Physical and network infrastructure - Late 2022

As of now, 7 servers spread across Europe are in production.

• FRA-01 (Versailles)

• FRA-02 (Velizy)

• FRA-03 (Velizy)

• DEU-02 (Nuremberg)

• DEU-03 (Jena)

• NOR-01 (Oslo)

• NLD-01 (Amsterdam)

FRA-01 and DEU-03 are hypervisor servers.

As of December 12, the Synost and Strimy services are hosted on these machines. The services run as Docker images on virtual machines that are backed up every night to three different S3 services provided by Scaleway, Storj and Backblaze B2.

Cloudflare is used as the DNS provider and also acts as a global reverse proxy / anti-DDoS layer.

The DNS records point to 2 IPv4 addresses and 2 IPv6 addresses. The first IPv4 address belongs to the DEU-03 server. The FRA-01 hypervisor, hosted at home, is behind a NAT and the HTTPS and HTTP ports are not available. To work around that, the FRA-02 server, which has two IPv4 addresses, establishes a WireGuard tunnel and routes one of those IPv4 addresses to the FRA-01 hypervisor. The process is explained in this post: Routing a public IPv4 address through a NAT.

The hosted services are also reachable over IPv6. For this, an IPv6 tunnel broker provided by Hurricane Electric is used. This tunnel encapsulates IPv6 packets inside an IPv4 tunnel (6in4).

This tunnel is temporary. The goal is to operate my own /48 IPv6 subnet. RIPE has assigned me the subnet 2a12:dd47:8333::/48 and I was still waiting for my ASN at the time of writing.

The Route48 project and the Vultr infrastructure will announce that subnet to the rest of the Internet.