An opennet, for Freenet purposes, is a network where connections are automatically created by the node. The node comes prepackaged with a list of seed nodes to which the node may connect. Once a connection is established between the node and the seed nodes, the seed nodes provide a list of more nodes to connect to, and they do they same, etc. This process happens continually while the node is running, without any user intervention.
Opennet is the mechanism by which most Freenet nodes connect to each other. A node running in opennet mode makes connections to other opennet nodes automatically. Unlike darknet, you do not need to know anyone else running Freenet to use opennet. A node can use only opennet connections, only darknet connections, or a hybrid of both. Regardless of the mechanism used, the node can talk to the entirety of the Freenet network (in general; small, isolated darknets are possible).
Various heuristics are used to determine when to accept new connections, and when to drop old connections. Incoming connections are broken into three categories: old nodes reconnecting (because they went offline), announcements, and path folding. A limit on the maximum number of connections is computed from the output bandwidth limit in the node configuration. When a new connection is formed, it enters a grace period (10 minutes) during which it cannot be dropped. The number of connections in the grace period is limited per connection type (1/5 of total for each of announcement and reconnect, 1/2 of total for all three combined). A new connection attempt is only accepted if there is an open grace period slot of the appropriate type, and either the total number of connections is less than the maximum or the node can drop a different connection to make room for the new connection. Old connections can be dropped when they are out of their grace period, and only one old connection may be dropped every 5 minutes per type of incoming connection that it is being dropped to make room for. Additionally, there must be at least 10 successful CHK requests between each time an old connection is dropped. The connection to be dropped is determined by LRU: the connection which least recently completed a successful CHK fetch is the one that will be dropped.
Seed nodes are nodes that are listed in the seednodes.fref file. These nodes must have the "be a seednode" config option enabled.
Seed nodes are used for opennet bootstrapping. An opennet node will, on startup, connect to seed nodes in its seednodes.fref file. It will use these connections solely to gather regular opennet connections through announcements (see below), not for routing requests.
At present (build 1232) the seednodes.fref is not updated automatically, though it should be. Updates can be downloaded manually from http://downloads.freenetproject.org/alpha/opennet/
If you run Freenet, please consider becoming a seed node - we always need more. Seed nodes are used to bootstrap new nodes into the network. The current ones are under fairly heavy load, so we need more to distribute it. If you have a node that is online 24/7 or nearly so, with reasonable uplink bandwidth (256 kbit/s link or so), please volunteer to be a seednode. Contact amphibian (email) if you are willing. You need to be:
- Online 24-7
- Have a static IP address, or nearly static, or dyndns
- Port forwarded (i.e. you need to be able to accept incoming packets on your opennet port)
- Have reasonable bandwidth (256kbps+ upstream)
Nodes join opennet by connecting to seed nodes and sending announcements. These announcements are sent to other nodes, which accept them to make a connection to the new node.
Once on the network, a continuous process of connection churn is used to maintain the correct network topology. The location of a node on opennet remains fixed, and it attempts to form connections to other nodes appropriate to its location. The connection churn happens through the path folding mechanism.
Though opennet is much easier for the user (compared to creating connections in a DarkNet), it is vulnerable to harvesting, and therefore can be blocked very easily.
This was a known problem with Freenet 0.5, and it led to it being blocked by the Chinese firewall.
Furthermore, mobile attacker source tracing is much easier, which might allow tracing content authors fairly easily with limited resources (inserting stuff as SSK and never reinserting helps with this), and connecting to every node on the network and surveilling them is probably feasible with moderate resources (probably affordable for a large corporation even with a largish network). We're working on it!