Prolixium Communications Network: Difference between revisions
| Line 14: | Line 14: | ||
Each site has multiple (network is almost fully-meshed) OpenVPN tunnels to other locations, each with a 6to4 tunnel inside, providing both IPv4 and IPv6 communications with data protection and security. [[Quagga]]'s ospfd, ospf6d, and bgpd are used in the production network (the term ''production'' is relative) on commodity [[PC]] hardware, while the Charlotte site also utilizes [[Juniper]] [[NetScreen]] and [[SSG]] [[firewall|firewalls]]. | Each site has multiple (network is almost fully-meshed) OpenVPN tunnels to other locations, each with a 6to4 tunnel inside, providing both IPv4 and IPv6 communications with data protection and security. [[Quagga]]'s ospfd, ospf6d, and bgpd are used in the production network (the term ''production'' is relative) on commodity [[PC]] hardware, while the Charlotte site also utilizes [[Juniper]] [[NetScreen]] and [[SSG]] [[firewall|firewalls]]. | ||
The routing infrastructure consists of several autonomous systems, taken from the IANA-allocated private range: 64512 through 65534. Each site runs IBGP, possibly with a route reflector, and its own IGP for local next-hop resolution. EBGP is used between sites and peering connections. IPv4 Internet connectivity for each site is achieved by advertisement of default routes from machines performing NAT. The [[Prolixium Communications Network#Lab|lab]] is connected to starfire in Charlotte (cha). The PCN used to use one large OSPF area: no EGP. It was converted to a BGP confederation setup, then reconverted to its current state. | The routing infrastructure consists of several autonomous systems, taken from the IANA-allocated private range: 64512 through 65534. Each site runs IBGP, possibly with a route reflector, and its own [[IGP]] for local next-hop resolution. EBGP is used between sites and peering connections. IPv4 Internet connectivity for each site is achieved by advertisement of default routes from machines performing NAT. The [[Prolixium Communications Network#Lab|lab]] is connected to starfire in Charlotte (cha). The PCN used to use one large OSPF area: no EGP. It was converted to a [[BGP]] confederation setup, then reconverted to its current state. | ||
== History == | == History == | ||
Revision as of 03:05, 27 May 2009
The Prolixium Communications Network (known also as PCN, mynet, My Network, and Prolixium .NET) is a collection of small, geographically disperse, computer networks that provide IPv4 and IPv6, VPN, and VoIP transport to the Kamichoff family. Owned and operated solely by Mark Kamichoff, PCN often serves as a testbed for various network experiments. The majority of the PCN nodes are connected via residential data services (cable modem), while some located in data centers have Fast Ethernet connections to the Internet.
Current State
As of May 8, 2009, PCN is composed of several networks along the east coast of the United States, connected via OpenVPN and 6in4 tunnels:
- North Brunswick, NJ (home): nat.prolixium.com on HFC via Optimum Online
- New York, NY (vox): dax.prolixium.com on Fast Ethernet via Voxel dot Net
- Tampa, FL (sago): nonce.prolixium.com on Fast Ethernet via Sago Networks
- Charlotte, NC (cha): starfire.prolixium.com on HFC via Road Runner
- Sarasota, FL (srst): scimitar.prolixium.com on HFC via Comcast
- Carteret, NJ (car): tachyon.prolixium.com on HFC via Comcast
Each site has multiple (network is almost fully-meshed) OpenVPN tunnels to other locations, each with a 6to4 tunnel inside, providing both IPv4 and IPv6 communications with data protection and security. Quagga's ospfd, ospf6d, and bgpd are used in the production network (the term production is relative) on commodity PC hardware, while the Charlotte site also utilizes Juniper NetScreen and SSG firewalls.
The routing infrastructure consists of several autonomous systems, taken from the IANA-allocated private range: 64512 through 65534. Each site runs IBGP, possibly with a route reflector, and its own IGP for local next-hop resolution. EBGP is used between sites and peering connections. IPv4 Internet connectivity for each site is achieved by advertisement of default routes from machines performing NAT. The lab is connected to starfire in Charlotte (cha). The PCN used to use one large OSPF area: no EGP. It was converted to a BGP confederation setup, then reconverted to its current state.
History
- Warning: This section is written in the first-person (Mark Kamichoff's) point of view
After joining the [Xicada network back at RPI, I decided to continue linking all of my networks and sites together via various VPN technologies. At first, the network was just a simple VPN between my network at home and a few computers in my dorm room at RPI. The connection tunnelled through RPI's firewall like a knife through warm butter, using OpenVPN's UDP encapsulation mode. Actually, a site to site UDP tunnel was the only thing OpenVPN offered, back then. My router at RPI was a blazing-fast Pentium 166MHz box running Debian GNU/Linux. At that point, my Xicada tunnels were terminated on another box I found in the trash, an old AMD K6-300, which eventually ran FreeBSD 4.
The network quickly started expanding, and I was able to move the K6-300 box (starfire) into the ACM's lab, which was given a 100mbit link, in the basement of the DCC. At this point in time, my network had three sites: home, the lab, and my dorm room. Since I didn't stick around RPI during most summers, I reterminated the Xicada links on starfire, since it sported a more permanent link.
Shortly after starfire was moved to the lab, I started toying with IPv6, and acquired a tunnel via Freenet6 (now Hexago, since they're actually trying to sell products, or something). RPI's firewall wouldn't allow IP protocol 41 through the firewall, and my attempts at getting this opened up for my IP failed. So, I terminated the IPv6 tunnel on my box at home, which sat on Optimum Online. Freenet6 gave me a /48 block out of the 3ffe::/16 6bone space, and I started distributing /64's out to all of my LAN segments. I started running Zebra's OSPFv3 daemon, and realized it was buggy as all get out. It mostly worked, though. Since Freenet6 gave me an ip6.int. delegation, I spent some time applying tons of patches to djbdns, my DNS server of choice, back then. After tons of patching, I got IPv6 support, which was fairly neat at the time. What did I use this new-found IPv6 connectivity for? IRC and web site hosting. www.prolixium.com has had an AAAA record since at least 2003.
Sometime in 2003 (I forget when), I moved my IPv6 tunnel to BTExact, British Telecom's free tunnel broker that actually gave out non-6bone /48's and ip6.arpa. DNS delegations. I quickly moved to them, and enjoyed quicker speeds than Freenet6 for about a year. Of course, after a year, my parents had a power outage at home, and my server lost the IP it had with OOL for the past two years. BTExact, at that time, had frozen their tunnel broker service, and didn't allow any modifications or new tunnels to be created. I went back to Freenet6, who had changed to 2001::/16 space.
After leaving RPI, and getting a job, I decided to purchase a dedicated server from SagoNet. I extended my network down to Tampa, FL, where the server was located.
Fast-forwarding to the present day, I currently have five sites, and an IPv6 tunnel to a North American broker, provided by Hurricane Electric. Almost every host on the network is IPv6-aware, and the IPv6 connectivity is controlled by pf, running on a dedicated server (dax) in New York, NY.
Xicada connectivity at this point has been terminated, due to lack of interest.
Applications
App foo.
Lab
- Main Article: PCN Lab
Lab foo.