Yggdrasil Network: The Dawn of Home Mesh Networks and the Internet of the Future

The era of mesh networks is gradually approaching. At the very least, this term is appearing more and more often in the information space. What is attracting the attention of network specialists, and why does the concept of a “home mesh network” appear in the title of this article? Let’s try to figure it out by taking the Yggdrasil network as an example—one of the most promising prototypes. This article is intended for a wide audience.

General Overview of Network Topology

The Internet, like any other network (for example, a local network of several computers), is a network of interconnected computers. The way devices are connected in a network is called topology and is determined solely by the preferences and capabilities of the administrator. At home, you might have a Wi-Fi access point for convenient smartphone connectivity, while a couple of desktop computers are connected to the router by cable. Obviously, the way your laptop connects to the Internet in your apartment depends only on you. There is no single mandatory configuration, but every solution has its pros and cons.

As shown in the illustration, the most vulnerable topology is the “star,” which is also the most common in everyday life due to its simplicity. For example, you probably have a single switch or router at home or in the office, through which all computers are connected to one local network. If the central device is turned off, all users lose connectivity. The “tree” topology can be seen as a logical extension of the “star”: imagine a building where each floor has its own switch, connecting the offices on that floor. Thanks to the interconnection of switches, offices on different floors can communicate. If the switch on the second floor fails, offices on other floors can still interact, but the first floor will lose connection with the rest.

Mesh, or “mesh topology,” is a network architecture in which all network participants are equal and act as both clients and routers for other participants. The main advantage of mesh is its high fault tolerance, while the downside is the complexity of practical implementation. Mesh topology has been widely used for decades, primarily by the military and large businesses. It involves complex design considering all possible conditions and is often associated with radio technologies, as radio is indispensable for organizing communication in the field.

Data Transmission Model

As children watching TV, many of us wondered about the magic that allows sound and picture to be transmitted through a thin coaxial cable. Now there are even more questions, since the entire World Wide Web is somehow transmitted wirelessly straight to a small box called a smartphone.

Everyone is familiar with the concept of an IP address—a logical address for routing incoming and outgoing information over the network. Without delving into the technical details of the TCP/IP stack (where IP stands for “Internet Protocol”), it’s important to distinguish two main types of IP addresses:

• IPv4 – Four-byte addresses written in decimal and separated by dots, like “192.168.1.10.” IPv4 is familiar and easy to read, but has a small address space of about four billion variations—less than the world’s population, so it’s not enough to give every person a unique address, let alone the Internet of Things.
• IPv6 – Sixteen-byte addresses written in hexadecimal and separated by colons every two bytes, like “fe80:2a30:6b30:c26d:3d39:3ce4:218:6376.” It’s harder to read and remember, but offers an unimaginably large number of possible addresses—enough for many planets, even if every resident has three coffee makers with unique addresses.

IPv6 appeared later than IPv4, and to this day, some software only works over IPv4, especially older software that is no longer actively developed.

To understand how digital (i.e., binary) information—made up of bits, zeros, and ones—is transmitted, you need a basic understanding of the Open Systems Interconnection (OSI) model. You can easily find detailed information elsewhere, so we won’t rewrite the textbook here. Just know: from the electrical impulse in the wire to the image displayed in your browser, several logical layers are involved, and the lower the layer, the less energy is required from the client side. While the signal travels through the wire, the computer isn’t involved. Once the signal reaches the network card, low-level processing begins. Then the information is passed to the operating system, which handles it logically, using the computer’s main resources. The highest point in this chain is the client application, such as a browser, and the image it displays. In summary, an electrical impulse is converted into bits, which form packets, are sent to the browser, and are assembled into an image on the user’s monitor.

Classic Networks

Almost any modern telecommunications network involves an administrator—a user with authority and responsibility. The admin establishes connectivity, connects new users, and can censor or restrict their segment of the network. This applies to both local and global networks, including the Internet. For the Internet, we use the services of providers who connect us to their networks. Smaller providers use the services of backbone providers—those who connect countries and continents. The higher the level of the network, the more people are needed to maintain it. In addition to physically connecting computers with cables, a huge amount of logical network configuration—routing—is done. Thanks to this, our requests can reach another continent in just a few dozen milliseconds, because each upstream router knows where to send the packet next. Even a tiny local network of a few offices can’t function without routing configuration and someone to set it up!

In today’s global network paradigm, centralization has taken root, meaning that critical infrastructure is controlled by a certain group of people: government and commercial entities. Some can set prices, others can cut us off from the world. And all of them have the power to monitor and regulate user activity. It seems there’s no way around this.

Yggdrasil

Has your home router ever failed, leaving everyone in the house without Internet? Imagine how great it would be if the router wasn’t a “bottleneck,” and in case of failure, all members of the home network could access the Internet through a smart TV, neighboring wireless networks, or even your smartphone—all without any extra configuration after the router breaks!

All applications are forced to use encryption when transmitting information over the network, so that intermediaries can’t intercept sensitive data. For example, almost all modern websites use the HTTPS protocol, which allows users to establish an encrypted connection with the server. Thanks to this, we confidently enter passwords and credit card data, trusting that only the intended recipient will receive our information. Imagine if network connections were always secure at the protocol level, with no need for extra security measures or certification authorities—organizations whose trust underpins HTTPS (and which are a security weak point, since they can be compromised).

Setting up a local network at a company, configuring VPNs for remote employees, or even a small network of three computers requires some level of expertise and a specialist. But what if there was a solution that required zero configuration for the average user, while still allowing you to combine or separate local networks with full routing (for physically accessible nodes)?

As you may have guessed, all these features are already implemented and actively being developed. We’ve reached the main topic of this article—Yggdrasil—a software implementation of a mesh network with absolute scalability, automatic routing, and end-to-end encryption of all traffic from user to user. Yggdrasil is a software solution that eliminates the need for an administrator when organizing small and medium-sized networks, and also minimizes the impact of overzealous lawmakers on network connectivity as a whole.

Addressing in Yggdrasil

Yggdrasil uses IPv6 addressing with the 200::/7 network mask. Addresses from this subnet are not used on the Internet, so there are no collisions. Each user also has their own 300::/64 subnet, which allows for shorter addresses on network interfaces, assigning addresses from this subnet to local users at home, and hosting multiple resources on different addresses (for example, websites all using port 80). The short address is automatically routed to the full address from the 200::/7 subnet, with the first 64 bits matching. For example, the address [3 24:9de3:fea4:f6ac::ace] is routed to the node with the full address [2 24:9de3:fea4:f6ac:6d7c:68f5:6c8e:f9a9]. User subnet addresses are easily recognized by the leading “3,” while full addresses always start with “2.”

The user’s address is generated when the network client is first launched. To prevent address hijacking, the IPv6 address in Yggdrasil is directly derived from the encryption key. A connection will not be established if the encryption key does not match the IPv6 address. Since stealing or guessing someone else’s key is extremely difficult, Yggdrasil addresses are resistant to malicious attempts to misuse them. For more on the cryptographic formation of IPv6 addresses in Yggdrasil, see the relevant article.

Because the entire Yggdrasil network, regardless of scale or physical node location, uses a single subnet, global address routing using standard network administration tools is not possible.

Building the Global Coordinate Tree in Yggdrasil

In traditional networks, where address allocation is managed, routing logic is configured by numerous administrators. But how does a network work without an admin, when it has thousands of nodes worldwide? The name Yggdrasil comes from the tree in Norse mythology that connects worlds. The name is fitting, as routing in Yggdrasil has a tree-like structure.

In addition to the IP address, network nodes have coordinates that reflect their logical place in the network. To establish a starting point for these coordinates, a certain peer is chosen among the nodes.

The network map shown only displays some of the node connections, specifically those relevant to coordinate formation. The impression of centralization is misleading, as this is not the topology for data transmission, but rather a scheme for node orientation within the network.

How the Zero Coordinate Node Is Determined

When first accessing an address, a broadcast query is sent to the nearest peers, then the search request spreads further through the network. When the request reaches a node that can directly see the target address, a response is sent back to the requester. Yggdrasil’s concept is based on the shortest paths and the highest possible data transfer speed. Unlike the first query, an established session between two participants usually follows a single route based on the coordinates of transit nodes. Because of this, the first response has the longest wait time, but once the session is established and the optimal route is determined, latency stabilizes.

The most noticeable bug, overshadowing all other minor issues, is “network storms.” The threat model involves the sudden appearance and disappearance of a node with a signature key, forcing other participants to rebuild their coordinates, using it as a reference point. As you might guess, if coordinates are constantly being rebuilt, network routing suffers greatly, up to the complete loss of pings.

Yggdrasil in Production: Experience and Theory

The first release on GitHub is dated February 17, 2018. However, to this day, Yggdrasil is considered a “raw” product, in beta, and is not recommended for use in serious projects.

Many network instability threats are only relevant when connecting to the global segment, where much of what happens is beyond our control. In business scenarios, there are successful cases of connecting remote employees (e.g., accountants) via Yggdrasil: RDP without extra router configuration or port forwarding. Such networks are organized in isolation and are not subject to “network storms”: a public peer is set up on a server managed by the in-house sysadmin, and all employees connect in overlay mode (i.e., via the Internet). The result is an easily scalable VPN-like network with internal IPv6. Yggdrasil can also be used to bridge local IPv4 networks—relevant parameters are available in the configuration file.

Yggdrasil has built-in tools to restrict access to the network interface of the operating system, allowing only a trusted list of keys specified in the configuration file. This means only manually added users can connect to the machine’s TUN interface. Untrusted network participants can’t even ping such an IPv6-Yggdrasil node, while transit traffic on the node is unaffected.

Since version 0.3.15, Yggdrasil allows not only blocking or allowing certain addresses, but also specifying encryption and signature keys when configuring a connection to a public peer. In the case of centralized employee connections to a public peer, this feature is especially useful, as direct key manipulation protects against theoretical IPv6 address spoofing attacks.

Technical Notes

Yggdrasil operates at a fairly high network level (L3), creating its own tunnels over regular TCP/IP. All internal network traffic processing requires operating system resources, mainly due to cryptography: before information is sent to the virtual network interface (which the OS treats like regular traffic), cryptographic operations are performed by the Yggdrasil service. On weak hardware, heavy traffic can cause slowdowns.

For local network operation (i.e., automatic peer discovery), IPv6 must be enabled on the computer’s physical network interfaces. On systems without IPv6 support (e.g., Windows XP), connecting to Yggdrasil is only possible by specifying the IPv4 address of a public peer (which can be a local address).

The network scales automatically: if one user in an isolated segment adds a public peer, the entire segment becomes part of the global Yggdrasil network.

Getting Started

Detailed instructions, a list of public peers, and a list of known internal network services are available on the official project page. The network client is cross-platform. At the time of publication, all major operating systems are supported: Windows, Linux, macOS, iOS, and Android.

To connect to the global Yggdrasil segment, you need to specify public peers in the configuration file. The list can be found at the link above in the “Public peers” section. After a successful start, visit the internal directory of the Russian-speaking community: http://[222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c]. It’s like Wikipedia, but inside Yggdrasil, and contains many practical guides and reference materials on the topic.

Yggdrasil will be of interest to network enthusiasts and administrators, as well as the younger generation—for example, for playing Minecraft on a pseudo-local network (as a replacement for Hamachi).

Postscript

In the early 2010s, the word “cryptocurrency” was almost unknown: it sounded like science fiction to some, and nonsense to others. Only a small group of people understood what it was about, and even fewer delved into the details and started exploring Bitcoin. Now there are countless cryptocurrencies, and the hype train has already left the station—jumping on the last car is not easy or cheap.

When you hear about mesh networks, you’ll be pleased to know that this train hasn’t left without you.