Network Architecture
USDN (User-defined Software Defined Network) implements a distributed network architecture that enables secure, scalable connectivity between nodes and clients across different network environments.
Overview
The USDN network architecture consists of several key components working together to provide seamless connectivity:
- Controller: Central management component that coordinates network operations
- Nodes: Distributed network endpoints that handle traffic routing and forwarding
- Clients: End-user devices that connect to the USDN network
- Internet Gateway: Provides external connectivity and routing to public networks
Network Topology
The following diagram illustrates the simplified USDN network architecture:
Key Components
Controller
The controller serves as the central coordination point for the USDN network. It:
- Manages peer-to-peer connections using blockchain
- Coordinates network configuration across all nodes
- Handles routing decisions and policy enforcement
- Provides connectivity to external networks including Google servers
Network Nodes
Each node in the USDN network contains several components:
- gPRC/P2P Connections via Wireguard: Secure tunneling for encrypted communications
- Docker Bridge: Container networking for isolated services
- LCP (Link Control Protocol): Manages link-layer communications
- VRF (Virtual Routing and Forwarding): Provides network isolation and routing
- VPP (Vector Packet Processing): High-performance packet processing
- NAT44: Network Address Translation for IPv4 traffic
Client Connectivity
Clients connect to the USDN network through:
- Direct connection to node LAN interfaces
- IP addressing from dedicated subnets (e.g., 10.0.1.100/24, 10.0.2.200/24)
- Linux kernel-based networking stack
Inter-Node Communication
Nodes communicate with each other through:
- L2 switching infrastructure
- WAN interfaces for external connectivity
- Secure tunneling protocols for data protection
Inter-Node Communication Details
The USDN network utilizes a blockchain-based peer-to-peer communication system for secure data transport between the controller and nodes. The following diagram illustrates this detailed communication flow:
Communication Flow Process
- Controller Initiation: The controller creates encrypted transactions containing network configuration and routing information
- Blockchain Transport: Transactions are distributed through the blockchain network to target nodes using peer-to-peer protocols
- Connection Verification: All connections are verified and authenticated by the controller before data transmission
- vrouter-agent Processing:
- Receives encrypted blockchain transactions
- Decrypts the transaction data
- Processes and validates the network commands
- vrouter Execution:
- Receives decrypted API commands from vrouter-agent
- Acts as VPP API client processor
- Translates commands into VPP-compatible configurations
- VPP Data Plane: Executes the actual packet processing and routing based on configurations from vrouter
Security Features
- End-to-End Encryption: All data is encrypted before blockchain transmission
- Blockchain Integrity: Transaction immutability ensures data integrity
- Connection Verification: Multi-layer authentication prevents unauthorized access
- Component Isolation: Each component (agent, router, VPP) operates in isolated contexts
Traffic Flow
- Client-to-Internet: Client traffic flows through the node's LAN interface, through VPP processing, NAT translation, and out via WAN interface
- Inter-Client: Traffic between clients on different nodes traverses the L2 switch infrastructure
- Control Plane: Management traffic flows between nodes and the controller using P2P protocols over secure channels
This architecture provides scalable, secure networking with centralized control and distributed data plane processing.