No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fixing the Internet Using Secure Vector Routing: Page 2 of 4

Continued from Page 1

How 128 Technology Is Disrupting Networking

The big differentiator that 128T brings to networking is the addition of session state to routing. The idea of session-based routing has been around for a long time; it is how 128T does it that is profound and highly disruptive.

In any IP network, packets are placed on the network when an application, called a source, needs to communicate over the network with some other application or service, called the destination. Each packet in such an exchange contains the source's IP address and network port, the destination's IP address and port, and the protocol. These five pieces of information are known as a "5-tuple." At a high level, here's what happens within a network using 128T routers:

  1. When a 128T router sees the 5-tuple in the first packet of a new flow, it identifies the flow as a new session and uses the 5-tuple along with an encryption mechanism to generate a unique session ID.

  2. The router then instantly maps this session ID to predetermined network policy for this type of session. If no policy is defined, the packet is discarded.
  3. The router then modifies the packet by adding encrypted metadata containing a) the new session ID, b) the original source and destination addresses, and c) the session policy information based on the rules resident in the router.
  4. Next the router selects the 128T router closest to the destination and places the first 128T router and the final 128T router addresses into the IP header. This path called a "waypoint." By using 128T-specific waypoints, NAT is enabled on each end of the flow since the source and destination IP addresses in the original packet are hidden in the metadata and the packets routed through the network use 128T router addresses.
  5. The router then determines the actual physical path the packets should take between the 128T routers. This is called a vector; vectors are chosen based on network performance measurements, QoS requirements, and policies from all available paths. 128T routers can send everything over the same physical path, or it can split up sessions, if appropriate, so packets traverse multiple vectors (or network paths).
  6. The final 128T router in the path decrypts the metadata from the first packet and delivers the packet in its original form to the destination application or service.

After the first packet has been sent, the 128T routers map subsequent session packets to the unique session ID based on the 5-tuple. They change packet headers to reflect the 128T router waypoint addresses through the network and send the packets on their ways; no metadata is necessary for subsequent packets. The destination 128T router replaces the waypoint information in the packet header with the source and destination IP addresses, based on the session ID, and delivers each packet to the destination in its original form.

Figure 1. The steps followed in 128 Technology's secure vector routing mechanism, combining session awareness, first packet processing, and waypoints. In the above example, the waypoint is between the 128T routers, and there are five possible vectors individual packets may use for traversing the network between the 128T routers.

Continue to Page 3: Technology Benefits