Creating an Isolated P2P Network with IPFS

On a related topic, I also wrote “Creating an Isolated P2P Network with Hypercore.”

---

Logo of IPFS

P2P networks are oftentimes global, i.e., all peers form a single global network. For example, P2P file sharing systems are typically so. InterPlanetary File System, or IPFS (website) is designed for that use case as well.

However, that is a problem for me; I want my peers to form an isolated network by themselves and by themselves only, detached from anybody else’s. The rationale is that even with encryption and other security measures in place, data that exists as part of the global network has higher chance of security breach than one that doesn’t. I said “isolated network,” but that does not mean the all the peers are on a single private network; my assumption is that some will be on the public network (i.e., on the Internet), and the rest, spread on multiple private networks. (When I say “private network,” I mean one that is behind a firewall.)

OrbitDB relies on IPFS and thus inherits IPFS’s to-be-used-in-a-single-global-network assumption. If you were to use OrbitDB for my intended scenario, you would not be able to use it with default settings. Thankfully this seems possible, because OrbitDB does not hide the fact that it depends on IPFS, and lets users to tweak settings for IPFS.

I have not tested this myself, but I believe the key here is to modify the bootstrap list. More specifically, the one for a publicly accessible peer need to be other publicly accessible peers within this isolated IPFS network, or none if there are no others; and the one for peers on private networks, those publicly accessible peers. The following articles may help:

• Section Private Networks in “go-ipfs/experimental-features.md at v0.7.0 · ipfs/go-ipfs“ — a terse, official writeup on the matter. “Modify the bootstrap list” might help.
• “Private IPFS Networks | Adaptive Leadership for Technical Projects :: MRH.io” — says you need two publicly accessible servers. I have not understood this.
• “Deploy a private IPFS network in 5 steps | by Sander van Laar | Medium“
• “Can i make a private ipfs network (of public/external ip’s) ? This would require my own gateway as well? – Help – discuss.ipfs.io“

By the way, IPFS is used in Microsoft’s newly released decentralized identity system ION. IPFS was given fine-tuning to accommodate its use by ION.