https://kittenconnect.net/tags/wireguard/Recent content in Wireguard on Kitten ConnectHugo -- gohugo.ioen-usFri, 03 Apr 2026 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-dn42-gateway/Fri, 03 Apr 2026 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-dn42-gateway/<h2 id="the-kittunderlay-dn42-interconnection-wip-draft">The KittUnderlay DN42 Interconnection (WIP Draft) </h2><h3 id="introduction">Introduction </h3><p>This project explores extending the existing KittUnderlay architecture to interconnect with DN42, a decentralized, community-driven networking environment. The goal is to reuse the established WireGuard-based underlay and iBGP design to integrate external routing domains in a clean and controlled manner.</p> <p>Rather than building a separate edge stack, this approach treats DN42 as an extension point of the existing fabric—while still maintaining clear boundaries between internal and external routing.</p> <h3 id="project-vision">Project Vision </h3><p>KittUnderlay was originally designed as a secure and flexible internal routing foundation. This project builds on that by introducing external peering with DN42, enabling experimentation with real-world routing policies, decentralized interconnections, and community-driven networking practices.</p> <p>The key idea is to integrate DN42 without disrupting the internal design principles. Internal loopbacks and infrastructure routes remain stable and predictable, while DN42 prefixes are handled through controlled import/export policies.</p> <p>This creates a hybrid environment where internal services and external reachability coexist without unnecessary complexity.</p> <h3 id="key-goals">Key Goals </h3><ul> <li>Reuse KittUnderlay as the primary transport and routing foundation</li> <li>Establish secure WireGuard-based peering with DN42 participants</li> <li>Integrate DN42 routes into the existing iBGP topology</li> <li>Maintain strict separation between internal and external routing domains</li> <li>Apply filtering and policy control for route exchange</li> <li>Enable safe experimentation with real-world BGP scenarios</li> </ul> <h3 id="architecture-overview">Architecture Overview </h3><ul> <li> <p><strong>KittUnderlay Core</strong><br> The existing WireGuard mesh and iBGP topology remain unchanged as the foundation of the network.</p> </li> <li> <p><strong>DN42 Edge Peering</strong><br> External peers are connected via WireGuard tunnels, forming eBGP sessions with DN42 participants.</p> </li> <li> <p><strong>Route Injection into iBGP</strong><br> Accepted DN42 routes are injected into the internal iBGP fabric, allowing controlled propagation across nodes.</p> </li> <li> <p><strong>Loopback Stability</strong><br> Internal loopback addresses continue to be advertised via iBGP without modification, ensuring consistent router reachability.</p> </li> <li> <p><strong>Policy and Filtering Layer</strong><br> Prefix filtering, ASN validation, and route policies are enforced at the edge to prevent leaks and maintain routing hygiene.</p> </li> <li> <p><strong>Optional Route Reflectors</strong><br> If already present in KittUnderlay, Route Reflectors handle the distribution of DN42-learned routes across the network.</p> </li> </ul> <h3 id="features-planned--in-progress">Features (Planned &amp; In Progress) </h3><ul> <li>WireGuard-based DN42 peer provisioning</li> <li>eBGP session templates for DN42 integration</li> <li>Route filtering and prefix validation mechanisms</li> <li>Controlled redistribution into iBGP</li> <li>Monitoring of external route propagation</li> <li>Support for multiple DN42 peers for redundancy</li> <li>Clear separation of internal vs external routing tables</li> </ul> <h3 id="current-status">Current Status </h3><p>The project is in an experimental phase. Initial DN42 peerings are being established and tested against the existing KittUnderlay topology. Focus areas include route filtering correctness, propagation behavior, and maintaining stability within the internal network.</p> <p>Adjustments to policy design and topology layout are ongoing as real-world scenarios are evaluated.</p> <h3 id="getting-started">Getting Started </h3><p>Future documentation will cover:</p> <ul> <li>Joining DN42 and obtaining required credentials</li> <li>Establishing WireGuard tunnels with DN42 peers</li> <li>Configuring eBGP sessions and policies</li> <li>Importing DN42 routes into KittUnderlay</li> <li>Validating route propagation across the iBGP fabric</li> <li>Implementing safeguards against route leaks</li> </ul> <p>The goal is to provide a safe and structured path to experimenting with external routing while leveraging an existing internal network design.</p> <hr> <p>This project is not just about connecting to DN42—it’s about extending a controlled internal network into a decentralized ecosystem while preserving clarity, stability, and intent in routing design.</p>https://kittenconnect.net/p/kittunderlay-routing-fabric/Thu, 21 Dec 2023 00:00:00 +0000https://kittenconnect.net/p/kittunderlay-routing-fabric/<h2 id="the-kittunderlay-routing-fabric-wip-draft">The KittUnderlay Routing Fabric (WIP Draft) </h2><h3 id="introduction">Introduction </h3><p>KittUnderlay is a work-in-progress routing architecture designed to explore a secure, scalable, and structured foundation for internal network routing. Built on iBGP mesh with WireGuard-based transport, the underlay ensures reliable connectivity between all nodes while maintaining simplicity and clarity.</p> <h3 id="project-vision">Project Vision </h3><p>The underlay architecture demonstrates that complex routing designs can remain understandable when responsibilities are clearly separated. Instead of overloading the network with unnecessary abstractions, the architecture applies each technology where it makes the most sense. Loopback addresses are distributed using standard iBGP, ensuring simplicity and universal reachability.</p> <p>Where beneficial, the system introduces controlled dynamism—such as latency-informed MED adjustments—to improve path selection without sacrificing predictability.</p> <p>As the network scales, Route Reflectors are introduced to optimize control-plane efficiency while maintaining consistent route visibility.</p> <h3 id="key-goals">Key Goals </h3><ul> <li>Maintain a clean and deterministic iBGP control plane</li> <li>Use WireGuard for secure and flexible node-to-node connectivity</li> <li>Keep loopback routing simple and label-free</li> <li>Enable scalable growth through Route Reflectors</li> <li>Preserve clarity between underlay, overlay, and service layers</li> </ul> <h3 id="architecture-overview">Architecture Overview </h3><ul> <li><strong>Full iBGP Mesh (Initial Phase)</strong><br> Every node peers directly with their adjacent neighbors using Link-Local IPv6, allowing straightforward route propagation and easier troubleshooting during early stages.</li> </ul> <pre class="mermaid"> graph LR %% Center node RR[&#34;Route Reflectors&#34;] %% Surrounding routers R1[&#34;R1&#34;] R2[&#34;R2&#34;] R3[&#34;R3&#34;] %% iBGP (hub-and-spoke) RR &lt;-. &#34;multiHop iBGP&#34; .-&gt; R1 RR &lt;-. &#34;multiHop iBGP&#34; .-&gt; R2 RR &lt;-. &#34;multiHop iBGP&#34; .-&gt; R3 %% Underlay (mesh between routers) R1 &lt;== &#34;iBGP&#34; ==&gt; R2 R2 &lt;== &#34;iBGP&#34; ==&gt; R3 R3 &lt;== &#34;iBGP&#34; ==&gt; R1 </pre> <ul> <li><strong>WireGuard Underlay</strong><br> All non-physical BGP sessions operate over WireGuard tunnels, providing encrypted transport independent of physical infrastructure. All tunnels configured with a unique peer where <code>AllowedIPs = 0.0.0.0/0, ::0/0</code></li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"><span class="line"><span class="cl"><span class="k">[NetDev]</span> </span></span><span class="line"><span class="cl"><span class="na">Kind</span><span class="o">=</span><span class="s">wireguard</span> </span></span><span class="line"><span class="cl"><span class="na">Name</span><span class="o">=</span><span class="s">&lt;IFNAME&gt;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">[WireGuard]</span> </span></span><span class="line"><span class="cl"><span class="na">ListenPort</span><span class="o">=</span><span class="s">&lt;ListenPort&gt;</span> </span></span><span class="line"><span class="cl"><span class="na">PrivateKeyFile</span><span class="o">=</span><span class="s">/run/secrets/wireguard_serverkey</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">[WireGuardPeer]</span> </span></span><span class="line"><span class="cl"><span class="na">AllowedIPs</span><span class="o">=</span><span class="s">0.0.0.0/0</span> </span></span><span class="line"><span class="cl"><span class="na">AllowedIPs</span><span class="o">=</span><span class="s">::/0</span> </span></span><span class="line"><span class="cl"><span class="na">PersistentKeepalive</span><span class="o">=</span><span class="s">10</span> </span></span><span class="line"><span class="cl"><span class="na">PublicKey</span><span class="o">=</span><span class="s">&lt;PeerKey&gt;</span> </span></span></code></pre></td></tr></table> </div> </div><ul> <li><strong>Loopback Announcements</strong><br> Loopback interfaces are advertised via iBGP without MPLS labels. These addresses serve as stable router identifiers and core reachability endpoints across the fabric.</li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="nx">template</span><span class="w"> </span><span class="nx">bgp</span><span class="w"> </span><span class="nx">kittunderlay</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">port</span><span class="w"> </span><span class="mi">1790</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">neighbor</span><span class="w"> </span><span class="nx">port</span><span class="w"> </span><span class="mi">1790</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">rr</span><span class="w"> </span><span class="nx">client</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">path</span><span class="w"> </span><span class="nx">metric</span><span class="w"> </span><span class="nx">off</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv4</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">extended</span><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="w"> </span><span class="nx">self</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">keep</span><span class="w"> </span><span class="nx">filtered</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nx">source</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="p">[</span><span class="nx">RTS_STATIC</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_DEVICE</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_BGP</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_OSPF</span><span class="p">]</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">limit</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="nx">action</span><span class="w"> </span><span class="nx">block</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv6</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">next</span><span class="w"> </span><span class="nx">hop</span><span class="w"> </span><span class="nx">self</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">keep</span><span class="w"> </span><span class="nx">filtered</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">2147483648</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">export</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="o">&amp;&amp;</span><span class="w"> </span><span class="nx">source</span><span class="w"> </span><span class="p">~</span><span class="w"> </span><span class="p">[</span><span class="nx">RTS_STATIC</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_DEVICE</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_BGP</span><span class="p">,</span><span class="w"> </span><span class="nx">RTS_OSPF</span><span class="p">]</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">limit</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="nx">action</span><span class="w"> </span><span class="nx">block</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><ul> <li> <p><strong>Route Reflectors (Scaling Phase)</strong><br> As the topology expands, Route Reflectors reduce the number of iBGP sessions required while preserving full route distribution across the network.</p> </li> <li> <p><strong>Adaptive Path Selection (Latency-Aware MED)</strong> A lightweight Go-based service runs alongside each node, continuously measuring latency between BGP peers over the WireGuard underlay. Based on observed performance, it dynamically adjusts BGP MED (Multi-Exit Discriminator) values to influence path selection, allowing the fabric to react to changing network conditions without manual intervention.</p> </li> </ul> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-go" data-lang="go"><span class="line"><span class="cl"><span class="err">#</span><span class="w"> </span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="err">#</span><span class="w"> </span><span class="nx">L</span><span class="p">:</span><span class="w"> </span><span class="nx">AS4242421945</span><span class="w"> </span><span class="p">|</span><span class="w"> </span><span class="nx">R</span><span class="p">:</span><span class="w"> </span><span class="nx">AS4242421945</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="nx">protocol</span><span class="w"> </span><span class="nx">bgp</span><span class="w"> </span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;</span><span class="w"> </span><span class="nx">from</span><span class="w"> </span><span class="nx">kittunderlay</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">disabled</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">local</span><span class="w"> </span><span class="nx">as</span><span class="w"> </span><span class="mi">4242421945</span><span class="p">;</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="nx">localIP</span><span class="p">:</span><span class="w"> </span><span class="s">&#34;&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">neighbor</span><span class="w"> </span><span class="nx">fe80</span><span class="p">::</span><span class="nx">xxxx</span><span class="w"> </span><span class="nx">as</span><span class="w"> </span><span class="mi">4242421945</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">interface</span><span class="w"> </span><span class="s">&#34;&lt;IFNAME&gt;&#34;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">direct</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv4</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nf">is_valid4_loopback</span><span class="p">()</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">ipv6</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kn">import</span><span class="w"> </span><span class="nx">filter</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="nf">is_valid6_loopback</span><span class="p">()</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="nf">defined</span><span class="p">(</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="nx">then</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">else</span><span class="w"> </span><span class="p">{</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">bgp_med</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">autoMED_</span><span class="p">&lt;</span><span class="nx">IFNAME</span><span class="p">&gt;;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">accept</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nx">reject</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">};</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="p">}</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><h3 id="features">Features </h3><ul> <li>&#x2705; Full iBGP mesh configuration templates</li> <li>&#x1f4ad; Automated WireGuard tunnel deployment</li> <li>&#x2705; Route Reflector deployment models</li> <li>&#x2692;&#xfe0f; Observability and route inspection tooling</li> <li>&#x2705; NixOS friendly configurations</li> <li>&#x2705; Automated MED adjustment based on real-time network performance</li> <li>&#x1f4ad; Policy controls to bound and stabilize dynamic routing decisions</li> </ul> <blockquote> <p>(Planned &#x1f4ad; - In Progress &#x2692;&#xfe0f; - Done &#x2705;)</p> </blockquote> <h3 id="current-status">Current Status </h3><p>KittUnderlay is actively under development. Current efforts focus on stabilizing the interaction between the WireGuard underlay and iBGP control plane. Also we need to find a way to have different routing views using VRFs / PBR.</p> <p>Route Reflector behavior and scaling patterns are being tested in parallel.</p> <h3 id="getting-started">Getting Started </h3><p>Planned documentation will include:</p> <ul> <li>Building a WireGuard full mesh underlay</li> <li>Establishing iBGP sessions across all nodes</li> <li>Advertising loopbacks without MPLS</li> <li>Transitioning from full mesh to Route Reflector topology</li> </ul> <p>The objective is to provide a progressive learning path—from simple full-mesh routing to a more scalable, production-like design.</p> <hr> <p>KittUnderlay is about building a strong foundation and applying the right level of complexity in the right place, keeping the network both powerful and understandable.</p>