All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DN42 on NAT VPS – Minimum Specs & Feasibility?
minhoryang
Member
Hi all,
I’m trying to deploy DN42 on a NAT VPS, but I’m not sure what kind of specs I actually need.
First of all—hi! Recently got laid off, so I have plenty of time but not much budget. Figured this would be a good time to tinker and learn 🙂
What I’m planning to run:
Option A:
1 NAT VPS
- 1 Tailscale (WireGuard) connection for home connectivity
- 4~5 simultaneous WireGuard connections for dn42 peering
1 Raspberry Pi 4 at home: brid2 daemon + tailscale
Option B:
1 Nat VPS
- 1 Tailscale (WireGuard) connection for home connectivity
- 2~3 simultaneous WireGuard connections for dn42 peering
- Bird2 daemon
My questions:
Would all of this run on a 1 vCPU / 512 MB RAM VPS? 1G Mem?
I’m thinking of isolating each component using Docker containers — is that feasible on a NAT VPS?
Since OpenVZ is container-based, does that mean Docker won’t work there?
I’m looking for something very low-cost, preferably with a yearly plan to keep things cheap. If there are providers offering trials, I might test first before committing.
I’ve learned a lot from reading posts here—thanks in advance for any advice or ideas!
Comments
I would generally discourage purchasing OVZ containers in 2026. It's a very outdated technology. (relevant thread)
I think docker would work, but not sure how reliably. To save yourself hassle, go with KVM if you want to use docker.
While Oloke is absolutely right re OVZ, I would just add that sometimes Docker works on OVZ but it depends on the kernel version. Just avoid OVZ altogether and you will not have to ask this question.
Thank @oloke and @JohnFilch123 for the advice! I think I ended up considering OVZ just because I was digging through the cheapest providers I could find. Based on your feedback, I’ll rule OVZ out.
To be honest, I’ve been stuck in this loop for the past few hours—finding a super cheap provider, getting excited, then searching on LET and immediately seeing posts telling me to avoid it.
At this point, I’m wondering if I’m approaching this the wrong way. Given the kind of setup I described, could you help me back into a reasonable budget range? I’d rather set my expectations properly and be mentally prepared before pulling the trigger on anything.
Thanks again for the guidance!
I have never tried DN42 but my feeling is that it will work on 1c/1gb/xxGB ssd machine. Budget is probably something like circa $7-12/y. Maybe try @SKRIME I think they have got a budget machine with unlimited traffic in NL.
@minhoryang what would be your expected budget? Often times on LET, you are able to get discounted promo plans at cost well under regular price. (but almost always limited)
At around $20/year I can recommend you:
Beware those are highly discounted promo plans so no trial instances or refunds are possible.
Should be more than enough for your use-case.
any NAT VPS, with a few ports will do.
wireguard and bird run fine with 512MB or even less.
Thanks everyone for the helpful advice — really appreciate it!
I was originally thinking of a budget around ~$10/year for 2–3 NAT VPSes, but based on your suggestions, I’m starting to realize I probably need to raise that a bit and set more realistic expectations.
I did get a chance to run a few experiments last night before bed, and one thing that surprised me was that disk performance might actually become a bottleneck, especially since I was testing with a Docker-based setup.
Also, Docker seems a bit heavy on memory for what I’m trying to do, so I’m now considering moving to containerd or a lighter approach instead.
Thanks again — this really helped me rethink my approach!
TierHive maybe try these guys, they have trial.
We can run AS200690 full table on 1C1G20G.
DN42 fakenet is much smaller, so you surely can, in terms of RAM.
The UDP ports would be a limitation.
DN42 heavily utilizes WireGuard tunnels.
Normally WireGuard VPN server can have multiple peers on the same port, routing via AllowedIPs.
For DN42 usage, the routing is controlled by BGP and you have to set AllowedIPs=::/0, which means each BGP peer needs a separate UDP port.
If you only have 5 UDP ports, you can only have 5 peers.
If you want the benefits of OpenVZ without using such outdated technology, there's LXC.
https://www.racknerd.com/NewYear/
Pick up the 1GB or 2GB VPS for $18/year, it will be more than enough power. They will also double your bandwidth if you comment in the RackNerd thread on this site.
Why bother with NAT if you can have a dedicated IP address for not much more money.
Keep in mind, not all RackNerd locations have IPv6.
To run a node on DN42, you pretty much just need Bird2 and Wireguard to get started.
Not sure what you're planning on running in docker, but that could possibly turn into a bit of a headache networking wise. Maybe not as bad if you're using "network_mode: host" in docker.
I would just get a cheap VPS and dedicate it to DN42, you can always wipe it and use it for something else if you lose interest.
I'm AS4242422455 if you want to peer or you have any questions.
You could try a 1 vCPU and 1GB RAM KVM VPS for a smoother experience, especially if you're using Docker. While 512MB might work, 1GB provides more headroom for the OS and Docker overhead. Docker is perfectly feasible on a KVM NAT VPS.
512MB with Debian 13 definetly works, as one of our routers is such a VPS.
It runs bird2 with 3 eBGP and 4 iBGP+OSPF peers peers, and pdns-auth and pdns-recursor containers.
Oh, and if you want to peer, AS4242420142
Location matters more than specs. Usually 1G and 512mb are not much different in terms of price, and nowadays its harder to find 512MB ram vms. So for 1GB rams there are more options, just share preferred location.
Maybe TierHive would be an option for playing with this, I mention it because you get a whole /24 that is already meshed between locations.
If you want to write about your experiences for the wider community and log how the setup goes, I am happy to give you some free credit to play with.
@backtogeek, does TierHive support IPv6? Pretty much everybody runs dual-stack on DN42 anyway
That's a negative captain, it's coming soon though (Not with a tm)
Thanks again everyone — this has been super helpful and honestly saved me from going down a few bad paths.
After reading all your replies, I think I’ve got a much clearer picture now:
I'll choose to go minimal with multiple cheap nodes from the beginning
Also @Macguy and @glueckself — I might actually take you up on the peering offer once I get things up and running.
Appreciate all the insights — this definitely helped me reset my expectations in a good way.
I actually want to try if I can manage to get WG+Bird running stable on a 128M/1G/low-perf (the one for 0.1$/month) instance at TierHive.
apk installgets OOM killed without swap, so...Ouch! I am running alpine on 386MB
Well, can confirm, DN42 is doable with 128M + 256M swap (mostly for
)
apk adds, and I'm not sure if the BGP sessions would survive anapk upgradeNo IPv6 yet, but the v4 table is ~300kB per peer, so it should be able to support a few peerings.
Here's the relevant guide for paring down Alpine memory consumption, so that apk runs without swap:
https://tierhive.com/blog/tierhive-howto/how-to-run-alpine-with-just-23mb-ram
Yesterday, I failed to
docker buildin 1G machine with 4 wireguard containers.OMG, that's very helpful. thank you!
What do you mean with "with 4 wireguard containers"? Do you run one container for each peer?
Yes, ... am I doing it wrong?
Maybe, depending if you're just trying to get it running, or messing around/have other goals/...
If each peer is in its own container/namespace, how do you route between peers?