Information

Information about Routing policy, BGP Communities and ROA

Routing Policy

BIRD is used as the routing daemon with ROA and dn42 subnet filtering enabled.

The following metrics are automatically examined in the described order to choose through which peer a prefix is routed:

  1. Direct routes to prefixes belonging to peers are always chosen
  2. The network with the lowest BGP path length
  3. If the prefix BGP path length is the same across multiple peers, the network with the lowest latency is chosen
BGP Communities

The following BGP Communities are supported:

  • All standard DN42 communities are applied as described in the wiki
  • A region community is added to each route denoting in which region it was learned
ROA Validation

Route Origin Authentication (ROA) is used to validate if the originating AS is allowed to advertise a prefix.

  • Invalid ROA is filtered
  • Unknown ROA is accepted
Peering Dashboard

The entire peering process is automated and easy to do with a few clicks.

Frequently Asked Questions

Peering with Kioubit

There are a couple of things you can verify:
  1. If you just recently registered with the registry, wait about a day until the ROA filtering is updated across all DN42 nodes.
  2. Ping the BGP-Endpoint address which can be found on the Dashboard to see if the OpenVPN/WireGuard connection is working.
  3. Check if the BGP Session is established.
  4. Check if your source address is set correctly. Example command: ip route get 172.20.14.33 and look at the "src" address. It should be an IP you advertise via BGP.
  5. Make sure you have set the sysctl rp_filter value to 0 (required).
  6. Check the network troubleshooting tool on the services page.

WireGuard will not attempt a handshake with the remote side if no traffic needs to be sent. For testing, try to ping the remote tunnel IP to generate some traffic and force the handshake process.

Yes, people have successfully peered with the Kioubit network using:
  • Mikrotik routers (confirmed with RouterOS v7+)
  • Ubiquiti routers (confirmed with EdgeRouter-X)
  • FRR bgp daemon software
  • BIRD bgp daemon software
  • OPNsense software (with FRR plugin)
  • Quagga bgp daemon software (not recommended)

Yes, peers from dynamic IP addresses are fully supported.

Check the traceroute and the troubleshooting tool available on the services page. If you find an address is not reachable, it doesn't necessarily mean there's a problem with the Kioubit Network. Routing issues can occur elsewhere in DN42, or the destination host might simply be offline.

Due to the nature of the DN42 network, which is built on top of the public internet using VPN technologies, high ping times can be common. The Kioubit Network constantly strives to optimize latency and maintain competitive low-latency paths within DN42.

Router Setup

Find the bird2 tutorial here: Learn more. Other guides exist for different routing software.

Find the tutorial here: Learn more.

The registry is hosted here: Learn more. You can manage your AS number, IP allocations, and DNS records there.