VeilNet
Login

Realms

Realms define logical networks in VeilNet from a management, identity, and authorization perspective.

Realms

A Realm is a logically defined VeilNet network, scoped and enforced at the management, identity, and authorization layers.

Realms define:

  • which Conflux nodes may participate together
  • which identities are recognized
  • which administrative authority governs membership and lifecycle

Realms do not define separate physical infrastructure, routing engines, or transport fabrics. All packet movement, routing decisions, and cryptographic transport are handled uniformly by the Anchor Protocol and Conflux nodes.

A Conflux node belongs to exactly one Realm. Realm membership is evaluated at join time and enforced throughout the node’s lifecycle.

Community Realm

The Community Realm is a VeilNet-managed shared realm.

It allows users to participate in VeilNet without own a private Realm.

The Community Realm is intended for:

  • learning and familiarisation with VeilNet
  • development and experimentation
  • self-hosted personal use

It uses the same protocol stack and data-plane behavior as any other Realm. The distinction lies solely in management and governance, not in network mechanics. In summary, the limitations of the Community Realm are:

  • Fixed address ranges, where Private Realms can define their own address ranges.
  • No geolocation restrictions, where Private Realms can define their own geolocation restrictions.
  • No full observability, users on the Community Realm can only see the nodes owned by themselves. Private Realms allows owner to see and control all nodes even if they deployed by others.
  • Potential bandwidth sharing, Anchor protocol natively supports peer-relay with P2P encryption. Nodes running on Community Realm may share its bandwidth with other nodes if they operates with Portal mode enabled.

Note Bandwidth sharing does not propose security risks. All user traffic is encrypted by Stream, a logic P2P encryption channel. Relay nodes could not alter or access the data, and do not know the full path of the selected route, similar to TOR network. Other users could not access any local network reachable by your node, unless you share registration token and taints with them.

Private Realm

A Private Realm is a user- or organization-managed logically defined network.

It establishes an independent management boundary where the operator controls:

  • membership
  • authorization rules
  • lifecycle management
  • network definition parameters (e.g. address ranges, segmentation)
  • participation constraints (e.g. geolocation restrictions)

Only nodes presenting a valid registration credential issued by the Realm operator are permitted to join the Private Realm. Nodes without valid registration are rejected at join time.

Like the Community Realm, a Private Realm does not introduce a separate data plane or transport layer.
It uses the same Anchor Protocol, routing model, and cryptographic mechanisms.

The distinction between Realm types lies entirely in who defines and governs the network, not in how packets are routed, encrypted, or transmitted.

Architecture Overview

Master, Guardian, and Conflux—post-quantum, identity-native overlay

Data Flow

Egress, ingress, relay flows in the Anchor Protocol

VeilNet • © 2026 All rights reserved