Building a lightweight and secure route server for BIRD

As I've written about previously, I'm a big fan of the BIRD routing daemon project. The idiomatic configuration syntax is a welcome change from the industry standard CLI style config, especially as someone coming from a software development background is concerned. I've written a few utilities that help with using…

Fosshost+aarch64 Network Architecture

The network architecture planned for the Fosshost aarch64 deployment is a little different from a conventional "cloud" virtualization system: we have very little layer 3 infrastructure. Instead, the network relies on a large layer 2 domain. Each server acts as both a hypervisor and router, and operates independently of the…

Anycast CDN update

One of my projects lately has been building an anycast CDN for authoritative DNS and HTTP caching. Back in August I wrote about the first deployment of the project (https://blog.natesales.net/building-an-anycast-cdn/), but it's been a few months and I've made some big changes so I figured it's…

Automating BGP - for real this time

Ever since I started an Autonomous System on the internet a few years ago, I've dealt with the monotonous task of configuring new neighbor sessions. Don't get me wrong, peering is a great thing and I always enjoy turning up new peers - but manually writing the config each time…

Developing stateful anycast architecture: SSL+HTTP/3

A few months ago I wrote about the CDN that I've been building to learn about anycast routing (link). Almost everything about the CDN has changed as I've completely rewritten the system. One of the challenges faced by the new platform is I wanted to give HTTP a try over…

BGP Path Selection

The fundamental part of BGP is it's best path selection algorithm. BGP follows a strict order of route selection. WeightLocal preferenceOriginAS path lengthOrigin codeMEDeBGP/iBGPIGP metric to BGP next hopOldest pathRouter IDNeighbor addressWeightWeight is an attribute specific to Cisco, and takes highest priority on their routers. Higher weight means higher…

Introduction to BGP communities

Aside from flowspec (Which incidentally was the cause of last week's internet outage), BGP communities are the primary means of adding information to routes for the purpose of traffic engineering, DDoS mitigation, or anything else that you might want to signal in a network. They're really very simple in theory;…