Thank you, Yggdrasil, for being just a compact routing scheme, not a semi-governmental military solution for implementing horrors beyond my comprehesion (they just love nordic or lotr names for that kind of things)
The Nazis were obsessed with a fictional occult quasi-mythology of the "Aryan" race that heavily appropriated Norse mythology and symbolism. The SS symbol was a pair of sun runes for instance.
I think they appropriate Tolkien (who despised the Nazis and their corruption of "Germanic" ideals and Norse mythology) because a lot of them are nerds who don't read too deeply into it, like how right-wingers and conservatives enjoy Star Trek while being completely oblivious to its progressive ideology.
> The Lord of the Rings is a great story, but I have to say, I’ve never understood the strange hold it seems to have on the imagination of a particular breed of technologists.
> As a story it’s great. It is pure fantasy of course (in the Chiang’s Law sense of being about special people rather than strange rules), full of Chosen Ones doing Great Man (or Great Hobbit) things. As an extended allegory for society and technology it absolutely sucks and is also ludicrously wrong-headed. Humorless Chosen people presiding grimly over a world in terminal decline, fighting Dark Lords, playing out decline-and-fall scripts to which there is no alternative, no Plan B.
Is Yggdrasil still using raw truncated ed25519 keys to determine the treespace root node? [1] If so, this seems to be an obvious network availability vulnerability. [2]
Note that Yggdrasil Linux/GNU/X (https://news.ycombinator.com/item?id=43923380) is unrelated to this project. That project is a GNU/Linux distro; this is a userspace overlay network.
I considered using Tailscale, but at the end of the day Yggdrasil is more inspiring to me. I like the idea of a network with no central authority delegating addresses. I hope that it takes off beyond just an overlay network. I'd be curious to try running it directly over some physical link without IP. Imagine if the world ran on something like Yggdrasil: anyone could plug in and get a publicly routable address. I think it would be great for decentralization and the open internet.
I share that sentiment. I've thought about combining yggdrasil with garage to create a sort of plug-and-play distributed storage pool shared with a trusted circle.
Though I wonder if the network routing would break down beyond a certain scale, or if it can be resilient against attacks. I don't know enough about the inner workings to be determine the weak points.
This project by mwarning42 is meant to test Mobile Ad-Hoc Mesh routing protocols. Out of the box supported are Babel, B.A.T.M.A.N.-adv, OLSR1, OLSR2, BMX6, BMX7, Yggdrasil and CJDNS.
Does anyone run private services for themselves on Yggdrasil by allowlisting specific IPs and piggybacking on the routing layer? I've thought about doing this but haven't tried it.
I wish TLS behaved better with private networks but I around certificates continues to mostly be oriented around the Internet.
I actually don't have firewalls set up on my devices that run Yggdrasil yet (please don't crack me). I haven't noticed any brute-force attacks on my SSH servers yet. Though I really should set up firewalls.
As for routing, I run my own node on a VPS, so all my edge devices are peered with that machine so routing is fine. Though when my machines are on the same network they automatically peer with each other directly.
I haven't noticed any bad actor traffic. Perhaps yggdrasil is still too obscure to bother attacking.
The stationary nodes are connected to several public yggdrasil peers that are geographically close by. The routing "just works", though connecting to a peer can take a few seconds, at first.
I don't run services on Yggdrasil yet, but I use it heavily to get static, publicly routable addresses for SSH purposes. It's very nice because Yggdrasil automatically finds peers on the local network, so my addresses still work for devices on the same local network, if there's no uplink.
I don't recall the year but it was a long while ago, the developer and CJD from cjdns were chatting about ygg, very similar projects just different projects.
The point was to put routing and privacy at the foundation of "the internet"
It was mostly a response to the knowledge of prolific government and corporate spying.
There are public nodes to piggyback on the legacy internet but it's another project that let's users build and control their own infrastructure, e.g. mesh-local
Actually, could anyone compare this to cjdns? On the surface they seem pretty similar. Docs say:
> Yggdrasil was created in order to build a decentralised routing scheme for mesh networks that can potentially operate at a global scale, motivated in particular by significant performance and scaling issues that were present in cjdns at the time.
Tailscale somehow found use for self-hosters, despite being wildly unergonomic for an all-Linux, non-corporate, network. Yggdrasil lacks marketing effort, but is otherwise a great option.
I can't tell if you're being sarcastic, but assuming you're not: Tailscale makes security easier because networks are private by default. To achieve a similar effect with Yggdrasil you'd have to use a firewall to whitelist the Yggdrasil IPs of all your devices. So it's more work to set up.
Huh? I thought one of the appeals of Tailscale is that security is done at the network level; plus that your network is private, so you don't get randos knocking at your ports.
Anyway; Tailscale is not your only network. If you’re on a laptop, you need to be able to log onto rando wifi networks. If you’re at home, you need to be mindful of your smart fridge going rogue. You need to run a firewall. Tailscale adds a separate, Tailscale-specific, firewall with centralized management. Now you have two firewalls.
Yggdrasil was my first distro, but I was evaluating it and another one back to back. I ended up sticking with SLS until I got a RedHat Linux book with a CD in the back - at retail, in brick and mortar book store. The next couple were Caldera and Mandrake, this time in tidy cardboard boxes with multiple discs and multiple books each. I think I got those both at computer/electronics stores. The latency was high, but the bandwidth of driving home with 7 discs was hard to beat at the time.
That is a remarkably content-free website. I tried (I think) all of the obvious pages, but still don't know in any detail, how do they handle routing differently from the normal internet.
Can anyone explain? They complain that routing on the internet is (somewhat) hierarchical to scale, but then don't explain their solution to the same problem(s).
The simplified choice has always been distance-vector, or link state. Are they a better attempt at one of these? Some new idea?
The novelty is that routing is based on cryptographic identity. Yggdrasil's IPv6 addresses are actually truncated representations of public keys. You configure the Yggdrasil software with a list of peers which it connects to over normal internet, but then when you route a Yggdrasil address your device talks to all its peers, who talk to their peers and so on until they find your destination. As I understand it, they optimize it by caching the routing information and using bloom filters to find the appropriate peer.
You have three devices at home, A, B and C.
Only device A have Internet connection and can connect to public Yggdrasil node. B can connect only to A and C. C can connect only to B.
Have Yggdrasil installed on all of them (and tell Yggdrasil about the peers), all devices would have access to full Yggdrasil network.
And? How is that novel? I read the site as saying the have a new, and better solution to how to do internet scale routing (in an overlay network, but that did not seem like a critical aspect)
Thank you, Yggdrasil, for being just a compact routing scheme, not a semi-governmental military solution for implementing horrors beyond my comprehesion (they just love nordic or lotr names for that kind of things)
ootl: what's the deal with hereditary purists and authoritarians appropriating nordic symbolism as dogwhistles?
It's where all of western history comes from so it's not very strange to be popular overall. It's not like us mythology is a thing.
All of Western history comes from the Nordic countries? News to me.
this commenter seems to have forgotten hellenistic greece or a little empire called... Rome? lmao
>It's not like us mythology is a thing.
It was before "Americans" came along.
Not really, it's just that the Americans and their culture got eradicated for the most part by the invaders/colonialists.
Maybe they shouldn't have let so many illegal immigrants in.
I think that that's exactly what the person you replied to was saying.
The Nazis were obsessed with a fictional occult quasi-mythology of the "Aryan" race that heavily appropriated Norse mythology and symbolism. The SS symbol was a pair of sun runes for instance.
I think they appropriate Tolkien (who despised the Nazis and their corruption of "Germanic" ideals and Norse mythology) because a lot of them are nerds who don't read too deeply into it, like how right-wingers and conservatives enjoy Star Trek while being completely oblivious to its progressive ideology.
Venkat Rao noticed this and turned it into a rather excellent essay: https://contraptions.venkateshrao.com/p/discworld-rules
> The Lord of the Rings is a great story, but I have to say, I’ve never understood the strange hold it seems to have on the imagination of a particular breed of technologists.
> As a story it’s great. It is pure fantasy of course (in the Chiang’s Law sense of being about special people rather than strange rules), full of Chosen Ones doing Great Man (or Great Hobbit) things. As an extended allegory for society and technology it absolutely sucks and is also ludicrously wrong-headed. Humorless Chosen people presiding grimly over a world in terminal decline, fighting Dark Lords, playing out decline-and-fall scripts to which there is no alternative, no Plan B.
Thank you for the link, that was a great essay and now I need to reread the Discworld novels.
Ah, the nerds, always itching to build the Torment Nexus from the classic novel Don't Build the Torment Nexus.
It's not hard to imagine what elf-rights were thinking of humans. Perhaps they even had a slur or two
Definitely for the dark elves.
I thought the name is a Max Payne reference.
Is Yggdrasil still using raw truncated ed25519 keys to determine the treespace root node? [1] If so, this seems to be an obvious network availability vulnerability. [2]
[1]: https://yggdrasil-network.github.io/2021/06/19/preparing-for...
[2]: https://news.ycombinator.com/item?id=27577201#27580938
Earlier discussions:
https://news.ycombinator.com/item?id=42155780
https://news.ycombinator.com/item?id=42158609
Thanks! Macroexpanded:
True P2P Email on Top of Yggdrasil Network - https://news.ycombinator.com/item?id=46080143 - Nov 2025 (38 comments)
Yggdrasil Network - https://news.ycombinator.com/item?id=44337902 - June 2025 (4 comments)
Yggdrasil is an experimental compact routing scheme that is fully decentralised - https://news.ycombinator.com/item?id=43921624 - May 2025 (53 comments)
Yggdrasil Network - https://news.ycombinator.com/item?id=42155780 - Nov 2024 (106 comments)
Yggdrasil Network - https://news.ycombinator.com/item?id=41669625 - Sept 2024 (3 comments)
Yggdrasil P2P mesh E2EE IPv6 network - https://news.ycombinator.com/item?id=30156551 - Jan 2022 (77 comments)
Yggdrasil – Early-stage implementation of an end-to-end encrypted IPv6 network - https://news.ycombinator.com/item?id=27577201 - June 2021 (102 comments)
Show HN: Yggdrasil Network – compact mesh routing experiment for mesh networks - https://news.ycombinator.com/item?id=18863554 - Jan 2019 (15 comments)
Announcing Yggdrasil Network v0.3 - https://news.ycombinator.com/item?id=18751991 - Dec 2018 (3 comments)
Yggdrasil: End-To-end Encrypted IPv6 Networking - https://news.ycombinator.com/item?id=18666245 - Dec 2018 (1 comment)
Note that Yggdrasil Linux/GNU/X (https://news.ycombinator.com/item?id=43923380) is unrelated to this project. That project is a GNU/Linux distro; this is a userspace overlay network.
Oops! Cut now.
It's been working well for me as a kind of poor-man's tailscale, connecting several VPS and several laptops.
I considered using Tailscale, but at the end of the day Yggdrasil is more inspiring to me. I like the idea of a network with no central authority delegating addresses. I hope that it takes off beyond just an overlay network. I'd be curious to try running it directly over some physical link without IP. Imagine if the world ran on something like Yggdrasil: anyone could plug in and get a publicly routable address. I think it would be great for decentralization and the open internet.
I share that sentiment. I've thought about combining yggdrasil with garage to create a sort of plug-and-play distributed storage pool shared with a trusted circle.
Though I wonder if the network routing would break down beyond a certain scale, or if it can be resilient against attacks. I don't know enough about the inner workings to be determine the weak points.
> Imagine if the world ran on something like Yggdrasil: anyone could plug in and get a publicly routable address.
Mmh, I heard that one before... It's one of the main points for ipv6 ( ・ั ﹏ ・ั )
yes exactly, that's why yggdrasil uses ipv6
Yes, except IPv6 still has central authorities, no? I can't just generate an identity, connect to a peer and be on the global network right?
Mesh Network Lab: Emulate routing of Babel, Batman, OLSR, BMX, Yggdrasil & CJDNS
https://github.com/mwarning
This project by mwarning42 is meant to test Mobile Ad-Hoc Mesh routing protocols. Out of the box supported are Babel, B.A.T.M.A.N.-adv, OLSR1, OLSR2, BMX6, BMX7, Yggdrasil and CJDNS.
Does anyone run private services for themselves on Yggdrasil by allowlisting specific IPs and piggybacking on the routing layer? I've thought about doing this but haven't tried it.
I wish TLS behaved better with private networks but I around certificates continues to mostly be oriented around the Internet.
Yes. All you have to do is whitelist your clients' yggdrasil addresses in your firewall.
in pf syntax:
Have you had issues with bad actors flooding you? And how are your routes (when you're stationary?) Just curious
I actually don't have firewalls set up on my devices that run Yggdrasil yet (please don't crack me). I haven't noticed any brute-force attacks on my SSH servers yet. Though I really should set up firewalls.
As for routing, I run my own node on a VPS, so all my edge devices are peered with that machine so routing is fine. Though when my machines are on the same network they automatically peer with each other directly.
I haven't noticed any bad actor traffic. Perhaps yggdrasil is still too obscure to bother attacking.
The stationary nodes are connected to several public yggdrasil peers that are geographically close by. The routing "just works", though connecting to a peer can take a few seconds, at first.
I don't run services on Yggdrasil yet, but I use it heavily to get static, publicly routable addresses for SSH purposes. It's very nice because Yggdrasil automatically finds peers on the local network, so my addresses still work for devices on the same local network, if there's no uplink.
it’s been “new” fir as long as i have known about it, over 5 years or so? or is this a different thing?
Doesn't look that active either. It unfortunately seems like there isn't a great use case for these networks that will adopt usage through the hurdles
I don't recall the year but it was a long while ago, the developer and CJD from cjdns were chatting about ygg, very similar projects just different projects.
The point was to put routing and privacy at the foundation of "the internet"
It was mostly a response to the knowledge of prolific government and corporate spying. There are public nodes to piggyback on the legacy internet but it's another project that let's users build and control their own infrastructure, e.g. mesh-local
Also see CJDNS, darknet project and hyperboria
Actually, could anyone compare this to cjdns? On the surface they seem pretty similar. Docs say:
> Yggdrasil was created in order to build a decentralised routing scheme for mesh networks that can potentially operate at a global scale, motivated in particular by significant performance and scaling issues that were present in cjdns at the time.
( https://yggdrasil-network.github.io/faq.html )
but that was a while back; where do they stand today?
I always thought of them as the same.basic idea, but CJD went on to make a network crypto thing that I never really understood.
Ygg and cjdns are the same from a cosmetic point of view just different developers.
IMO ygg is easy to install, cjdns was adding some new dev things that complicated the non developer experience, but that was a few years ago
Tailscale somehow found use for self-hosters, despite being wildly unergonomic for an all-Linux, non-corporate, network. Yggdrasil lacks marketing effort, but is otherwise a great option.
I actually use Yggdrasil in lieu of Tailscale because I love the idea of a decentralized routing system.
I never understand why people enjoy having a centralized control plane.
easier to implement and understand
I can't tell if you're being sarcastic, but assuming you're not: Tailscale makes security easier because networks are private by default. To achieve a similar effect with Yggdrasil you'd have to use a firewall to whitelist the Yggdrasil IPs of all your devices. So it's more work to set up.
You have to use a firewall anyway. If you use Tailscale, you have two firewalls, which is not strictly easier.
Huh? I thought one of the appeals of Tailscale is that security is done at the network level; plus that your network is private, so you don't get randos knocking at your ports.
What does “at the network level” mean?..
Anyway; Tailscale is not your only network. If you’re on a laptop, you need to be able to log onto rando wifi networks. If you’re at home, you need to be mindful of your smart fridge going rogue. You need to run a firewall. Tailscale adds a separate, Tailscale-specific, firewall with centralized management. Now you have two firewalls.
I mean, it just had a release in Feb 2026, version 0.5.13.
Not to be confused with the Yggdrasil Linux distro.
(Sometimes being first doesn't help.)
[1] https://en.wikipedia.org/wiki/Yggdrasil_Linux/GNU/X
Yggdrasil was my first distro, but I was evaluating it and another one back to back. I ended up sticking with SLS until I got a RedHat Linux book with a CD in the back - at retail, in brick and mortar book store. The next couple were Caldera and Mandrake, this time in tidy cardboard boxes with multiple discs and multiple books each. I think I got those both at computer/electronics stores. The latency was high, but the bandwidth of driving home with 7 discs was hard to beat at the time.
Or the yggdrasil daemon from Red Hat:
https://github.com/RedHatInsights/yggdrasil
That is a remarkably content-free website. I tried (I think) all of the obvious pages, but still don't know in any detail, how do they handle routing differently from the normal internet.
Can anyone explain? They complain that routing on the internet is (somewhat) hierarchical to scale, but then don't explain their solution to the same problem(s).
The simplified choice has always been distance-vector, or link state. Are they a better attempt at one of these? Some new idea?
The novelty is that routing is based on cryptographic identity. Yggdrasil's IPv6 addresses are actually truncated representations of public keys. You configure the Yggdrasil software with a list of peers which it connects to over normal internet, but then when you route a Yggdrasil address your device talks to all its peers, who talk to their peers and so on until they find your destination. As I understand it, they optimize it by caching the routing information and using bloom filters to find the appropriate peer.
Picture this:
You have three devices at home, A, B and C. Only device A have Internet connection and can connect to public Yggdrasil node. B can connect only to A and C. C can connect only to B. Have Yggdrasil installed on all of them (and tell Yggdrasil about the peers), all devices would have access to full Yggdrasil network.
And? How is that novel? I read the site as saying the have a new, and better solution to how to do internet scale routing (in an overlay network, but that did not seem like a critical aspect)
Was evaluating this recently, the lack of NAT busting was a dealbreaker.
You can make outbound connections to peers to avoid NAT.
yggdrasil-jumper aims to help with this