A high-assurance alternative to commercial speedtests. CF-NDS is designed to provide network engineers with the raw data required to diagnose routing interference, BGP hijacks, or ISP throttling without the privacy risks of third-party telemetry.
-
Zero-telemetry speedtest: Powered by LibreSpeed, ensuring your metadata is not sold.
-
BGP path visibility: Integrated Hyperglass instance for real-time routing forensics.
-
Jitter persistence: SmokePing implementation to visualise link degradation over weeks, not seconds.
-
Hardened access: Centralised behind a WAF with strict rate-limiting to prevent probe poisoning.
-
Dual passive/active forensics: Zeek/Suricata listening + Hyperglass/SmokePing/LibreSpeed probes for OSI-layer visibility.
-
Alerting with retention: Webhook/ntfy hooks plus bitemporal SmokePing history for policy-aware SOC response.
See TOPOLOGY.md for a visual architecture map and completion dashboard.
-
Verification chain: Cerro Torre (bundle verification) → Svalinn (policy gate) → Vörðr (orchestration) → selur (IPC).
-
Data plane: VerisimDB federation + VCL, ArangoDB for path/graph forensics, Dragonfly for realtime cache.
-
API plane: GraphQL gateway with module-based entitlements and proof envelopes on every response.
-
Realtime: WebSocket/SSE subscriptions (no RTSP) with per-module streams.
See specs/ for the bottom-up K9 components and rendered AsciiDoc outputs, including:
-
active-probe.adoc– the Hyperglass/SmokePing/LibreSpeed HUD modules. -
alerting-retention.adoc– webhook/ntfy triggers plus SmokePing retention tiers into VerisimDB. -
known-limitations.adoc– guardrails for relative binds, secrets, automation throttles, and regen mechanics.
A high-density, SOC-style dashboard: a dark-mode forensics portal built on Dashy or Heimdall. Unlike a standard speedtest that provides one large number, this is a multi-widget HUD for rapid network triage.
| Region | Component | Visual elements |
|---|---|---|
Header |
Global status |
Real-time traffic-light system for ISP health and WAF status. |
Left rail |
Toolbox |
Quick-launch icons for Hyperglass (MTR), SmokePing, and Nmap. |
Centre deck |
Speed telemetry |
Minimalist LibreSpeed widget (no ads, no tracking) showing up/down/jitter. |
Right rail |
Path analysis |
Live looking-glass output showing the current BGP path to your edge. |
Footer |
Audit log |
Chronological feed of network anomalies or WAF-blocked reconnaissance. |
This suite is intended for private deployment. Public exposure without the Phase 3 hardening (WAF/mTLS) is strictly discouraged to prevent external actors from mapping your internal routing.
