Changelog 2020-10-01: Add warning to not filter private ASNs within the internal network 2020-06-07: Add limitations of Bird confederation and a way to simulate confederation 2020-05-17: Initial version Comparison of BGP Interconnection Schemes within an ISP Most ISPs, or Internet Service Providers, use the BGP protocol to exchange their route information. Each ISP will obtain an ASN (Autonomous System Number) from the regional NIC (Network Information Center, e.g., APNIC, RIPE), like China Telecom's ASN is 4134 for example. Then, ISPs connect their boundary routers via physical links (copper line, fiber, satellite link, etc.), and configure BGP protocol on the boundary routers, so they will tell the other part that: "I'm AS4134, and I can provide access to the IP block of 202.101.0....
x32 ABI and Docker Containers
History of x86 & x86_64, and x32 ABI Most of the personal computers and servers we use nowadays use the x86_64 architecture, whose specification was released by AMD in 2000 and the first processor released in 2003. Since x86_64 is a 64-bit architecture, in x86_64, each register in the CPU can hold 64 bits of data (or 8 bytes). Before x86_64 went popular, most computers used Intel processors, and the corresponding x86 architecture / ISA, a 32-bit architecture whose registers hold 32 bit of data (or 4 bytes). One significant improvement of the 64-bit architecture is the improved memory addressing ability. Computers usually follow such a routine while accessing the memory: write the memory address to be accessed into a register,...
Writing a Simple Telegram Bot
Based on the requests of DN42 Telegram Group members, I plan to add Telegram Bot support to my Bird Looking Glass , so it is easier for them to look up whois information, testing networks and finding sources of route leaks. The bot is supposed to recognize commands starting with / , and respond to the message. My Looking Glass is written in Go, so at the beginning, I looked for Telegram Bot APIs in the Go language. However, those popular API libraries all use the same scheme for handling requests: Telegram server sends a callback to my own server; My program handles the request and may send multiple requests actively to the Telegram server, authenticated with a locally configured Token; Finally, the program actively sends a request to the Telegram server to send the response....
Remove OpenVPN's Stable-privacy IPv6 Addresses
On my VPSes, the TAP network interface created by OpenVPN has a randomly-generated IPv6 address with scope stable-privacy . This address itself is created randomly to prevent tracking users by their IPv6 addresses. But when building a network in DN42, BGP handshakes may originate from this address (rather than your manually assigned link-local address) and fail for mismatching origin/IP. The solution is to configure the TAP interfaces with sysctl, and disable the automatic address generation options. OpenVPN can be configured to run sysctl automatically when creating the interface: # Add to OpenVPN's config file script-security 2 up "/bin/sh -c '/sbin/sysctl -w net.ipv6.conf. $dev .autoconf=0 && /sbin/sysctl -w net.ipv6.conf. $dev .accept_ra=0 && /sbin/sysctl -w net....
Install/Upgrade to Debian 10 on OpenVZ 6
It's the year 2020. Why are you still using OpenVZ 6 VPSes? Because they only cost one dollar per year. Since the kernel of OpenVZ 6 is extremely old (Linux 2.6.32), newer systems cannot function normally on an old kernel, so I had to stick to Debian 8 with my previous OpenVZ VPSes. But I found a modified Glibc (C language runtime library) that allows running Debian 10 normally on OpenVZ 6. WARNING I don't guarantee that the steps below are suitable for all OpenVZ VPSes, nor do I ensure the safety/integrity of this Glibc (I didn't look into its modifications, but speaking of security, the end-of-life OpenVZ 6 is probably the farthest thing from security). Backup your data , since in worst scenarios, you need to reinstall the OS. Steps The author only provided DEB packages,...
Sharing Network Namespace Among Docker Containers for Bird Anycasting
At exactly one year ago, I set up an Anycast service with Docker in the DN42 network (Chinese only atm) . Back then, I customized the container's image and added a Bird installation to it, then put in a config file to broadcast Anycast routes via OSPF. However, as time went by, a few problems were exposed: The process of installing Bird takes time. Instead of installing Bird with apt-get , since my Dockerfiles need to support multiple architectures (Chinese only atm) , and Bird isn't available in some architecture's repos for Debian. And since my building server is AMD64, and is running images of other architectures with qemu-user-static (Chinese only atm) , a lot of instruction translation is needed in the image building and software compilation progress, which is extremely inefficient....
Disabling Webcams During an Online Course
This post will explain the way to disable your webcam on Windows and Linux, so: On the OS level, prevent you from turning on the webcam by mistake, and live-stream your footage of having a meal lying on the bed playing games (NSFW) Prevent certain online lecturing software from secretly turning on the webcam. Windows Procedures Press the Win+R combination key to open the Run window, type devmgmt.msc and enter to open the Device Manager. Your camera will be in Image Acquisition Devices category, right-click on it to disable it. (The following picture is taken from a Simplified Chinese Windows XP, but the procedure and icons should be similar for Windows 7 and 10.) When you need to use the camera, come back to re-enable it, and then close and reopen your browser or online lecturing software....
LADSPA Stereo Frequency Splitter & Bass Booster
During the Chinese Spring Festival, my dad gave me an Edifier M120 Bluetooth speaker. This speaker is not one of these high-end models featuring dedicated bass speakers or professional Bluetooth audio codecs such as aptX and LDAC; it's just a unit with two ordinary speakers. With that said, I doubt I can hear any difference with those advanced codecs on a portable speaker anyway. But when I played some music with my phone connected to it, I realized that it does have some bass output. Speaking of bass, I'm impressed by a JBL Charge 4 speaker bought by one of my classmates. As a portable speaker that costs 150 , i t h a s a d e d i c a t e d b a s s u n i t w i t h a s t o n i s h i n g p o w e r . T h e n I b e g a n t o t h i n k t h a t ,...
(Almost) Lossless Archival with Modern Formats - H265 and HEIF
Many people keep their inventory of photos and videos for their travels, parties, or whatever important moments of their lives. If you are into taking photos and recording videos and like keeping all of them, you will likely fill up hard drives after hard drives. If you don't want to keep adding more drives to your collection, you may also try to compress your photos and videos. Speaking of compression, a common method is to reduce the resolution of images. I've used the good old Microsoft Office Picture Manager (that comes with Office 2003) and its built-in one-key image compression. Behind the scenes, it's actually downsampling images to JPEG files of around 1024x768. One major drawback is that a lot of the details are completely lost....
OS/2 Warp 4: Trying out & Installing Firefox
OS/2 is an operating system initially developed by IBM and Microsoft and later maintained by IBM. Back in the 1990s, OS/2 was a competitive rival to Windows, but later OS/2 was defeated by the Windows series, and IBM finally shut down OS/2 Warp 4's tech support on Dec 31, 2006. But this does not mark the death of OS/2. After official tech support ended, Senerity System took over OS/2's development and continued it under the name eComStation. In 2015, another company, Arca Noae LLC, produced an OS/2 based distribution called ArcaOS, and sold it as a commercial product. At the same time, the open-source community is providing some support to OS/2. They cross-compiled common Unix tools (including ls , rm , etc.), RPM/YUM package manager, and a series of libraries on OS/2....