The VPN has a core, made of routers designed to accept connections from leaf nodes. As of the writing of this document, there is only one router in the core (November, 2001). A few other routers should soon link to the core.
Between them, core routers may use any protocol they like to grant connectivity : PPP/SSH, CIPE, GRE ... Most links are encrypted, but it's not mandatory ; so one should never transmit sensitive data in clear.
Core routers may accept connections from leaf nodes using whatever protocol they like. The current core node accepts PPP/SSH connections, and this site has documentation explaining how to setup your own PPP/SSH core node. Future nodes may accept different types of connections.
Routing is entirely done using BGP protocol. It's not mandatory for a leaf node to run a BGP peer, except if it wants to connect more than a single IP address to the VPN, or if it wants to be multi-homed.
When a simple leaf node links to the VPN, the related core node has to provide routing (advertise the address of the leaf node, or a network comprising its address).
Advertising of short prefixes is not a very good practice, but may be used internally or between 2 core nodes to provide special services, like IPV4 mobility. Core nodes should however accept any prefix shorter than 25 bits.
The AS numbers used are in the range 65000-65520. When a network is to be connected to NX VPN, an AS number is derived from the IP address of the network ; i.e. 192.168.XXX.0/24 yields 65XXX ; 192.168.XXX.0/25 yields 65XXX too, and 192.168.XXX.128/25 yields 65YYY with YYY=256+XXX. No subnet smaller than 128 addresses will be allocated directly by the core.
When a network is assigned to an administrative entity, it can delegate addressing as it likes, but the delegated networks can't be multi-homed directly (as small prefixes aren't granted to be advertised between core nodes).
An IPV6 experiment is onward, and we plan to provide different kinds of IPV6 links : native links, 6over4 tunnels running atop existing IPV4 VPN links, and mixed-mode links (this makes sense for PPP links, where the same link can carry many protocols). BGP routing can be done either with native BGP4+ peering (running directly on IPV6) or with BGP4+ over BGP4 peering (useful when running in 6over4 or mixed mode, where an IPV4 connectivity and peering already exists).
Various documentations are available, or will be available :
All comments, remarks, corrections, whatsoever... are welcome.