Every node on the network is uniquely identified by IP address. It is assumed that any particular service utilizing this architecture choose it's own port and transport protocol over which to communicate.
Each node has three values associated with it, X, Y, and Trust. X/Y are it's coordinate values on the network, and Trust is wether the node is a trusted or untrusted node.
Each node maintains a Master Table containing the values for every node within the network.
A packet is any packaged peice of data with a defined boundary within the transport protocol in use. Each packet must minimally contain the originating and destination IP.
The "sender" of a packet is the node at the other end of any connection. The "originator" of a packet is the node that generated the packet and delivered it to the network. The "recipient" is the final destination node for the packet
Broadcast packets are simply individual packets to each and every node in the master list.
The logic for sending/forwarding an individual packet is simple. Determine the distance between each connected node and the recipient node, if any connection is closer, deliver the packet to that node. If no existing connection is closer, form a new connection directly to the recipient node. Each packet must be validated to ensure that the sending node is actually further away from the recipient.
Each node must be able to accept new connections and forward packets. If the node is trusted, it must also be able to handle accepting new nodes to the network.
To connect a new node to the network, the administrator searches the list of trusted nodes on the network and determines the optimal node based on network connectivity (hops and latency). This is the seed node. The new node connects to the seed node and sends a special SEED packet. The trusted node then delivers the following information: the source IP of the socket (in case of a NAT), the new X/Y coordinates, the Trust value of the new node, and a copy of the Master Table. The X/Y coordinates are assigned "nearby" to the seed node ("nearby" might be from a random circle surrounding). If the new node is already in the Master Table, that data is returned, otherwise the seed node then sends out an ANNOUNCE broadcast containing the new node's information. The seed node should never intentionally drop the connection to the new node. If any node at any time looses the connection to it's seed node, it must reconnect as a new node with the existing seed node or choose a new one.
To prevent from spoofing IDs and spoiling the data in the Master Table, each node must validate that the originator of any ANNOUNCE packet is a trusted node. Also, the sender of the ANNOUNCE must be a node that was *connected* to (as in we formed the connection to it) as well as also trusted. If the ANNOUNCE packet is valid, it is used to create/replace an entry in the Master Table, otherwise it is dropped.
The first broadcast from a new node works to establish an optimal "web" into the existing network. This can only be done when the master list is sorted based on distance from the new node, so that the initial new connects are made to the closest nodes. Subsequent packets for the broadcast will then be forwarded down those existing connections to reach more distant nodes.
By utilizing random local coordinate assignments to new nodes, and the logic of an administrator selecting an efficient node to connect to, these simple rules will create a dynamic and flexible "web" of nodes with complex and (mostly) efficient interconnects.
At any time any node can drop any connection as long as it is still connected to it's first trusted node. The loss of any connection does not modify any values in the Master Table. If any node attempts to connect to a node and fails, it bounces the packet back as a FAIL packet to the originator. The originator node receiving a FAIL packet should also attempt to connect directly, and when that also fails, the recipient node may be removed from the Master Table.
Trust should only be alloted by an administrator to a node that is fully trusted to be reasonably secure and safe. If at any point that a trusted node is compromised or misbehaving (sending out invalid ANNOUNCE packets) an ANNOUNCE for that node with the trust removed should immediately be broadcast by another trusted node. If any ANNOUNCE is received by a seed node for one of it's nodes that are still connected, this is an immediate flag that the ANNOUNCE is invalid and the originator may no longer be trusted. In this case, the seed node must immediately broadcast an ANNOUNCE for the originator removing it's trust and send another ANNOUNCE with the correct data for the node.
Note: ANNOUNCE packets need a sequence number to prevent network-level
race conditions with a naughty node connecting and SEEDing multiple places
simultaneously. When a seed receives an identical sequence# to the
existing ANNOUNCE it sent it must drop the connection to that node and
remove it from it's Master Table.