fd42:d42:d42:53::1
  • For this I also use a custom DNS zone generator that reads from YAML and the Ansible inventory
• iptables firewall rules for dn42
• Netdata + bird_exporter for monitoring

Some components (Bird backports, etc.) pull from my personal APT repository @ https://deb.utopia-repository.org/

Network history