The release of the reference implementation of the Yggdrasil 0.4 protocol has been published, which allows deploying a separate decentralized private IPv6 network on top of a conventional WAN, which uses end-to-end encryption to protect confidentiality. Any existing applications that support IPv6 can be used to work through the Yggdrasil network. The implementation is written in Go and distributed under the LGPLv3 license. Linux, Windows, macOS, FreeBSD, OpenBSD and Ubiquiti EdgeRouter platforms are supported.
Yggdrasil is developing a new routing concept to create a global decentralized network, nodes in which can connect both directly to each other in a mesh network mode (for example, via Wi-Fi or Bluetooth), and interact over existing IPv6 or IPv4 networks (network over network) . A distinctive feature of Yggdrasil is the self-organization of work, without the need for explicit routing configuration - route information is calculated based on the location of the node in the network relative to other nodes. Devices are addressed through a regular IPv6 address, which does not change if a host moves (Yggdrasil uses the unused address range 0200::/7).
The entire Yggdrasil network is not viewed as a union of disparate subnets, but as a single structured spanning tree that has one "root" and each node has one parent and one or more children. This tree structure allows you to build a route to the destination node, relative to the source node, using the "locator" mechanism, which determines the optimal path to the node from the root.
Information about the tree is distributed among the nodes and is not stored centrally. A distributed hash table (DHT) is used to exchange routing data, with which a node can retrieve all information about the route to another node. The network itself provides only end-to-end encryption (transit nodes cannot determine the content), but not anonymity (when connected via the Internet, peer nodes with which direct interaction is carried out can determine the real IP address, therefore, for anonymity, it is suggested to connect nodes through Tor or I2P).
It is noted that despite the fact that the project is at the alpha development stage, it is already stable enough for daily use, but does not guarantee backward compatibility between releases. For Yggdrasil 0.4, a set of services are supported by the community, including a platform for hosting Linux containers for hosting their sites, YaCy search engine, Matrix communication server, IRC server, DNS, VoIP system, BitTorrent tracker connection point map, IPFS gateway and proxy for accessing Tor, I2P and clearnet networks.
In the new version:
- Implemented a new routing scheme that is not compatible with previous releases of Yggdrasil.
- When establishing TLS connections with nodes, public key binding (key pinning) is involved. If there was no binding during the connection, the resulting key will be assigned to the connection. If a binding has been established but the key does not match, the connection will be rejected. TLS with key binding is defined as the recommended method for connecting to peers.
- The code for routing and session management has been completely redesigned and rewritten, which has increased throughput and reliability, especially for nodes that change peers frequently. In cryptographic sessions, periodic key rotation is implemented. Added support for Source routing, which can be used to redirect custom IPv6 traffic. Redesigned distributed hash table (DHT) architecture and added support for DHT-based routing. The implementation of routing algorithms is moved to a separate library.
- IPv6 IP addresses are now generated from the ed25519 public keys rather than their X25519 hash, which will cause all internal IPs to change after switching to the Yggdrasil 0.4 release.
- Provided additional settings for searching for Multicast peers.
Source: opennet.ru