diff --git a/net/lux_router.go b/net/lux_router.go
index 8752941..938026b 100644
--- a/net/lux_router.go
+++ b/net/lux_router.go
@@ -10,8 +10,17 @@ import (
 	"sync"
 )
 
+type LuxRouteType int
+
+const (
+	LuxRouteHostToNode = 0
+	LuxRouteNodeToNode = 1
+)
+
 type LuxRoute struct {
-	Key         crypto.LuxKey
+	Type        LuxRouteType
+	Target      proto.LuxID
+	Source      proto.LuxID
 	Destination *net.UDPAddr
 	Associated  *LuxChannel
 	Nonces      LuxNonceList
@@ -19,6 +28,34 @@ type LuxRoute struct {
 
 // !!!!!
 // TODO: map key can be destination ID, while Key (+ ID) in route struct would be SOURCE
+/*
+Routing Map Table
+    key TargetID <-> value Route (SourceID, SourceKey, Transport..)
+
+
+Host routing:
+    node 1111 <-> source 0001 host A
+    node 1112 <-> source 0001 host A
+    node 1113 <-> source 0001 host A
+    node 1114 <-> source 0001 host A
+
+Node routing:
+    host 0001 <-> source 1111 node A
+    host 0002 <-> source 1111 node A
+    host 0003 <-> source 1111 node A
+    host 0004 <-> source 1111 node A
+    node 1112 <-> source 1111 node A
+Node and host:
+    Receives and decrypts with host key, which is TargetID (as well as LuxPacket Target)
+    Sends to host with host key, which is TargetID
+Node 1111 and node 1112:
+    Node 1111 receives and decrypts with node 1112 key, which is TargetID
+    Node 1111 sends to node 1112 with node 1112 key, which is TargetID
+
+But host uses host key when communicating to node, so target ID in host routing table cannot
+be used. To overcome this, a "direction" field must be introduced to routing entry, that
+decides whether use target or source ID-key.
+*/
 type LuxRouter struct {
 	thisKey  crypto.LuxKey
 	keyStore crypto.LuxKeyStore
@@ -47,6 +84,17 @@ func (r *LuxRouter) GetThisKey() crypto.LuxKey {
 	return r.thisKey
 }
 
+func channelTypeToRouteType(chType LuxChannelType) LuxRouteType {
+	switch chType {
+	case LuxChannelInterior:
+		return LuxRouteNodeToNode
+	case LuxChannelExterior:
+		return LuxRouteHostToNode
+	default:
+		log.Panicf("can't translate chType %d to lux route type", chType)
+	}
+}
+
 func (r *LuxRouter) addOutboundChannel(ch LuxChannel) *LuxChannel {
 	r.channelLock.Lock()
 
@@ -83,7 +131,9 @@ func (r *LuxRouter) CreateOutboundRoute(id proto.LuxID, chType LuxChannelType, u
 	}
 
 	r.routes[key.Id] = &LuxRoute{
-		Key:         key,
+		Type:        channelTypeToRouteType(chType),
+		Target:      id,
+		Source:      r.thisKey.Id,
 		Destination: channel.Address,
 		Associated:  r.addOutboundChannel(channel),
 		Nonces:      NewLuxNonceList(),
@@ -98,7 +148,7 @@ func (r *LuxRouter) CreateInboundChannel(chType LuxChannelType, udpAddr string)
 	}
 
 	r.routes[r.thisKey.Id] = &LuxRoute{
-		Key:         r.thisKey,
+		Source:      r.thisKey.Id,
 		Destination: channel.Address,
 		Associated:  r.addInboundChannel(channel),
 		Nonces:      NewLuxNonceList(),
@@ -192,12 +242,12 @@ func (r *LuxRouter) GetRoute(udpAddr *net.UDPAddr) (*LuxRoute, bool) {
 }
 
 func (r *LuxRouter) DeleteRoute(route *LuxRoute) {
-	if _, ok := r.routes[route.Key.Id]; !ok {
+	if _, ok := r.routes[route.Target]; !ok {
 		return
 	}
 
 	r.CloseChannel(route.Associated, false)
-	delete(r.routes, route.Key.Id)
+	delete(r.routes, route.Target)
 }
 
 func (r *LuxRouter) Recv() (LuxPacket, error) {
@@ -213,7 +263,8 @@ func (r *LuxRouter) Recv() (LuxPacket, error) {
 
 	// first we look key from routes
 	if route, ok := r.GetRoute(dgram.Target); ok {
-		packet, err = DecryptLuxPacket(dgram, route.Key)
+		key, _ := r.keyStore.Get(route.Target)
+		packet, err = DecryptLuxPacket(dgram, key)
 		if err != nil {
 			// do we really fail here?
 			log.Debugf("DecryptLuxPacket err %v for route %v", err, route)
@@ -221,10 +272,10 @@ func (r *LuxRouter) Recv() (LuxPacket, error) {
 		}
 
 		// check if LuxID matches
-		if !bytes.Equal(packet.Target.UUID[:], route.Key.Id.UUID[:]) {
+		if !bytes.Equal(packet.Target.UUID[:], route.Target.UUID[:]) {
 			// not matches.. we discard route and throw away packet
 			log.Infof("packet from %s received at route %v mismatches associated target UUID %s",
-				dgram.Target.String(), route, route.Key.Id.String())
+				dgram.Target.String(), route, route.Target.String())
 
 			r.DeleteRoute(route)
 			return packet, errors.New("bogus packet from established route")
@@ -252,7 +303,7 @@ func (r *LuxRouter) Recv() (LuxPacket, error) {
 				var ok bool
 				var route *LuxRoute
 				if route, ok = r.routes[packet.Target]; ok {
-					log.Debugf("updating route %s: %s -> %s", route.Key.Id.String,
+					log.Debugf("updating route %s: %s -> %s", route.Target.String,
 						route.Destination.String(), dgram.Target.String())
 
 					route.Destination = dgram.Target