dn42 is a decentralized
peer-to-peer
Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...
network built using
VPNs and software/hardware
BGP
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
routers.
While other
darknets try to establish
anonymity
Anonymity describes situations where the acting person's identity is unknown. Anonymity may be created unintentionally through the loss of identifying information due to the passage of time or a destructive event, or intentionally if a person cho ...
for their participants, that is not what dn42 aims for. It is a network to explore routing technologies used in the
Internet
The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
and tries to establish direct non-
NAT-ed connections between the members.
The network is not
fully meshed. dn42 uses mostly
tunnels instead of physical links between the individual networks. Each participant is connected to one or more other participants. Over the VPN or the physical links,
BGP
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
is used for inter
AS routing
Routing is the process of selecting a path for traffic in a Network theory, network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched ...
. While
OSPF is the most commonly used protocol for intra AS routing, each participant is free to choose any other
IGP, like
Babel, inside their AS.
History
The dn42 is a reboot of the diac24. At the time, diac24 only consisted of around a dozen participants. In diac24, the IPv4 address range used was
172.22.0.0/23
and the IPv6 address range used was
3ffe:400:c00::/48
. The dn42 seems to have used the IPv4 space
172.22.0.0/16
, the Clearnet IPv6 spaces like
2001:6f8:
and the AS range 65000 to 65999 in the early years after that. It can also be said that the diac24 and the dn42 were initially aimed at a German audience, as much of the documentation was written in German. The diac24 mainly used
GRE as a tunnel protocol between the participants, but this is not encrypted. In the beginning of the dn42,
OpenVPN
OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...
was often used for peering in the dn42. Over time, this has been replaced by
WireGuard, partly due to faster performance and simpler configuration. At that time, the registry was not managed with Git as it is now, but in a wiki page. Anyone who wanted to register entered their desired ASN and IP space there.
Technical setup
Address space
Network
address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.
For software programs to save and retrieve ...
for IPv4 consists of
private subnets
A subnet, or subnetwork, is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting.
Computers that belong to the same subnet are addressed with an identic ...
:
172.20.0.0/14
is the main subnet.
Note that other private address ranges may also be announced in dn42, as the network is interconnected with other similar projects. Most notably,
ChaosVPN uses
172.31.0.0/16
and parts of
10.0.0.0/8
,
Freifunk IC-VPN uses
10.0.0.0/8
and NeoNetwork uses
10.127.0.0/16
.
For IPv6,
Unique Local Address (ULA, the IPv6 equivalent of private address range) (
fd00::/8
)
are used. Please note that IPv6 addresses within this range are also utilized by other networks, such as NeoNetwork employing
fd10:127::/32
and CRXN utilizing segments of
fd00::/8
.
AS numbers
In order to use
BGP
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
, even in a private environment,
autonomous system numbers are needed. dn42 uses several private or reserved AS number ranges, including 64512 to 64855 and 76100 to 76199. Since June 2014, dn42 is now using a new private range, 4242420000 to 4242429999, part of larger private range defined by RFC 6996.
BGP routers
While some participants use hardware routers, most participants use general purpose
servers or
virtual machine
In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
s to lower their cost. The most commonly used BGP implementations used in dn42 are
BIRD
Birds are a group of warm-blooded vertebrates constituting the class (biology), class Aves (), characterised by feathers, toothless beaked jaws, the Oviparity, laying of Eggshell, hard-shelled eggs, a high Metabolism, metabolic rate, a fou ...
and
FRR, but some participants use
OpenBGPD,
XORPGoBGPor the implementation of
JunOS,
Cisco IOS
The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems
Cisco Systems, Inc. (using the trademark Cisco) is an American ...
,
MikroTik's RouterOS or
VyOS (which uses FRR as a routing daemon in the background).
Tunneling
In dn42, various links are used between the participants - but mainly virtual links, also known as
tunnels. WireGuard is most commonly used for this, as it is easy to configure and is considered secure (with
Perfect Forward Secrecy). Furthermore, many automatic peering systems offer WireGuard as the only option
fastdis used for peering with the IC-VPN. In rare cases,
OpenVPN
OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...
or
IPsec are also used.
DN42 TLD
Websites and services hosted on the Dn42 network often use the
top-level domain
A top-level domain (TLD) is one of the domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the DNS root zone, root zone of the nam ...
''dn42''. This is not an official IANA top-level domain, and it is handled through the dn42 registry.
Registry
To ensure uniform administration of IP addresses and domains, there is also
registryin dn42, as in Clearnet. This is based on
Git
Git () is a distributed version control system that tracks versions of files. It is often used to control source code by programmers who are developing software collaboratively.
Design goals of Git include speed, data integrity, and suppor ...
in dn42 and therefore also offers the option of storing these in a decentralized manner. Furthermore, all changes can be clearly traced back to an author. To make a change in the dn42 (e.g. a registration), a pull request is created with the corresponding change. One of the registry maintainers then looks at this, validates it (including syntactically) and also verifies it (checking the authorization and signature). A participant must be authorized to make a change. This is verified by a signature using a GPG or SSH key.
Interconnections
The dn42 maintains a number of links to similar projects:
Certificate Authority
The dn42 has its own (unofficial)
Certificate Authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA). This can be used to issue
TLS certificates, for example for
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
. Ownership can be verified with
ACME, as with
Let's Encrypt
Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
.
In addition, the NeoNetwork also operates its own CA for the
.neo
TLD and the associated network area. The ChaosVPN, IC-VPN and the CRXN do not have a CA. In order to prevent the CA from issuing certificates for Clearnet addresses, name constraints
are used which limit the name validity range of the CA. This means that the CA cannot be used for Clearnet addresses.
Services
The following is a selection of services in the dn42:
Notes
References
{{reflist
External links
dn42 website mirrorAnother dn42 website mirror
Internet exchange points
Virtual private networks
Peer-to-peer computing
Computer networking