HOME

TheInfoList



OR:

dn42 is a decentralized
peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...
network built using VPNs and software/hardware
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
routers. While other darknets try to establish
anonymity Anonymity describes situations where the acting person's identity is unknown. Anonymity may be created unintentionally through the loss of identifying information due to the passage of time or a destructive event, or intentionally if a person cho ...
for their participants, that is not what dn42 aims for. It is a network to explore routing technologies used in the
Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...
and tries to establish direct non- NAT-ed connections between the members. The network is not fully meshed. dn42 uses mostly tunnels instead of physical links between the individual networks. Each participant is connected to one or more other participants. Over the VPN or the physical links,
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
is used for inter AS
routing Routing is the process of selecting a path for traffic in a Network theory, network or between or across multiple networks. Broadly, routing is performed in many types of networks, including circuit-switched networks, such as the public switched ...
. While OSPF is the most commonly used protocol for intra AS routing, each participant is free to choose any other IGP, like Babel, inside their AS.


History

The dn42 is a reboot of the diac24. At the time, diac24 only consisted of around a dozen participants. In diac24, the IPv4 address range used was 172.22.0.0/23 and the IPv6 address range used was 3ffe:400:c00::/48. The dn42 seems to have used the IPv4 space 172.22.0.0/16, the Clearnet IPv6 spaces like 2001:6f8: and the AS range 65000 to 65999 in the early years after that. It can also be said that the diac24 and the dn42 were initially aimed at a German audience, as much of the documentation was written in German. The diac24 mainly used GRE as a tunnel protocol between the participants, but this is not encrypted. In the beginning of the dn42,
OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...
was often used for peering in the dn42. Over time, this has been replaced by WireGuard, partly due to faster performance and simpler configuration. At that time, the registry was not managed with Git as it is now, but in a wiki page. Anyone who wanted to register entered their desired ASN and IP space there.


Technical setup


Address space

Network
address space In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity. For software programs to save and retrieve ...
for IPv4 consists of private
subnets A subnet, or subnetwork, is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identic ...
: 172.20.0.0/14 is the main subnet. Note that other private address ranges may also be announced in dn42, as the network is interconnected with other similar projects. Most notably, ChaosVPN uses 172.31.0.0/16 and parts of 10.0.0.0/8, Freifunk IC-VPN uses 10.0.0.0/8 and NeoNetwork uses 10.127.0.0/16. For IPv6, Unique Local Address (ULA, the IPv6 equivalent of private address range) (fd00::/8) are used. Please note that IPv6 addresses within this range are also utilized by other networks, such as NeoNetwork employing fd10:127::/32 and CRXN utilizing segments of fd00::/8.


AS numbers

In order to use
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous system (Internet), autonomous systems (AS) on the Internet. BGP is classified as a path-vect ...
, even in a private environment, autonomous system numbers are needed. dn42 uses several private or reserved AS number ranges, including 64512 to 64855 and 76100 to 76199. Since June 2014, dn42 is now using a new private range, 4242420000 to 4242429999, part of larger private range defined by RFC 6996.


BGP routers

While some participants use hardware routers, most participants use general purpose servers or
virtual machine In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
s to lower their cost. The most commonly used BGP implementations used in dn42 are
BIRD Birds are a group of warm-blooded vertebrates constituting the class (biology), class Aves (), characterised by feathers, toothless beaked jaws, the Oviparity, laying of Eggshell, hard-shelled eggs, a high Metabolism, metabolic rate, a fou ...
and FRR, but some participants use OpenBGPD, XORP
GoBGP
or the implementation of JunOS,
Cisco IOS The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems Cisco Systems, Inc. (using the trademark Cisco) is an American ...
, MikroTik's RouterOS or VyOS (which uses FRR as a routing daemon in the background).


Tunneling

In dn42, various links are used between the participants - but mainly virtual links, also known as tunnels. WireGuard is most commonly used for this, as it is easy to configure and is considered secure (with Perfect Forward Secrecy). Furthermore, many automatic peering systems offer WireGuard as the only option
fastd
is used for peering with the IC-VPN. In rare cases,
OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server appl ...
or IPsec are also used.


DN42 TLD

Websites and services hosted on the Dn42 network often use the
top-level domain A top-level domain (TLD) is one of the domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the DNS root zone, root zone of the nam ...
''dn42''. This is not an official IANA top-level domain, and it is handled through the dn42 registry.


Registry

To ensure uniform administration of IP addresses and domains, there is also
registry
in dn42, as in Clearnet. This is based on
Git Git () is a distributed version control system that tracks versions of files. It is often used to control source code by programmers who are developing software collaboratively. Design goals of Git include speed, data integrity, and suppor ...
in dn42 and therefore also offers the option of storing these in a decentralized manner. Furthermore, all changes can be clearly traced back to an author. To make a change in the dn42 (e.g. a registration), a pull request is created with the corresponding change. One of the registry maintainers then looks at this, validates it (including syntactically) and also verifies it (checking the authorization and signature). A participant must be authorized to make a change. This is verified by a signature using a GPG or SSH key.


Interconnections

The dn42 maintains a number of links to similar projects:


Certificate Authority

The dn42 has its own (unofficial)
Certificate Authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA). This can be used to issue TLS certificates, for example for
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
. Ownership can be verified with ACME, as with
Let's Encrypt Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
. In addition, the NeoNetwork also operates its own CA for the .neo TLD and the associated network area. The ChaosVPN, IC-VPN and the CRXN do not have a CA. In order to prevent the CA from issuing certificates for Clearnet addresses, name constraints are used which limit the name validity range of the CA. This means that the CA cannot be used for Clearnet addresses.


Services

The following is a selection of services in the dn42:


Notes


References

{{reflist


External links


dn42 website mirror

Another dn42 website mirror
Internet exchange points Virtual private networks Peer-to-peer computing Computer networking