The release of the reference implementation of the Yggdrasil 0.4 protocol has been published, which allows deploying a separate decentralized private IPv6 network over the usual global network, which uses end-to-end encryption to protect confidentiality. Any existing IPv6-capable application can be used to work over the Yggdrasil network. The implementation is written in Go and is licensed under the LGPLv3. Supported platforms are Linux, Windows, macOS, FreeBSD, OpenBSD, and Ubiquiti EdgeRouter.
Yggdrasil develops a new routing concept to create a global decentralized network, where nodes can connect directly to each other in a mesh network mode (for example, via Wi-Fi or Bluetooth), or interact over existing IPv6 or IPv4 networks (network over network) ... A distinctive feature of Yggdrasil is self-organization of work, without the need to explicitly configure routing - information about routes is calculated based on the location of a node in the network relative to other nodes. Devices are addressed via a regular IPv6 address, which does not change if the node is moved (Yggdrasil uses an unused address range 0200 :: / 7).
The entire Yggdrasil network is not viewed as a collection of disparate subnets, but as a single structured spanning tree, which has one "root", and each node has one parent and one or more descendants. Such a tree structure allows you to build a route to the destination node, relative to the source node, using the "locator" mechanism, which determines the optimal path to the node from the root.
The information about the tree is distributed among the nodes and is not stored centrally. A distributed hash table (DHT) is used to exchange routing information, with which a node can retrieve all information about the route to another node. The network itself provides only end-to-end encryption (transit nodes cannot determine the content), but not anonymity (when connected via the Internet, peers with which direct interaction is carried out can determine the real IP address, so for anonymity it is proposed to connect the nodes through Tor or I2P).
It is noted that although the project is at the alpha development stage, it is already stable enough for daily use, but does not guarantee backward compatibility between releases. For Yggdrasil 0.4, the community maintains a set of services, including a platform for hosting Linux containers for hosting their sites, a YaCy search engine, a Matrix communication server, an IRC server, DNS, a VoIP system, a BitTorrent tracker, a connection point map, an IPFS gateway and a proxy for access to Tor, I2P and clearnet networks.
In the new version:
Yggdrasil develops a new routing concept to create a global decentralized network, where nodes can connect directly to each other in a mesh network mode (for example, via Wi-Fi or Bluetooth), or interact over existing IPv6 or IPv4 networks (network over network) ... A distinctive feature of Yggdrasil is self-organization of work, without the need to explicitly configure routing - information about routes is calculated based on the location of a node in the network relative to other nodes. Devices are addressed via a regular IPv6 address, which does not change if the node is moved (Yggdrasil uses an unused address range 0200 :: / 7).
The entire Yggdrasil network is not viewed as a collection of disparate subnets, but as a single structured spanning tree, which has one "root", and each node has one parent and one or more descendants. Such a tree structure allows you to build a route to the destination node, relative to the source node, using the "locator" mechanism, which determines the optimal path to the node from the root.
The information about the tree is distributed among the nodes and is not stored centrally. A distributed hash table (DHT) is used to exchange routing information, with which a node can retrieve all information about the route to another node. The network itself provides only end-to-end encryption (transit nodes cannot determine the content), but not anonymity (when connected via the Internet, peers with which direct interaction is carried out can determine the real IP address, so for anonymity it is proposed to connect the nodes through Tor or I2P).
It is noted that although the project is at the alpha development stage, it is already stable enough for daily use, but does not guarantee backward compatibility between releases. For Yggdrasil 0.4, the community maintains a set of services, including a platform for hosting Linux containers for hosting their sites, a YaCy search engine, a Matrix communication server, an IRC server, DNS, a VoIP system, a BitTorrent tracker, a connection point map, an IPFS gateway and a proxy for access to Tor, I2P and clearnet networks.
In the new version:
- A new routing scheme has been implemented that is not compatible with past Yggdrasil releases.
- When establishing TLS connections with nodes, key pinning is used. If there was no binding during connection, the resulting key will be assigned to the connection. If the binding has been established, but the key does not match, the connection will be rejected. TLS with Key Binding is defined as the recommended method for connecting to peers.
- Completely redesigned and rewritten code for routing and session management, which increased throughput and operational reliability, especially for nodes that frequently change peers. Periodic key rotation is implemented in cryptographic sessions. Added support for Source routing, which can be used to route custom IPv6 traffic. Redesigned the distributed hash table (DHT) architecture and added support for DHT-based routing. Implementation of routing algorithms has been moved to a separate library.
- IPv6 IP addresses are now generated from ed25519 public keys rather than their X25519 hash, which will cause all internal IPs to change after upgrading to Yggdrasil 0.4.
- Additional settings for searching Multicast peers are provided.
