Two stories interested me this week in Hacker News and the IETF Internet draft announcement list. Both are about the modern Internet, addressing, and the divergence from the normal models of networking in use.
One explores the idea of decentralized ‘mesh’ networking, in a system called Yggdrasil.
The other builds on a concept I touched on at the end of last year discussing IPv6 addressing. Specifically, where to look for more information about IPv6 addressing models. It extends beyond the address level view — and the semantic addressing discussion taking place in the Internet Research Task Force (IRTF) — to encapsulate the problem of routing. That is, how to find things given their name and address.
Yggdrasil: Mesh networks on IPv6
The Yggdrasil model of mesh networking was raised in a piece titled Make the Internet Yours Again With an Instant Mesh Network. The model is an instance of IPv6 networking. It uses cryptographic public-private keying to determine the IP address ‘prefix’ to be used and routed in global commons.
The routing problem is resolved by using ‘public peer’ nodes that incur the burden of locating and routing traffic to the declared key-bound address. In that sense, it’s solving the BGP problem by ‘hand waving’ it to another entity, performing the same decision logic as BGP does.
Using public peer nodes isn’t that different to using ‘route default’ and relying on upstreams to compute the BGP best path. But small networks have to demonstrate that whatever mechanism used to do this routing can scale as well as BGP did. There is no aggregation equivalent in a hash-based address plan, and what the ‘path’ is hasn’t been made clear.
That’s why I call it hand waving.
A simple table lookup and distribution in a small set of peer nodes won’t uncover problems at the scale BGP sees (with 70,000 ASNs sharing 800,000+ routes) in terms of churn, instability, and path divergence. But unlike BGP, ‘edge’ address instances — that are now strongly bound to your keypair and are very much like an identity — can appear or disappear without provider input. It’s a ‘permissionless’ model of overlay networking.
Of note, the problems of cost and scale aren’t considered upfront. Like all overlay networks (Locator-ID Separation Protocol for instance), I suspect the cost is trivial when a small number of entities participate.
I don’t want to criticize the idea. I think this kind of secure, identity-based, highly mobile networking is interesting, and it comes with some useful benefits. For example, you can carry your secure identity around and maintain connectivity (subject to things like TCP keep-alive checks while you’re offline) no matter where you are.
Some of us use a different approach to solving this, by moving our application connectivity from TCP (which strongly binds to a specific IP pair) to UDP (which has no concept of a connected session in the protocol). This allows us to fluidly change the source address and have the state maintained by the server. For terminal sessions, this is what the Mosh does — it’s like SSH, but runs over UDP.
Yggdrasil is the same, except it takes place in the IP layer, not in the application. You still have end-to-end security, but it’s bound to your mesh address as the key, not your login identity. Yggdrasil also implements local network zero-configuration style auto-discovery, so you find peers in the local segment without having to rely on a name service. This is an old idea from the days of Appletalk (long since discontinued), that had every active node announce itself to a broadcast network. Once connected, you learned all hosts, printers, and devices automatically.
Another thing to consider is that Yggdrasil is an overlay model. It assumes the existence of an underlying IPv6 routed substrate network. That’s okay because the encapsulation costs are almost certainly lost in noise, considering all other packet overheads. And allowing for the problem of discovery at scale, the benefits are huge.
Personally, I’m fine with my local ISP giving me IP networks on temporary addresses, although I prefer long-lived ones. If I can move my hosting into this kind of mesh model, then I don’t have to care what ‘ephemeral’ addresses I am given by an ISP because I live inside this mesh, and I’m findable by my key address.
Semantic routing: Exploring complex models of the routing problem
In An Introduction to Semantic Routing, Adrian Farrel explores the different approaches to routing that emerge when considering the semantic contents of the packet or the semantics exposed in names and name-to-address mapping.
As Farrel notes, the concept of semantic routing is quite different to the current shortest-path first model of packet forwarding. It’s recognition that currently, semantic routing is almost always about the ‘interior’ network routing problem. That is, how to manage the routing inside your own AS.
Almost all ISPs currently use address distribution models based on the network prefix as a fundamental unit, bound to specific equipment and locations. Basically, a geographic distribution of addresses is created based on how many addresses are needed and where they are. The semantic addressing model raises much more complex considerations of both location of the resource (the routing problem) and its identity (bound to the address distribution problem, when a location is explicitly defined by a network prefix).
Ultimately, like the Yggdrasil mesh network, there is an implicit dependency on the globally connected IP network in place today as a substrate, upon which this kind of complex routing can take place. Unlike the mesh, semantic routing opens the door to alternative future models of inter domain routing that are currently handled by BGP. At least, it’s useful to discuss more complex path-selection using the BGP ‘add-path’ extension, based on (presumably) the semantic routing model.
Addressing the routing model?
The reason I found both these stories/concepts interesting is the potential impact they may have on APNIC’s core responsibility: The distribution of Internet number resources and the stability of the global default-free routing system. The current routing model is based on network prefix lengths and routing ‘slots’ in BGP speaking routers, so the two are inextricably linked. If the basis of address distribution changes, it cannot avoid impacting the nature of routing.
Yggdrasil, as an overlay network, has no immediate impact. But it does raise questions about the nature of the IPv6 prefix and the role of address distribution. Yggdrasil also questions the centrality, operation, and expense of mesh peer nodes in routing. As an overlay, it can only represent ’extra’ expense on top of the existing routing fabric, or whatever ultimately replaces it.
Semantic routing is more immediately amenable to applications inside the current address distribution model. It shows how interior routing models or interdomain routing can be constructed if that problem space can be solved by things like multipath in BGP.
However, that also means it has the potential to be a source of tension against the current address policy, which is heavily predicated on the Host-Density Ratio and basic ‘count the addressable objects in the location’ models of assignment. New semantics have the potential to consume more bits of the allocation or assignment of addresses, to represent semantic intent. It isn’t impossible to do this, but if it needs more bits than allowed for in the current address policy, it becomes a conversation about (probably global) address policy.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
“It [yggdrasil] assumes the existence of an underlying IPv6 routed substrate network” – ipv6 (or even ip4) not required on the substrate network. Currently, ethernet (layer 2), TCP4, TCP6 are supported. Previously, UDP4, UDP6 were supported as well on the substrate network. (Interesting discussion as to why there were dropped.)