blockdiag internet intranet br0 extmon router infra02 container1 container2 containerX

IPv4 network

blockdiag internet intranet 2001:7b8:616:162:1::/80 br0 2001:7b8:616:162:2::/80 2a01:4f8:c2c:a5b9::1 extmon router ...:1::10 ...:2::1 infra02 container1 container2 containerX

IPv6 network


CAcert has a public Internet IPv4 address range and some of the Internet IP addresses are mapped to the infrastructure systems.

The infrastructure systems use IPv4 addresses from the subnet.

IPv6 connectivity is also available. The infrastructure IPv6 addresses are taken from the 2001:7b8:616:162:1::/80 and 2001:7b8:616:162:2::/80 ranges.

External monitoring is provided from the ranges and 2a01:4f8:c2c:a5b9::1/128.


CAcert’s infrastructure systems are using a private network range that is accessible from other CAcert systems. The Intranet IPv4 addresses are in the subnet.


The infrastructure host Infra02 has a local bridge interface br0 that is used to connect the containers on that machine and allows explicit routing as well as services that are purely internal and are not reachable from the Internet or Intranet machines in the IP range mentioned above.

The local bridge uses IPv4 addresses from the range. IPv6 addresses are directly assigned to containers from the 2001:7b8:616:162:2::/80 range.