Architecture - tools.as53654.net

Browser (Client-Side)

Application

Single-page app, no build step

index.html with inline CSS/JS

Client-only features:

Subnet Calc (IPv4/IPv6)

Time, Binary Clock, Lunar Phase

CDN Dependencies

D3.js v7

Data visualization

Leaflet.js 1.9.4

Interactive maps

Google Fonts

JetBrains Mono, Space Grotesk

OpenStreetMap tiles

Map tile provider

External Client APIs

api4.ipify.org

IPv4 detect

api6.ipify.org

IPv6 detect

Called directly from browser

HTTPS + WSS (TLS)

Nginx 1.24.0 (Reverse Proxy + Static Files)

/Static files (HTML/CSS/JS)

/api/*Proxy to backend (REST, adds X-Real-IP)

/ws/*Proxy to backend (WebSocket upgrade)

TLS: Let's Encrypt (auto-renewed)

localhost:8000

FastAPI Backend (127.0.0.1:8000)

REST Endpoints

GET/api/lg/summary (10/minute)

GET/api/bgp-graph

GET/api/myip

GET/api/ipinfo (30/minute)

GET/api/geoip (30/minute)

GET/api/rpki (30/minute)

GET/api/irr (30/minute)

GET/api/tcp-check (10/minute)

GET/api/port-scan (3/minute)

GET/api/route-leak (10/minute)

GET/api/bgp-history (10/minute)

GET/api/asn (20/minute)

GET/api/ntp-status (10/minute)

GET/api/ntp-count (60/minute)

GET/api/ntp-clients (6/minute)

GET/api/ntp-history (60/minute)

GET/api/network-status (60/minute)

GET/api/wan-series (30/minute)

GET/metrics

GET/health

WebSocket Endpoints

WS/ws/mtr

WS/ws/ping

WS/ws/dig

WS/ws/whois

WS/ws/lg/bgp-route

WS/ws/lg/more-specifics

WS/ws/lg/ping

WS/ws/lg/traceroute

Runtime

Python 3.12 + Uvicorn

Single-file FastAPI backend

Managed via systemd

Libraries

slowapirate limiting

prometheus_clientmetrics export

asyncsshSSH to router

geoip2MaxMind reader

aiohttpasync HTTP

subprocess / SSH / mmap

Data Sources

System Binaries (subprocess)

/usr/bin/chronyc

/usr/bin/curl

RDAP JSON fetch (-4 flag)

/usr/bin/dig

DNS lookups, Team Cymru ASN

/usr/bin/mtr

Traceroute (JSON output)

/usr/bin/ping, ping6

ICMP probes

/usr/bin/timedatectl

NTP/time status

SSH to Router (asyncssh)

MikroTik CCR2216 (RouterOS 7)

SSH with key-based auth

Read-only restricted user

Provides

BGP routes, AS paths, peer count

Ping, traceroute, NTP status

Router identity

Prometheus (OOB Network)

Monitoring VM

Queried over OOB management net

Provides

BGP session state & uptime

WAN throughput (rx/tx bps)

Rate limit hit counters

Local Data Store

MaxMind GeoLite2-City

GeoLite2-City.mmdb (~62MB)

Details

Memory-mapped at startup

Auto-updated weekly (cron)

Service restarted after update

DNS / HTTPS

External Services

Team Cymru DNS

*.origin.asn.cymru.com

*.origin6.asn.cymru.com

AS<n>.asn.cymru.com

Used by

MTR enrichment, WHOIS BGP origin

/api/ipinfo, BGP graph ASN resolution

RDAP Registries

Bootstrap: rdap.org

Redirects to correct registry

Registries

ARIN, RIPE, APNIC

LACNIC, AFRINIC

Verisign (domains)

Port 43 blocked; uses HTTPS

Data Flow by Feature

Ping / MTR

Browser→WS→FastAPI→subprocess(ping/mtr)→Team Cymru

DNS Lookup

Browser→WS→FastAPI→subprocess(dig)

WHOIS / RDAP

Browser→WS→FastAPI→curl→rdap.org→registry

+ dig -> Team Cymru (BGP origin)

+ /api/geoip -> local GeoLite2 mmdb

Looking Glass

Browser→WS→FastAPI→SSH→MikroTik router

BGP Graph

Browser→REST→FastAPI→SSH→MikroTik→Team Cymru

My IP

Browser→ipify (detect)→/api/ipinfo→dig→Team Cymru

GeoIP

Browser→REST→FastAPI→geoip2→local GeoLite2-City.mmdb

NTP Status

Browser→REST→FastAPI→NTP270 HTTP JSON + chronyc + timedatectl

Network Status

Browser→REST→FastAPI→Prometheus (OOB)→SNMP/SSH metrics

Frontend Tabs (11 tabs)

1.ping / mtrICMPICMP ping or traceroute with ASN enrichment

2.dns lookupUDP/53dig queries (A, AAAA, MX, NS, TXT, SOA, PTR, CNAME)

3.whoisRDAPRDAP + BGP origin + GeoIP map

4.subnet calcIPv4/6Client-side IPv4/IPv6 CIDR calculator

5.looking glassBGPBGP routes, more-specifics, ping, traceroute

6.bgp graphLIVED3.js hierarchical transit map

7.my ipWANIPv4/IPv6 detection with ASN info

8.time & ntpLIVEClocks, binary clock, lunar phase, NTP status

9.network statusLIVELive BGP sessions, WAN throughput sparkline

10.aboutAS53654Network info, tools list, security details

11.tetris????Easter egg (Konami code)

Static Pages (5 pages)

1.index.htmlMain application (single-page app)

2.architecture.htmlArchitecture - tools.as53654.net

3.lab.htmlLab — tools.as53654.net

4.ntp-clients.htmlNTP Pool Clients — tools.as53654.net

5.test.htmltools.as53654.net — AS53654 Network Tools

Served as static files by nginx

Network Identity

AS53654 — TJF Holdings, Layton, UT

IPv4: 142.248.192.33 IPv6: 2602:f98d:11::33

Upstreams: AS18914 (ETS Telco), AS6315 (XMission)

IPv6 allocation: 2602:f98d::/40

Router: MikroTik CCR2216 (RouterOS 7)

Host: tools.as53654.net (nginx + uvicorn)

Rate Limits (16 endpoints)

/api/asn20/minute

/api/bgp-history10/minute

/api/geoip30/minute

/api/ipinfo30/minute

/api/irr30/minute

/api/lg/summary10/minute

/api/network-status60/minute

/api/ntp-clients6/minute

/api/ntp-count60/minute

/api/ntp-history60/minute

/api/ntp-status10/minute

/api/port-scan3/minute

/api/route-leak10/minute

/api/rpki30/minute

/api/tcp-check10/minute

/api/wan-series30/minute

Keyed by X-Real-IP header

Security Notes

Port 43 blocked outbound

RDAP curl uses -4 (IPv6 unreliable)

SSH key auth only (no password)

TLS via Let's Encrypt (auto-renew)

/metrics on OOB port 8080 only

Diagram auto-generated from source

tools.as53654.net — System Architecture