|
|
Subscribe / Log in / New account

Foo over UDP

Foo over UDP

Posted Oct 2, 2014 3:23 UTC (Thu) by raven667 (subscriber, #5198)
Parent article: Foo over UDP

This seems fundamentally a NAT problem, maybe the designers of IP should have given up and put port/service numbers in the IP header instead of the individual protocols, effectively making everything encapsulated in UDP, and then removing ports from TCP. It seems that in modern networking we either have stuff tunneled in UDP (VXLAN, IP, etc.) or over TCP on port 80/443 (VPNs, every kind of RPC is now JSON or XML over HTTP), every other port and IP protocol doesn't exist anymore and can't work because of NAT and overzealous firewalls.

to post comments

Foo over UDP

Posted Oct 2, 2014 17:47 UTC (Thu) by drag (guest, #31333) [Link]

Tunneling is interesting in itself to work around some of the natural deficiencies in IP networking.

For example with mobile networking I can setup a laptop or smartphone to use a 'tinc'-based VPN. This allows for more of a 'mesh' style VPN networking rather then a traditional 'hub and spoke' style networking. Tunnels can be setup to work on a best-effort basis. So if I am on my private network it connects to the vpn to internal addresses, when I am on a public network it connects to the public points I have setup. It can use udp or tcp, etc etc.

What this gets me (at least in theory) is then a continuous, persistent, private network connection regardless of were I am at. That way I, although it isn't perfect, can keep a persistent network connection for things like ssh and whatnot. I don't end up using it a whole lot this way, but it's pretty handy.

Tunneling can actual alleviate a whole host of issues associated with TCP/IP style networking. Just like with virtual machines separating the logical from the physical has it's own benefits.

Foo over UDP

Posted Oct 2, 2014 19:35 UTC (Thu) by josh (subscriber, #17465) [Link] (2 responses)

With IPv6, I wonder to what extent we need port numbers. Just give each machine a range of addresses large enough to give a unique one to each of its services, and let each address correspond to exactly one service.

Foo over UDP

Posted Oct 3, 2014 16:30 UTC (Fri) by mbunkus (subscriber, #87248) [Link] (1 responses)

You can open ports as non-root, but you cannot assign IPv6 addresses. It would be very bad if each daemon required network admin capabilities.

Additionally selecting the correct source address for outgoing connections becomes interesting in multiple-address situations. For example, if you have a DNS master server running on a machine with three IPv6 addresses then you most likely have some slave servers somewhere else which are configured to accept notifications from certain IPv6 addresses only. Therefore you have to tell your DNS server which source address to use for outgoing packates (yes, this comes from my own experience). It increases administrative work by a considerable amount.

Foo over UDP

Posted Oct 3, 2014 21:28 UTC (Fri) by josh (subscriber, #17465) [Link]

You could run each of those services in containers to which you assigned the corresponding service address.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds