Implement encryption

[TestingPlant]

It'd be a good idea to try implementing encryption now to determine how much performance it'd cost before trying to implement a reverse proxy. It'd affect how we can implement broadcast packets since the same packet will encrypt to different bytes for each player, so it'd be a good idea to try implementing it now rather than later. If we do decide to make a reverse proxy for encryption then we can just copy the code over.

[andrewgazelka]

Let's assume that we will want encryption at least optionally at some point. I think this will be really useful for others using Hyperion, as it's turning into a base for making high-performance servers, rather than being something I would use for a single event.

I do believe it's more important to prioritize I/O handling, especially in figuring out how to make it use less memory. Right now, it seems to use excessive memory for the number of players we have, so I'd like to see that reduced. There have been several methods mentioned to possibly achieve this, and this issue will determine our approach.

So, yes, we should expect to use encryption, and I want to explore how we can significantly reduce memory usage in I/O handling. Given that this is intended for high-performance environments, where users might not have vast amounts of memory, reducing memory usage could also improve cache locality.

[TestingPlant]

It seems like some of the broadcast IO would need to be changed to make encryption work since the same buffer can't be sent to every client. I'll work on optimizing the IO code and making sure it's structured in a way that allows for encryption.

[andrewgazelka]

ok awesome :)

[TheDevMinerTV]

I think instead of implementing Mojang auth, we should rather use something like Gate in Lite mode and just run multiple proxies. Gate is written in Go and is relatively resourcefriendly, they also scale pretty well. We'd only have to implement the Velocity forwarding authentication in Hyperion.

[andrewgazelka]

multiple proxies are also nice in case there is a DDoS attack

[andrewgazelka]

I think big issue right now I have above everything is just limiting memory usage cause it is so large. but it needs to be limited while still being very performant. This means 1 ms / tick for 200 players (this needed to get 10k players at 50mspt)

[TestingPlant]

I think instead of implementing Mojang auth, we should rather use something like Gate in Lite mode and just run multiple proxies.

If we're running Gate on the same server as Hyperion, that'd introduce more overhead because 2 processes need to do heavy IO with the kernel and Gate communicating with Hyperion over TCP on localhost adds some overhead too.

multiple proxies are also nice in case there is a DDoS attack

Whether proxies would help with this would depend on which OSI layer the DDoS is occurring. I can't seem to find anything on Internet mentioning which layer DDoSes on Minecraft servers usually occur on though.

[andrewgazelka]

If we're running Gate on the same server as Hyperion, that'd introduce more overhead because 2 processes need to do heavy IO with the kernel and Gate communicating with Hyperion over TCP on localhost adds some overhead too.

if we ran a proxy it would be on a separate server directly linked to the main server. I think having encryption makes this easier to test and use for other people, though, so I think we should have it.