The KittUnderlay DN42 Interconnection (WIP Draft)
Introduction
This project explores extending the existing KittUnderlay architecture to interconnect with DN42, a decentralized, community-driven networking environment. The goal is to reuse the established WireGuard-based underlay and iBGP design to integrate external routing domains in a clean and controlled manner.
Rather than building a separate edge stack, this approach treats DN42 as an extension point of the existing fabric—while still maintaining clear boundaries between internal and external routing.
Project Vision
KittUnderlay was originally designed as a secure and flexible internal routing foundation. This project builds on that by introducing external peering with DN42, enabling experimentation with real-world routing policies, decentralized interconnections, and community-driven networking practices.
The key idea is to integrate DN42 without disrupting the internal design principles. Internal loopbacks and infrastructure routes remain stable and predictable, while DN42 prefixes are handled through controlled import/export policies.
This creates a hybrid environment where internal services and external reachability coexist without unnecessary complexity.
Key Goals
- Reuse KittUnderlay as the primary transport and routing foundation
- Establish secure WireGuard-based peering with DN42 participants
- Integrate DN42 routes into the existing iBGP topology
- Maintain strict separation between internal and external routing domains
- Apply filtering and policy control for route exchange
- Enable safe experimentation with real-world BGP scenarios
Architecture Overview
KittUnderlay Core
The existing WireGuard mesh and iBGP topology remain unchanged as the foundation of the network.DN42 Edge Peering
External peers are connected via WireGuard tunnels, forming eBGP sessions with DN42 participants.Route Injection into iBGP
Accepted DN42 routes are injected into the internal iBGP fabric, allowing controlled propagation across nodes.Loopback Stability
Internal loopback addresses continue to be advertised via iBGP without modification, ensuring consistent router reachability.Policy and Filtering Layer
Prefix filtering, ASN validation, and route policies are enforced at the edge to prevent leaks and maintain routing hygiene.Optional Route Reflectors
If already present in KittUnderlay, Route Reflectors handle the distribution of DN42-learned routes across the network.
Features (Planned & In Progress)
- WireGuard-based DN42 peer provisioning
- eBGP session templates for DN42 integration
- Route filtering and prefix validation mechanisms
- Controlled redistribution into iBGP
- Monitoring of external route propagation
- Support for multiple DN42 peers for redundancy
- Clear separation of internal vs external routing tables
Current Status
The project is in an experimental phase. Initial DN42 peerings are being established and tested against the existing KittUnderlay topology. Focus areas include route filtering correctness, propagation behavior, and maintaining stability within the internal network.
Adjustments to policy design and topology layout are ongoing as real-world scenarios are evaluated.
Getting Started
Future documentation will cover:
- Joining DN42 and obtaining required credentials
- Establishing WireGuard tunnels with DN42 peers
- Configuring eBGP sessions and policies
- Importing DN42 routes into KittUnderlay
- Validating route propagation across the iBGP fabric
- Implementing safeguards against route leaks
The goal is to provide a safe and structured path to experimenting with external routing while leveraging an existing internal network design.
This project is not just about connecting to DN42—it’s about extending a controlled internal network into a decentralized ecosystem while preserving clarity, stability, and intent in routing design.