Network Layer
The network layer provides geographic routing and anonymization for all cbintel operations. It consists of three main components:
- OpenWRT Cluster - 16 VPN-enabled worker devices
- VPN Banks - Geographic proxy pools
- Tor Gateway - Anonymous and dark web access
Architecture Overview
graph TB
subgraph "Application Layer"
JOBS[Jobs API]
GRAPH[Graph Executor]
end
subgraph "Routing Layer"
GEO[GeoRouter<br/>Geographic Selection]
end
subgraph "VPN Infrastructure"
CLUSTER_API[Cluster API :9002]
MASTER[Master Router<br/>17.0.0.1]
HAPROXY[HAProxy<br/>Ports 8890-8999]
subgraph "Workers (16x)"
W1[Worker 1]
W2[Worker 2]
W16[Worker 16]
end
end
subgraph "Tor Infrastructure"
TOR_API[Tor Gateway<br/>tor.nominate.ai]
TOR_POOL[Tor Worker Pool]
end
subgraph "Exit Points"
PROTON[ProtonVPN<br/>12,900 profiles<br/>127 countries]
TOR_EXIT[Tor Exit Nodes]
end
JOBS --> GEO
GRAPH --> GEO
GEO -->|VPN Route| CLUSTER_API
GEO -->|Tor Route| TOR_API
CLUSTER_API --> MASTER --> HAPROXY
HAPROXY --> W1 & W2 & W16
W1 & W2 & W16 --> PROTON
TOR_API --> TOR_POOL --> TOR_EXIT
Quick Reference
| Component |
Module |
API Endpoint |
| OpenWRT Cluster |
cbintel.cluster |
network.nominate.ai |
| VPN Banks |
cbintel.cluster.services |
/api/v1/banks |
| Tor Gateway |
cbintel.tor |
tor.nominate.ai |
| GeoRouter |
cbintel.geo |
(internal) |
Documentation
Network Topology
Internet
│
▼
┌──────────────────────────────────────────────┐
│ Host Server │
│ ┌──────────────────────────────────────┐ │
│ │ WireGuard Tunnels │ │
│ │ wg01-wg16 → Workers 17.0.0.10-25 │ │
│ └──────────────────────────────────────┘ │
│ │ │
│ ┌─────────────┐ │ ┌─────────────┐ │
│ │ Cluster API │ │ │ Jobs API │ │
│ │ :9002 │◄───┼───►│ :9003 │ │
│ └─────────────┘ │ └─────────────┘ │
└─────────────────────┼────────────────────────┘
│
▼
┌──────────────────────────────────────────────┐
│ OpenWRT Network (17.0.0.0/24) │
│ │
│ ┌─────────────────────────────────────┐ │
│ │ Master Router (17.0.0.1) │ │
│ │ - HAProxy (ports 8890-8999) │ │
│ │ - LuCI RPC interface │ │
│ └──────────────┬──────────────────────┘ │
│ │ │
│ ┌────────────┼────────────┐ │
│ ▼ ▼ ▼ │
│ Worker 1 Worker 2 ... Worker 16 │
│ 17.0.0.10 17.0.0.11 17.0.0.25 │
│ TinyProxy TinyProxy TinyProxy │
│ OpenVPN OpenVPN OpenVPN │
└──────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────┐
│ ProtonVPN Network │
│ ~12,900 profiles across 127 countries │
│ US profiles include state-level routing │
└──────────────────────────────────────────────┘
Usage Patterns
Direct VPN Access
from cbintel.net import HTTPClient
# Route through California VPN bank
async with HTTPClient() as client:
response = await client.get(
"https://example.com",
proxy="http://17.0.0.1:8894" # California bank port
)
Via GeoRouter
from cbintel.geo import GeoRouter
router = GeoRouter()
# Get proxy for geographic region
proxy = await router.get_proxy("us:ca")
response = await client.get(url, proxy=proxy)
Via Graph Operations
stages:
- name: fetch_california
parallel:
- op: fetch
params:
url: "https://example.com"
geo: "us:ca"
output: content
Via Tor Gateway
from cbintel.tor import TorClient
async with TorClient() as tor:
# Fetch through Tor
result = await tor.fetch("https://example.com")
# Fetch .onion site
result = await tor.fetch("http://darksite.onion/")
Configuration
Environment Variables
# VPN Cluster
OPENWRT_USERNAME=root
OPENWRT_PASSWORD=<password>
MASTER_IP=17.0.0.1
CLUSTER_API_PORT=9002
# State Storage
BANK_STATE_FILE=/var/lib/vpn-banks/bank-state.json
DEVICE_REGISTRY_FILE=/var/lib/vpn-banks/device-registry.json
# VPN Profiles
PROFILES_BASE=/path/to/profiles/intl-ovpn
# Tor Gateway
CBTOR_BASE_URL=https://tor.nominate.ai
CBTOR_TIMEOUT=60.0
CBTOR_MODE=round_robin