=============================
DALnet IRC Network
Server Application Guidelines
=============================
Version 1.0.7
Written by Simon P (melech@DAL.net) on 25 May 2002
Last revised by brandon (brandon@DAL.net) on 10 July 2019
Copyright (c)2002-2019 The DALnet IRC Network
----------------
IMPORTANT NOTICE
----------------
This document has been produced to assist those applying to link an IRC
server to DALnet.
IT IS IMPORTANT THAT YOU READ AND UNDERSTAND THIS DOCUMENT BEFORE YOU APPLY
=============================
Contents
--------
1) Introduction
2) Overview of the Application Process
a) Starting Out
b) Application to Link a Server to DALnet
c) Routing Evaluation
d) Call for Votes (CFV)
e) Administrative Oversight Board Decision
f) The 60-day Testlink
g) Permanent Link to the DALnet IRC Network
3) Recommendations for Linking a Server to DALnet
a) Machine Specifications (hardware)
b) Operating System/Distribution Specifications
c) Bahamut (DALnet's ircd)
d) Allowed/Required Processes
e) Connectivity and Routing
f) User Load
g) Permission to Run an IRC Server
h) Out-of-pocket servers
4) Information for Sponsor/Hosting Provider
a) Routing Issues
b) Security Issues
c) Filtering Issues
5) Other Important Information
a) Rights and Responsibilities of DALnet Staff
b) Choosing Server Staff
c) Your Motivation for Applying
6) Useful Links
a) The DALnet Server Application Website
b) The DALnet IRCd (Bahamut) Website
c) History of DALnet
7) Contact Details
===============================================
1) Introduction
------------
DALnet is a non-profit organisation. It relies on the generosity of its
supporting ISPs to provide the hardware and bandwidth necessary to run
the IRC network. It also relies on the hard work of over 200 voluntary
staff - the IRC Operators.
The continued success of DALnet is dependant upon providing a first
class service to its users. A key part of this is accessibility to the
network. DALnet's client capacity must continually expand to meet ever
growing user numbers. At the time this document was first written,
DALnet had over 120,000 concurrent client connections.
The aim of this document is to assist prospective server administrators
by providing a single source of information on the server application
process. Following the recommendations contained within this document
is obligatory but does not in itself guarantee that your server will be
linked to DALnet.
Linking a server to DALnet is a considerable responsibility. You must
have the dedication, resources, ability and equally important, the
correct motivation. If you believe you possess these qualities, we can
guide you through the process.
2) Overview of the Application Process
-----------------------------------
a) Starting Out
The process starts when you, the prospective server administrator,
decide you are interested in linking a server to DALnet. At this stage
you will need to consider technical, financial and motivation issues.
The first question you should ask yourself is: Why do I want to link to
DALnet? Your primary motivation should be to help the continued success
of the network. We will return to this question later in this document.
'Stability' is a key factor in the success of an application. This
equally applies to the technical, personal and financial aspects of your
server application.
We are looking for servers with good bandwidth and connectivity, in most
cases hosted and sponsored by ISPs or network operators.
There are several tasks you need to do at this stage:
It is recommended that you and your staff register your nicks on
DALnet. Information on how to register your nickname can be found at
http://docs.dal.net/docs/nsemail.html
b) Application to Link a Server to DALnet
By the time you reach this stage, all technical aspects of your server
should be at the stage where you are totally ready for an immediate link
to the IRC network. You should also be fully aware of the application
process and of what is expected from you and your staff.
This is the first official step in linking a server to the DALnet
IRC Network. The process from hereonin is controlled by the
Administrative Oversight Board of DALnet. All inquiries should be
addressed in the first instance to apply@dal.net. This is also
the address to send your completed server application form.
The current application form for linking a server to DALnet can be
found at http://www.dal.net/admin/vote/serverapp.php3 and is
regularly updated.
Your application will be judged to a large extent on the content and
professionalism of your application form, so please take time to fill it
out to the best of your ability. It is essential that you are truthful
and accurate. Your application will be scrutinised and if found to be
intentionally false, will be denied and you will be barred from being
involved with this network.
UPDATE - Assistant Administrators:
Please note that you are not allowed to nominate an assistant
administrator in your application.
c) Routing Evaluation
Once your application has been received at apply@dal.net, it will
proceed to routing evaluation. Here, your application will be subject
to detailed questions on its routing and connectivity. In addition to
this, the Routing team will give advice on issues relating to Denial of
Service attacks and how to best filter them or mitigate the damage
caused by them. Your sponsor and/or hosting provider will be contacted
during this stage of the application process to ensure the accuracy of
your application.
d) Call for Votes (CFV)
DALnet server administrators are given the opportunity to vote on
whether to grant your server a 60-day testlink to the main DALnet
IRC network.
e) Administrative Oversight Board Decision
If less than 2/3rds of eligible server administrators participate in the
vote OR if less than 2/3rds of the participating server administrators
vote either "yes" or "no," then the final decision lies with the
Administrative Oversight Board of DALnet.
f) The 60-day Testlink
If you have been granted a testlink to DALnet, then you will be
contacted by DALnet's routing team to swap connect block info for your
server.
Your server's routing and connectivity will be further evaluated
during this period to ensure that it performs adequately.
g) Permanent Link to the DALnet IRC Network
If, after 60 days of testlink your server is considered by the
Routing team and Administrative Oversight Board to be adequate,
you will be granted a permanent link.
3) Recommendations for Linking a Server to DALnet
----------------------------------------------
a) Machine Specifications (hardware)
DALnet client servers are required to be dedicated physical servers. We
do not accept virtual client servers at this time. The server must
have at least 4GB of RAM and a modern CPU (generally, any CPU released
in the last 10 years is sufficient). A gigabit NIC is required, but a
10 gigabit NIC is recommended.
b) Operating System/Distribution Specifications
DALnet requires a UNIX based operating system (FreeBSD, OpenBSD, Linux,
etc).
You are required to have enough file descriptors compiled in your kernel
to satisfy your stated maximum client number.
For assistance in setting up and securing your FreeBSD box, we are
including the following link for historical reasons. DALnet does not
warrantee the accuracy of this document. It is extremely outdated,
but still contains some concepts which may be useful to modern system
administrators:
Securing FreeBSD 4.5-STABLE for ircd by Tim Baur (tbaur):
http://www.dal.net/admin/vote/seceval.php3
c) Bahamut (DALnet's ircd)
You must be running the latest copy of DALnet's ircd - bahamut. It
can be found at https://www.dal.net/?page=Bahamut
d) Allowed/Required Processes
The machine must be dedicated to running the IRC server. This means
that it cannot be running anything other than essential OS processes
needed by the IRC server or needed to secure the machine. In question
1h of the application, make sure you state "yes."
You are also required to run a time sync program. DALnet currently
recommends using a ntpdate crontab, or running ntpd.
e) Connectivity and Routing
The server needs to be located on a network with at least 10 GB/sec
connectivity to the Internet. We highly recommend configuring a
separate interface for management connectivity (e.g. ssh for admins)
on a different subnet that utilizes static routing to further
restrict access and protect the machine. If not, SSH needs to be
running on a nonstandard port and strictly firewall/ACL controlled.
f) User Load
Question 4b of the application form asks how much outgoing bandwidth is
dedicated to the IRC server. In addition, question 1k asks for the
maximum number of clients your server will be able to hold. The amount
of bandwidth stated in your answer to auestion 4b must be sufficient to
hold the number of clients stated in your answer to Question 1k.
For North-American (USA/Canada) based servers:
You must be prepared and able to support a minimum of 2,500 concurrent
user connections. The ability to support 5,000 users is recommended.
For servers located in all other areas:
You must be prepared and able to support a minimum of 2,000 concurrent
user connections. The ability to support 5,000 users is recommended.
As a rough rule, a decently sized public client IRC server will use
about 1Mbit/sec per 1000 users (95th percentile) or 600GB/month per
1000 users (inbound + outbound) data transfer. For example a server
with 5000 users will use about 5 Mbit/sec, or 3000 GigaBytes/month
inbound + outbound total data transfer. This is assuming normal
operating conditions. During synching to the network, your server
might burst to higher usage than this. See below for information on
the problems of Denial of Service attacks.
g) Permission to Run an IRC Server
All applications are now REQUIRED to provide the HOSTING SITE'S contact
information and permission. The hosting site will be contacted about
your application to ensure that they know of, support and agree to your
application.
h) Out-of-pocket Servers
The costs involved in hosting an IRC server are often unpredictable due
to the cost of bandwidth and the risk of Denial of Service Attacks. It
is not feasible for an individual to absorb these costs. DALnet does
NOT accept applications for servers that are paid for out-of-pocket by
an individual. Servers MUST be sponsored by a hosting company or
network operator. If you are paying for the server you would like to
link, you need not apply.
4) Information for Sponsor/Hosting Provider
It is important that the ISP who hosts your IRC server is aware of a
number of important issues that could effect their network. During the
server application process, we will be contacting them to ensure they
are aware of these issues.
a) Bandwidth
The minimum connectivity mentioned in Section 3e of this document
refers to the entire bandwidth for the ISP at the location where
the IRC server is housed. Section 3f of this document states how
much bandwidth will be recommended for the IRC server. Obviously,
it is unwise for you to agree to dedicate the majority of your
bandwidth to an IRC server.
The IRC server should ideally be given a minimum of 100Mbit/s under
normal operating conditions, with the ability to burst beyond this if
necessary.
If you are unable to meet such recommended criteria, then perhaps it is
better that you don't sponsor/host an IRC server.
b) Denial of Service Attacks
Unfortunately, IRC servers do attract their fair share of attacks. This
is not something unique to DALnet (or other IRC networks). All major
ISPs have suffered from some form of Denial of Service attacks in recent
times.
There are a number of ways you can protect your network to remove and/or
mitigate the effect of such attacks.
For network operators:
Your core/border routers should filter ICMP and UDP traffic to the IRC
server. This will prevent 'smurf' and fragmented ICMP attacks. You
should also consider blocking ICMP and UDP traffic being sent TO your
core/border routers (but still allow such traffic to pass through to
parts of your network that require it). This will prevent your network
being attacked and is generally considered best practice.
For smaller ISPs:
It is imperative to get the support and assistance of your uplink
provider(s) to filter out malicious ICMP and UDP traffic upstream.
For both:
The IRC server should be protected against malicious TCP traffic,
especially SYN|ACK flooding. There are a number of ways that this can
be accomplished. A hardware firewall, acting as a proxy (only passing
on completed TCP connections) may be of use. Syncookies will also help.
Bad source IPs should be filtered out as high up the network as possible
and connections from specific hosts should be rate limited.
5) Other Important Information
a) Rights and Responsibilities of DALnet Staff
See http://docs.dal.net/docs/operinfo.html for more information.
b) Choosing Server Staff
Choose your staff carefully. If you choose someone inappropriate, then
it will have a detrimental effect on your chances to link to DALnet.
Therefore, only choose people who you truly know will be responsible and
won't abuse their privileges.
If you're stuck for choosing server staff, then ask a current member of
staff if they have any recommendations.
Please note that DALnet does not allow you to nominate an assistant
administrator (AA) on your server application form. The right to appoint
an AA is subject to a separate admin CFV after you are fully linked to
the network.
c) Your Motivation for Applying
Your primary motivation should be to help DALnet by providing a stable
server with good technical specification and a professional staff.
No-one is expecting you to be totally altrusistic. But you should
always put DALnet's interests first.
6) Useful Links
a) The DALnet Server Application Website
http://www.dal.net/?page=routing
b) The DALnet IRCd (Bahamut) Website
http://bahamut.dal.net/
c) History of DALnet
http://docs.dal.net/docs/history.html
7) Contact Details
For all enquiries once you have applied:
apply@dal.net
|