Dn42

dn42 is a decentralized peer-to-peer network built using VPNs and software/hardware BGP routers.

While other darknets try to establish anonymity for their participants, that is not what dn42 aims for. It is a network to explore routing technologies used in the Internet and tries to establish direct non-NAT-ed connections between the members.

The network is not fully meshed. dn42 uses mostly tunnels instead of physical links between the individual networks. Each participant is connected to one or more other participants. Over the VPN or the physical links, BGP is used for inter AS routing. While OSPF is the most commonly used protocol for intra AS routing, each participant is free to choose any other IGP, like Babel, inside their AS.

History
The DN42 project grew out of the popular PeerIX project started by HardForum members in mid-2009. The PeerIX project, while small in initial numbers grew to over 50 active members with a backlog of 100 requests to join the network. Ultimately the project was unable to meet the demand of user scale and eventually deprecated (though many of the core member team still have their networks online.)

The founding members of the DN42 project tried to unsuccessfully rekindle the PeerIX project(through the private google group) and instead formed their own IPv6 only network, successfully scaling it to the size it is today.

Address space
Network address space for IPv4 consists of private subnets: 172.20.0.0/14 is the main subnet. Note that other private address ranges may also be announced in dn42, as the network is interconnected with other similar projects. Most notably, ChaosVPN uses 172.31.0.0/16 and parts of 10.0.0.0/8, Freifunk IC-VPN uses 10.0.0.0/8 and NeoNetwork uses 10.127.0.0/16.

For IPv6, Unique Local Address (ULA, the IPv6 equivalent of private address range) (fd00::/8) are used. Please note that IPv6 addresses within this range are also utilized by other networks, such as NeoNetwork employing fd10:127::/32 and CRXN utilizing segments of fd00::/8.

AS numbers
In order to use BGP, even in a private environment, autonomous system numbers are needed. dn42 uses several private or reserved AS number ranges, including 64512 to 64855 and 76100 to 76199. Since June 2014, dn42 is now using a new private range, 4242420000 to 4242429999, part of larger private range defined by RFC 6996.

BGP routers
While some participants use hardware routers, most participants use general purpose servers or virtual machines to lower their cost. The most commonly used BGP implementations used in dn42 are BIRD and FRR, but some participants use OpenBGPD, XORP, GoBGP or the implementation of JunOS or Cisco IOS.

DN42 TLD
Websites and services hosted on the Dn42 network often use the top-level domain dn42. This is not an official IANA top-level domain, and it is handled through the dn42 registry. Internal anycast servers for dn42 are found at 172.20.0.53, 172.23.0.53, and fd42:d42:d42:54::1, fd42:d42:d42:53::1.

Registry
To ensure uniform administration of IP addresses and domains, there is also a registry in dn42, as in Clearnet. This is based on Git in dn42 and therefore also offers the option of storing these in a decentralized manner. Furthermore, all changes can be clearly traced back to an author. To make a change in the dn42 (e.g. a registration ), a pull request is created with the corresponding change. One of the registry maintainers then looks at this, validates it (including syntactically) and also verifies it (checking the authorization and signature). A participant must be authorized to make a change. This is verified by a signature using a GPG or SSH key.

Interconnections
The dn42 maintains a number of links to similar projects:

Certificate Authority
The dn42 has its own (unofficial) Certificate Authority (CA). This can be used to issue TLS certificates, for example for HTTPS. Ownership can be verified with ACME, as with Let's Encrypt.

In addition, the NeoNetwork also operates its own CA for the .neo TLD and the associated network area. The ChaosVPN, IC-VPN and the CRXN do not have a CA. In order to prevent the CA from issuing certificates for Clearnet addresses, name constraints are used which limit the name validity range of the CA. This means that the CA cannot be used for Clearnet addresses.

Services
The following is a selection of services in the dn42: