Hyperboria: Routing

Continuing the series of articles on Hyperboria , this article will address the following aspects:
1) The number of IP addresses in Hyperboria, how they are generated.
2) Collisions and how to deal with them.
3) Why use the service (private) range of IPv6 addresses.
4) Routers and Hyperboria.
5) Routes and DHT.
6) Network security.

The number of IP addresses in Hyperboria

The total number of available addresses in Hyperboria is 1 329 227 995 784 915 872 903 807 060 280 344 576
IP addresses on the hyperboria network are generated using a pseudo-random random number generator, using the address of your network adapter when generating a Mac.

Thus, theoretically, you can theoretically get the same address as someone else on the network already has, but the probability of this is extremely small.

Collisions and how to deal with them

Since we found out that there can be two identical IP addresses in the network at the same time , then how is the traffic going between them?
')

1) First case - clients have different private keys

The traffic will be transmitted in the same way as Multicast to both IP addresses, but only the owner of the correct private key will be able to read it, the rest will be dropped by cjdns.

2) Second Case - the clients have the same private keys

The system will behave according to the Multicast principle; both nodes will be able to read traffic.

In other words - in order to hack the network and decrypt your traffic - you need to get your private key.

To determine the presence of a double, you can use the trace to your ipv6 address from another node, then turn off your node and do the trace again, it should be different. Or, using a similar scheme, use ping6.

Why use a service (private) IPv6 address range

The decision to use the private band was made for compatibility with existing IPv6 networks, so after connecting the virtual TUN0 adapter with this IPv6 address, the traffic that belongs to the private segment will go exactly there, without any modifications of operating systems.

Routers and Hyperboria

The OpenWRT firmware module was successfully developed, it is being tested now, a little later it will be available to everyone and the delivery of routers to those people who donated money to the development will begin.

How it works

After installing the firmware, the router creates 2 wireless interfaces, 1 - to create a normal wi-fi network, 2 - to connect to other nodes.

The router scans the network for the presence of known nodes every 30 seconds and tries to connect to them, if the connection is successful - the keys are exchanged and the connection is established.

Clients behind the router are given a gray private ipv6 address which, that is, the router operates in the Nat mode, if the client has a cjdns client installed then the connection to the router occurs via the second network.

Routes and DHT

Suppose you are connected to node 1, and your friend is at node 650, you need to pass information to it.
The scheme for obtaining the route will be as follows:
1) Your site will try to search the path to your friend in its routing table.
2) If it is not found there will be a request on the DHT network to the node above the level (or to all the nodes to which you are connected)
3) If the route is still not found, a packet will be sent to everyone on the network for a node search, the first authorized reply that arrives is considered correct

- In the future, the request can be repeated only after 10 minutes, and the time will increase each time when you re-request.
Perhaps you will say, “And if I move on the machine in turn, connecting to different wi-fi access points and the route changes, then what to do?”
- When connecting to an access point, you yourself inform your route when entering a particular resource, thus a search request for your route will not be required.

Network security

It is impossible to conduct the following attacks on the Hyperboria network:
1) MITM - if there is an untrusted node inside your route, it will not be able to process packets not belonging to it
2) Connecting to a fake host - Even if you gave him the public key, he still cannot read the information that belongs to you.
3) DPI on the network can not work for the reason number 2
4) Your IPv6 address cannot be mapped to real

Results

In the near future, a ported version of the Windows application should come out, this will allow simple users to connect to the network in two clicks.

Imagine a future in which all information is encrypted and transmitted by a secure channel by default, which cannot be censored, a future in which everyone has an external address.

Perhaps the bans on freedom of information have benefited progress; it is unlikely that with complete freedom of information we would have received such progress on cryptography systems and decentralized networks.

And finally, the network looked like this 2 weeks ago http://hype.rusblock.com/cjdnsmap/map_old.png and now http://hype.rusblock.com/cjdnsmap/map.svg

Node 9c0e - public node

According to the topic http://habrahabr.ru/post/183474/ you can try to build your own Hyperboria Mesh network in Russia. It should not fall under the laws on providers or on communications, due to the fact that the channel is provided from the user to the user, the concept of "network" does not apply to Hyperboria.

More about Hyperboria:

Hyperboria: Internet 2.0
Hyperboria: How it all works
Network Forum