!HZvtqwrIOAPIxEmQJR:matrix.org

Yggdrasil Community

145 Members
english language only ; you came, you saw, you connected ; off-topic channel for #yggdrasil:matrix.org36 Servers

Load older messages


SenderMessageTime
22 Jan 2022
@gustafjt:matrix.orgJoel Gustafson joined the room.02:48:43
@Arceliar:matrix.orgArceliarthe other direction could be interesting... use a reverse proxy to make some clearnet sites/services reachable over ygg. for a lot of sites, that won't work without the site operator being on board with the idea, but there's probably at least a few things where it would work02:49:09
@Arceliar:matrix.orgArceliar(i'm thinking from the perspective of trying to generate some in-ygg traffic, just to help test for congestion problems etc)02:49:53
@vaultec:matrix.orgvaultec81
In reply to @ol:infoserver.lv
Yggdrasil is no more redundant than user's Internet connection. Theoretically, there can be a situation when somewhere deep in Internet there is BGP routing disruption between user's host and reverse prixy's host while other routes still exist around it, but it's very rare. Most connectivity problems happen at user's ISP.
Server outage, multiple servers forwarding traffic through yggdrasil to the client machine. Yggdrasil makes it extremely simple to do something like that. Plus if any physical networks are built using this, the multipath of hardware eventually hitting the public yggdrasil network could be useful.
02:50:30
@vaultec:matrix.orgvaultec81I would imagine if you have 2 servers trying to forward traffic to a client you'd need two separate VPN interfaces (one for each interconnect to the public server) which adds more complexity. 02:51:40
@vaultec:matrix.orgvaultec81I could be wrong of course 02:53:05
@ol:infoserver.lvOleg Girko
In reply to @vaultec:matrix.org
I would imagine if you have 2 servers trying to forward traffic to a client you'd need two separate VPN interfaces (one for each interconnect to the public server) which adds more complexity.
You can have several peers on the same interface with WireGuard.
02:53:06
@vaultec:matrix.orgvaultec81
In reply to @ol:infoserver.lv
You can have several peers on the same interface with WireGuard.
I understand, it's more complexity needing to add more config files. If a server migration occurs, all clients will need to redo config.
02:54:37
@ol:infoserver.lvOleg Girko
In reply to @vaultec:matrix.org
I understand, it's more complexity needing to add more config files. If a server migration occurs, all clients will need to redo config.
As with Yggdrasil peer migration.
02:56:29
@vaultec:matrix.orgvaultec81There is local LAN peering plus plenty of public peers that won't generally change addresses. I am also assuming yggdrasil is already setup and managed by the user. So adding more is redundant over head 03:00:06
@vaultec:matrix.orgvaultec81Autopeering might be worth exploring in general. Of course manual peering might still be needed 03:01:27
@ol:infoserver.lvOleg Girko
In reply to @vaultec:matrix.org
There is local LAN peering plus plenty of public peers that won't generally change addresses. I am also assuming yggdrasil is already setup and managed by the user. So adding more is redundant over head
LAN peering won't help you if none of peers have a peer outside of LAN configured manually.
03:02:24
@Arceliar:matrix.orgArceliarit works if you have connections to multiple networks03:02:53
@Arceliar:matrix.orgArceliaror direct connections to multiple nodes (same thing, just without switches in the way)03:03:30
@Arceliar:matrix.orgArceliarit's no different than connecting separate networks on the internet (separate ASes connected at peer exchange points, etc)03:04:14
@ol:infoserver.lvOleg Girko
In reply to @Arceliar:matrix.org
it's no different than connecting separate networks on the internet (separate ASes connected at peer exchange points, etc)
But nobody does this. You're talking about some hypothetical future when Yggdrasil is used by ISPs instead of traditional IP network, not by regular users on top of it.
03:06:50
@Arceliar:matrix.orgArceliarwell that's the point. it's a research project for how to route without the scaling or security problems that BGP runs into03:08:15
@Arceliar:matrix.orgArceliarnobody's ever supposed to actually use ygg, they're supposed to use some future IPvX, which would be designed to handle these problems better than current IP, and ygg is just exploring one part of the design space for such a future protocol03:09:32
@Arceliar:matrix.orgArceliarinternet peering is an anti-feature i added to deal with low node density, so local mesh networks can connect over the internet and share access to servers. it's a hack to try to bypass some of the network effect problems that make it hard to build a mesh network03:10:32
@ol:infoserver.lvOleg Girko
In reply to @Arceliar:matrix.org
internet peering is an anti-feature i added to deal with low node density, so local mesh networks can connect over the internet and share access to servers. it's a hack to try to bypass some of the network effect problems that make it hard to build a mesh network
Like IPv6 tunnel brokers that still exist because many ISPs provide just IPv4.
03:17:40
@Arceliar:matrix.orgArceliaryeah, that's kind of the idea. if we didn't have internet peering built in, then you could set up an off-the-shelf VPN or IP tunnel to nodes over the internet, and let auto-peering connect over that. but the manual peering code was actually easier to write than the link-local autopeering (and how i tested until I had auto-peering working), and it saves people the extra step / added complexity of deciding what VPN/tunnel to use, so we kept it as an option03:20:28
@Arceliar:matrix.orgArceliarthe intent was for people to build local mesh networks, and then link them over the internet. in practice, most "local" mesh networks consist of 1 node, or sometimes 1 node acting as a gateway + 1-3 other nodes on the same LAN, so the local networks are too small to be very interesting. a few places are experimenting with ygg in mesh networks that are meant to be city scale hobbyist projects, so those could become more interesting after they grow. the toronto mesh network and massmesh come to mind, but there may be more that i don't know about03:24:00
23 Jan 2022
@jgoerzen:complete.orgjgoerzen joined the room.14:14:46
@jgoerzen:complete.orgjgoerzenI've been thinking along those lines a bit myself. I've been reflecting on what differentiates Yggdrasil from tinc (which is a VPN with mesh routing also). I think the key is the ease of joining; tinc requires all nodes to know the public keys of all nodes before they can communicate. Not so here, which is fantastic.14:42:30
@jgoerzen:complete.orgjgoerzen... usually. It also means that there is more of a security question at the edge of a private mesh. How do you keep the public mesh out? Have to turn off multicast, limit who can connect by either network-level rules of the list of authorized public keys, etc.14:43:08
@jgoerzen:complete.orgjgoerzenI've been thinking that Yggdrasil could make an ideal setup in the Docker environment I have on my server at OVH. Run Yggdrasil inside each node and use it for communication instead of Docker's network directly. Would permit containers to run on the server, on some VPS somewhere, on my home network, etc. with ease - I'd just need to have a link between the sites somewhere14:44:02
@jgoerzen:complete.orgjgoerzenBut then it gets complicated if I want to offer services to the public Yggdrasil mesh, which I do.14:44:15
@jgoerzen:complete.orgjgoerzenI really appreciate the tunnel-over-Internet feature; it is killer for sure.14:44:58
@deavmi:matrix.orgTristan B. Kildaire
In reply to @jgoerzen:complete.org
I've been thinking that Yggdrasil could make an ideal setup in the Docker environment I have on my server at OVH. Run Yggdrasil inside each node and use it for communication instead of Docker's network directly. Would permit containers to run on the server, on some VPS somewhere, on my home network, etc. with ease - I'd just need to have a link between the sites somewhere

Would permit containers to run on the server, on some VPS somewhere, on my home network, etc. with ease - I'd just need to have a link between the sites somewhere

This is neat indeed, portability but in the deployment sense

15:54:42
24 Jan 2022
@honda:libera.chathonda joined the room.14:40:38

There are no newer messages yet.


Back to Room List