yggdrasil-go VS mesh-networking

> The next version will make it much simpler to deploy isolated networks by using TLS roots to prevent accidental peerings.

Is that PR #1038 [1]? Any info on how to use that feature and whether it works over multicast as well?

I noticed this PR uses SHA-1 for matching fingerprints. SHA-1 has been broken for 13 years now. Is it possible to use something more secure?

> It's also worth noting that Yggdrasil doesn't have the equivalent of "peer exchange" — only directly connected peers would ever find out your public IP address. Yggdrasil will not form new peerings automatically, with the single exception being multicast-discovered nodes on the same LAN.

Right, my worry is that by having a server with a public IPv4 address and Yggdrasil running on an open port (so that my other nodes can connect to it) will allow someone to connect to it (either on purpose or accidentally) and cause my traffic to route over their node(s) and/or the public mesh.

Thanks!

[1] https://github.com/yggdrasil-network/yggdrasil-go/pull/1038

From a purely networking perspective, there are far better solutions than tailscale.

Have a look at full mesh VPNs like:

https://github.com/cjdelisle/cjdns

https://github.com/yggdrasil-network/yggdrasil-go

https://github.com/gsliepen/tinc

https://github.com/costela/wesher

These build actual mesh networks where every node is equal and can serve as a router for other nodes to resolve difficult network topologies (where some nodes might not be connected to the internet, but do have connections to other nodes with an internet connection).

Sending data through multiple routers is also possible. They also deal with nodes disappearing and change routes accordingly.

tailscale (and similar solutions like netbird) still use a bunch of "proxy servers" for that. You can set them up on intermediate nodes, but that have to be dealt with manually (and you get two kinds of nodes).

The only real solution long-term is completely peer-to-peer ad-hoc networking that doesn't depend on BGP.

A few projects are in similar territory but none I've seen are working at the layer of bypassing BGP. Many are just acting as an overlay; which works to an extent. https://github.com/yggdrasil-network/yggdrasil-go

It's probably begging for a different model of the "internet" and where data lives.

My requirements:

1. Offline-first applications that sync via a pub/sub DHT of trusted peers. More details here but basically allows bypassing BGP.

It seems like you can limit connections to your node with AllowedPublicKeys (ref).

at least on the official discord the recommended way if you don’t want to play on a public server is using yggdrasil

Heh walked a similar path a few years ago. Wanted to get started developing a mesh network routing algorithm that could handle a hundred hops, got distracted and built a mesh networking test harness / simulation system instead (https://github.com/pirate/mesh-networking).

Never got around to finishing a full routing algorithm, though we did have a lot of fun testing wacky network topologies and protocols that solved subsets of the problem.

The closest we came was designing a 2 or 3 tiered system, where nodes self-arrange into clusters of up to 256 nodes with one elected leader to coordinate. The routing table is replicated on all nodes (eventually consistent), but the leader handles all changes. Then there's Layer 2 routing between clusters with a similar leader election system to handle inter-cluster routing.

We tried to figure out a way to make the routing stateless, (e.g. by encoding a node's position in the graph in its id, sort of like a phone number has a country code, then area code, etc.), but stopped working on it before figuring out a good approach for broadcasting ID changes without flooding the network with broadcast traffic beyond small network sizes.

Nowadays there are established mesh routing algorithms that solve all these problems (like B.A.T.M.A.N., 802.11s, or even BGP), but it's still a really exciting field that I dream of working in professionally someday.

https://www.open-mesh.org/projects/open-mesh/wiki