Opennet

Stephen Oliver edited this page Apr 3, 2017 · 2 revisions
Clone this wiki locally

Opennet

Opennet is the mechanism by which most Freenet nodes connect to each other.

An opennet, for Freenet purposes, is a network where connections are automatically created by the node. The node comes prepackaged with a list of seed nodes to which the node may connect. Once a connection is established between the node and the seed nodes, the seed nodes provide a list of more nodes to connect to, and they do they same, etc. This process happens continually while the node is running, without any user intervention.

Architecture

A node running in opennet mode makes connections to other opennet nodes automatically.

Unlike darknet, you do not need to know anyone else running Freenet to use opennet. A node can use only opennet connections, only darknet connections, or a hybrid of both. Regardless of the mechanism used, the node can talk to the entirety of the Freenet network (in general; small, isolated darknets are possible).

Various heuristics are used to determine when to accept new connections, and when to drop old connections.

Incoming connections are broken into three categories:

  • old nodes reconnecting (because they went offline)

  • announcements

  • path folding.

A limit on the maximum number of connections is computed from the output bandwidth limit in the node configuration.

When a new connection is formed, it enters a grace period of 10 minutes, during which it cannot be dropped. The number of connections in the grace period is limited per connection type (1/5 of total for each of announcement and reconnect, 1/2 of total for all three combined).

A new connection attempt is only accepted if there is an open grace period slot of the appropriate type, and either the total number of connections is less than the maximum or the node can drop a different connection to make room for the new connection.

Old connections can be dropped when they are out of their grace period, and only one old connection may be dropped every 5 minutes per type of incoming connection that it is being dropped to make room for. Additionally, there must be at least 10 successful CHK requests between each time an old connection is dropped. The connection to be dropped is determined by LRU: the connection which least recently completed a successful CHK fetch is the one that will be dropped.

Seed node

Seed nodes are used for opennet bootstrapping. An opennet node will, on startup, connect to seed nodes. It will use these connections solely to gather regular opennet connections through announcements (see below), not for routing requests.

Seed nodes are nodes that are listed in the node's seednodes.fref file. These nodes must have the "be a seednode" config option enabled.

The seednodes.fref is updated automatically if enabled in the Auto-update configuration.

If you run Freenet, please consider becoming a seed node - we always need more. Seed nodes are used to bootstrap new nodes into the network. The current ones are under fairly heavy load, so we need more to distribute it. If you have a node that is online 24/7 or nearly so, with reasonable uplink bandwidth (256 kbit/s link or so), please volunteer to be a seednode. Contact the development mailing list or IRC if you are willing.

You need to be:

  • Online 24-7
  • Have a static IP address, or nearly static, or dyndns
  • Port forwarded (i.e. you need to be able to accept incoming packets on your opennet port)
  • Have reasonable bandwidth (256kbps+ upstream)

Announcement

Nodes join opennet by connecting to seed nodes and sending announcements. These announcements are sent to other nodes, which accept them to make a connection to the new node:

Process
  1. A new node connects to a seednode using FNP
  2. The new node sends an announcement request including it's own noderef
  3. The request is routed through the seednode's peers towards the location of the node
  4. Other opennet nodes that receive the announcement request can send their own noderef back to the new node, or send an explicit "not wanted" message

Announcement should continue for a full 18+ HTL "hops", at the end the totalAdded + totalNotWanted replies received by the new node should be >= 18.

Once on the network, a continuous process of connection churn is used to maintain the correct network topology. The location of a node on opennet remains fixed, and it attempts to form connections to other nodes appropriate to its location. The connection churn happens through the path folding mechanism.

Security

Though opennet is much easier for the user (compared to creating connections in a DarkNet), it is vulnerable to harvesting, and therefore can be blocked very easily.

This was a known problem with Freenet 0.5, and it led to it being blocked by the Chinese firewall.

Furthermore, mobile attacker source tracing is much easier, which might allow tracing content authors fairly easily with limited resources (inserting stuff as SSK and never reinserting helps with this), and connecting to every node on the network and surveilling them is probably feasible with moderate resources (probably affordable for a large corporation even with a largish network). We're working on it!

For a breakdown of possible attacks on Opennet, see Opennet-Attacks.