I was intrigued by Yggdrasil, so much that I built a similar network, also using concepts of other networks in that realm.
It uses a logical world map for improved address space allocation and routing as well as source routing. Private non-routable addresses for better privacy are planned.
AFAIK no MAC addresses are involved. It assigns you a new IP address, internal to the network, a bit like a VPN.
evbogue · 11h ago
yah it's good for logging into computers or accessing servers behind NAT. It's kinda an antidote to this world that's still hooked on ipv4 like it's 1992 or whatever.
beanjuiceII · 15h ago
some of us even still have Yggdrasil installation media
smackeyacky · 8h ago
I have a book and cd. I tried using the cd image with Qemu but I couldn’t work out how to get the CD interface going. It requires some ancient device emulation (I want to say the creative soundblaster CD interface) but I’m not sure the limited ones it knows about are in qemu.
genewitch · 7h ago
Try PCem
It has ancient stuff. I got os/2 warp and win98 running fine (with voodoo graphics!)
Having more trouble coming up with a plan to get bsd or Linux on it. So far I got Debian 9 installed and I'm going to install Gentoo from within on a new vhd.
I know 98 and warp aren't technically ancient, but I had gotten the Xerox star 8010 emulator running well yesterday and went to work on pcem.
If this is interesting to you, there's also a new edge mesh protocol which would dovetail into it well called MeshCore. MeshCore is LoRa and MCU focused, works at L2. Ygg is L3 and could run at e.g. your LoRa SBC gateway to provide seamless global distribution of edge mesh chats and sensor relays.
Shortest path is fundamentally problematic in networks. The shortest path isn't always the best path.
The shortest path might be a 1Mbps link with high latency. The 'best' path might be several 100Mbps links with low latency chain together.
easygenes · 12h ago
Ygg doesn't operate strictly as a shortest path protocol. It prefers lowest latency links already and they're roadmapped to handle link cost / dynamic weighting / link congestion. They're targeting a blended weighted metric overlay which would certainly prefer the chain of quick/fat links.
jazzyjackson · 11h ago
I ask as someone hyped about decentralized protocol but only following ygg from a distance -- who are they building it for, is there a use case or commercial customer that wants this, or is it more of an idealistic/political endeavor ? I guess I'm wondering how mature the org behind it is, if they're setup for the long haul or taking steps forward when they can, on a hobbyist basis.
sunshine-o · 7h ago
It doesn't seem to be any formal org behind (and the main dev seems to work on NATS)
Most of the referenced public peers are in Russia, the US and Germany it seems [0]
I just installed it and it gave me a routable ipv6 address on my shitty little VPS that didn't have one. I'm guessing that if I put this on my laptop then that too will have an ipv6 address and I can communicate from my laptop to the server via ipv6, like tailscale; and vice versa I guess. Playing with it now. Basically link all of your devices to the network and it gets an IPv6; but ...the IP changes every time its run based on getting new keys. So, rolling keys by default? Haven't tested. But I guess if I keep the same key, the IPv6 that's assigned to it remains the same?
Will update later, because the yggdrasil website leaves me more confused than answering anything.
I've seen it posted and cheered about over socials (lemmy, hnews, reddit); might be cool to test.
From the docs:
> However, autoconfigure mode allows you to quickly start Yggdrasil using sane-ish default settings, with yggdrasil -autoconf. In this mode, Yggdrasil will automatically attempt to peer with other nodes on the same subnet but will not attempt to connect to public peers by default. It also generates a random set of keys each time it is started, and therefore a random IP address each time.
> I started using yggdrasil yesterday. The ability to get a static IPv6 address on a meshnet, with encrypted traffic by default, and the option to only accept inbound connections from public keys I trust is incredibly cool. Just like that I can access any of my devices that run ygg from anywhere using standard tools like git or ssh (or git-annex). It makes it really easy to network my devices together without having to screw around with split tunneling a wireguard server and create a DIY set of services to, for example, remotely manage my devices or sync things from one to the other, and that's just for starters. Feels like the Unix philosophy actually being useful for once
Is there a non-encrypted alternative to these things? There's lots of projects with services both paid and free, all having encrypted data transmission.
I'm looking for encrypted coordination with unencrypted data transmission for performance reasons in IoT devices, because the data itself is already encrypted (e.g. only https going through the tunnel).
bawolff · 14h ago
Is there a paper somewhere explaining their system in detail?
drob518 · 1h ago
Yea, the website was conspicuously opaque about the protocol. Having lived in the networking and IP routing world for decades, that makes me suspicious that this thing is yet another non scalable system. But hey, I’m willing to be convinced.
api · 15h ago
The challenge with these schemes is always making them robust against intentional attacks.
It’s hard enough to do that for centrally regulated systems. There are whole giant companies like Cloudflare that mostly exist to do that.
With a fully decentralized mesh if someone finds a working attack there is no good way to coordinate a response.
Small hobby and research nets can get away with that, but if anything like this ever got popular or even close to mainstream it would be destroyed. This is especially true if there were any way to make money by ruining it.
Animats · 9h ago
> The challenge with these schemes is always making them robust against intentional attacks.
Right. You join the network by generating a random IPv6 address and telling someone about it. So anyone can generate vast numbers of dummy node addresses, which everybody has to track. Now you need spam filtering.
sunshine-o · 9h ago
Yes but from my understanding one should not tell anybody about their IP as it is directly derived from a public key [0].
So in practice if you have doubts that your private key might have been compromised you must change your IP ASAP.
So I guess serious Yggdrasil users rely rather on a solid DNS system to manage identities and configure things. They actually need it more than the public internet !
This is the problem the blockchain & Ethereum people bumped into quickly: the 'key = identity' paradigm is elegant but in practice you need an abstraction on top to do anything serious.
I see they do have a DNS infrastructure in place [1] but most of the network services point to IP addresses, what really doesn't make sense to me.
Another related issue is that decentralized networks are often targeted by attackers more than centralized ones, since a common use case for these networks is sharing information that the central entity (or some power that can coerce the central entity) does not want shared, e.g. organizing in authoritarian regimes, illegal file sharing
jazzyjackson · 10h ago
I don't know how ygg handles nodes but there's no reason a mesh network has to just accept random new peers, you could do something like mTLS where peers have to present certificates distributed out of band.
nine_k · 15h ago
Is there no way to blacklist nodes?
dexterdog · 14h ago
Or throttle new node cration
fsflover · 11h ago
Could you solve this by running something like I2P on top of the mesh network? I2P has implemented strong protections against typical attacks.
kachapopopow · 15h ago
Why do I remember minecraft using yggdrasil at some point. Maybe just a name clash of a java library.
codetrotter · 15h ago
Yggdrasil is from Norse mythology. So I’m not surprised that a bunch of different people name software after it.
wow thanks for the link, the UFO style ring interface floating over a honeycomb is extremely similar to a GUI I designed once, didn't realize Digimon had prior art on it.
privong · 13h ago
Indeed; Yggdrasil is also the name of a set of models of the emission from stellar populations:
Is firewalling the yggdrasil adapter susceptible to IP spoofing?
cyberax · 13h ago
Interesting. There's a fundamental vulnerability in mesh routing: you either have to control addressing, or a malicious actor can flood the network topology with bogus data.
Just imagine somebody generating 10000000000 addresses and flooding everybody with that information.
It looks like Yggdrasil doesn't address (ha) this vulnerability? It kinda side-steps it by requiring enrollment through an already trusted node?
mikeyg · 7h ago
at least in the original implementation of this protocol (cjdns) there was already a tiny bit of proof of work happening in address generation. forgive me as this knowledge is over a decade old but it involved finding a curvecp private key that scalmults into a public key that (maybe whose hash?) begins with some specific number. this number is what's actually used as the ipv6 address. and that specific number is the routable ipv6 prefix.
the process would be run again and again during configuration generation until a key that fit this criteria was found. one could up the difficulty of this process considerably.. though not in a protocol backwards-compatible way.
you also needed to find a peer.
but yeah that's a gnarly hole.
getcrunk · 13h ago
Mesh/decentralized networks seem poised to finally take off and become widespread. Unfortunately I don’t think it will be in the form of a cyber utopia free of control but a tool of power and surveillance, networking ai powered robots (swarm based weapons) and other smart things
It uses a logical world map for improved address space allocation and routing as well as source routing. Private non-routable addresses for better privacy are planned.
https://mycoria.org
It will see more development over the next years, as I will be using it in an upcoming project.
Happy to answer any questions you have here.
Does this thing involve a MAC address?
https://news.ycombinator.com/item?id=40828774
I know 98 and warp aren't technically ancient, but I had gotten the Xerox star 8010 emulator running well yesterday and went to work on pcem.
5 months ago (324 points, 107 comments) https://news.ycombinator.com/item?id=42155780
2022 (216 points, 78 comments) https://news.ycombinator.com/item?id=30156551
2019 as a Show (120 points, 15 comments) https://news.ycombinator.com/item?id=18863554
https://github.com/ripplebiz/MeshCore https://youtu.be/fNWf0Mh2fJw https://chatgpt.com/share/681c281f-0a24-8011-8ec9-6d58ce3db0...
- [0] https://reticulum.network/manual/interfaces.html#listeners
The shortest path might be a 1Mbps link with high latency. The 'best' path might be several 100Mbps links with low latency chain together.
Most of the referenced public peers are in Russia, the US and Germany it seems [0]
- [0] https://publicpeers.neilalexander.dev/
Will update later, because the yggdrasil website leaves me more confused than answering anything.
I've seen it posted and cheered about over socials (lemmy, hnews, reddit); might be cool to test.
From the docs: > However, autoconfigure mode allows you to quickly start Yggdrasil using sane-ish default settings, with yggdrasil -autoconf. In this mode, Yggdrasil will automatically attempt to peer with other nodes on the same subnet but will not attempt to connect to public peers by default. It also generates a random set of keys each time it is started, and therefore a random IP address each time.
yggdrasil[3510010]: 2025/05/08 08:37:16 Starting up...
yggdrasil[3510010]: 2025/05/08 08:37:16 Startup complete
yggdrasil[3510010]: 2025/05/08 08:37:16 Starting multicast module
yggdrasil[3510010]: 2025/05/08 08:37:16 UNIX admin socket listening on /var/run/yggdrasil/yggdrasil.sock
yggdrasil[3510010]: 2025/05/08 08:37:16 An error occurred starting TUN/TAP: permission denied
2025/05/08 08:37:16 Your public key is fab6caf3ae8895f5001398763db27d8e2f72f8278f44b543ba58b6658c>
yggdrasil[3510010]: 2025/05/08 08:37:16 Your IPv6 address is 200:a92:6a18:a2ee:d415:ffd8:cf13:849b
yggdrasil[3510010]: 2025/05/08 08:37:16 Your IPv6 subnet is 300:a92:6a18:a2ee::/64
So, saw a comment here from https://news.ycombinator.com/item?id=30156551 :
> I started using yggdrasil yesterday. The ability to get a static IPv6 address on a meshnet, with encrypted traffic by default, and the option to only accept inbound connections from public keys I trust is incredibly cool. Just like that I can access any of my devices that run ygg from anywhere using standard tools like git or ssh (or git-annex). It makes it really easy to network my devices together without having to screw around with split tunneling a wireguard server and create a DIY set of services to, for example, remotely manage my devices or sync things from one to the other, and that's just for starters. Feels like the Unix philosophy actually being useful for once
I'm looking for encrypted coordination with unencrypted data transmission for performance reasons in IoT devices, because the data itself is already encrypted (e.g. only https going through the tunnel).
It’s hard enough to do that for centrally regulated systems. There are whole giant companies like Cloudflare that mostly exist to do that.
With a fully decentralized mesh if someone finds a working attack there is no good way to coordinate a response.
Small hobby and research nets can get away with that, but if anything like this ever got popular or even close to mainstream it would be destroyed. This is especially true if there were any way to make money by ruining it.
Right. You join the network by generating a random IPv6 address and telling someone about it. So anyone can generate vast numbers of dummy node addresses, which everybody has to track. Now you need spam filtering.
So in practice if you have doubts that your private key might have been compromised you must change your IP ASAP.
So I guess serious Yggdrasil users rely rather on a solid DNS system to manage identities and configure things. They actually need it more than the public internet !
This is the problem the blockchain & Ethereum people bumped into quickly: the 'key = identity' paradigm is elegant but in practice you need an abstraction on top to do anything serious.
I see they do have a DNS infrastructure in place [1] but most of the network services point to IP addresses, what really doesn't make sense to me.
- [0] https://yggdrasil-network.github.io/privacy.html#network-ide...
- [1] https://yggdrasil-network.github.io/services.html#dns
https://en.wikipedia.org/wiki/Yggdrasil
Just like many might pick cool and important names from Greek mythology for example, like Poseidon.
https://en.wikipedia.org/wiki/Poseidon
https://wikimon.net/yggdrasill
https://www.astro.uu.se/~ez/yggdrasil/ReadMe.txt
https://www.astro.uu.se/~ez/yggdrasil/yggdrasil.html
Just imagine somebody generating 10000000000 addresses and flooding everybody with that information.
It looks like Yggdrasil doesn't address (ha) this vulnerability? It kinda side-steps it by requiring enrollment through an already trusted node?
the process would be run again and again during configuration generation until a key that fit this criteria was found. one could up the difficulty of this process considerably.. though not in a protocol backwards-compatible way.
you also needed to find a peer.
but yeah that's a gnarly hole.