In the same vein of recent technical blog posts, this week we’ll take a look at networking protocols.
Read up on:
- An intro to Internet Protocol Security (IPsec)
- Understanding IP Addresses and Networks
- Firewall rules and VNS3
You’ll remember from the OSI/TCP networking layer posts , protocols live at the Transport Layer (Layer 4 in OSI).In layer 3-4, the Network and Transport Layers, routers do packet filtering.
Routers direct packets to the “street address” on the packet header “envelope” to make sure it gets delivered to the correct location. The transport layer functions ensure messages are received error free, in full, in order, and without duplicates.
Watch how common protocols can help you navigate cloud networks:
Tunneling protocols:
- Layer 0-1 protocols including SSH, L2TP, GRE
- Repackage traffic, can be used to hide data that runs through the tunnels
- Can allow foreign protocols to run over a network that doesn’t support that particular protocol
Internet Protocol Security (IPsec):
- Secures communications by authenticating and encrypting each IP packet
- Establishes mutual authentication between agents by negotiating cryptographic keys for each session
- Automatically secures data at the IP layer – only IPsec protects all application traffic over an IP network
Transport Control Protocol (TCP):
- Creates a reliable, ordered, and error-checked packet delivery between hosts
- Prioritizes accurate delivery rather than timely delivery
User Datagram Protocol (UDP):
- Uses a connectionless transmission model for minimal message-oriented delivery
- Does not use handshaking dialogues, so no guarantee of delivery, ordering, or duplicates
- Ideal for time-sensitive / real-time apps where dropped packets are better than delays
Transport Layer Security (TLS) & Secure Sockets Layer (SSL):
- Private connection guaranteed by secure, cryptographic keys
- Authenticates the parties through public keys
- Negotiates secure, stateful connections through “handshake” procedure
- At application layer in the TCP/IP model or presentation layer in the OSI model
Secure Shell (SSH):
- Operates secure network services over an unsecured network
- Used to log in to remote machines to execute commands; tunneling; forwarding TCP ports; and secure file transfers (SFTP)
- Used in cloud to provide secure paths over the Internet to a virtual machine (VM)
Border Gateway Protocol (BGP):
- Designed to exchange routing and reachability information among autonomous systems (AS) on the Internet
- Makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator
- Used most with ISPs and large internal private IP networks
Generic Routing Encapsulation (GRE)
- GRE is a tunneling protocol that can encapsulate multiple network layer protocols inside a virtual point-to-point link. GRE is primarily used:
- With PPTP to create VPNs
- With IPsec VPNs to pass routing information between connected networks
- In mobility or carrier protocols