Linux UDP – The basics

If You Use Linux, You Lose Out If You Can’t Do This #5 – UDP Protocol

In this column, I’d like to discuss the importance of the UDP protocol. This protocol is used for UNIX networks, including Linux networks.

In this column, I’d like to discuss the importance of the UDP protocol. This protocol is used for UNIX networks, including Linux networks.

Quick summary of UDP

Like TCP (Transport Control Protocol), UDP (User Datagram Protocol) is a transport layer protocol. But unlike TCP, it doesn’t establish a 3-way handshake or have a function for retransmitting packets if the recipient doesn’t receive the data. So UDP is used for purposes that don’t demand reliability. Instead, you get high-speed data transfers and near real-time performance. For this reason, UDP is often used when low latency is demanded, by DNS and NTP, for example, and for streaming large amounts data.

TCP header

  1. | 0-F | 10–1F |
    | — ————————– — | —————– — |
    | Source Port | Destination Port |
    | Sequence Number | ← |
    | Header Offset, and some flags | Window Size |
    | Checksum | Urgent Pointer |
    | Options | ← |
    | Data (Payload)
    | ← |

UDP header

  1. | 0-F | 10–1F |
    | — —————– — | —————– — |
    | Source Port | Destination Port |
    | Packet Size | Checksum |
    | Data (Payload)
    | ← |

Expanding the uses of UDP

Why review UDP?
Because now the usage of UDP has expanded to different methods.
Establishing an encrypted connection between applications on the internet.


An impetus for the development of virtual extensible LAN (VXLAN) was to free virtual LAN (VLAN) from its limit of a maximum of 4096 IDs. For VLAN, VLAN IDs (1–4096) are attached to IP packets to logically segregate a physical network into virtual networks. VLAN is a technology that has drawn attention as an element that make up SDN (software defined networking).It is used to connect virtual machines spread out over multiple hosts.

Details about VXLAN

VXLAN, on the other hand, is a technology that connects peers on a peer-to-peer network on Layer 2 (L2). The protocol sends packets by encapsulating them as VXLAN packets. Each VXLAN packet has a 24-bit ID (one of 16,777,216 unique IDs). VXLAN uses TLS-encrypted UDP connections. That is, VXLAN packets pass through TLS over UDP (DTLS).

When a VXLAN connection is made between hosts, multiple packets with VXLAN IDs pass through the encrypted VXLAN connection. The transport protocol at this time can be either TCP or UDP. A VXLAN connection itself is established by UDP, but transmission control can be carried out by the TCP protocol passing through it. When packet loss occurs in the VXLAN or the pass-through TCP, the packet is retransmitted by the TCP. In short, reliability in data transmission, a shortcoming of UDP, can be maintained.

Also, by passing packets with different VXLAN IDs through the same VXLAN, they can be handled as logically segregated packets. Like VLAN, VXLAN is suitable for multi-tenancy (multi-tenant communication) because a network can be logically segregated. VXLAN is often used as the network fabric for host-to-host networks when implementing a virtual infrastructure.

Discovery in VXLAN

VXLAN is basically a peer-to-peer protocol that connects nodes. So how do you discover the IP destination of packets with the same VXLAN ID? When VXLAN was first developed, all hosts were on full mesh topology. The topology’s corresponding routing table was managed separately. Today, VTEP (VXLAN Transfer End Point) takes care of this function.

VTEP is a function found in VXLAN end hosts and in VXLAN switches. VTEP maintains information such as the VXLAN IDs used in hosts. So when a destination with the same VXLAN ID is not found in the host, external communication is attempted via VXLAN.

  1. An ARP packet that requests the MAC address of the destination IP address is generated.
  2. The source host encapsulates the above packet and broadcasts it to the host corresponding to the VXLAN ID.
  3. All VTEPs of the host corresponding to the same VXLAN ID apply this IP address and MAC address to their settings.
  4. The VTEP that finds the corresponding VXLAN ID and IP address in its host returns a VXLAN-encapsulated ARP response to the sender.

In this way, the sender is searched from the destination, and host-to-host VXLAN connection is established to start communication.

The current state of VXLAN

VXLAN is used often today.It can be used for node connections created by virtualization products like OpenStack. A module like flannel, which connects Kubernetes pods on a network, uses VXLAN. VXLAN is a simple, lightweight network technology that provides network segregation and data encryption.Such a technology will be heavily used from here on.


The current HTTP standard is HTTP/2.The major differences between HTTP/1.1 and HTTP/2 are as follows:

  • Paths in HTTP/2 must be encrypted with TLS 1.2 or higher.
  • With HTTP/2, multiple sessions can be communicated in parallel using a single TLS connection.

Because of these features, many websites today are designed to meet HTTP/2 standards.

HTTP/3 was proposed soon after HTTP/2 was introduced.Compared with the time it took for HTTP/1.1 to evolve to HTTP/2, the upgrade took place very quickly.

What is HTTP/3?

HTTP/3 is the third major version of the Hyper Text Transfer Protocol. It is based on the RFC draft titled “Hypertext Transfer Protocol (HTTP) over QUIC.”

QUIC is a transport layer protocol developed by Google. As the term transport layer indicates, retransmission control is handled not by TCP but by QUIC.

What is QUIC?

In HTTP/2, TCP encryption and connection are handled by TLS 1.2 or higher. But because multiple sessions are created with a single TCP connection, performance degradation occurs due to packet loss.

QUIC lowers latency by redefining the session layer.

  1. 🕐 Existing network equipment can support QUIC by using UDP.

    🕐 UDP connection is encrypted by TLS 1.3 or higher for secure communication.

    🕐 Fast handshake is provided with zero round trip time resumption (0-RTT).

    🕐 Data can be transmitted during a handshake.

    🕐 QUIC handles processing carried out by TCP like packet retransmission, congestion control, and pacing.

    🕐 As with HTTP/2, HTTP/3 can handle parallel logic streams. Logical streams are similarly handled by a single session.

    🕐 The arrival order of the same logical streams is guaranteed.

    🕐 Because QUIC is a transport protocol, application protocols like HTTP run over it.

Because HTTP/3 runs over QUIC, it enjoys QUIC’s advantages.HTTP/3 also offers the same functions as HTTP/2 like HTTP header compression while being more efficient than HTTP/2.

Changes brought by HTTP/3

HTTP/3 is a protocol like HTTP/2.However, its connection method differs from HTTP/2’s.

  1. 🕐 Fast handshakes are implemented using 0-RTT.

    🕐 HTTP/3 uses URLs that begin with https://

    🕐 If a Web browser and server support HTTP/3, the session begins in HTTP/3.

    🕐 The priority of a stream can be specified with PRIORITY (1–255) in the QUIC stream.

    🕐 With HTTP/3, server pushes can be carried out.

    🕐 Server push can be limited on the client side.


As we can see with VXLAN and HTTP/3 (QUIC), in recent years UDP-based communication has been increasing and is expected to continue on this trajectory. UDP is also being used for encrypted connections between virtual servers. Encrypted communication between clients is also carried out with network equipment. However, recently there are network configurations where TLS is removed using network equipment like a load balancer, which is placed between the clients and servers, to make connections to the servers. When we consider connecting with a protocol like QUIC, it is evident that such a method is inefficient.

Right now, QUIC is used only with HTTP/3. But you must also consider making connections with proprietary application protocols like APIs over QUIC. And, even though communication between servers is encrypted by VXLAN, there is room for debate as to whether it is necessary to re-encrypt encrypted communication, which HTTP/3 carries out.

Don’t forget: UDP and the encryption layer are technologies that you must pay attention to from here on.

Part 1 – History Functions

Part 2 – Shell Variables

Part 3 – Executable files and ways of using shell variables

Part 4 – How to Analyze an ELF Executable File

Satoru Miyazaki