What is a mesh VPN? This term refers to a class of network solutions, used mostly in corporate and datacenter settings. Mesh VPNs come into play when a complex, isolated network needs to be built on top of a corporate network infrastructure.
What does a mesh VPN look like? The topology of a mesh VPN can be any graph, dynamically changing over time depending on network conditions. In contrast, the topology of a traditional “hub-and-spokes” VPN is strictly a star, with a hub at the center. The configurations of mesh VPNs are centrally managed by the administrators of the organizations that use them.
What are the benefits of using mesh VPNs instead of traditional VPNs?
- Node resilience: the hub of a traditional VPN is a potential single point of failure.
- Network resilience: if there is no direct network link between a site and the hub, traditional VPNs cannot be used.
- Performance: the hub bears the brunt of the VPN traffic and can become a network bottleneck.
- Security: hubs are visible to a broad array of network users, possibly to the entire internet, and are advertised as such.
What are the benefits of using mesh VPNs instead of traditional VPNs?
- Node resilience: the hub of a traditional VPN is a potential single point of failure.
- Network resilience: if there is no direct network link between a site and the hub, traditional VPNs cannot be used.
- Performance: the hub bears the brunt of the VPN traffic and can become a network bottleneck.
- Security: hubs are visible to a broad array of network users, possibly to the entire internet, and are advertised as such.
Mesh VPNs have gained popularity in the last 3-4 years, with the open-source “tinc” project among the most popular solutions.
What is NewNode VPN? Like other mesh VPNs, NewNode VPN has a peer-to-peer core architecture, without a central hub. Unlike in mesh VPNs, however, there is no administrator managing the topology of the network. Mobile devices themselves make the routing decisions, resulting in an “ad-hoc” network topology. Traffic can flow anywhere there is network access. Routing decisions are based on the data that a peer on the NewNode network has about adjacent peers and their connectivity. Peers query each other using a DHT (Distributed Hash Table) in order to keep their data on adjacent peers up-to-date.
Thanks to its peer-to-peer architecture, NewNode offers the same benefits to mobile users that mesh VPNs offer to their network users: node resilience, network resilience, reliable performance, and high security. In addition, NewNode VPN provides benefits in situations which corporate users of mesh VPNs do not usually face: resilience to network shutdowns, resilience to censorship of network resources, and security from intrusive government monitoring of network traffic.