Interconnection between jumpNet and dn42
Some days later, I learned about ASIX and I have to say, ASIX is a really cool thing: Its's an automated peering plattform for dn42. If you deposited a ssh key to your MNT object in the dn42 registry, you'll be able to log into the ASIX peering system and create openvpn tunnels and BGP sessions. The system is really easy to use, it spits out a ready to use openvpn configuration along with BGP configuration info.
I was up and peering with ASIX in less than 15 minutes.
I know the dn42 project for quite some time and I always wanted to try it but never had the right motivation at the right time. But earlier this month, I decided to eventually give it a try.
What is dn42? In short: dn42 is a large VPN network, where you can play around with VPN and BGP. Visit the dn42 website, if you like to know more.
The process is straight forward, search for free resources (AS number, IPv4/v6 addresses), create resource objects in the dn42 registry and then create a pull request. Your pull request will be reviewed and if everything is fine, it will be accepted eventually.
Now, you're resources are registered and you can start to use them. How? :-) It was an interesting feeling: You've got AS and IP resources but without a connection to the rest of the network, they're completly useless.
You need to find some peering partners. I just followed the recommendation on the dn42 webseite and joined #dn42 on hackint.org. Two days later, I had two working peerings.
Finally: The interconnection
Before joining dn42 I thought about renumbering the whole jumpNet to fit into the address space of dn42, so the jumpNet would become a subset of the dn42. Eventually I concluded I cannot do this, because only small parts of the jumpNet physically belong to me and I would have had to ask all jumpNet participants' permission to a) renumber their network and b) interconnect their equipment with dn42.
The trade-off resulted in ugly NATing. 10.10.2.12 and 172.16.1.4 provide access to dn42. These routers are OSPF/BGP edge-routers and NAT gateways. Also, I configured the jumpNet DNS servers to resolve the dn42 TLD using the dn42 DNS service 172.23.0.53.
Both edge routers use OpenVPN to connect to their corresponding peers. 172.16.1.4/172.20.172.161 is a MikroTik RB750GL and 10.10.2.12/172.20.172.169 is a Linux VM, running "bird - Internet Routing Daemon".
Plans for the future / peering
As I'm planning to run a server in the internet for the jumpNet, I easily could use this server for dn42 peering aswell, this would allow a much better bandwidth and additonal redundancy.
If you like to peer with me, despite the fact that I'm on the edge of the network, write an e-mail at email@example.com or visit #dn42 on hackint.org. You'll find my as "Kryp" there. Some dn42 facts about me can be found here.