...

docs/key_innovations_overview/network/_category_.json

@@ -0,0 +1,7 @@
+{
+    "label": "Network",
+    "position": 6,
+    "link": {
+      "type": "generated-index",
+    }
+  }

docs/key_innovations_overview/network/compare.md

@@ -0,0 +1,20 @@
+---
+title: Compare
+sidebar_position: 20
+---
+
+
+|                             | ThreeFold Network Layer                                                           | Other Overlay Network Technologies (like VPN)                                                                               |
+|-----------------------------|-----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|
+| Management                  | Full P2P, done by 3bot Agents, blockchain IT contract                             | Centralized leading to security issues                                                                                      |
+| Locality                    | Find shortest path on latency and quality, this allows traffic to stay sovereign. | NO, based on centralized control mechanisms or inefficient algorithms that route traffic indiscriminately across the globe. |
+| Encryption                  | End2End ecryption, unique for every relation, linked to private key               | Normally based on key exchange, or pre-shared keys.                                                                         |
+| Post Quantum                | Possible (ask us)                                                                 | No                                                                                                                          |
+| Scalability                 | Our aim is to be planetary scalable, but we need more exposure.                   | Bad                                                                                                                         |
+| Compatibility               | We aim to support mobile, desktop, IOT, ...                                       | Depends, often not                                                                                                          |
+| Backdoors                   | NO, all is based on opensource                                                    | Often, yes, unfortunately.                                                                                                  |
+| Performance                 | Quite good, 1 gbit / sec can be achieved on std node (which is high for overlay)  | Often slow.                                                                                                                 |
+| Security Model              | Whitelist model                                                                   | Blacklist model, list who is bad e.g. firewalls                                                                             |
+| Fully integrated in compute | Yes                                                                               | Lots of different solutions                                                                                                 |
+
+

docs/key_innovations_overview/network/mycelium.md

@@ -0,0 +1,42 @@
+---
+title: Mycelium
+sidebar_position: 2
+---
+
+
+# Mycelium: Our Planetary Network
+
+![](img/mycelium_overview.png)
+
+
+The planetary network called Mycelium is an overlay network which lives on top of the existing Internet or other peer-to-peer networks created. 
+
+In the Mycelium network, everyone is connected to everyone. End-to-end encryption between users of an app and the app runs behind the network wall.
+
+## Mycelium: A New Network Layer for the Internet
+
+### The Problem
+
+The current centralized state of the internet poses significant security risks, with compromised routers and growing cyber threats (trillions of USD per year now), making everyone vulnerable to hacking. Industry responses involve disabling original features, hindering true peer-to-peer connectivity and personal server capabilities. Workarounds and system hacks have become the norm.
+
+**Our Internet is seriously broken. We need new ways to communicate**
+
+### Introducing Mycelium
+
+Mycelium is an overlay network layer designed to enhance the existing internet infrastructure while remaining compatible with all current applications. It empowers true peer-to-peer communication. By installing a Network Agent on your device, you gain the ability to securely connect with any other participant on this network. Mycelium intelligently reroutes traffic to maintain connectivity taking location of you and your peer into consideration.
+
+### The Benefits
+
+
+- **Continuous connectivity:** Mycelium ensures uninterrupted connectivity by dynamically rerouting traffic through available connections (friends, satellites, 4/5G, fiber).
+- **End-to-end encryption:** robust encryption stops man-in-the-middle attacks, guaranteeing secure communication.
+- **Proof of authenticity (POA): ensures that we know who we are communicating with 
+- **Optimized routing:** Mycelium finds the shortest path between network participants, reducing latency and keeping traffic localized.
+- **Universal server capability:** empowers individuals to act as servers, a foundational element for any peer-to-peer system.
+- **Full Compatibility:** Mycelium seamlessly integrates with the current internet, supporting any application.
+- **Impressive speed:** achieves 1 Gbps per Network Agent, ensuring rapid data transfer.
+
+### Status
+
+In beta and usable from TFGrid 3.13, its our 3e generation approach to networking and took us years to do. We are looking forward to your feedback.
+

docs/key_innovations_overview/network/mycelium_shortest_path_routing_inno.md

@@ -0,0 +1,63 @@
+---
+title: Shortest Path Routing
+sidebar_position: 5
+---
+
+
+# Shortest Path Routing
+
+## Empowering Connectivity with an End-to-End Encrypted Overlay Network
+
+### The Concept of End-to-End Encryption
+
+End-to-end encryption (E2EE) ensures that data is encrypted on the sender's device and only decrypted on the recipient's device. This means that no intermediaries, including service providers, can access or alter the data while it is in transit. 
+
+### Shortest Path Routing in Overlay Networks
+
+An overlay network is a virtual network built on top of an existing physical network. 
+
+Each enduser mycelium agent will execute custom routing logic and protocols to improve connectivity. 
+
+- In the context of a Mycelium peer-to-peer (P2P) overlay network, nodes (participants) can dynamically discover and connect to each other, forming a mesh-like structure.
+- Shortest Path Routing: The network can use algorithms to find the shortest or most efficient path between nodes. This ensures that data packets travel the minimum distance required to reach their destination, reducing latency and improving performance.
+
+### Multi-Hop Communication
+
+In a P2P overlay network, data can hop through multiple nodes to reach its destination. This means that if a direct connection is not available, the data can be relayed through intermediary nodes. For example:
+
+1. **Node A** wants to send data to **Node D**.
+2. There is no direct connection, but **Node A** can reach **Node B**, which can reach **Node C**, which finally reaches **Node D**.
+3. The data is encrypted end-to-end, so it remains secure throughout its journey.
+
+Network usage tracking and billing can be used to make sure all participants are rewarded.
+
+### Leveraging Existing Networks
+
+This overlay network operates on top of existing internet infrastructure. 
+
+This leads to:
+
+1. **Cost Efficiency**: By leveraging existing infrastructure, there is no need for extensive new investments in physical hardware.
+2. **Flexibility**: The network can dynamically adapt to changing conditions, such as network congestion or outages.
+
+### Improving Connectivity for Underserved Populations
+
+Currently, around 4 billion people lack decent internet access. 
+
+Mycelium can significantly improve their connectivity:
+
+1. **Decentralized Access**: People in remote or underserved areas can connect to the network through nearby nodes, which may belong to friends, community members, or even commercial providers offering bandwidth.
+2. **Community-Driven Networks**: Local communities can set up nodes that connect to the broader overlay network, creating a resilient and scalable web of connectivity.
+3. **Increased Bandwidth**: By aggregating available bandwidth from multiple sources, the overlay network can provide higher data rates and more reliable connections.
+
+### Example Scenario
+
+Imagine a remote village with limited internet access. The villagers set up several nodes that connect to each other and to nearby towns with better connectivity, also some of the nodes can be connected to Internet over satelite, mobile 4g or other mechanisms.
+
+Here’s how it works:
+
+1. **Local Node Setup**: Villagers install nodes on their devices, which form a local mesh network.
+2. **Connecting to Broader Network**: Some nodes have access to satellite internet or long-range Wi-Fi that connects to nearby towns.
+3. **Dynamic Routing**: When a villager wants to access online resources, their data is encrypted end-to-end and routed through the shortest path available, which may include local nodes, satellite links, and commercial internet providers.
+4. **Enhanced Access**: This setup leverages all available bandwidth sources, providing more reliable and faster internet access to the village.
+

docs/key_innovations_overview/network/mycelium_whiltelist.md

@@ -0,0 +1,57 @@
+---
+title: Whitelists
+sidebar_position: 4
+---
+
+# Mycelium Whitelists
+
+> Rethinking Network Security: Beyond Traditional Firewalls
+
+### The Limitations of Traditional Firewalls
+
+Firewalls have long been the cornerstone of network security, operating as gatekeepers to keep malicious actors out. 
+
+They work by monitoring incoming and outgoing network traffic and applying security rules to block or allow data packets based on predefined criteria. However, while firewalls are effective at creating a barrier, they have inherent limitations:
+
+1. **Perimeter Focus**: Firewalls are designed to protect the perimeter of the network. This approach assumes that threats come from outside the network, but it does not adequately address threats from within.
+2. **Static Rules**: Firewalls rely on static rules that can be bypassed by sophisticated attacks. They do not adapt dynamically to changing threat landscapes.
+3. **Single Point of Failure**: As a centralized barrier, firewalls represent a single point of failure. If a firewall is compromised, the entire network can be exposed.
+
+### The Need for Strong Authentication and Peer-to-Peer Communication
+
+To address these limitations, a more modern approach to network security involves strong authentication and decentralized communication. By ensuring that all participants on the network are strongly authenticated, we can establish trust at the individual level rather than relying solely on perimeter defenses.
+
+#### Strong Authentication
+
+Strong authentication involves verifying the identity of network participants using robust methods such as:
+
+- **Multi-Factor Authentication (MFA)**: Requires multiple forms of verification, such as passwords, biometrics, and hardware tokens.
+- **Public Key Infrastructure (PKI)**: Uses cryptographic keys to authenticate users and devices.
+
+By implementing strong authentication, we can ensure that only legitimate users and devices can access the network, significantly reducing the risk of unauthorized access.
+
+#### Peer-to-Peer Communication Over an Overlay Network
+
+Instead of routing all traffic through a central firewall, participants can communicate directly with each other and applications using a peer-to-peer (P2P) overlay network. An overlay network, called Mycelium, can facilitate this decentralized communication.
+
+- **Mycelium Overlay Network**: This overlay network functions like a mesh, allowing nodes (participants) to connect directly with each other and applications. It provides a resilient and scalable architecture where each node can dynamically find the best path for communication.
+
+### Whitelists and Group-Based Access Control
+
+To further enhance security, applications can use whitelists and group-based access control. This approach involves:
+
+1. **Whitelisting Users**: Only allowing access to users who are explicitly permitted. This can be based on strong authentication credentials.
+2. **Group-Based Access Control**: Organizing users into groups with specific permissions. Each application can define which groups have access based on their source IP addresses and other criteria.
+
+#### Example Scenario
+
+Consider an application hosted on the network. Instead of relying on a firewall to block unauthorized access, the application uses Mycelium to communicate with authenticated peers. It employs a whitelist to specify which users or groups can access the application. For instance:
+
+- **Group A**: Developers with access to development resources.
+- **Group B**: Administrators with access to administrative tools.
+- **Group C**: End-users with access to specific application features.
+
+Each group’s access is controlled by specifying the allowed source IP addresses and other authentication factors. This ensures that only authorized users can access the application, regardless of their location.
+
+> only available in the enterprise edition.
+

docs/key_innovations_overview/network/networking.md

@@ -0,0 +1,31 @@
+---
+sidebar_position: 1
+title: 'Overview'
+---
+
+
+# Network Technology Overview
+
+Our decentralized networking platform allows any compute and storage workload to be connected together on a private (overlay) network and exposed to the existing Internet network. The peer-to-peer network platform allows any workload to be connected over secure encrypted networks, which will look for the shortest path between nodes.
+
+### Secure Mesh Overlay Network (Peer-to-Peer)
+
+ZNet is the foundation of any architecture running on the TF Grid. It can be seen as a virtual private data center and the network allows all of the *N* containers to connect to all of the *(N-1)* other containers. Any network connection is a secure network connection between your containers, it creates a peer-to-peer network between containers. 
+
+No connection is made with the Internet. The ZNet is a single tenant network and by default not connected to the public Internet. Everything stays private. For connecting to the public Internet, a Web Gateway is included in the product to allow for public access, if and when required.
+
+### Redundancy
+
+As integrated with Web Gateway
+
+- Any app can get (securely) connected to the Internet by any chosen IP address made available by ThreeFold network farmers through WebW
+- An app can be connected to multiple web gateways at once, the DNS round robin principle will provide load balancing and redundancy
+- An easy clustering mechanism where web gateways and nodes can be lost and the public service will still be up and running
+- Easy maintenance. When containers are moved or re-created, the same end user connection can be reused as that connection is terminated on the Web Gateway. The moved or newly created Web Gateway will recreate the socket to the Web Gateway and receive inbound traffic.
+
+### Network Wall
+
+
+For OEM projects we can implement a cloud deployment without using TCP-IP or Ethernet this can lead to super secure environments, ideal to battle the Cuber Pandemic.
+
+

docs/key_innovations_overview/network/webgw.md

@@ -0,0 +1,41 @@
+---
+sidebar_position: 3
+title: Web Gateway
+---
+
+# Web Gateway
+
+The Web Gateway is a mechanism to connect private networks to the open Internet in such a way that there is no direct connection between the Internet and the secure workloads running in the Zero VMs.
+
+### Key Benefits
+
+- Separation between where compute workloads are and where services are exposed
+- Redundancy: Each app can be exposed on multiple web gateways at once
+- Support for many interfaces
+- Helps resolve shortage of IPv4 addresses
+
+### Implementation
+
+Some 3Nodes support gateway functionality (this is configured by the farmers). A 3Node with gateway configuration can then accept gateway workloads and forward traffic to Zero VMs that only have Planetary Network or IPv6 addresses.
+
+The gateway workloads consist of a name (prefix) that first needs to be reserved on the blockchain. Then, the list of backend IPs. There are other flags that can be set to control automatic TLS (please check Terraform documentation for the exact details of a reservation).
+
+Once the 3Node receives this workload, the network configures proxy for this name and the Planetary Network IPs.
+
+### Security
+
+Zero VMs have to have a Planetary Network IP or any other IPv6 (IPv4 is also accepted). This means that any person connected to the Planetary Network can also reach the Zero VM without the need for a proxy.
+
+So it's up to the Zero VM owner/maintainer to make sure it is secured and that only the required ports are open.
+
+### Redundant Network Connection
+
+![](../../img/redundant_net.jpg)
+
+### Unlimited Scale
+
+![](../../img/webgw_scaling.jpg)
+
+The network architecture is a pure scale-out network system. It can scale to unlimited size, there is simply no bottleneck. Network "supply" is created by network farmers, and network "demand" is done by TF Grid users.
+
+Supply and demand scale independently. For supply, there can be unlimited network farmers providing web gateways on their own 3Nodes, and unlimited compute farmers providing 3Nodes for compute and storage. The demand side is driven by developers creating software that runs on the grid, system integrators creating solutions for enterprises, and so on. Globally, there is exponentially-growing demand for data processing and storage use cases.