The first thing I tried to find on their website and their GitHub was a protocol specification, to be able to implement it independently from the reference implementation. I thought this would be straightforward since it’s advertised as a scheme/protocol, but such a spec isn’t referenced anywhere! Digging on my own I eventually found [1] on a side-branch of one of their other GitHub projects.
Kudos to the author: I think it actually covers a lot of what you’d need to know: crypto identities, message formats, wire protocols, peering and stream semantics, spanning tree updates and root selection, the DHT, forwarding logic, sessions, etc. A couple things are TODOs like how to verify and sign root updates, and there’s some ambiguity in the tiebreaker algorithm for next-hop selection.
It seems to be very tightly coupled to TCP as the transport layer though, since all packets need to be delivered reliably and in the order they were sent, and need to be capable of being fragmented into smaller packets for varying MTU sizes.
We did spend a little bit of time documenting the earlier v0.3 protocol, as you have linked, but the protocol has changed significantly in design twice since then. v0.4 changed the DHT quite a bit and v0.5 removed the DHT altogether. As a research project it likely will continue to change until we settle on a design we are happier with, at which point we will definitely spend more time documenting it.
The need for ordered/reliable links is mostly for convenience of development at this stage, but that can be fixed for sure.
Kademlia is a lot less intuitive, but by not ever assuming it's tables are correct, it handles and corrects inconsistency (and malicious nodes) better.
Chapter 6 of this pile of (my) crap https://scholarworks.gsu.edu/cs_diss/106/ talks about doing latency optimization on dht routing. Basically just embedding then network graph into a metric space.
Some documentation can help with those issues though. I find it helps more because you’re writing to yourself why you’re making certain decisions and it helps when you decide to make others. It just so happens that it’s also a great way to onboard people.
Makes it hard to do hole punching I think? At any rate, direct connections currently cannot be established between multi-hop peers, traffic gets routed through peers instead. I think this has something to do with the TCP choice.
Ok, so as I understand it, yggdrasil and cjdns are virtual P2P networks that offer the normal layer 3 routing services, but built on top of the existing internet. So they still require ISPs and internet backbones, etc.
Are there any projects attempting to build a worldwide P2P network that can replace the IP layer? Like a mesh network that can operate without verizon, cisco routers, etc? I know of some mesh network technologies aimed at small disconnected networks but nothing consumer-facing and supporting anything more than a few thousand nodes.
That was the original goal of cjdns, which is why it automatically peers with other nodes reachable over Ethernet (no IP needed), including WiFi (see the first paragraph of https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepape...). Unfortunately, its approach to routing turned out to not scale in practice. Yggdrasil uses a different routing algorithm so it might.
Yggdrasil was actually inspired in part by cjdns but the design is very different. We care deeply about scale and we want an Yggdrasil network to be able to grow organically without requiring a strict hierarchy, huge amounts of state etc. We’re still working on it of course but for now the public test network is somewhere around 5000-6000 nodes and continues to work pretty well as it grows.
IP was originally an overlay network on top of the telco network.
That has many benefits most importantly it makes adoption easy.
Now we run telco networks over IP for legacy apps. If this Yggdrasil stuff is successful, I presume eventually we’ll run IP over it for legacy systems.
People have been dreaming of mesh networks forever. Unfortunately they scale very poorly (among other issues) and this is a fundamental limitation of their design. The Internet (ARPAnet) started out as a mesh network and the concept of trunks, backbones, and routing came about to solve those scaling issues.
Or are you thinking about IP layer, just not on the "internet", but on a separate network? If this, then how do you suggest connecting people together? Mesh becomes innefficient due to mesh routing at larger sizes and sooner or later you just reinvent "your own internet", but not worldwide, because you don't have the resources to actually connect the whole world together.
In order to access the internet you are required to enter into a contract with a corporate entity. That's not because the internet is "theirs" (like Facebook's servers and systems are Meta's), but because the network layer was design with the assumption that companies would do the work of setting up ISPs, core routers, peering agreements, etc.
I'd like to see a P2P protocol that doesn't assume this but instead is designed to be completely decentralized, and anyone running the protocol can join. This protocol would provide addressing routing like our current IP protocol, and TCP/UDP etc can run on top of it. Would this be a separate "internet" or could it have gateways to the proper internet? Preferably the latter. There are obvious technical challenges with routing, addressing, mobility, all in a decentralized way but are they truly impossible?
Before cjdns a group of us started "project meshnet", inspired by Athens[0], to essentially replace or supplant the Internet. At the time it was an idealistic/anarchic response to the Pirate Bay ruling back in 2009-2010. IIRC cjdns came a bit later and subsumed most of the group.
Who knew that a bunch of disgruntled hackers and software pirates building a shittier version of the Internet wouldn't last?
It's a very romantic notion, but there's a lot of resources (time/money/hardware/effort) that go into the existing IP layer that's totally invisible. Without a plan on how to supplant those resources, any replacement network will struggle.
> Irdest is a networking research project that explores different technologies and ideas on how to build more sustainable, user-controlled communication networks.
There was the Locker project by Jeremie Miller (XMPP), but it failed to gain traction and I think he pivoted into a more small scale commercial effort with it IIRC. The telehash protocol of Locker was extremely interesting.
reticulum.network perhaps? It certainly fits the "replace the IP layer" requirement, and I believe in theory it can be very large scale, though unsure how it would do in reality.
I was about to ask this question. Why would someone use yggdrasil over tailscale or wireguard? Is there any benefit? If I'm just trying to run my own private lightweight VPN, tailscale (and headscale if I want to self host the network) works great and offers so many benefits.
In practice I find it stupidly reliable, and use it to reconfigure/fix WireGuard issues remotely (I had to fix the MTU once on hotel Wi-Fi).
It's also completely open source, unlike tailscale. And something's that cool is that Yggdrasil can automatically peer over "unconfigured" layer 2 links so if you have a complex topology (like an actual mesh) it can be useful for that.
It's also stupidly simple to set up Yggdrasil in a dual WAN environment, which is nice.
I was pretty excited about it 3-4 years ago, but it seems like it's kind of an abandoned project at this point. Anyone making use of it and have any impressions?
Definitely not abandoned, but it’s a free-time project for myself and another developer. At the end of last year we released version 0.5 with a new protocol design, and roughly a month ago released 0.5.9 with link cost changes to dramatically improve network latency.
Thanks for that update, you might want to post a quick blog update because that was where I was looking to see what the activity was. I get it about free-time projects, I have some of those myself. Thanks for your work on this, it is definitely very neat!
There have been a few updates recently including a revival of the iOS app which had languished for some time.
I use it as a VPN to connect my phone to my home network which are both peered privately to a VPS.
It's a bit convoluted vs directly connecting to home, but it was easier to set up than worrying about dynamic IPs, port forwarding, and exchanging Wireguard keys.
Multicast peering is neat in that I can access my home server directly using the same Ygg IP when I'm home. Problem is, I have to use an IP; the iOS app doesn't support configuring a custom DNS server for the Ygg VPN connection.
Headscale is really a better solution for this use-case, but it's kind-of neat to know there's an alternative Internet available with just an additional peering.
Agreed. If the Yggdrasil Android and iOS apps supported zero-touch MDM configuration like Tailscale, I'd try it out but my guess is the performance still wouldn't match WireGuard.
Update: 83% comparitive speed using a US QUIC peer, not bad actually...
Yggdrasil just works, so there is less of a need for developers to be in the chatroom discussing how to fix the problems with it.
I use yggdrasil right now on all of my devices so I can ssh between them even if they are behind NAT.
Using termux on android and the yggdrasil android app I can access files located on my home computer while I'm on the go without storing them in a cloud somewhere.
I use it all the time to connect to my boxes at home when I'm out and about, and I chat with friends on an IRC server running on there.
Development is pretty active, and the latest release just improved the routing algorithm by having it favour hops with the lowest latency which had a noticeable improvement.
If you're looking for a big community hub within the network you might be disappointed (you could always try to set one up!), but there are a lot of people using it for their own purposes and the protect is far from abandoned.
FAQ >> Is Yggdrasil anonymous? No, it is not a goal of the Yggdrasil project to provide anonymity.
I understand that the problem is hard, has its own set of issues to solve beyond just technical, but this honestly makes it a non-starter for me. Anything that would be an actual internet evolution would need to include actual anonymity. Apart from this, I simply do not see what problem it actually solves for the existing internet that is not already solved with the current setup.
Anonymity isn’t a goal for Yggdrasil anymore than it is a goal for for BGP, OSPF, BATMAN etc. Anonymous networks also generally have very high costs/overheads as they often engineer long and indirect paths for obscurity. See the generally poor performance/reliability of Tor circuits for an example of why we probably wouldn’t want the entire Internet to work this way.
Why? I think it makes perfect sense to focus on a mesh routing protocol and make anonymity something optional that you can lay on top of it. No reason you can't run a Yggdrasil network and have an I2P network within it. This way there isn't as much of a performance hit for communications that don't call for anonymity, and anonymous peers can be established without being on the clearnet.
Readit News
Kudos to the author: I think it actually covers a lot of what you’d need to know: crypto identities, message formats, wire protocols, peering and stream semantics, spanning tree updates and root selection, the DHT, forwarding logic, sessions, etc. A couple things are TODOs like how to verify and sign root updates, and there’s some ambiguity in the tiebreaker algorithm for next-hop selection.
It seems to be very tightly coupled to TCP as the transport layer though, since all packets need to be delivered reliably and in the order they were sent, and need to be capable of being fragmented into smaller packets for varying MTU sizes.
[1] https://github.com/yggdrasil-network/yggdrasil-specs/blob/ys...
The need for ordered/reliable links is mostly for convenience of development at this stage, but that can be fixed for sure.
Kademlia is a lot less intuitive, but by not ever assuming it's tables are correct, it handles and corrects inconsistency (and malicious nodes) better.
Chapter 6 of this pile of (my) crap https://scholarworks.gsu.edu/cs_diss/106/ talks about doing latency optimization on dht routing. Basically just embedding then network graph into a metric space.
Are there any projects attempting to build a worldwide P2P network that can replace the IP layer? Like a mesh network that can operate without verizon, cisco routers, etc? I know of some mesh network technologies aimed at small disconnected networks but nothing consumer-facing and supporting anything more than a few thousand nodes.
That has many benefits most importantly it makes adoption easy.
Now we run telco networks over IP for legacy apps. If this Yggdrasil stuff is successful, I presume eventually we’ll run IP over it for legacy systems.
Or are you thinking about IP layer, just not on the "internet", but on a separate network? If this, then how do you suggest connecting people together? Mesh becomes innefficient due to mesh routing at larger sizes and sooner or later you just reinvent "your own internet", but not worldwide, because you don't have the resources to actually connect the whole world together.
I'd like to see a P2P protocol that doesn't assume this but instead is designed to be completely decentralized, and anyone running the protocol can join. This protocol would provide addressing routing like our current IP protocol, and TCP/UDP etc can run on top of it. Would this be a separate "internet" or could it have gateways to the proper internet? Preferably the latter. There are obvious technical challenges with routing, addressing, mobility, all in a decentralized way but are they truly impossible?
Who knew that a bunch of disgruntled hackers and software pirates building a shittier version of the Internet wouldn't last?
[0] https://en.m.wikipedia.org/wiki/Athens_Wireless_Metropolitan...
You could, of course, run a local wireless IP layer and use this to route, but peer-to-peer wireless has well-known scaling problems.
Still, it looks like a very interesting and reasonably well thoughout out idea.
> Irdest is a networking research project that explores different technologies and ideas on how to build more sustainable, user-controlled communication networks.
[0] https://irde.st/
Yggdrasil Network - https://news.ycombinator.com/item?id=41669625 - Sept 2024 (3 comments)
Yggdrasil P2P mesh E2EE IPv6 network - https://news.ycombinator.com/item?id=30156551 - Jan 2022 (77 comments)
Yggdrasil – Early-stage implementation of an end-to-end encrypted IPv6 network - https://news.ycombinator.com/item?id=27577201 - June 2021 (102 comments)
Show HN: Yggdrasil Network – compact mesh routing experiment for mesh networks - https://news.ycombinator.com/item?id=18863554 - Jan 2019 (15 comments)
Announcing Yggdrasil Network v0.3 - https://news.ycombinator.com/item?id=18751991 - Dec 2018 (3 comments)
Yggdrasil: End-To-end Encrypted IPv6 Networking - https://news.ycombinator.com/item?id=18666245 - Dec 2018 (1 comment)
If you want a crypto-key addressable p2p connection-network there is a somewhat recent project which does this rather well:
https://www.iroh.computer
It punches through firewalls/NATs and establishes QUIC connections.
They have two already useful PoC's:
https://github.com/n0-computer/sendme
https://github.com/n0-computer/dumbpipe
It's also completely open source, unlike tailscale. And something's that cool is that Yggdrasil can automatically peer over "unconfigured" layer 2 links so if you have a complex topology (like an actual mesh) it can be useful for that.
It's also stupidly simple to set up Yggdrasil in a dual WAN environment, which is nice.
I use it as a VPN to connect my phone to my home network which are both peered privately to a VPS.
It's a bit convoluted vs directly connecting to home, but it was easier to set up than worrying about dynamic IPs, port forwarding, and exchanging Wireguard keys.
Multicast peering is neat in that I can access my home server directly using the same Ygg IP when I'm home. Problem is, I have to use an IP; the iOS app doesn't support configuring a custom DNS server for the Ygg VPN connection.
Headscale is really a better solution for this use-case, but it's kind-of neat to know there's an alternative Internet available with just an additional peering.
From a quick search it seems you do not even need a static IP address [0]
I am not familiar with Yggdrasil and can't wrap my hear around how this is possible !
- [0] https://lemmy.sdf.org/comment/472679
Update: 83% comparitive speed using a US QUIC peer, not bad actually...
I use yggdrasil right now on all of my devices so I can ssh between them even if they are behind NAT.
Using termux on android and the yggdrasil android app I can access files located on my home computer while I'm on the go without storing them in a cloud somewhere.
Development is pretty active, and the latest release just improved the routing algorithm by having it favour hops with the lowest latency which had a noticeable improvement.
If you're looking for a big community hub within the network you might be disappointed (you could always try to set one up!), but there are a lot of people using it for their own purposes and the protect is far from abandoned.
https://en.m.wikipedia.org/wiki/Yggdrasil_Linux/GNU/X
I understand that the problem is hard, has its own set of issues to solve beyond just technical, but this honestly makes it a non-starter for me. Anything that would be an actual internet evolution would need to include actual anonymity. Apart from this, I simply do not see what problem it actually solves for the existing internet that is not already solved with the current setup.