Stuff

index.md

@@ -121,7 +121,7 @@ _(Alphabetically sorted, so the ordering might seem a bit strange.)_
 - [FS FSOS Switches](/networking/fs-fsos-switches/)
 - [General](/networking/general/)
 - [HPE/Aruba General](/networking/hpe-aruba-general/)
-- [Internet Registry](/networking/internet-registry/)
+- [Internet Governance and Registries](/networking/inet-gov-reg/)
 - [IPv4 Theory](/networking/ipv4/)
 - [IPv6 Theory](/networking/ipv6/)
 - [Juniper EX Series Switches](/networking/juniper-ex/)

networking/inet-gov-reg.md

@@ -0,0 +1,104 @@
+---
+title: Internet Governance and Registries
+breadcrumbs:
+- title: Network
+---
+{% include header.md %}
+
+## Internet Governance
+
+- The Internet is a decentralized network of networks, created through community efforts.
+- Scope:
+    - Technical infrastructure of the Internet: Managing IP addresses, domain names, protocols etc.
+    - Content, use and impact: Policies, privacy, intellectual property, accessibility etc.
+- Importance factors (currently):
+    - Self-regulation is no longer sufficient: The Internet has grown, external involvement is needed to handle bad actors and egoistic applications.
+    - Fragmentation: The Internet is facing fragments with non-neutral user experiences, non-interoperable standards, and non-global connectivity. Examples include China's Great Firewall and Russia's Sovereign Internet Bill.
+    - Need for a shared forum: Shareholders must be able to discuss topics that may impact other shareholders and share eachother's viewpoints, instead of working only within their own silos.
+- Parties of the multistakeholder approach:
+    - Governments, national organizatons and international organizations.
+    - The private sector.
+    - The technical community.
+    - Academia.
+    - The civil society and users.
+- The IGF has defined [10 themes of topics](https://www.intgovforum.org/en/content/igf-2022-themes-descriptions) covering the Internet governance landscape, each containing a number of subtopics.
+
+## History
+
+- The US created the ARPA agency under DoD leadership in 1958 for Cold War reasons, aimed at improving and strengthening the US communication system (specifically building a decentralized structure).
+- ARPANET was created in 1969 by ARPA, consisting of four universities and funded by the DoD.
+    - The original four universities were the University of Utah, the Stanford Research Institute, the University of Santa Barbara and the University of California LA, connected with a full mesh topology and no central control. More universities later joined in, even when the Cold War started to wind down.
+    - Norway was the first non-US country connected to ARPANET in 1973, through the existing NORSAR link to the US ("Norwegian Seismic Array", also managed by ARPA). NDRE was involved with relevant research efforts. This connection was immediately thereafter extended to London.
+- TCP/IP was created by Vint Cerf and Bob Kahn, initially through a 1974 IEEE paper named "A Protocol for Packet Network Intercommunication".
+    - The initial versions of TCP/IP consisted of a monolithic "Transmission Control Program" protocol, handling both lower-layer and upper-layer features. This was split in version 3 into the Internet Protocol (IP) and the Transmission Control Protocol (TCP) to give greater flexibility.
+    - The TCP/IP protocol contains the first use of the term "internet", referring to an internetwork (a network of networks).
+    - Earlier drafts of the protocol included a 128-bit address space, but this was reduced to 32 bits in the final version of IPv4.
+    - During the flagday January 1, 1983, ARPANET switched from NCP to TCP/IP.
+- The IETF was created in 1986, utilizing consensus-based decision-making to improve the Internet.
+- BGP was described in 1989 (the "three-napkin protocol") and has been used on the Internet since 1994. This replaced "EGP" and the even older "GGP" Internet routing protocols.
+- IPv6 began standardization in 1995 and became an internet standard (highest level) in 2017. It was the result of the "IPng" IETF area created in 1993 to address mainly the pending exhaustion of the IPv4 address space.
+- The World Wide Web (WWW) was invented by Tim Berners-Lee at CERN in 1989 (public in 1991), describing HTTP, hypertext ducoments, hyperlinks etc. for sharing digital content. This application of the Internet caused the number of Internet users to grow exponentially.
+- In 1994, Tim Berners-Lee founded the World Wide Web Consortium (W3C) to maintain end develop the WWW.
+- In 1995, management of TLDs .com, .net and .org was assigned to the company Network Solutions, giving them monopoly and causing the "DNS War".
+- ICANN was established in 1998, taking responsibility for domain names and IP addresses (and other names and numbers) and forcing Network Solutions to separate its services and giving up its registry monopoly. Until 2016, Internet Assigned Numbers Authority (IANA) was part of ICANN.
+- In 2003, the UN organized the first phase of the World Summit on Information Society (WSIS) in Geneva, focusing on the growing political issue of the Internet. The second module was held in Tunis in 2005. The Working Group on Internet Governance (WGIG) was created, producing a [report](https://www.wgig.org/docs/WGIGREPORT.doc) regarding Internet governance.
+- The Internet Governance Forum (IGF) was first held in 2006 and has taken place every year since.
+- The Internet Society (ISOC) was established in 1992, with chapters all around the world. It's mission is "to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world."
+- The International Telecommunication Union (ITU) was established long before the Internet, but also takes special interest in the Internet.
+- In 1992, RIPE NCC was establishdd to manage IP address allocations for Europe, becoming the first Regional Internet Registry (RIR). The four other RIRs were soon to folow.
+- The The Number Resource Organization (NRO) was established in 2003, consisting of the four (now five) RIRs, to work on common interests.
+
+Source: Mostly RIPE.
+
+## Allocation and Assignment
+
+### Overview
+
+- IANA assigns IP blocks to RIRs.
+- RIRs assigns IP blocks to LIRs.
+- LIRs have an ASN and can sponsor ASNs for end users.
+- LIRs get "aggregatable" IP blocks (/29-/32) that can be used by themselves and/or assigned to end users, called provider aggregatable (PA) addresses. More blocks can be requested.
+- Address statuses:
+    - Allocation: Blocks assigned from RIRs to LIRs, unused until assigned.
+    - Assignment: Blocks assigned from an allocation to LIRs' own infrastructure or to end users.
+    - Provider aggregatable (PA) assignment: Space assigned from a LIR to end users. PA space goes back to the LIR if the end user is no longer affiliated with the LIR.
+    - Provider independent (PI) assignment: Space assigned from a RIR to end users, through a sponsoring LIR. End users can bring the space with them to other sponsoring LIRs, but they must sign a contract with the RIR to register and maintain it.
+    - Sub-allocation: A sub-allocation by a LIR, rarely used.
+
+### Statuses for IPv4 and IPv6 Objects
+
+| Status | IPv4 | IPv6 |
+| - | - | - |
+| Allocation | `ALLOCATED PA` | `ALLOCATED-BY-RIR` |
+| Sub-allocation | `SUB-ALLOCATED PA` | `ALLOCATED-BY-LIR` |
+| PA assignment | `ASSIGNED PA` | `ASSIGNED` |
+| PA assignment (aggregate)\* | n/a | `AGGREGATED-BY-LIR` |
+| PI assignment | `ASSIGNED PI` | `ASSIGNED PI` |
+
+(\*) Requires the `assignment-size` attribute.
+
+### Legacy Space
+
+- Legacy space are allocations made directly by IANA before the creation of RIRs.
+- It can optionally be converted to allocated PA or PI through a LIR.
+
+### IPv6 Allocations
+
+- To request an IPv6 allocation, you must be a LIR and must have a plan for making assignments within two years (for internal or customer-facing services).
+- The minimum IPv6 allocation size is /32. /29s can be requested without additional justification. /28s and larger require justification.
+- Sub-allocations can be used to e.g. allocate part of a LIRs allocation to a downstream ISP (delegation method), or to reserve space for a customer that is expected to grow (reservation method).
+
+### IPv6 Assignments
+
+- /48 is the maximum allocation for PA and PI space without further justification.
+- PA assignment:
+    - LIRs can assign their PA space as they wish, to both themselves and to end users.
+    - Multiple PA assignments of the same size can be registered in a single `AGGREGATED-BY-LIR` `inet6num` object, using the additional `assignment-size` field.
+- PI assignment:
+    - /48 is the mnimum allocation for PI space.
+    - LIRs can request PI for their own infrastructure if they have special routing requirements.
+    - LIR PI can not be sub-assigned to end users.
+    - LIRs can request PI for end users, thus acting as a "sponsoring LIR".
+- According to RIPE policies, all assignments must be registered in the RIPE Database using `inet6num` objetcs with one of the `ASSIGNED`, `AGGREGATED-BY-LIR` or `ASSIGNED PI` statuses.
+
+{% include footer.md %}

networking/internet-registry.md

@@ -1,57 +0,0 @@
----
-title: Internet Registry
-breadcrumbs:
-- title: Network
----
-{% include header.md %}
-
-## Allocation and Assignment Overview
-
-- IANA assigns IP blocks to RIRs.
-- RIRs assigns IP blocks to LIRs.
-- LIRs have an ASN and can sponsor ASNs for end users.
-- LIRs get "aggregatable" IP blocks (/29-/32) that can be used by themselves and/or assigned to end users, called provider aggregatable (PA) addresses. More blocks can be requested.
-- Address statuses:
-    - Allocation: Blocks assigned from RIRs to LIRs, unused until assigned.
-    - Assignment: Blocks assigned from an allocation to LIRs' own infrastructure or to end users.
-    - Provider aggregatable (PA) assignment: Space assigned from a LIR to end users. PA space goes back to the LIR if the end user is no longer affiliated with the LIR.
-    - Provider independent (PI) assignment: Space assigned from a RIR to end users, through a sponsoring LIR. End users can bring the space with them to other sponsoring LIRs, but they must sign a contract with the RIR to register and maintain it.
-    - Sub-allocation: A sub-allocation by a LIR, rarely used.
-
-## Statuses for IPv4 and IPv6 Objects
-
-| Status | IPv4 | IPv6 |
-| - | - | - |
-| Allocation | `ALLOCATED PA` | `ALLOCATED-BY-RIR` |
-| Sub-allocation | `SUB-ALLOCATED PA` | `ALLOCATED-BY-LIR` |
-| PA assignment | `ASSIGNED PA` | `ASSIGNED` |
-| PA assignment (aggregate)\* | n/a | `AGGREGATED-BY-LIR` |
-| PI assignment | `ASSIGNED PI` | `ASSIGNED PI` |
-
-(\*) Requires the `assignment-size` attribute.
-
-## Legacy Space
-
-- Legacy space are allocations made directly by IANA before the creation of RIRs.
-- It can optionally be converted to allocated PA or PI through a LIR.
-
-## IPv6 Allocations
-
-- To request an IPv6 allocation, you must be a LIR and must have a plan for making assignments within two years (for internal or customer-facing services).
-- The minimum IPv6 allocation size is /32. /29s can be requested without additional justification. /28s and larger require justification.
-- Sub-allocations can be used to e.g. allocate part of a LIRs allocation to a downstream ISP (delegation method), or to reserve space for a customer that is expected to grow (reservation method).
-
-## IPv6 Assignments
-
-- /48 is the maximum allocation for PA and PI space without further justification.
-- PA assignment:
-    - LIRs can assign their PA space as they wish, to both themselves and to end users.
-    - Multiple PA assignments of the same size can be registered in a single `AGGREGATED-BY-LIR` `inet6num` object, using the additional `assignment-size` field.
-- PI assignment:
-    - /48 is the mnimum allocation for PI space.
-    - LIRs can request PI for their own infrastructure if they have special routing requirements.
-    - LIR PI can not be sub-assigned to end users.
-    - LIRs can request PI for end users, thus acting as a "sponsoring LIR".
-- According to RIPE policies, all assignments must be registered in the RIPE Database using `inet6num` objetcs with one of the `ASSIGNED`, `AGGREGATED-BY-LIR` or `ASSIGNED PI` statuses.
-
-{% include footer.md %}

networking/ipv6.md

@@ -14,7 +14,9 @@ breadcrumbs:
 - [IETF RFC 8200 (STD 86): Internet Protocol, Version 6 (IPv6) Specification](https://datatracker.ietf.org/doc/html/rfc8200)
 - [APNIC: IPv6 Best Current Practices](https://www.apnic.net/community/ipv6-program/ipv6-bcp/)
 
-## Special Prefixes
+## Special Prefixes and Addresses
+
+### Prefixes
 
 | Prefix | Scope | Description |
 | - | - | - |
@@ -54,7 +56,7 @@ breadcrumbs:
 | `ff02::6b` | Link | PTPv2 messages |
 | `ff02:0:0:0:0:1:ff00::/104` | Link | Solicited-node |
 
-### Special Subnet Addresses
+### Subnet Addresses
 
 - Subnet-router anycast address: The first interface ID in every subnet (RFC 4291). (Does not apply to /127 and /128 addresses.)
 - Subnet anycast addresses: The last 128 interface IDs in every subnet (RFC 2526). (Does not apply to /127 and /128 addresses.)
@@ -201,7 +203,7 @@ breadcrumbs:
     - Not allowed for some NDP messages.
     - The first fragment must contain all headers.
 
-## Protocols and Techniques
+## Protocols
 
 ### Neighbor Discovery (ND)
 
@@ -372,7 +374,7 @@ breadcrumbs:
     - Allows nodes behind NAT to connect to tunnel servers on the internet.
 - SSH.
 
-### Tanslation Mechanisms
+### Translation Mechanisms
 
 - IP masquerading aka NAT44 (IPv4 only).
     - Limitations (apply to many other NAT approaches as well):
@@ -440,7 +442,7 @@ breadcrumbs:
 
 ## Address Planning and Implementation
 
-*Might be outdated ...*
+### Random Notes
 
 - It should support both IPv4 and IPv6, potentially IPv6-only if appropriate.
 - IPv6 should be native.
@@ -504,6 +506,14 @@ breadcrumbs:
     - Potentally lower costs if the ISPs offer different prices for different services.
     - IPv6 supports native multihoming since interfaces can be assigned multiple prefixes from different routers.
 
+### RIPE: IPv6 Fundamentals course
+
+- A subnet in IPv6 is a /64.
+- The recommended prefix length for a loopback interface is a /128.
+- It is recommended to reserve a /64 for each P2P link, even if you end up configuring a /127 on the router interface.
+- It is common to see POPs with a /48 address space as a minimum.
+It is common practice to assign to an End User a prefix size between /48 and /56.
+
 ### Philip Smith: IPv6 Address Planning (2012)
 
 *IPv6 BCP according to APNIC.*

networking/vyos.md

@@ -30,17 +30,41 @@ See [Installation (VyOS)](https://docs.vyos.io/en/latest/install.html).
     - If asked about which config to copy, either one is fine.
 1. Remove the live image and reboot.
 
+## Minimum Configuration for Remote Access (Optional)
+
+Steps to get SSH up ASAP so you can avoid the console. Assumes you already know how to configure VyOS, jump directly to "initial configuration" if not.
+
+1. Log in as `vyos` with the password you set during installation.
+1. Set an IPv4/IPv6 address for the interface you intend to connect through.
+    1. Add address: `set int eth eth0 address 10.0.0.10/24` (example)
+    1. Add DHCP address (alternative): `set int eth eth0 address dhcp` (example)
+1. Set the default route as a static route, if you don't connect from the connected network configured above and are not using DHCP.
+    1. Add route: `set protocols static route 0.0.0.0/0 next-hop 10.0.0.1`
+1. (Optional) Set DNS servers.
+    1. Add server: `set system name-server <ip-address>`
+1. Set the time zone. NTP servers are already configured, but might not be syncing yet.
+    1. Set time zone: `set system time-zone Europe/Oslo` (example)
+    1. Commit.
+    1. Check time: `run show date`
+1. Add proper user, remove default user:
+    1. Add new user: `set system login <user> authentication plaintext-password "<password>"`
+    1. Commit, log out, log in as new user.
+    1. Delete old user: `delete system login user vyos`
+1. Enable SSH, without root auth:
+    1. Enable: `set service ssh`
+1. Commit, save and try to connect through SSH.
+
 ## Initial Configuration
 
-An example of a full configuration. Except intuitive stuff I forgot to mention.
+An example of a full-ish configuration. Skip any steps already done in "minimum configuartion for remote access".
 
 1. Log in as user `vyos` and password as set in the installation (or `vyos` if using the live media).
     - It'll drop you directly into operational mode.
-1. Fix the keyboard layout:
-    - Run config TUI: `set console keymap`
-    - **FIXME**: This doesn't seem to work. Relogging or restarting doesn't help either.
 1. Enter configuration mode: `configure`
     - This changes the prompt from `$` to `#`.
+1. Set the keyboard layout:
+    1. Set: `set system option keyboard-layout no` (Norwegian)
+    1. Apply: `commit`
 1. Set hostname:
     1. Hostname: `set system host-name <hostname>`
     1. Domain name: `set system domain-name <domain-name>`

personal-device/arch-i3.md

@@ -169,8 +169,7 @@ Note: The use of `sudo` in the text below is a bit inconsistent, but you should
     1. Install iwd to manage wireless connections: `pacman -S iwd`
     1. Create the `netdev` group to allow users to control `iwd`: `groupadd -r netdev`
     1. Configure iwd:
-        - (Note) Config file: `/etc/iwd/main.conf` (INI)
-        - (Optional) Disable periodic scanning when disconnected: In section `[Scan]`, set `DisablePeriodicScan=yes`.
+        - See example config below for config `/etc/iwd/main.conf`.
     1. Enable iwd: `systemctl enable --now iwd.service`
         - If this fails, you may need to reboot.
     1. Setup the network config:
@@ -558,9 +557,9 @@ See [PipeWire (Applications)](../applications/#pipewire) for more config info.
 
 - Setup secure boot using your own keys.
 
-### Notes and Snippets
+## Config Snippets
 
-#### systemd-networkd Network Config
+### systemd-networkd Network Config
 
 File: `/etc/systemd/network/en.network` (example)
 
@@ -597,7 +596,22 @@ UseDNS=yes
 UseDomains=yes
 ```
 
-#### iwd eduroam Config
+### iwd Config
+
+File: `/etc/iwd/main.conf`
+
+```ini
+[General]
+AddressRandomization=network
+
+[Settings]
+AutoConnect=true
+
+[Scan]
+DisablePeriodicScan=no
+```
+
+### iwd eduroam Config
 
 File: `/var/lib/iwd/eduroam.8021x` (for SSID `eduroam`)
 
@@ -618,7 +632,7 @@ Place the CA certificate in `/var/lib/iwd/eduroam.crt`.
 
 NTNU template:
 
-```
+```ini
 [Security]
 EAP-Method=PEAP
 EAP-Identity=anonymous@ntnu.no
@@ -632,7 +646,7 @@ EAP-PEAP-Phase2-Password=<password>
 AutoConnect=true
 ```
 
-#### Polybar Launch Script
+### Polybar Launch Script
 
 File: `~/.config/polybar/launch.sh`
 
@@ -645,7 +659,7 @@ killall -q polybar
 polybar main >/dev/null 2>&1 &
 ```
 
-#### Polybar Spotify Module
+### Polybar Spotify Module
 
 File: `~/.config/polybar/config`
 
@@ -659,7 +673,7 @@ exec = python /usr/share/polybar/scripts/spotify_status.py -f '{song}' -t 25 -q
 format-underline = #1db954
 ```
 
-#### Alacritty Config
+### Alacritty Config
 
 File: `~/.config/alacritty/alacritty.yml`
 
@@ -678,7 +692,7 @@ import:
   - ~/.config/alacritty/dracula.yml
 ```
 
-#### Rofi Config
+### Rofi Config
 
 file: `~/.config/rofi/config.rasi`
 
@@ -689,7 +703,7 @@ configuration {
 @theme "glue_pro_blue"
 ```
 
-#### Xorg Monitors
+### Xorg Monitors
 
 File: `/etc/X11/xorg.conf.d/10-monitor.conf`
 
@@ -706,7 +720,7 @@ Section "Monitor"
 EndSection
 ```
 
-#### Xorg DPMS
+### Xorg DPMS
 
 File: `/etc/X11/xorg.conf.d/20-dpms.conf`
 
@@ -728,7 +742,7 @@ Section "Extensions"
 EndSection
 ```
 
-#### i3 Media Keys
+### i3 Media Keys
 
 File: `~/.config/i3/config`
 
@@ -743,7 +757,7 @@ bindsym XF86AudioPrev exec --no-startup-id playerctl previous
 bindsym XF86AudioNext exec --no-startup-id playerctl next
 ```
 
-#### i3 Volume Keys
+### i3 Volume Keys
 
 File: `~/.config/i3/config`
 
@@ -757,7 +771,7 @@ bindsym XF86AudioMute exec --no-startup-id pamixer -t
 bindsym XF86AudioMicMute exec --no-startup-id pamixer --default-source -t
 ```
 
-#### i3 Maim Screenshot Keys
+### i3 Maim Screenshot Keys
 
 File: `~/.config/i3/config`
 

virt-cont/virtualbox.md

@@ -16,6 +16,7 @@ I'll only focus on using it with KVM (and QEMU) here.
 1. Install stuff: `sudo pacman -S virtualbox virtualbox-host-modules-arch virtualbox-guest-iso`
 1. Enable extra network modules: Add `vboxnetadp` annd `vboxnetflt` as lines in `/etc/modules-load.d/vbox.conf`, then update initramfs with `mkinitcpio -P` (unknown if this is required).
 1. Give yourself extra permissions: `sudo usermod -aG vboxusers $(whoami)`
+1. Disable network range check for created networks: `echo "* 0.0.0.0/0 ::/0" | sudo tee /etc/vbox/networks.conf`
 
 ## Usage