Slow Servers: Network Layout

This is a general layout of our network, for the curious.

Our 1/3 cabinet is in Neutron's datacenter in Spokane, Washington. It's fed by a CAT 5E cable that goes to Ardent Networks. Ardent Networks has allocated 142.249.45.8/29 for us. 2602:fa64:2:1100::/64 is used for connecting Freya (Slow Server's router) with Ardent Network's router.

Ardent Networks listens on 2602:fa64:2:1100::1, while Freya listens on 2602:fa64:2:1100::2. Anything destined for our IP block, 2602:f5ef::/48 is sent to Freya. Ardent Networks is currently fed by HE.net and Crunchbits.

From there, Freya routes a /56 to each host server, and each host server has /56 routes for other host servers. This keeps host-to-host traffic off of Freya.

Each VPS has a /64 allocation from the host's /56.

Thus, it's a fully routed configuration. Freya runs pf with antispoofing, and each host runs pf with antispoofing as well. This prevents customers from spoofing other customer's IP addresses. Which, to be fair, normally doesn't happen. But it's best to make sure it can't happen in the first place.

A VPS host talks to a VPS via a tap interface. Both Freya and every VPS host have IPv6 forwarding enabled. There is no IPv4 forwarding.

External facing services

IPv6

• 2605:f5ef::b5d: This is mirror.ssvr.net, which works both inside and out. It provides a partial OpenBSD mirror.
• 2602:f5ef::fe5f:2062: freya.ssvr.net authoritative DNS

IPv4

• 142.249.45.10: freya.ssvr.net authoritative DNS
• 142.249.45.11: SNIProxy for legacy IPv4 users to reach certain services configured on our IPv6-only VPSs.
• 142.249.45.12: If you see this IP, it's one of our VPSs using our SOCKS proxy for legacy outbound IPv4 access.

Internal-only services

• 2602:f5ef::1:0: Recursive DNS resolution + NTP.
• 2602:f5ef::1080: SOCKS proxy endpoint for legacy IPv4 access.

All of the IPs above are currently handled by Freya.

Externally hosted services

DNS + monitoring

• ceto.ssvr.net: Hosted on ARP Networks VPS.
• ate.ssvr.net: Hosted on a IRCNow VPS.
• eos.ssvr.net: Hosted on OpenBSD.Amsterdam VPS.

These three servers offer slave DNS services and monitor both eachother and our 1/3 cabinet at Neutron.

ceto.ssvr.net hosts our status page, status.slowservers.net.

In the future I would like to merge monitoring logs from ate.ssvr.net and eos.ssvr.net with the published events on ceto.ssvr.net.

Slow Servers Status (Gemini)

Slow Servers Status (HTTPS)

Return to the index.