this post was submitted on 30 Jan 2026
18 points (100.0% liked)

GrapheneOS [Unofficial]

4071 readers
8 users here now

Official announcements from the GrapheneOS project.

Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

Search c/GrapheneOS.

For discussions about the GrapheneOS project, visit our forum or join our community chat.

Our Code of Conduct.

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility. This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

Please use our official install guides for installation and check our features pageusage guide and FAQ for information before asking questions in our discussion forum or chat rooms to get as much information as possible from what we've already carefully written/reviewed for our site.

Contact the moderators of this community if you have any questions or concerns.

founded 4 years ago
MODERATORS
KindnessInfinity@lemmy.ml
maade@lemmy.ml
akc3n@lemmy.ml
treequell@lemmy.world
other8026@lemmy.ml
Metr0pl3X@lemmy.ml
akc3n@grapheneos.social
Skorp@sh.itjust.works
18
GrapheneOS Server Infrastructure Now All Using New ASN & More (grapheneos.social)
submitted 1 week ago by KindnessInfinity@lemmy.ml to c/grapheneos@lemmy.ml
1 comments fedilink hide all child comments
 

We're now using our own autonomous system and IP space for 3 of our networks. We run 2 entirely separate anycast DNS networks for our authoritative DNS and have a simpler unicast setup on a bare metal server at Xenyth which we'll be using for more soon.

https://bgp.tools/as/40806

Our ns1 network has 11 locations on Vultr (Piscataway, Miami, Los Angeles, Seattle, São Paulo, London, Frankfurt, Singapore, Mumbai and Tokyo).

Our ns2 network has 8 locations on Misaka.io (Ashburn, Miami, San Jose, Seattle, London, Berlin, Singapore and Tokyo).

Vultr and Misaka.io both have very good transit and peering for anycast due to having matching transit providers within regions and globally.

Both anycast networks needed a lot of configuration with BGP communities for traffic engineering and are working very well.

Our anycast networks are deployed with 2x IPv4 /24 obtained we quickly obtained for free from ARIN via NRPM 4.10 + NRPM 4.5.

We could use our own IPv6 space everywhere we have BGP if we wanted to do that since we have a /36 which can be expanded into more space reserved for us.

ARIN has approved our request for an IPv4 /22 via their waitlist but it will take around 18 to 36 months for the waitlist to progress to our request. For now, we're using an IPv4 /24 loaned to us for free by a Romanian LIR supporting GrapheneOS for our unicast Toronto IP space.

Our current bare metal server at Xenyth is sponsored by them and used as an update mirror which is using our IP space. However, our main use case for the IP space in Toronto is for our mail server which we're planning to host on-premises and tunnel the traffic through Xenyth.

Xenyth has support for routing to multiple servers announcing the same publicly routable IP space by announcing smaller blocks from specific servers so we can also pay for additional Xenyth bare metal servers or VPS instances. We'll likely be using it a fair bit in the future.

Our plan for our IPv4 /22 from the ARIN waitlist is deploying a single /24 in each of Toronto, Miami, Los Angeles and Seattle. Once we have a /22 deployed for North America, we'll qualify for getting out-of-region space on ARIN via the waitlist or transfers for Europe, Asia, etc.

The interesting parts of our BGP setup can be seen in https://github.com/GrapheneOS/ns1.grapheneos.org where we have our BGP community configuration for each ns1/ns2 location along with our setup for region steering via GeoDNS + anycast server location and failover via health checks from our DNS servers.

top 1 comments
sorted by: hot top controversial new old
[–] atropa@piefed.social 1 points 1 week ago

Ty