Prologue

Introduction Core Concepts Block Data & Operations Secure & Private by default User Cases Overall Workflow

Quick Start

Overview DNet Admin Overlay Cloud Provider End User

Run App on ĐNET

Run Tinc-VPN on ĐNET Tinc-VPN Introduction Tinc App Driver Tinc OVC Driver Data Files Folder DNetDB Structure Node Roles DNet Owner Node OVC Owner Node OVC Cloud Instance App User Node

Port App to ĐNET

Port Tinc-VPN to ĐNET Build From Source DNetDB CRUD OVC Implementation App Implementation App command line

Working with data

DNet Record OVC Record

D.Network Core Concepts

Components Diagram

Overlay

Private Overlay Network

The private overlay network, a.k.a. Virtual Private Network (VPN), is referred as dnet or ĐNet or DNet.

ĐNet is an abstract private overlay network, attached to the Internet underlayer as end points. The main attributes of the ĐNet are:

  • A list of member nodes as identified by their public key
  • Directive or pointer to the associated Overlay Cloud (OVC).
  • Overlay Relay (OVR) node to help creating tunnel between member nodes without no public IP address and could not "punching NAT hole".

The OVC instantiates the abstract ĐNet with the protocols, capabilities and features which are specific for each ĐNet. Overlay

Components

ĐNet DB

ĐNetDB is the meta-data for the DNet. A record in the ĐNetDB defines a ĐNet, e.g. adding a new record means creating a new ĐNet. The database CRUD operation logs are stored on blockchain,similar to Bitcoin's transaction ledger. Each dnet record stores a list of nodes and directive or pointer to the associated OVC and OVR. Similar to Bitcoin's token, the dnet record belongs to its creator and is locked by creator's public key. Only its creator can use signature script to unlock it and add/delete nodes & assign OVC/OVR.

Learn more about ĐNetDB

ĐNet Node

The nodes are the networking elements to get connected and run App within a ĐNet. It can be any device, like computer, mobile phone or embedded device. A node lives within the scope of individual ĐNet and it can be in multiple ĐNets at the same time. DNet Node is the host to run DNet App.

The two main attributes of node are for networking:

  • The crypto keys, including both private key & public key (PubKey), Its PubKey serves as its Crypto ID in the address namespace, similar to the Bitcoin's wallet address. The PubKey is also used to encrypt traffic. The address based on crypto key is referred as C2PKH in DNet..
  • Assigned virtual IPv4/IPv6 address. The virtual IP address is the bridge to the Layer 3 network and used to set the routing table.

The node does NOT need a public IP address, it will instead use OVC to find peer nodes.

Overlay Cloud

Overlay Cloud (OVC) is the cloud backend for each ĐNet. The OVC defines the protocols, capabilities and features for each ĐNet. OVC is the concrete implementation of the abstract ĐNet as defined in blockchain. For example, an OVC with SD-WAN control and data plane capability creates a Layer 3 overlay network for the ĐNet member nodes. Since the OVC has no access to the encrypted traffic, the OVC can be either self-managed or outsourced without sacrificing privacy.

OVC is multi-tenant, meaning a cluster of OVC nodes can server multiple DNETs and information is automatically segmented among different dnet.

The two main attributes of overlay cloud are for functions as the cloud backend:

  • The crypto keys, including both private key & public key (PubKey), Its PubKey serves as its Crypto ID in the address namespace, also known as C2PKH (ConnectTo Public Key Hash), similar to the Bitcoin's P2PKH wallet address (PayTo Public Key Hash). The PubKey is also used to encrypt traffic.
  • The accessible IPv4/IPv6 address for the dnet member nodes to connect to, either public IP address/domain name or virtual IP address within a dnet.

The above meta data is locked by OVC Provider's key and can only be managed with the creators' account.

Since one of OVC major roles is the rendezvous point for all member nodes, it usually has public IP address. The OVC can compose a cluster of nodes for high availability. For third-party OVC, the dnet owners usually subscribe the OVC services. The subscription payment is enabled with ĐNet token smart contract, as well as usual credit card payment.

Learn more about Overlay Cloud

Overlay Relay

The above OVC nodes help peer nodes to find each others' accessible IP address, based on which the peer nodes try to make the direct connection. This is similar to a Session Traversal Utilities for NAT (STUN) process as defined by IETF RFC3489. However, because of the variety of the network topologies, the STUN process might NOT lead to a direct tunnel between peer nodes, then Traversal Using Relay NAT (TURN RFC5766) is needed to established relayed tunnel between a pair of peer nodes. The Overlay Relay (OVR) nodes fulfill the TURN function.

The location and bandwidth of the OVR node determines the quality of the relayed tunnel. OVR nodes are usually paid resources in a dnet.

ĐNet App

ĐNet App is the software running on ĐNet Node. The interface to ĐNetDB is generic and new App and OVC can be easily added using the ĐNet SDK.

The first implemented ĐNet App is a Layer 3 Overley Network, also known as SD-WAN. The OVC cloud backend is the control plane and the OVR nodes form the data plane for the SD-WAN.

The benefit of the decentralized SD-WAN is that the core meta info are securely stored in the open blockchain and full automation can be applied to greatly simplify the configuration and setting.

Learn more about ĐNet App

Data Tunnel

The data tunnel is UDP connection between nodes (DNet App), established with the help of the rendezvous OVC nodes. Once the accessible IP addresses are exchanged between peer nodes, the peer nodes try to establish connection in the following order:

  1. direct connection;

  2. relayed connection through other peer nodes in the same dnet, e.g. when nodeA and nodeB can't connect directly, but can both establish direct connection with nodeC, then NodeC will automatically act as the middle relay node for nodeA and nodeB;

  3. relayed connection through OVR nodes.

    Whenever nodes join or leave the dnet, the above process will be run to change the connection topology accordingly.

Crypto ID

Paramount Crypto ID

Like IP address is fundamental for Internet, Crypto ID is paramount on ĐNet platform. The namespace on ĐNet is the Crypto ID for ĐNet, OVC and its member node. A dnet is created by associating a ĐNetID with a list of NodeIDs and OVC_ID.

The assigned Virtual IP for each node serve as the bridge from Crypto ID to the Layer 3 IP network and standard TCP/IP applications.

Crypto IDDescriptionPublic Key
dnetIDdnet record IDhash of dnet pubkey
nodeIDnode crypto addresshash of node pubkey
ovcIDovc record IDhash of ovc pubkey

C2PKH Node Identifier

C2PKH stands for Connect To PubKey Hash, similar to Bitcoin's P2PKH (Pay-To-Pubkey-Hash) script. The nodes are identified by the C2PKH, instead of the public key directly.

A c2pkh looks like this 1FCz4ZvgZfPJNLesrqhLmvoTMgtw1ABkaF, which has 34 characters.

ID and Location Split

Internet uses IP addresses and relies on the Classless Inter-Domain Routing (CIDR) for allocating IP address and IP routing, and Border Gateway Protocol (BGP) to exchange routing information between Autonomous Systems (AS) Zones. The location information or the address-book is implicitly carried in the subnet mask or the hierarchical structure of each TCP/UDP packet. In many use cases, it is desired to split the ID and location for flexible networking.

User Role Types

There are three types of roles in the DNet ecosystem:

  • Overlay Network Admin (dnet-admin): admins use dnetcoin wallet's dnetcoin-cli commands to manage the dnet records, e.g creating a new dnet and add/delete member nodes, assigning ovc resources;
  • Cloud resource provider (ovc-provider): ovc is the cloud backend of the overlay network. The ovc resource admins use dnetcoin-cli commands to register ovc cloud resources into DNetDB and app-cli commands to add authorized dnet.
  • End user (end-user): end users run app-cli commands or easy-to-use Apps with GUI to initialize, start, join and connect an overlay network.

The Admin creates and manages the DNet, the cloud resource providers contribute application and bandwidth for the end users.

Software Defined WAN

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services to securely connect users to distributed applications. An SD-WAN uses a centralized control function to securely and intelligently direct traffic across the WAN. This increases application performance and delivers a high quality user experience, resulting in increased business productivity, agility and reduced costs for IT.

DNetwork is a decentralized platform to create SD-WAN easily and secure.

Edit this page on GitHub

On this page