Back

@netopwibby So believe it or not, #IPv6 is so amazingly vast that a /64 is something of a standard unit of allocation. So, with #Yggdrasil, you could simply run Yggdrasil on every machine on your network. But what if some of them don't run it for some reason? Well then, you can hand them out IPs under your /64 using any of the existing schemes for doing so. Your Yggdrasil node can then be the gateway to the broader #Yggdrasil network. 1/

@netopwibby One way of allocating IPv6 addresses is to simply turn MAC addresses into the local part within a /64. See, for instance, radvd. 2/

@netopwibby #Yggdrasil can run atop the current #Internet -- or not. It is a whole Internet in itself, and it happens to be able to use an existing IPv4 or IPv6 network as a carrier, if desired. You might think of it as a re-invention not of IPv6, but of the routing, allocation, and security systems that undergird it. Yggdrasil is an auto-forming mesh, with all communication encrypted, and IPs derived from encryption keys. 3/

@netopwibby So there is no #BGP in #Yggdrasil. Yggdrasil is a tool for making internetworking happen - as indeed the Internet is (a "network of networks"). The article you're probably talking about is https://changelog.complete.org/archives/10319-make-the-internet-yours-again-with-an-instant-mesh-network and talks about the more personal use cases (laptops, etc). A /64 could be used for things like virtual hosting on a single node, or internetworking in the classical sense: each site gets a /64 and Yggdrasil figures out how to connect them together securely. 4/

@netopwibby So let's say you have a company with offices in five cities. You want the various networks to all see each other, seamlessly, and securely. A classic approach might involve VPNs. But then you quickly get into topology questions: who connects to whom? What happens if one site goes down - can all the others keep communicating between themselves? #tinc or #Yggdrasil can address this. 6/

@netopwibby With #Yggdrasil in this scenario, you could establish links from each site to each other site (if you wish). If a backhoe accident takes one of those links down, Yggdrasil will automatically figure out how to route traffic between A and B via, say, C. You can build up whatever topology you like, and you don't have to teach Yggdrasil about it - it will /discover/ it, and also discover and adapt to changes in it (such as outages). 7/

@netopwibby So compared to VPNs and leased lines, this is a lot easier to manage. Still, in my use cases, I haven't (yet) used the /64 because I have generally put Yggdrasil directly on each machine I want to use with it. But there are all sorts of options.

Basically, #Yggdrasil lets you build your own #Internet, how you like, without all the expense and complexity. Pretty nifty. /end

@jgoerzen This was incredibly enlightening, thank you for taking the time to ELI5 haha!

@netopwibby Checking out your profile, I should mention that one of the current challenges inside Yggdrasil relates to naming. There are a proliferation of approaches... You may be interested in it a bit. https://yggdrasil-network.github.io/services.html#dns covers some of the existing approaches: Meshname, Alfis, etc. I don't know enough about #Handshake to know if it would be useful, but just thought I'd mention.

@jgoerzen I think the possibility for synergy is high. My initial thought as I started to understand more about Yggdrasil was hosting a node from one of my Handshake TLDs, if not all of them.

Handshake is just more secure DNS by replacing certificate authorities with DANE/DNSSEC instead. Funny enough, I was researching BGP and ASNs last week to see about better integration with the current internet…but with Yggdrasil’s embedded security and IP space, why bother?

Thanks for this!