Xice-Dn42 - CodiMD

Xice-Dn42 === [TOC] # About as: `4242421322` Telegram: [@XiaoXice](https://t.me/XiaoXice) E-Mail: [dn42@xice.wang](mailto:dn42@xice.wang) # Peer! ```graphviz digraph hierarchy { // rankdir=LR fontsize=7 edge[dir="none"] node[fontsize=7] subgraph cluster_as_3299 { // https://t.me/TonySmith_2222 label=AS4242423299 peer_3299_1[lebel="172.21.106.225"] peer_3299_2[label="172.21.106.226"] peer_3299_1->peer_3299_2[style=dotted] } subgraph cluster_as_0549 { label=AS4242420549 peer_0539_2[label="172.20.56.2"] } subgraph cluster_as_1366 { // https://t.me/DictXiong label=AS4242421366 peer_1366_1[label="172.21.123.65"] } subgraph cluster_as_1435 { label=AS4242421435 peer_1435_1[label="172.20.218.1"] } subgraph cluster_as_1742 { label=AS4242421742 peer_1742_2[label="172.22.96.2"] } subgraph cluster_as_3914 { label=AS4242423914 peer_3914_11[label="172.20.53.105"] } subgraph cluster_as_0864 { label=AS4242420864 peer_0864_1[label="172.21.109.17"] } subgraph cluster_as_1877 { // https://lilynet.work/locations/Yuri label=AS4242421877 peer_1877_3[label="172.23.180.3"] } subgraph cluster_as_3397 { // email: wdnmd1635@gmail.com label=AS4242423397 peer_3397_1[label="172.22.162.131"] } subgraph cluster_as_2615 { // https://t.me/goathes label=AS4242422615 peer_2615_1[label="172.23.15.8"] } subgraph cluster_as_2458 { // https://t.me/ricky8955555 label=AS4242422458 peer_2458_10[label="172.22.145.16"] peer_2458_12[label="172.22.145.18"] peer_2458_13[label="172.22.145.19"] {peer_2458_10,peer_2458_12}->peer_2458_13[style=dotted] peer_2458_10->peer_2458_12[style=dotted] } subgraph cluster_as_1816 { // https://t.me/Potat0_PM_Bot label=AS4242421816 peer_1816_1[label="172.23.246.2"] } subgraph cluster_self_as { fontsize=10 node[fontsize=10] label=AS4242421322 CNBJ[label="北京\nCN-BJ\n172.23.13.19"] CNHK[label="香港\nCN-HK\n172.23.13.17"] SG[label="新加坡\nSG\n172.23.13.21"] JPTK[label="东京\nJP-TK\n172.23.13.20"] {CNBJ, JPTK, SG}->CNHK {SG}->JPTK {CNBJ} -> JPTK[style=dotted] {rank=same; CNBJ, CNHK} {rank=max; SG} } {peer_3299_2, peer_2458_10, peer_1366_1}->CNBJ {peer_0539_2, peer_1435_1, peer_1742_2, peer_3914_11, peer_2458_12, peer_3397_1, peer_2615_1}->CNHK {peer_0864_1, peer_1877_3, peer_3299_1,peer_2458_13, peer_1816_1}->JPTK } ``` ## CN-HK DN42 ip address: - `172.23.13.17/32` - `fdff:889b:93cf::1/128` wireguard: - public ip & port: `0-v4.tx2-hk-cn.net.xice.wang: 2<your last 4-digit ASN>` - public key: `O8SYHUsJ2Kfuo6PiP2aM0B1WhH1t8HcH7JwIbOsOzFQ=` - link-local IPv6 address: `fe80::fa21/64` bird: - use Multiprotocol BGP over link-local IPV6 ISP: Tencent Bandwidth: 30Mbps ## CN-BJ DN42 ip address: - `172.23.13.19/32` - `fdff:889b:93cf::3/128` wireguard: - public ip & port: `0-v4.tx-bj-cn.net.xice.wang:2<your last 4-digit ASN>` - public key: `PabdbPEYx0q7cJt4yVAVm7Q+iLS5qBfRwbq6z3yowRg=` - link-local IPv6 address: `fe80::3:fa21/64` bird: - use Multiprotocol BGP over link-local IPV6 ISP: Tencent Bandwidth: 8Mbps > **Note**: If you want to peer with this node, please ask me for permission. > [color=red] ## JP-TK DN42 ip address: - `172.23.13.20/32` - `fdff:889b:93cf::4/128` wireguard: - public ip & port: `0-v4.o-tk-jp.net.xice.wang: 2<your last 4-digit ASN>` - public key: `t1GZ9cV2C7Lf89JvTPSzvHtquQPA6PHshkjmpN7u2k8=` - link-local IPv6 address: `fe80::4:fa21/64` bird: - use Multiprotocol BGP over link-local IPV6 ISP: Oracle ## SG DN42 ip address: - `172.23.13.21/32` - `fdff:889b:93cf::5/128` wireguard: - public ip & port: `0-v4.o-sg.net.xice.wang: 2<your last 4-digit ASN>` - public key: `8WuA4ZlmGSMox75DGghLGcMPLiiLcXb2nj0j0q2Fu2g=` - link-local IPv6 address: `fe80::5:fa21/64` bird: - use Multiprotocol BGP over link-local IPV6 ISP: Oracle ## No fixed IP device ### XiceCyberStation DN42 ip address: - `172.23.13.30/32` - `fdff:889b:93cf:1:1/128` wireguard: - public key: `kiA33/eYVxVkZK9Da8YuC5ebqSzUaWYpohSsPpQ86lk=` - link-local IPv6 address: `fe80::1:1:fa21/64` # Bird Config :::spoiler Click to show details ``` ################################################ # Variable header # ################################################ define OWNAS = 4242421322; define OWNIP = 172.23.13.17; define OWNIPv6 = fdff:889b:93cf::1; define OWNNET = 172.23.13.16/28; define OWNNETv6 = fdff:889b:93cf::/48; define OWNNETSET = [172.23.13.16/28+]; define OWNNETSETv6 = [fdff:889b:93cf::/48+]; ################################################ # Header end # ################################################ router id OWNIP; protocol device { scan time 10; } /* * Utility functions */ function is_self_net() { return net ~ OWNNETSET; } function is_self_net_v6() { return net ~ OWNNETSETv6; } function is_valid_network() { return net ~ [ 172.20.0.0/14{21,29}, # dn42 172.20.0.0/24{28,32}, # dn42 Anycast 172.21.0.0/24{28,32}, # dn42 Anycast 172.22.0.0/24{28,32}, # dn42 Anycast 172.23.0.0/24{28,32}, # dn42 Anycast 172.31.0.0/16+, # ChaosVPN 10.100.0.0/14+, # ChaosVPN 10.127.0.0/16{16,32}, # neonetwork 10.0.0.0/8{15,24} # Freifunk.net ]; } roa4 table dn42_roa; roa6 table dn42_roa_v6; protocol static { roa4 { table dn42_roa; }; include "/etc/bird/dn42_roa.conf"; }; protocol static { roa6 { table dn42_roa_v6; }; include "/etc/bird/dn42_roa_v6.conf"; }; function is_valid_network_v6() { return net ~ [ fd00::/8{44,64} # ULA address space as per RFC 4193 ]; } protocol kernel { scan time 20; learn; ipv6 { import filter { if net ~ OWNNETSETv6 then accept; reject; }; export filter { if source = RTS_STATIC then reject; if net ~ OWNNETSETv6 then reject; krt_prefsrc = OWNIPv6; accept; }; }; }; protocol kernel { scan time 20; learn; ipv4 { import filter { if net ~ OWNNETSET then accept; reject; }; export filter { if source = RTS_STATIC then reject; if net ~ OWNNETSET then reject; krt_prefsrc = OWNIP; accept; }; }; } protocol static { route OWNNET reject; ipv4 { import all; export none; }; } protocol static { route OWNNETv6 reject; ipv6 { import all; export none; }; } template bgp dnpeers { local as OWNAS; path metric 1; enable extended messages; ipv4 { extended next hop; import filter { if is_valid_network() && !is_self_net() then { if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then { print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last; reject; } else accept; } else reject; }; export filter { if is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 1000 action block; }; ipv6 { import filter { if is_valid_network_v6() && !is_self_net_v6() then { if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID) then { print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last; reject; } else accept; } else reject; }; export filter { if is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; }; import limit 1000 action block; }; } protocol direct { ipv4; ipv6; interface "intra.*"; }; template bgp dnnodes { local as OWNAS; path metric on; med metric on; multihop; enable extended messages on; ipv4 { gateway recursive; import all; next hop self ebgp; export filter { if net ~ OWNNETSET then reject; accept; }; }; ipv6 { gateway recursive; import all; next hop self ebgp; export filter { if net ~ OWNNETSETv6 then reject; accept; }; }; }; include "/etc/bird/peers/*"; include "/etc/bird/intra/*"; ``` ::: # Up Time see: [Xice's Network](https://up.cloud.xice.wang/status/base) # AutoPeer (Nope) Progress 0% # Looking Glasses (Nope) Progress 0%