Threads for Stekke

  1. 1

    I’ve been using Yggdrasil for more than a year now, and I love it. All my servers and my workstation are connected to the network, and I use it to ssh between them.

    The coolest aspect of yggdrasil is IMO the built-in encryption at the network card level. Knowing that any p2p connection is fully encrypted AND authenticated is a huge step forward regarding full encryption, and it puts the encryption where it should be: at the link level rather than application. This means that older protocols like telnet, smtp, gopher, irc, … are all fully encrypted now, and there is no need to bother with when implementing them.

    My only real question about it, is as follows:

    Assuming Yggdrasil becomes a thing, and replaced the clearnet. How would ygg nodes peer with each others ? In the current implementation, Yggdrasil need an established network (either ipv4 or ipv6) to setup the peering betwen nodes, before they can start communicating.
    Would it be possible to simply cut that part, and have Yggdrasil directly assign ipv6 addresses to the network card, and communicate directly with other nodes ?

    1. 2

      Mesh networks have always been intriguing me, but they never seemed to work/scale all that well. It sounds like Yggdrasil might actually do well.

      Up to version v0.3.13 they had the IfTAPMode option to create a TAP interface. My guess is that you could’ve used that to bridge with a physical adapter. That way your network card would get a Yggdrasil based ipv6 address. It could discover Yggdrasil on your local Ethernet using NDP, which was implemented.

      As a way to replace the current IPv6 internet you can imagine that the modem/router supplied by your ISP runs a Yggdrasil node, and all the devices on the local Ethernet run one too. The ISP is also a Yggdrasil node that your router connects too. Now you’ve replaced the traditional IPv6 internet with a Yggdrasil IPv6 internet. Of course in practice ISP’s wont support Yggdrasil.

      But the nice thing is it’s just all 1 flat network, there are no routing tables, so anyone can add links/peers and the entire network can make use of that. So you could envision your WiFi access point peering with your neighbors, and theirs with their neighbors, and so on to create a giant mesh network.

      As cool as it is I do have 2 reservations:

      • As far as I can tell it has never been tested against people adding bad routes, on purpose or by lack of knowledge. For example someone peering from their home connection with their 2 VPN server on opposite sides of the planet. It seems very tempting to do because then you have a “direct” connection to your servers instead of going though several Yggdrasil peers. Except that connection still goes through multiple hops over the traditional internet, while the routing in Yggdrasil assumes you are adding direct wired/radio links. It sounds like you could severely degrade the network performance this way, from reading their blog post Practical peering.

      • The public keys are truncated to 64 bit for seemingly no good reason. IPv6 is 128 bits. They have to use a 32 bit prefix in order to not conflict with normal IPv6 internet usage. But then they supply a 64 bit network to each node? Why? The only reason given is that you might want to connect low powered devices that can’t run their own Yggdrasil node to the network. Who is going to connect 2^64 low power devices to a single Yggdrasil node? My guess is that it’s to allow the low powered devices to pick a random address rather then having to assign one. But this seems like such a rare use case to me that I would have rather seen this address space reduced to 16 bit, and have the public key truncated to just 80 bits, which seems a lot more secure.

      1. 1

        Thanks for the explanation ! I didn’t think about NDP to discover other nodes, it makes quite a lot of sens indeed.

        As far as I can tell it has never been tested against people adding bad routes

        I read that Yggdrasil uses a spanning-tree for the routing table, which, as I understand STP, it implies that if two routes lead to the same network, one of them will be disabled in favor to the other.

        The public keys are truncated to 64 bit for seemingly no good reason

        My guess here is that it’s pretty “common” among service providers to give out full /64 to their customers, so they went with the same idea here.
        Keep in mind that Yggdrasil is still a proof-of-concept, so they don’t need to “save” IPv6 addresses. If it ever gets adopted, it’ll probably be reworked against “practical” use-cases, and eventually grow the size of the keys (or make it variable in size, maybe?).

        1. 1

          I read that Yggdrasil uses a spanning-tree for the routing table, which, as I understand STP, it implies that if two routes lead to the same network, one of them will be disabled in favor to the other.

          Not much of a mesh network then?

          1. 1

            Indeed, but Yggdrasil was never meant to be a mesh network in the first place. I agree that on this part the article is misleading.

    1. 4

      Looks very good but too expensive in my opinion. The Vortex Race3 is also programmable with good keys and cost half of it.

      1. 4

        Yes, but,

        • Low profile milled aluminum case
        • Box switches
        • RGB backlighting
        • N-key rollover
        • Hotswap switch sockets
        • PBT dyesub caps in XDA profile
        • Semi-ergo 75% layout
        • QMK firmware
        • 2 port USB 3.2 gen 2 USB-C hub
        1. 2

          Note that the Vortex Race3 does seem to be a very similar keyboard, with a low profile milled aluminum case, RGB backlighting, Semi-ergo 75% layout and DSA profile caps (similar to XDA). It comes with Cherry MX switches though. I’m wondering if part of the cost increase (besides the USB hub) are those hotswap switch sockets with box switches. I’m not sure from a reliability standpoint if that’s even preferable to MX switches. I think the only big differentiating factor to most people is that USB hub. Would you pay double to price to get that though?

          1. 2

            It’s all about the price to essential features ratio. A Ford Fiesta drives very well and a Volkswagen Polo is much more expensive and … ehm … drives, too.