https://kittenconnect.net/tags/network/Recent content in Network on Kitten ConnectHugo -- gohugo.ioen-usFri, 03 Apr 2026 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-dn42-gateway/Fri, 03 Apr 2026 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-dn42-gateway/<h2 id="the-kittunderlay-dn42-interconnection-wip-draft">The KittUnderlay DN42 Interconnection (WIP Draft) </h2><h3 id="introduction">Introduction </h3><p>This project explores extending the existing KittUnderlay architecture to interconnect with DN42, a decentralized, community-driven networking environment. The goal is to reuse the established WireGuard-based underlay and iBGP design to integrate external routing domains in a clean and controlled manner.</p> <p>Rather than building a separate edge stack, this approach treats DN42 as an extension point of the existing fabric—while still maintaining clear boundaries between internal and external routing.</p> <h3 id="project-vision">Project Vision </h3><p>KittUnderlay was originally designed as a secure and flexible internal routing foundation. This project builds on that by introducing external peering with DN42, enabling experimentation with real-world routing policies, decentralized interconnections, and community-driven networking practices.</p> <p>The key idea is to integrate DN42 without disrupting the internal design principles. Internal loopbacks and infrastructure routes remain stable and predictable, while DN42 prefixes are handled through controlled import/export policies.</p> <p>This creates a hybrid environment where internal services and external reachability coexist without unnecessary complexity.</p> <h3 id="key-goals">Key Goals </h3><ul> <li>Reuse KittUnderlay as the primary transport and routing foundation</li> <li>Establish secure WireGuard-based peering with DN42 participants</li> <li>Integrate DN42 routes into the existing iBGP topology</li> <li>Maintain strict separation between internal and external routing domains</li> <li>Apply filtering and policy control for route exchange</li> <li>Enable safe experimentation with real-world BGP scenarios</li> </ul> <h3 id="architecture-overview">Architecture Overview </h3><ul> <li> <p><strong>KittUnderlay Core</strong><br> The existing WireGuard mesh and iBGP topology remain unchanged as the foundation of the network.</p> </li> <li> <p><strong>DN42 Edge Peering</strong><br> External peers are connected via WireGuard tunnels, forming eBGP sessions with DN42 participants.</p> </li> <li> <p><strong>Route Injection into iBGP</strong><br> Accepted DN42 routes are injected into the internal iBGP fabric, allowing controlled propagation across nodes.</p> </li> <li> <p><strong>Loopback Stability</strong><br> Internal loopback addresses continue to be advertised via iBGP without modification, ensuring consistent router reachability.</p> </li> <li> <p><strong>Policy and Filtering Layer</strong><br> Prefix filtering, ASN validation, and route policies are enforced at the edge to prevent leaks and maintain routing hygiene.</p> </li> <li> <p><strong>Optional Route Reflectors</strong><br> If already present in KittUnderlay, Route Reflectors handle the distribution of DN42-learned routes across the network.</p> </li> </ul> <h3 id="features-planned--in-progress">Features (Planned &amp; In Progress) </h3><ul> <li>WireGuard-based DN42 peer provisioning</li> <li>eBGP session templates for DN42 integration</li> <li>Route filtering and prefix validation mechanisms</li> <li>Controlled redistribution into iBGP</li> <li>Monitoring of external route propagation</li> <li>Support for multiple DN42 peers for redundancy</li> <li>Clear separation of internal vs external routing tables</li> </ul> <h3 id="current-status">Current Status </h3><p>The project is in an experimental phase. Initial DN42 peerings are being established and tested against the existing KittUnderlay topology. Focus areas include route filtering correctness, propagation behavior, and maintaining stability within the internal network.</p> <p>Adjustments to policy design and topology layout are ongoing as real-world scenarios are evaluated.</p> <h3 id="getting-started">Getting Started </h3><p>Future documentation will cover:</p> <ul> <li>Joining DN42 and obtaining required credentials</li> <li>Establishing WireGuard tunnels with DN42 peers</li> <li>Configuring eBGP sessions and policies</li> <li>Importing DN42 routes into KittUnderlay</li> <li>Validating route propagation across the iBGP fabric</li> <li>Implementing safeguards against route leaks</li> </ul> <p>The goal is to provide a safe and structured path to experimenting with external routing while leveraging an existing internal network design.</p> <hr> <p>This project is not just about connecting to DN42—it’s about extending a controlled internal network into a decentralized ecosystem while preserving clarity, stability, and intent in routing design.</p>https://kittenconnect.net/p/kittunderlay-mpls-and-vrf-architecture/Wed, 26 Feb 2025 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-mpls-and-vrf-architecture/<h2 id="kittunderlay-mpls-and-vrf-architecture-wip-draft">KittUnderlay MPLS and VRF Architecture (WIP Draft) </h2><h3 id="introduction">Introduction </h3><p>While simpler approaches like VRF-Lite or Policy-Based Routing (PBR) could isolate traffic using a single routing table per session, they fall short when scaling with Route Reflectors. With RRs distributing routes to multiple clients, VRF-Lite/PBR lacks the label-based forwarding needed to maintain proper isolation across the fabric. MPLS provides the necessary separation—each VRF route carries its own label, ensuring traffic reaches the correct routing instance even when passing through intermediate RRs.</p> <p>KittUnderlay selectively uses MPLS for VRF route distribution, enabling proper network segmentation and traffic isolation. This approach reserves MPLS specifically for VRF-associated routes, where label-based forwarding provides clear benefits.</p> <h3 id="mpls-in-kittunderlay">MPLS in KittUnderlay </h3><p>MPLS is reserved specifically for VRF-associated routes, where label-based forwarding provides clear benefits in segmentation and traffic isolation. Unlike traditional MPLS deployments that might label all routes, KittUnderlay applies MPLS only where it adds value.</p> <h3 id="key-goals-for-mplsvrf">Key Goals for MPLS/VRF </h3><ul> <li>Apply MPLS only where it adds value (VRF segmentation)</li> <li>Maintain clear separation of global and VRF routing planes</li> <li>Enable proper isolation and label-based forwarding between different routing instances</li> </ul> <h3 id="vrf-routing-with-mpls">VRF Routing with MPLS </h3><p>MPLS is used exclusively for VRF routes, enabling proper isolation and label-based forwarding between different routing instances.</p> <h4 id="bgp-template-configuration">BGP Template Configuration </h4><p>The BGP template enables MPLS label distribution for VRF routes while maintaining separation from the global routing table:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="nx">template</span><span class="w"> </span><span class="nx">bgp</span><span class="w"> </span><span class="nx">kittunderlay</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">port</span><span class="w"> </span><span class="mi">1790</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">neighbor</span><span class="w"> </span><span class="nx">port</span><span class="w"> </span><span class="mi">1790</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">rr</span><span class="w"> </span><span class="nx">client</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">path</span><span class="w"> </span><span class="nx">metric</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv4</span><span class="w"> </span><span class="nx">mpls</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">extended</span><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="w"> </span><span class="nx">self</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">keep</span><span class="w"> </span><span class="nx">filtered</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nx">source</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="p">[</span><span class="nx">RTS_STATIC</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_DEVICE</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_BGP</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_OSPF</span><span class="p">]</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">limit</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="nx">action</span><span class="w"> </span><span class="nx">block</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv6</span><span class="w"> </span><span class="nx">mpls</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="w"> </span><span class="nx">self</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">keep</span><span class="w"> </span><span class="nx">filtered</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nx">source</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="p">[</span><span class="nx">RTS_STATIC</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_DEVICE</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_BGP</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_OSPF</span><span class="p">]</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">limit</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="nx">action</span><span class="w"> </span><span class="nx">block</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">mpls</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">label</span><span class="w"> </span><span class="nx">policy</span><span class="w"> </span><span class="nx">aggregate</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h4 id="vrf-specific-bgp-sessions">VRF-Specific BGP Sessions </h4><p>Each VRF instance establishes BGP sessions with MPLS label distribution:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="err">#</span><span class="w"> </span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="err">#</span><span class="w"> </span><span class="nx">L</span><span class="p">:</span><span class="w"> </span><span class="nx">AS4242421945</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="nx">R</span><span class="p">:</span><span class="w"> </span><span class="nx">AS4242421945</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nx">protocol</span><span class="w"> </span><span class="nx">bgp</span><span class="w"> </span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;</span><span class="w"> </span><span class="nx">from</span><span class="w"> </span><span class="nx">kittunderlay</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">disabled</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">as</span><span class="w"> </span><span class="mi">4242421945</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">neighbor</span><span class="w"> </span><span class="nx">fe80</span><span class="p">::</span><span class="nx">xxxx</span><span class="w"> </span><span class="nx">as</span><span class="w"> </span><span class="mi">4242421945</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">interface</span><span class="w"> </span><span class="s">&#34;&lt;IFNAME&gt;&#34;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">direct</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv4</span><span class="w"> </span><span class="nx">mpls</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">Inform</span><span class="w"> </span><span class="nx">MPLS</span><span class="w"> </span><span class="nx">labels</span><span class="w"> </span><span class="nx">in</span><span class="w"> </span><span class="nx">addition</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">loopback</span><span class="w"> </span><span class="nx">routes</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">here</span><span class="w"> </span><span class="nx">use</span><span class="w"> </span><span class="nx">some</span><span class="w"> </span><span class="nx">additional</span><span class="w"> </span><span class="nx">functions</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">set</span><span class="w"> </span><span class="nx">MED</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="nx">communities</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv6</span><span class="w"> </span><span class="nx">mpls</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">Inform</span><span class="w"> </span><span class="nx">MPLS</span><span class="w"> </span><span class="nx">labels</span><span class="w"> </span><span class="nx">in</span><span class="w"> </span><span class="nx">addition</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">loopback</span><span class="w"> </span><span class="nx">routes</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">here</span><span class="w"> </span><span class="nx">use</span><span class="w"> </span><span class="nx">some</span><span class="w"> </span><span class="nx">additional</span><span class="w"> </span><span class="nx">functions</span><span class="w"> </span><span class="nx">to</span><span class="w"> </span><span class="nx">set</span><span class="w"> </span><span class="nx">MED</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="nx">communities</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">mpls</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">label</span><span class="w"> </span><span class="nx">policy</span><span class="w"> </span><span class="nx">aggregate</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="mpls-label-handling">MPLS Label Handling </h3><p>The <code>label policy aggregate</code> in the BGP template ensures efficient MPLS label allocation for VRF routes. This approach:</p> <ul> <li>Reduces label consumption by aggregating when possible</li> <li>Maintains proper forwarding state for VRF instances</li> <li>Enables seamless traffic isolation between routing tables</li> </ul> <h3 id="features">Features </h3><ul> <li>&#x2705; Clear separation of global and VRF routing planes</li> <li>&#x2705; MPLS integration for VRF-specific traffic only</li> <li>&#x2705; NixOS friendly configurations</li> </ul> <h3 id="getting-started">Getting Started </h3><p>Planned documentation will include:</p> <ul> <li>Enabling VRFs with MPLS-based forwarding</li> <li>Understanding MPLS label distribution for VRF routes</li> <li>Configuring VRF instances and route distinguishers</li> <li>Verifying VRF isolation and forwarding behavior</li> </ul> <hr> <p>MPLS in KittUnderlay is about applying the right level of complexity—using label-based forwarding only where it provides clear benefits for traffic segmentation.</p>https://kittenconnect.net/p/kitten-router-os/Sat, 15 Jun 2024 00:00:00 +0000https://kittenconnect.net/p/kitten-router-os/<h2 id="the-kitten-router-os-wip-draft">The Kitten Router OS (WIP Draft) </h2><h3 id="introduction">Introduction </h3><p>RoutehOS is a work-in-progress routing operating system aimed at delivering a clean, intuitive, and accessible networking experience. Designed with beginners in mind, it provides both local and global web interfaces that simplify interaction with network infrastructure. The goal is to make networking feel less intimidating and more exploratory—turning first-time users into confident operators.</p> <h3 id="project-vision">Project Vision </h3><p>This project is currently in an early draft stage and continues to evolve. The core idea behind RoutehOS is to reduce the traditional complexity of routing and network management without stripping away essential functionality. Instead of overwhelming users with dense configurations and unfamiliar terminology, RoutehOS introduces a guided, structured approach to learning and managing networks.</p> <p>By lowering technical barriers, it enables users to gradually build knowledge while actively working within a real networking environment. The system is intended not only as a tool, but also as a learning platform.</p> <h3 id="key-goals">Key Goals </h3><ul> <li>Simplify network configuration workflows</li> <li>Provide an educational, beginner-first experience</li> <li>Maintain flexibility for more advanced use cases over time</li> <li>Offer a consistent interface for both local and remote management</li> <li>Build a scalable foundation that can grow with user needs</li> </ul> <h3 id="features-planned--in-progress">Features (Planned &amp; In Progress) </h3><ul> <li>Intuitive, user-friendly web interface</li> <li>Streamlined routing and network setup</li> <li>Integration with existing network environments</li> <li>Built-in security-focused design principles</li> <li>Modular and scalable system architecture</li> <li>Guided setup and contextual help for new users</li> </ul> <h3 id="current-status">Current Status </h3><p>RoutehOS is an active work in progress. Features, design, and architecture are subject to change as the project develops. Feedback and iteration play a key role in shaping the system.</p> <h3 id="getting-started">Getting Started </h3><p>As development progresses, installation instructions and documentation will be made available. The aim is to provide a straightforward onboarding process through a guided web interface, allowing users to quickly deploy and experiment with the system.</p> <hr> <p>RoutehOS is not just about managing networks—it’s about making networking approachable, practical, and engaging from day one.</p>https://kittenconnect.net/p/kittunderlay-routing-fabric/Thu, 21 Dec 2023 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-routing-fabric/<h2 id="the-kittunderlay-routing-fabric-wip-draft">The KittUnderlay Routing Fabric (WIP Draft) </h2><h3 id="introduction">Introduction </h3><p>KittUnderlay is a work-in-progress routing architecture designed to explore a secure, scalable, and structured foundation for internal network routing. Built on iBGP mesh with WireGuard-based transport, the underlay ensures reliable connectivity between all nodes while maintaining simplicity and clarity.</p> <h3 id="project-vision">Project Vision </h3><p>The underlay architecture demonstrates that complex routing designs can remain understandable when responsibilities are clearly separated. Instead of overloading the network with unnecessary abstractions, the architecture applies each technology where it makes the most sense. Loopback addresses are distributed using standard iBGP, ensuring simplicity and universal reachability.</p> <p>Where beneficial, the system introduces controlled dynamism—such as latency-informed MED adjustments—to improve path selection without sacrificing predictability.</p> <p>As the network scales, Route Reflectors are introduced to optimize control-plane efficiency while maintaining consistent route visibility.</p> <h3 id="key-goals">Key Goals </h3><ul> <li>Maintain a clean and deterministic iBGP control plane</li> <li>Use WireGuard for secure and flexible node-to-node connectivity</li> <li>Keep loopback routing simple and label-free</li> <li>Enable scalable growth through Route Reflectors</li> <li>Preserve clarity between underlay, overlay, and service layers</li> </ul> <h3 id="architecture-overview">Architecture Overview </h3><ul> <li><strong>Full iBGP Mesh (Initial Phase)</strong><br> Every node peers directly with their adjacent neighbors using Link-Local IPv6, allowing straightforward route propagation and easier troubleshooting during early stages.</li> </ul> <pre class="mermaid"> graph LR %% Center node RR[&#34;Route Reflectors&#34;] %% Surrounding routers R1[&#34;R1&#34;] R2[&#34;R2&#34;] R3[&#34;R3&#34;] %% iBGP (hub-and-spoke) RR &lt;-. &#34;multiHop iBGP&#34; .-&gt; R1 RR &lt;-. &#34;multiHop iBGP&#34; .-&gt; R2 RR &lt;-. &#34;multiHop iBGP&#34; .-&gt; R3 %% Underlay (mesh between routers) R1 &lt;== &#34;iBGP&#34; ==&gt; R2 R2 &lt;== &#34;iBGP&#34; ==&gt; R3 R3 &lt;== &#34;iBGP&#34; ==&gt; R1 </pre> <ul> <li><strong>WireGuard Underlay</strong><br> All non-physical BGP sessions operate over WireGuard tunnels, providing encrypted transport independent of physical infrastructure. All tunnels configured with a unique peer where <code>AllowedIPs = 0.0.0.0/0, ::0/0</code></li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[NetDev]</span> </span></span><span class="line"><span class="cl"><span class="na">Kind</span><span class="o">=</span><span class="s">wireguard</span> </span></span><span class="line"><span class="cl"><span class="na">Name</span><span class="o">=</span><span class="s">&lt;IFNAME&gt;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">[WireGuard]</span> </span></span><span class="line"><span class="cl"><span class="na">ListenPort</span><span class="o">=</span><span class="s">&lt;ListenPort&gt;</span> </span></span><span class="line"><span class="cl"><span class="na">PrivateKeyFile</span><span class="o">=</span><span class="s">/run/secrets/wireguard_serverkey</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">[WireGuardPeer]</span> </span></span><span class="line"><span class="cl"><span class="na">AllowedIPs</span><span class="o">=</span><span class="s">0.0.0.0/0</span> </span></span><span class="line"><span class="cl"><span class="na">AllowedIPs</span><span class="o">=</span><span class="s">::/0</span> </span></span><span class="line"><span class="cl"><span class="na">PersistentKeepalive</span><span class="o">=</span><span class="s">10</span> </span></span><span class="line"><span class="cl"><span class="na">PublicKey</span><span class="o">=</span><span class="s">&lt;PeerKey&gt;</span> </span></span></code></pre></td></tr></table> </div> </div><ul> <li><strong>Loopback Announcements</strong><br> Loopback interfaces are advertised via iBGP without MPLS labels. These addresses serve as stable router identifiers and core reachability endpoints across the fabric.</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="nx">template</span><span class="w"> </span><span class="nx">bgp</span><span class="w"> </span><span class="nx">kittunderlay</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">port</span><span class="w"> </span><span class="mi">1790</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">neighbor</span><span class="w"> </span><span class="nx">port</span><span class="w"> </span><span class="mi">1790</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">rr</span><span class="w"> </span><span class="nx">client</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">path</span><span class="w"> </span><span class="nx">metric</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv4</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">extended</span><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="w"> </span><span class="nx">self</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">keep</span><span class="w"> </span><span class="nx">filtered</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nx">source</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="p">[</span><span class="nx">RTS_STATIC</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_DEVICE</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_BGP</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_OSPF</span><span class="p">]</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">limit</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="nx">action</span><span class="w"> </span><span class="nx">block</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv6</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="w"> </span><span class="nx">self</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">keep</span><span class="w"> </span><span class="nx">filtered</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nx">source</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="p">[</span><span class="nx">RTS_STATIC</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_DEVICE</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_BGP</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_OSPF</span><span class="p">]</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">limit</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="nx">action</span><span class="w"> </span><span class="nx">block</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><ul> <li> <p><strong>Route Reflectors (Scaling Phase)</strong><br> As the topology expands, Route Reflectors reduce the number of iBGP sessions required while preserving full route distribution across the network.</p> </li> <li> <p><strong>Adaptive Path Selection (Latency-Aware MED)</strong> A lightweight Go-based service runs alongside each node, continuously measuring latency between BGP peers over the WireGuard underlay. Based on observed performance, it dynamically adjusts BGP MED (Multi-Exit Discriminator) values to influence path selection, allowing the fabric to react to changing network conditions without manual intervention.</p> </li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="err">#</span><span class="w"> </span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="err">#</span><span class="w"> </span><span class="nx">L</span><span class="p">:</span><span class="w"> </span><span class="nx">AS4242421945</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="nx">R</span><span class="p">:</span><span class="w"> </span><span class="nx">AS4242421945</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nx">protocol</span><span class="w"> </span><span class="nx">bgp</span><span class="w"> </span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;</span><span class="w"> </span><span class="nx">from</span><span class="w"> </span><span class="nx">kittunderlay</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">disabled</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">as</span><span class="w"> </span><span class="mi">4242421945</span><span class="p">;</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">localIP</span><span class="p">:</span><span class="w"> </span><span class="s">&#34;&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">neighbor</span><span class="w"> </span><span class="nx">fe80</span><span class="p">::</span><span class="nx">xxxx</span><span class="w"> </span><span class="nx">as</span><span class="w"> </span><span class="mi">4242421945</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">interface</span><span class="w"> </span><span class="s">&#34;&lt;IFNAME&gt;&#34;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">direct</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv4</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv6</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="features">Features </h3><ul> <li>&#x2705; Full iBGP mesh configuration templates</li> <li>&#x1f4ad; Automated WireGuard tunnel deployment</li> <li>&#x2705; Route Reflector deployment models</li> <li>&#x2692;&#xfe0f; Observability and route inspection tooling</li> <li>&#x2705; NixOS friendly configurations</li> <li>&#x2705; Automated MED adjustment based on real-time network performance</li> <li>&#x1f4ad; Policy controls to bound and stabilize dynamic routing decisions</li> </ul> <blockquote> <p>(Planned &#x1f4ad; - In Progress &#x2692;&#xfe0f; - Done &#x2705;)</p> </blockquote> <h3 id="current-status">Current Status </h3><p>KittUnderlay is actively under development. Current efforts focus on stabilizing the interaction between the WireGuard underlay and iBGP control plane. Also we need to find a way to have different routing views using VRFs / PBR.</p> <p>Route Reflector behavior and scaling patterns are being tested in parallel.</p> <h3 id="getting-started">Getting Started </h3><p>Planned documentation will include:</p> <ul> <li>Building a WireGuard full mesh underlay</li> <li>Establishing iBGP sessions across all nodes</li> <li>Advertising loopbacks without MPLS</li> <li>Transitioning from full mesh to Route Reflector topology</li> </ul> <p>The objective is to provide a progressive learning path—from simple full-mesh routing to a more scalable, production-like design.</p> <hr> <p>KittUnderlay is about building a strong foundation and applying the right level of complexity in the right place, keeping the network both powerful and understandable.</p>