Category: Internet

The VPN Dilemma: Balancing Privacy, Security, and Digital Innovation

Hello, I’m new to the community. I’ve been facing issues connecting to 1.1.1.1 with WARP since yesterday. It was working fine before, but the problem started after my ISP performed some maintenance. I suspect the issue might be related to the ISP. Is there any possible solution for this?When I searched Reddit for answers about why WARP (aka 1.1.1.1) is not working, I found many similar comments, like:
“I believe that ISP has to do something with that because I am getting this issue after ISP maintenance.”

Curiosity led me to search for more articles on Reddit and other platforms, but unfortunately, I found very few, and they contained too little information.

Drawing from my five years of experience working and writing on technological aspects, I delved into understanding the dynamics of blocking services like 1.1.1.1. The reasons often seem to be tied to political and geographical factors, with the most common justification being “national security” and concerns over confidential data.

“I have been using 1.1.1.1 WARP from India, but 1.1.1.1 WARP mode is not working on the Jio network, while the normal private DNS is functioning. Reset network settings: Done. Reboot device: Done. Always-on VPN: Done. Clear cache and storage: Done. Uninstall and reinstall: Done. Reset private keys: Done. Still, WARP mode is not working. What should I do? And what is the reason behind this?”(solution quoted on the community page)
Many more solutions like this have been shared in the community pages, but sadly, nothing works. I am obliged to install another VPN, as I am left with no other option due to the urgency of the work.

Searching for the exact reason behind this, I came across some information that I’m not entirely sure is legitimate but seems relatable—or at least understandable.

One random user explained:
“Basically, the rule in India is that you can operate a VPN as long as you maintain data related to the user, including their name, ID, IP accessing from, and IP accessing to. I think the 1.1.1.1 client actually operated anonymously (because if I remember, you didn’t actually need to log in to use it). iCloud+ Private browsing maintains that information (account-related, etc.) so it should be safe. Similarly, running your own Tailscale cluster and enterprise VPNs are not impacted—for example, Cloudflare for Teams is allowed, and the Cloudflare One Agent app can be downloaded and is still available.”

Another user added:
“Cloudflare stores user data on the Zero Tier corporate plan, which is tied to accounts. The free 1.1.1.1 app did not require an account, hence it was removed. I cannot answer as to why Proton VPN continues to work or has not been removed. I only gave an opinion as to why the free Cloudflare product may have been removed. For what it’s worth, you can set up your own VPN and run it, and as long as you maintain a user login and account history, you can operate a VPN.”

The list of removed VPNs includes other services like Hide.me and PrivadoVPN. Apple, citing a demand from the Indian Cyber Crime Coordination Centre—a division of the Ministry of Home Affairs—stated that these app developers had created software that contravenes Indian law.

On the other hand, several VPN providers have robustly opposed the Indian government’s mandate. When the framework was introduced, prominent developers like NordVPN, ExpressVPN, Surfshark, and ProtonVPN publicly criticized the requirements, with some even indicating plans to remove their server infrastructure from India. For example, Surfshark’s services are no longer purchasable via UPI, a payment method that was available before the rules came into effect. Despite these challenges, NordVPN, ExpressVPN, and Surfshark continue to operate in India, although they have scaled back active promotion of their apps in the country.

The Indian government’s actions against VPN service providers hold even greater significance when considering the country’s position as one of the world’s largest VPN markets, with substantial growth anticipated in the coming years.

In 2023, India’s VPN market generated an impressive $4.166 billion in revenue and is projected to reach $7.681 billion by 2030, growing at a compound annual growth rate (CAGR) of 9.1% from 2024 to 2030. With an estimated 270 million VPN users in 2021, the market remains dominated by a limited number of providers, including Surfshark, NordVPN, ExpressVPN, PureVPN, IPVanish, and others. Despite regulatory challenges, these players continue to cater to a substantial user base in India.

The restriction on VPN services is not unique to a major country like India; several other nations are also engaging in this “banning game” under the guise of national security and data regulations. Countries such as China, Russia, Germany, and Italy have also implemented measures to control or restrict VPN usage, citing similar justifications of safeguarding national interests and ensuring compliance with local laws.

I referenced the community pages solution and inquiries because I haven’t found any direct comment or official report from the Ministry of Home Affairs (MHA), Government of India, regarding the banning of these regulations. This raises the question: while policymakers, law experts, diplomats, and technocrats may have discussed these bans, similar to the DPDP, why are such policies put out for public comment even after being enforced?

Close-up view of a mouse cursor over digital security text on display.

Why is everything being imposed in the name of national security? The challenge is that, while we advocate for encryption and data privacy, we also ask for data storage, suggesting that privacy might, in fact, be a myth. Our devices, always with us, listen even when not in use, reinforcing this paradox.

It’s a social dilemma of the Internet age. On one hand, we promote privacy and encryption, while on the other, innovators are developing AI systems that collect all our information. I’m not arguing that imposing regulations on the majority is wrong, but is there a way to balance technology, innovation, and regulation? This is simply a thought from a technical writer’s perspective.

You are under surveillance!

You search for a pair of shoes on a search engine, and suddenly, every ad you see is about shoes. You browse a housing site, and before you know it, your phone is buzzing with calls and messages about properties. You search for a nearby restaurant or explore a business idea, and bam! Your screen is overflowing with ads instead of the information you actually wanted. It feels like a hidden camera is always watching, anticipating your every move, doesn’t it? It’s like having a personal assistant—except you never asked for one! And this assistant? It’s so efficient, it even seems to work ahead of your own thoughts. Welcome to the digital world!

This type of constant surveillance is what we call surveillance capitalism. Big tech companies—let’s say the big four—use this model to turn your data into a resource, treating your searches and interests as their products. Whether you’re intentionally seeking information or just satisfying a passing curiosity, the moment you enter your data, it’s no longer just yours. Even if a website says it’s “encrypted,” that data is fuelling the encryption of their own massive datasets, which they use to craft algorithms that steer your next online experience. Search for anything, and in the background, those algorithms are quietly deciding what to show you next.

It’s not just that you’re searching the web—the web is also searching YOU. And while it may seem convenient to have such personalized suggestions, it’s important to realize that this is really about influence. These companies aren’t just catering to your needs; they’re shaping what you’ll do next.

Surveillance capitalism refers to the practice of monetizing data collected by tracking people’s online and real-world behaviors. This type of consumer surveillance is primarily used to tailor marketing and advertising strategies. The term **surveillance capitalism** was first introduced by John Bellamy Foster and Robert W. McChesney in a July 2014 article in *Monthly Review*, a socialist magazine based in New York. Their original concept centered on the U.S. military’s surveillance of citizens.

The term surveillance capitalism is more closely associated with the economic theory proposed by Harvard Business School Professor Emerita Shoshana Zuboff in September 2014. It describes the large-scale monetization of individuals’ raw personal data, used to predict and influence their behavior. Surveillance capitalism operates through steps like data collection, prediction, and the creation of behavioral markets. While it’s not tied to any specific tech or business process, it represents a business philosophy driving the massive data economy. Most people don’t realize the extent of this data collection until their privacy is breached, revealing that their confidential information has been commercialized and turned into profits—often to the tune of billions—by other companies.

There are no serious proposals for regulating the data collecting abilities of technology companies. However, Google did pay a large data privacy settlement in November 2022.

In her book, Zuboff predicted that data collection will continue to grow as it becomes increasingly central to the market and as technology becomes more embedded in daily life. She highlighted the rising use of IoT devices, like fitness trackers, which provide new opportunities for sharing user data with marketers and advertisers. Zuboff also referenced a 2016 Microsoft patent for software designed to detect users’ mental states. She warned that this type of technology could lead to a new level of privacy violations, as it would activate sensors to capture voice, speech, videos, images, and movement.

The question now is, can we regain control over our data in this system that’s so deeply ingrained in our digital lives? Or is this just the new normal? It’s something worth thinking about as we continue to navigate this always-connected world.

NetMission.Asia Ambassador: A journey of Exploring Internet Governance through an Asia Pacific Perspective”

Initially, my encounter with the term “internet governance” left me with a vague understanding, as Google’s explanation provided only a basic overview. However, my curiosity was piqued, prompting me to delve deeper into the subject. This journey into the realm of internet governance commenced last year, around mid-April, with my involvement in ‘Youth Internet Governance-INDIA’ (https://youthigf.in/). Through YIGF-India, I gained valuable insights into Internet governance, particularly from the perspective of my home country, India. Expanding my horizons to encompass the Asia Pacific region, I embarked on a new path with NetMission.Asia (https://netmission.asia/). NetMission.Asia is described as a network comprising passionate young individuals from Asia, committed to engaging and empowering youth in internet governance discourse. Their goal is to foster youth mobility and effect positive change within Asia through impactful initiatives in Internet governance.

The journey as an Ambassador and eager learner commenced in December 2023. Being selected and introduced to our supportive buddies by the NetMission team marked a warm and engaging beginning to our experience. The orientation day provided us with invaluable insights into how NetMission.Asia is actively contributing to fortifying the role of the Asia Pacific region in shaping and comprehending Internet Governance. Throughout this journey, we underwent significant learning experiences, delving into diverse topics such as the essence of Internet Governance, the pivotal role of the Asia Pacific in this domain, and nuanced concepts like Diversity, Inclusivity, Green Tech, Web 3.0, and the Digital Economy. Our exploration extended to encompass emerging technologies, cybersecurity, privacy, and fostering a safer internet, among other crucial aspects.

Participating in virtual meetings with professionals actively engaged in various levels of the Internet Governance (IG) platform, such as UNIGF, ICANN, APNIC, IETF, and ITU, proved to be highly informative, enriching, and interactive. Engaging in breakout groups for each session provided ample opportunity for brainstorming and exchanging ideas. Documenting our learnings in worksheets, summarizing viewpoints from a visionary perspective, and collaborating in diverse groups under the banner of different organizations were all integral components of this journey. However, the highlight undoubtedly was the opportunity to showcase our achievements through case studies with our respective groups, an aspect of the experience that I found particularly rewarding.

Over two months, juggling regular Thursday sessions alongside daily tasks posed a significant challenge. However, despite its demanding nature, the experience proved to be immensely rewarding. I sincerely hope that more individuals get the chance to engage with NetMission, enabling young minds to contribute their unique perspectives on Internet governance in their respective countries and across the Asia Pacific region. In summary, if I were to describe this journey in a few words, I would call it “wonderful, amazing, and transformational.

Geo-fencing: Location On Work

In the world of technology, tracking is not a strenuous task, which will require meticulous efforts. Geo-fencing is one of the technology blessings we are working with. But what is this geo-fencing, how has it developed, in what ways it works, how is it useful and where is it used? Let’s discuss all these answers one by one via this article.

GEO-FENCING

In the word Geo-fencing, the Prefix “Geo” is a Greek word meaning “earth or land” and “fencing” means “drawing an imaginary border” Thus, Geo-fencing defines as setting up fencing or a virtual perimeter boundary to know whenever an object enters within the marked fencing zone.

As the definition explained above, defines Geo-fencing technology as a location-based service (LBS). In this, the app or any other medium by which the service is in use depends on GPS (Global Positioning System), Wi-Fi or cellular data and RFID(Radio-Frequency Identification) to activate the organized action which is based on whenever a device enters or exits the set virtual boundary locations or Geo-fence. The alert can be sent in many ways set up by the developer, it can be in a trigger form of text, pop-up, push notifications, track alert messages etcetera. 

How the Geofencing Work?

The developer set up the virtual boundary using GPS or RFID services or even an IP address in some cases to set up the fencing zone and then set up a per-planned alert system for the device which is going to enter or exit from the fencing zone. As soon as you enter the fence, will be tracked by the developer in case of tracking; you will get a push notification, if the fencing is set up for some marketing or business deals, you will get a message if the fencing is set up for any other purposes related to work personal or professional. So, therefore we can say that Geo-fencing has made life easy for everyone except those who are in the adversary zone. The fence in the Geo-fencing can vary in the perimeter zone, i.e., they can be changed,  reduced or increased depending upon the user and developer. 

Example: If you are running a salon and you want the customers in closer proximity to your location to know about the venue, you can set up the fencing perimeter and send the alerts in whatever format you want to give. 

Geo-fencing Application

In this era of digitization, Geo-fencing has become a crucial way for every sector whether it is a public or private one; whether it is in the security zone or marketing world; whether it is in IT or business firms. Once geographic fencing is set, the opportunities and usage are seemingly endless and that’s one of the reasons that it has become especially popular in marketing and social media lines.

Some of the common Geo-fencing Applications are as follows:

Security: Geo-fencing can be used to make your devices more secure. Like you can set your own Geo-fencing for your device for a specific area like your home, to get push-up notifications whenever someone enters your home.

Social networking: With Geo-fencing development comes its usage in one of the most popular platforms of the last decade called social media. Geo-fencing is the social media app network that gives the application of location status, location sending, and location-based stories to other devices and all these are all made possible with Geo-fencing. 

Human resources: For fencing the on-field employees, and workers and to track the employees, companies nowadays use Geo-fencing to keep a record of employees. Geo-fencing is also useful as a way to automate time cards, employee clocking means keeping track of when they go in and out, within the premises.

Marketing: Geo-fencing is a popular way for business firms to promote themselves by an alert pop-up whenever you are within the fencing range of the company. One of the best use of Geo-fencing is that it helps businesses in targeted ads to a specific audience instead of mass-adherence to figure out the right set of strategies with the right set of people based on the user’s location data.

Telematics: Telematics, the process of merging telecommunications and informatics via any device- Geo-fencing plays a very useful role here as well by allowing companies to set virtual zones around sites, work premises and secure zones. 

Smart appliances: Smart appliances have made us enter the smart world and Geo-fencing is one of the smartest use of these smart appliances  With the capability of smart work of appliances, it’s easier than ever before like reminding you of some household chores, reminding you some office-related files, kids assignments and all. 

The use of Geo-fencing in handling Pandemic COVID19:

When the entire nation is struggling for survival from the pandemic coronavirus, people in technology are working to tackle this problem via the use of technology. Developers from different zones of the country have developed a geo-fencing-based app for COVID-19 to track the people who are on the fence about getting affected by the Coronavirus.

Ministry of Electronics and information technology (MEITY)-GOI has developed an app called ‘AAROGYA SETU’ for citizens to know the risk of contracting COVID-19 by Geo-fencing tracking service. The tracking is done via Bluetooth & location-generated social graphs, which can show your interaction with anyone who has tested positive-All you have to do after the installation is to switch on the Bluetooth and location. By switching on the following you will be in the line of sight of developers and once you crossed paths with the red zone area you will get an alert message based on the information. Thus, Geo-fencing is playing a crucial role in handling this pandemic.

Geo-fencing Future

In this world of data-privacy where everyone is concerned about their data getting stolen, Geo-fencing faces the same criticism of possibilities of a data breach but as said by Nasscom chief R. Chandrasekhar, ‘There is nothing called fully perfect security in IT’, thus we can’t play the data-breach game with Geo-fencing anymore. According to a press release from Markets and Markets (https://www.marketsandmarkets.com/), the Geo-fencing industry is expected to grow by over 27% by 2022, citing “technological advancements in the use of spatial data and increasing applications in numerous industry verticals.”

References:

https://en.wiktionary.org/wiki/Wiktionary

https://meity.gov.in

https://en.wikipedia.org/wiki/Geo-fence

HTTP V/S HTTPS

HTTP (HTTP://)– Hyper Text Transfer Protocol is a Protocol designed for communication between client (Web browser) and server(Web server). It was projected in 1989 by the world wide web. It operates on Port 80 and transfers data in plain text. There were a few revisions in HTTP until http1.1 released in 1996.Then after finding so many loopholes, There was a mega release of HTTP/2 in 2015. Later, HTTP/3 as the proposed successor to HTTP/2 came out, which is already in use on the web, using UDP instead of TCP for the underlying transport protocol. 

Advantages of HTTP:-

  1. HTTP can be implemented with other networks as well as protocols.
  2. HTTP pages are stored on computers as internet caches.
  3. The platform of HTTP is independent, thus allowing cross-platform porting.
  4. It can be used over Firewalls.

Issues with HTTP:-

  1. HTTP is a stateless protocol, which means it does not require the HTTP server to retain information or status about each user for the duration of multiple requests. Each time the requests will be treated unique or new irrespective whether it is new or old.
  2. No privacy, as open for all, and anyone can see the content.
  3. Data Integrity is 0, here as security and privacy are absent here and anyone can alter the content.
  4. Anybody irrespective of a genuine user or not, can intercept the request and can get the username and password.

HTTPS (HTTPS://)– Hyper Text Transfer Protocol Secure, an advanced as well as the secured version of HTTP. It allows secured transference with the help of SSL (Secure Sockets Layer). HTTPS is a combination of SSL/TLS with HTTP. It provides encrypted data and secured transference with the help of key-based encryption algorithms, in which key is generally 40 or 128 bits in strength. It operates on port 443 and transfers data in Cipher (encrypted) format.

Advantages of HTTPS:-

  1. Sites running over HTTPS are redirected, which means even if you type in HTTP:// by mistake, it will redirect to an HTTPS over a secured connection.
  2. Secured with SSL/TLS and provide full encryption over data.
  3. Each SSL Certificate contains unique, authenticated information about the certificate owner.

Issues with HTTPS:-

  1. HTTPS protocol can’t stop stealing confidential information from the pages if they are saved as cache memories on the browser.
  2. SSL data can be encrypted only during transmission via a network, thus the text in the browser memory is still not cleared with SSL.

Difference between HTTP and HTTPS :-

                 HTTP

               HTTPS

-Hyper Text Transfer Protocol

-Hyper Text Transfer Protocol Secure

-Less secure and encryption is absent.

-Secure and encrypted with SSL/TLS.

-Uses Port 80.

-Uses Port 443.

-Doesn’t scramble data before transmission, thus vulnerable to hackers.

-Scramble Data before transmission, thus secure.

-It operates on TCP/IP level protocol.

-It operates on the same HTTP protocol but with SSL/TLS.

-No SSL and data encryption.

-SSL and data encryption are required.

-Fast in procession.

-Slow in processing in comparison to HTTP.

-It operates on an Application layer.

-It operates on the Transport layer.

-It transports plain text information.

-It transports cipher text information.

SSL/TLS-Secure Connection

Whenever we browse the internet, we see some site URLs, there is a padlock present and in some, it is absent. The presence of this padlock symbolizes secure communication between the user and the server. This padlock consists of a secure communication certificate and that certificate communication is called SSL Certificate communication i.e., Secure Socket Layer. SSL’s function is to build a secure chain of trust between the user and the server. The certificate is provided by a Certificate Authority (CAs) like Let’s Encrypt, Bypass, Comodo, GeoTrust et cetera, which actually builds the chain of trust running the certificate validation in a hierarchical manner.

Most modern web browsers have flagged sites without SSL/TLS as insecure or unsafe. Going forward, SSL/TLS certificate may become a mandatory website hosting requirement. By hosting a website with SSL/TLS certificate, it provides security to the data transferred between the website and the Website visitor, by encrypting the communication, in addition to this the SSL/TLS certificate also helps to verify the identity of the site, thereby helping users to surf on a secure and encrypted connection. The SSL certificate consists of Website Owner information including Domain and sub-domain name, the Validity period of the certificate, Public key used for encryption

TLS is the new or updated version of SSL; TLS has evolved from SSL (Secure Socket Layer) only, which was developed by Netscape Communication in 1994. SSL 1.0 was never used but followed by SSL and 3.0. TLS 1.0 is based on SSL 3.0. TLS 1.3 is the latest version, published in the year 2018  and almost all Cas are using or moving to TLS1.3. The presence of secure connection or TLS can be seen through HTTPS presence in URL, which is an implementation of TLS encryption on top of HTTP protocol, which is used by all the websites running web services. Hence, any website over https is deploying TLS only.

                       USER——–(SSL/TLS HANDSHAKE)——–CLIENT

SSL CERTIFICATE VALIDATION AT DIFFERENT LEVELS:

1)    DOMAIN VALIDATED CERTIFICATE: In this validation, only a domain name is validated and a certificate is issued in this validation name only. That’s why it is the easiest validation in the SSL certificate validation game. It is beneficial for servers who are just willing to take SSL for namesake or blogs, and small enterprises not dealing with products or selling.

2)    ORGANISATION VALIDATED CERTIFICATE: In this validation, additional details like the address of that particular server with the domain name will be required for the validation check to pass. Thus, it is a bit more stringent than domain one. The additional details validation makes it more trustworthy on the user’s end.

3)     EXTENDED VALIDATION CERTIFICATE: This is the most cost-equipping, trustworthy, time taking validation. This is required by all the large e-commerce, enterprises and business to mark up with the customer trust level.

TYPES OF SSL CERTIFICATES:

1)    Single Domain SSL: As the name defines, it is a single domain name, thus, only and only single name domain SSL will be generated, and no other name or sub-domain name will be able to use the certificate.

2)    Wildcard SSL certificate: The domain and all sub-domain along with this will be able to use the certificate known as Wildcard SSL. The sub-domain list can be seen by clicking on the padlock icon in the URL.

3)    Multidomain SSL certificate: Multiple distinct domains can use a single certificate issued in the name of all the distinct domains. The domains are neither the sub-domain of a single domain nor the multiple pages of a single domain.

TLS/SSL HANDSHAKE:

(Image Source: https://www.geeksforgeeks.org/secure-socket-layer-ssl/)

Phase 1:  This is Establish Connection Phase. The client sends a ‘HELLO’ message with its TLS version, List of Cipher Suites and Random Client’s Number and the server replies with a ‘Hello’ message along with its SSL certificate, Cipher suite chosen and a Random Server’s number.

Phase 2: This is the Pre-secret master key Generation Phase. A client sends one more random string which is encrypted with a Public key (which is taken from Server’s SSL certificate), commonly called a ‘pre-secret master key’. The server decrypts this secret key with the private key of its certificate.

Phase 3: This is thesession key Generation Phase. The client as well as the server generates the session key using its own random numbers and pre-secret master key. The session key at both ends generated will be the same.

Phase 4: Handshake Ends. The session key will be verified and authenticated at both ends, it should be the same, then only a secure connection is established and the data moves now in an encrypted manner. If anyhow the key differs, the connection won’t be established. Once the connection is established both client and server send a ‘Finished’ message to each other and a green signal for encrypted data transfer will proceed.

This TLS/SSL handshake is validated till TLS1.2, in TLS 1.3 the handshake has been changed a little bit. In place of a 4-way handshake, it is now based on 2-step handshake validation or completed in just one round trip of a handshake. The TLS1.3 is more secure, encrypted and less time taking than all the previous versions.

UPGRADE IN TLSV1.3:

                              (Image Source: https://timtaubert.de/images/tls-hs-static-rsa.png)

Phase 1: Establish Connection. Same as TLS1.2 Phase 1, TLS1.3 also commences the handshake with the “Hello” message with an add-on of a list of supported cipher suites and a guess of which key agreement protocol will be chosen by the server along with the Client’s chosen key agreement protocol.

Phase 2: Validation Completion. The server replies with a “Hello” message with the key agreement protocol that it has chosen, key share, certificate and ‘Finished’ message.

The Server “Finished” message, which was sent in the 6th step in the TLS1.2 handshake, is sent in the second step in TLS1.3. Thus, completing the round trip in just 2 steps.

Phase 3: Finished Message. In the last step, the client will validate the server certificate, and generate a key share while using the key of the server. Once all the checklists are done client sends a “Finished” message. Now, the data encryption begins.

Cipher Suite:  A complete set of cryptographic algorithms require to secure a network connection through SSL/TLS. For each set, there is a specific algorithm. The SSL/TLS does the Handshake process for building the secure connection and during the handshake, the client and the web server will use the following cipher suite components:

O  A key exchange algorithm is used to determine how symmetric keys in the handshake will be exchanged. Example: RSA (Rivert-Shamir-Adleman).

O  An authentication algorithm, which function is to tell how the authentication at both ends client as well as server will be implemented and finished. Example: DSA (Digital Signature Algorithm).

O  An Encryption cipher, to encrypt the data. Example: AES (Advanced Encryption Standard)

O  A Message Algorithm, a function is to check and administrate how the data integrity checks will be carried out. Example: SHA (Secure Hash Algorithm)

Routing: Choosing the Best Pathways since 1976!

Routing directs network traffic through routers, enabling smooth data flow. Routers use administrative distance (AD), metrics, and protocols like OSPF and BGP to select optimal paths. Routing tables and FIBs manage network efficiency. Key types like static, dynamic, and backup routes ensure secure, streamlined traffic control. In today’s hyper-connected world, effective routing underpins seamless communication across networks, influencing everything from social platforms to global data transfers.

(Image Source: https://www.cisco.com/c/en/us/products/routers/what-is-routing.html)

Routing basically means ‘to route’. The aim of the routing process is to provide a way out for the network traffic to reach from the source to the destination and this destination can vary from 1 to multiple locations. Thus, Routing can be defined as the path/route for network traffic flow from the source to the destinations, being both in same network or different networks. Routing is controlled by the Router and router is the device which actually defines the whole path for routing.

Routing Process:

Routing depends on various factors like Administrative distance, ASN, Interface, next hop and mainly on Destination Network. Whenever the traffic flows out from the source and reach to the Router, the router at first check the destination IPv4 or IPv6 address and then proceed further by checking the Forward Information Base or FIB which consists of 3 main elements and those are Destination Network, Next Hop and Outgoing Interface. This FIB is generated by the RIB aka Routing Information Base which contains prefixes, routing tables, metrics, and next hop information. We will read about all this later in this document.

So once the Datagram reach to the router, the router will check the destination IP address and referring the FIB, it will send the information to the destined IP address and this network flow can be of unicast nature or multicast nature. It is not bounded to one form of flow only.

Routing Components:

1.) Router: The router is a hardware device which functions to flow the network traffic in multiple or unicast way. It uses routing tables, and algorithms to decide the right path and to ensure to let the traffic reach its right destination.

2.) Administrative Distance (AD): Numerical values assigned to different routes or protocols from 0 to 255, basis on which the preferred path is selected or rejected. It is a numerical value of trustworthiness of a routing information gained from different sources. The higher the AD value, lower will be the chances of its selection. Thus, can say that AD is inversely proportional to the numerical value. AD is one of the most important or the prior element checked by the router to forward any traffic. For example, if a router receives a route for a particular destination from two protocol one follows RIP with value as 120 AD and another static route as 10 AD, then the router will prefer the static route only as it is having lesser AD value.

3.) Routing Protocol: Set of rules and procedures to make a protocol that function is to maintain Routing Tables is called Routing Protocol. Example: OSPF, BGP, EIGRP.

4.) Routing Table: It is a database of a router which contains information like destination Network, network topology, or available routes in the network. Thus, this is very useful for the routers and on basis of this the RIB (Routing Information Base) is prepared and maintained which further generates the FIB (Forward Information Base).

5.) Interface: A connection point located on a router device to connect to a network and each interface has its own IP address and subnet mask assigned. Signifies as G0/1 or other symbols but in this manner only. This interface can be physical or virtual as well. Each interface on a router can also have the configuration of other factors like default gateway, access control lists (ACLs), quality of service (QoS) policies etcetera.

6.) Metrics: Metrics including various factors like hop count, bandwidth, or delay determines the best route for any data gram.

7.) Path select Algorithm: By considering different factors like metrics, AD, policies, the path select algorithm provides and choose the best available paths and then the traffic to the destined IP is sent.

Types of Routing:

1.) Static Route: Manually modifies, added and maintained by a Network Administrator only.

2.) Dynamic Route: Gradual addition of routes that are learned by Network devices from the different routing protocols and they share the best possible route information with each other.

3.) Default Route: These are the routes which are assigned as the default one when the device lacks the routing destination information in its routing table, then the device transfers the traffic to the default gateway or route which then send it the appropriate destination.

4.) Black Hole Route: The main purpose of black hole route is security, thus whenever a selected segment or IP address from which the traffic is blacklisted try to hit the router, that IP address will by default fall down in the black hole route and get discarded. This is also called as null route.

5.) Interior Route: The interior route is basically a route which is flowing inside a same Autonomous System (AS) only and managed by interior gateway protocols only, like the Route in Corporate Network.

6.) Exterior Route: The routes that are learned from outside the AS like via the internet are exterior routes only and they follow the exterior gateway protocols.

7.) Floating Static Routes: It is also called as backup route, because of its function that whenever the primary route fails to reach the destination, the backup or floating static route will function and let the datagram reach the appropriate destination. The AD of floating static route is higher than the primary ones.

Forwarding Information Base or FIB:

Forwarding Information Base (FIB) is a database table used by a router to know the next-hop address and interface for forwarding a packet. FIB is generated by the routing information base or RIB. When a packet arrives at the router, the router checks the destination IP address against and refer the FIB to determine where to forward the packet by seeing the destination network, next hop and outgoing interfaces and on basis of the information the router forwards the packet. FIB entries are typically stored in a hash table or a database structure, which allows for fast lookup and retrieval of the next-hop address or interface.

Routing Information Base:

It is a database where routes and route related metadata is stored by a routing protocol – allowing the routing protocol to select a ‘best’ path to a given destination. Each protocol has its own separate RIB. RIB functions as a backbone for FIB, without which the FIB can’t function. RIB consists of Routing tables, prefixes, next hop information and metrics.

Routing Protocols:

OSPF:

Open Shortest Path First, is a link-state routing protocol used to map the path with the shortest distance. It is a dynamic interior gateway protocol which uses link-state Algorithm and can work as OSPFv2 for IPv4 address using RFC 2328 and OSPFv3 for IPv6 address using RFC 5340. The OSPFv3 can be used for IPv4 and IPv6 as well by using RFC5838. The AD in case of OSPF is 110 and it is a fixed numerical value. The OSPF supports Hierarchical Routing. OSPF processes as by first giving a ‘Hello packet’ to the neighboring routers in same AS which will lead to exchange of topology among neighbors via Link-state advertisement. Once the hello is sent to all, then a topology map will be prepared for the network by creating a link-state Database. Using the database calculation for the best path is done and that is update in the OSPF tables. OSPF divides the routers into different areas starting from area0 to area n respectively. OSPF Router can Internal router which is for same area and External router which is for different areas. OSPF also supports other features like support for multiple paths to a destination, unequal cost load balancing, and authentication mechanisms to ensure secure routing information exchange.

Intermediate System to Intermediate System:

Intermediate System-to-Intermediate System (IS-IS) is a link-state, Interior gateway protocol that uses modified version of Dijkstra Algorithm. The AD value for IS-IS is 115. An IS-IS network has range of components, routers, areas, and domains. Just like OSPF it also organizes routers into areas and multiple areas together form a domain. It uses two network addresses, one is Network Service Access Point (NSAP) and other is Network Entity Title (NET).

Routing Information Protocol:

RIP is an Interior gateway protocol that also runs on Application layer of the OSI model. Like OSPF it has also two versions as RIPv1 and RIPv2. The former version functions to find network path based on IP destination and the hop counts by broadcasting IP tables to all routers in the network. While the later one or RIPv2 being more precise sends the IP tables to multicast addresses only. RIP, AD is with a fixed value of 120. RIP is not a suitable protocol for larger networks as it has limitations of hop count as 15.

Enhanced Interior Gateway Routing Protocol:

EIGRP is a distance vector and link-state routing protocol. Thus, also known as ‘Hybrid Protocol’. EIGRP is a Cisco proprietary protocol that was designed to follow on from the original IGRP protocol. EIGRP has features like bandwidth, reliability, maximize efficiency etc., whenever multiple paths to the same destination are available, EIGRP will select the path with the lowest metric, regardless of the administrative distance. In EIGRP, the router takes information from the routing table and keep a record of the same, whenever a change or update occurs in the path the router informed the neighbors and they do update the tables accordingly The AD for EIGRP is 90 for internal EIGRP routes, and 170 for external EIGRP routes.

Broader Gateway Protocol:

BGP is distant-vector routing protocol designed to replace Exterior gateway protocol. The AD vale for BGP is 20 for eBGP (external BGP) routes and 200 for iBGP (internal BGP) and in the time of selection with multiple path value the BGP will always select the one with lower AD value independent of Metric value. BGP uses best path selection Algorithm. No auto-discovery of table like events happen in BGP case, i.e., user has to configure BGP manually.

Routing Algorithms:

Routing algorithms are the algorithms that implements different routing protocols by assigning a cost number to each link, which is calculated using various network metrics and aim is always to transfer the data packet with the lower cost value.

1) Distance Vector Routing: This routing algorithm updates the best path information to all known destinations irrespective of same AS and different AS.

2) Link State Routing: In Link State Routing, Same AS network discovery of best path among neighboring routers take place. Using the information, a map is created and best path is then calculated.

Networking 101

Harnessing the power of computer networking, seamless connectivity allows data to flow effortlessly between devices across local and wide area networks, guided by the structured OSI model. Understanding these fundamentals is key to unlocking the digital world’s potential.

Networking!!

Networking or computer networking is a conduit that connects one node to another (devices) in network information. Networking is all about connecting, designing, using, managing and operating a network. The information can be between two users or segments and be sent in a local area network (LAN) or in a wide area network (WAN) connectivity. Networking works segments include diverse zones like calls, messages, video streaming, or other Internet of things (IoT).

Network Types:  Networking can be defined in various types on the basis of designing, layers in the OSI model, components etc. We describe on the basis of the Physical layer of the OSI Model and Designing.

     On the basis of the Physical layer of the OSI Model:

Wired: The network requires a physical medium to travel to send the information from one device to another device. For example usage of ethernet cables in connecting computer devices to a common network in offices. This type of network is cost-effective, reliable, and durable.

Wireless: The network doesn’t require a physical medium, as it works on radio waves to make the information travel from one device to another. For example Wi-Fi. This type of network is mobile, fast, and scalable.

      On the basis of the Designing component:

LAN: Local Area Network or LAN is a small area network where a group of devices is connected on a single, geographically limited Network. It can be wired (e.g. -switch) or wireless (e.g.- Access Points)

WAN: Wide Area Network or WAN is a wide or larger region network, where multiple LANs network are connected in the same network. It is not geographically limited like the LAN.

Network travels following the OSI 7-layer model or TCP/IP 4 layers model:

Open System Interconnection Model:

The open system interconnection model or OSI model is a network model which defines how actually information travels from one device node to another device node. The information travels via 7 layers, from one stage to another. The 7 layers are as follows:

Application layer>>Presentation layer>>Session layer>>Transport layer>>Network layer>>Data layer>>Physical layer

     Application Layer:  The application layer’s basic purpose is to provide a user interface for applications. This layer provides network services to the applications running on it. Protocol for this layer is SMTP, HTTP, and FTP.

     Presentation Layer: The data from the application layer is extracted here and then sent to the next layer. The function of this layer is to translate, encrypt-decrypt and compress the data. Protocol used in this layer is HTML, XML, and JSON.

        Session Layer:  The function of this layer is to establish and maintenance of the session, authentication, security, and communication between two devices in half-duplex or full-duplex mode. Protocol used in this layer is RPC and SIP.

       Transport Layer: Data of the transport layer is called segments. It is the layer responsible for taking services from the network layer and providing services to the application layer. It is actually responsible for the end-to-end transmission of data in the whole process. At this layer, the source and destination ports are decided. It makes connectionless (UDP) or connection-oriented (TCP) pathways depending on which is required. For example, UDP is used by DNS services while TCP is used for communication which requires acknowledgment like a query asked by the user. Protocol used in this layer is TCP, UDP, and SCTP

        Network Layer: Transmission of data from one host to another which might or might be not in the same network zone. The data here are called packets. It put the source and destination IP address in the header. The function includes routing and logical addressing. For example Routers and advanced switches. Protocol used in this layer is IP, ICMP, and RIP

        Data Link Layer: The layer’s responsibility is to transfer data from node to node using the Source and destination MAC address. The receiver’s MAC address is obtained by using a request process called as ARP (Address Resolution Protocol) onto the wire asking “Who has that IP address”? and whoever will be the destination host will reply with an acknowledgment. The data packet here on this layer is called a Frame. The function of the layer includes framing, physical addressing, error, flow, and access control. Example: Switch, and Hub all are data link layer devices. Protocol used in this layer is PPP and HDLC.

     Physical Layer: The lowest layer at receiving end and the upper layer for the sender’s end is the physical layer. It is a part of the hardware layer and its function is to create an actual physical connection between devices. The message here comes in form of bits and is transferred in form of bits only from one node to another node. The function of the layer includes bits synchronization and rate control, transmission mode, and physical topologies. For example Hub, modem, cables, repeaters, etc. Protocol used for this layer is Ethernet, Wi-Fi, Bluetooth, and USB.

  Different protocols followed at each layer:

               LAYER

            NAME

          PROTOCOLS

Layer-7

APPLICATION

SMTP, HTTP, FTP

Layer-6

PRESENTATION

SSL, TLS

Layer-5

SESSION

NetBIOS, SAP

Layer-4

TRANSPORT

TCP, UDP

Layer-3

NETWORK

ICMP, ARP

Layer-2

DATA

PPP, FRAME RELAY, CABLE

Layer-1

PHYSICAL

ISDN, MACHINES, LAPTOP

 Difference between OSI and TCP/IP Model:

                   OSI MODEL

                TCP/IP MODEL

OSI model has a clear distinction among the interfaces, services, and protocols.

TCP/IP hasn’t any clear distinguishing points between services, interfaces, and protocols.

To define routing standards and protocols OSI model uses the Network layer.

TCP/IP uses only the Internet layer.

OSI model use two separate layers physical and data link to define the functionality of the bottom layers

TCP/IP uses only one layer (link) to define the functionality.

In the OSI model, only the transport layer is connection-oriented.

A layer of the TCP/IP model has a major advantage over OSI and it is both connection-oriented and connectionless.

In the OSI model, the data link layer and the physical are separate layers.

In TCP data link layer and physical layer are combined as a single host-to-network layer.

The minimum size of the OSI header is 5 bytes.

The Minimum TCP/IP header size is 20 bytes.

SUMMARY:

The OSI Model, TCP/IP model, and networking is a logical and conceptual fundamentals in the IT field. The model defines network communication as a process used by the systems in open to interconnection and communication with other systems. As we observed as well, In the OSI model, a layer should only be created where definite levels of abstraction are needed, otherwise, no such requirement is observed. OSI layer helps you to understand communication over a network.  Thus, for understanding and work in networking, one needs to work and understand the fundamentals of Networking

Wi-Fi: An Introduction

Wi-Fi seamlessly connects devices to the internet using radio frequencies, with 2.4GHz offering wider range and 5GHz delivering faster speeds—secured by cutting-edge protocols like WPA3 to ensure encrypted data

Wireless Fidelity or commonly known as Wi-Fi is a wireless technology that allows a system (computers, laptops, mobile phones etc.) to connect with the internet and to exchange information within a network. It provides internet service to a limited range depending upon the range covered by the routers.

How does Wi-Fi work?

On the technical side, the IEEE 802.11 standard explains the protocols that enable communications with current Wi-Fi-enabled wireless devices, which include wireless routers and wireless access points (APs). Wireless access points support different IEEE standards and these standards work on different bandwidths, and frequencies and support a different number of channels.

Access Points: The access point function is to connect the wireless devices to the wireless network and provide the service of the internet via using the bandwidth provided by the routers/switch. This creates the LAN, WAN AND WLAN network.

Routers: Devices provided to connect to the internet by the Internet Service Providers (ISPs).

Radio Frequency: Frequency which is used by WiFi networks, it consists of no physical interaction, it ranges from 20KHz to 300 GHz.

    -Frequency (F): Number of  beats that take place per second or no of times an event takes place in  a unit of time i.e., F=1/T

                                                 Here F denotes the frequency

                                                          T denotes time

Frequency is measured in hertz.

WiFi basically works on 2.4 GHz and 5GHz radio bands (radio frequencies), these bands are divided further into multiple channels, these channels can be shared on a single network but at a single time, only one transmitter will be able to transmit on a channel.

Let’s understand the basic difference between 2.4 and 5 GHz radio bands.

                         2.4 GHz

                         5 GHz

-Most common frequency, thus crowded.

-New band, less crowded.

-More interference.

-Consist of 11 channels, out of which 3 (1,6,11) are non-overlapping ones.

-Less interference.

-Consist of 25 channels, out of which 23/24 are non-overlapping ones.

-Long range, normal speed, low frequency.Thus, frequency is inversely proportional to range.

-Small range, high speed, high frequency. 

Antenna: Equipment which can transmit electrical waves to radio waves or vice versa to do the function of transmitting or receiving signals is called antenna. It works on the principle of a line of sight and ground waves philosophy. 

The signal range of the antenna is measured in terms of power gain and thus has units measured in Decibels.

The waves can travel from a transmitter to a receiver or vice versa via three modes:-

  1. Line of sight means in a straight line manner.
  2. Ground waves mean moving with the earth’s curvature.
  3. Via Ionosphere, means will go up in the sky bounced back by the layer and reach to the aimed location.

Antenna types:- Basically antenna can be omnidirectional, unidirectional or semi-directional.

  1. Wire: Common one, found in automobiles, aircraft, ships, buildings etc. They can be of monopole, dipole and loop types. 
  2. Aperture: A type of directional antenna, with an opening in the surface to emit radio waves. They can be slot types (used in microwaves) or horn antennas.
  3. Rest they can be of grid type, parabolic or dish antenna, sector antenna etc.

Wifi Communication band name:

-802.11b: Oldest band, the maximum throughput of 11mbps over a short range, uses the 2.4GHz band.

-802.11a: High speed, a throughput of 54 Mbps, uses 5GHz band.

-802.11g: Successor of 802.11b, runs on 2.4GHz, supports up to 54mbps range.

-802.11n: Upgraded version, supports 2.4GHz with optional support of 5GHz band.

-802.11ac: Property of multiple data streams, increased transfer speed, uses 5GHz band, the throughput of 433mbps to 866mbps.

SSID (Service Set Identifier Device) :

1-32 character unique id or network name was given to a WLAN. The main purpose of SSID is to differentiate one WLAN from the other WLAN. For example, if company A employees want to connect to network WLAN A and Company B employees want to connect to network WLAN B, with the use of SSID, they will be able to identify and connect to the right network easily.

WiFi Security Protocols: Protocols to make the WiFi network secure.

  1. Wired Equivalent Privacy (WEP-1999): Earliest security protocol, 40-bit encryption key, not so secure and easily hackable.
  2. WiFi Protected Access (WPA): Stronger encryption, using Temporal Key Integrity Protocol (TKIP) which works on changing keys every time.
  3. WiFi Protected Access 2 (WPA 2): Same as WPA with an advanced secured version WPA by using Advanced Encryption Standard (AES).
  4. WiFi Protected Access 3 (WPA 3-2018): Provides cutting-edge protocols to the market, it supports forward secrecy, meaning that any traffic that came across your network before an outsider gained access will remain encrypted, While with  WPA2, decryption of old traffic can easily take place.

Security Protocols

ENCRYPTION

AUTHENTICATION

WPA Personal

TKIP

Personal security key (PSK-8-16 characters)

WPA2 Personal

AES-CCMP

PSK

WPA Enterprise

TKIP

802.1✖EAP (Extensible authentication protocol)

WPA2 Enterprise

AES-CCMP

802.1✖EAP

AUTHENTICATION SERVER:  It is used to know whether the user who is trying to get into the network server is genuine or not via authentication like user data (Id and password). The Authenticator is an Access point which sends your request to the authentication server which later on asked for security details like Id and password.

Security Framework of AAA:

  • Step-1—Authentication: It means Who are you?- Credentials
  • Step-2—Authorization: It means what can you do or allow to do?- tasks, time period etc.
  • Step-3—Accounting: It means data of what you do? – how, when and what you are using.

Process of Security framework functioning:

Laptop/Device———–(User connects and ask for Id & Password)————–WAP———-(authentication request)———–Compares with database by RADIUS (Remote authentication dial-in user services)—————-Authentication acknowledgement—————-records in accounting database————-Approval given to a device

ICANN78: A Fellow Journey!

My journey as an ICANN fellow began just a few months back when I received that all-important email from our fellowship program manager, letting me know that I had been selected. But, here’s the twist – I didn’t actually check that email until the following day. I guess I was caught up in the busyness of life and didn’t realize what a significant moment it was.

Yes, before proceeding further, for those who don’t know what ICANN is?  Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit, American-based organization that operates as a multi-stakeholder group. It is tasked with overseeing the management and protocols governing various databases associated with the naming and numbering systems on the Internet. Its primary mission is to guarantee the stable and secure functioning of the global network.

Returning to my account of this journey, once I had confirmed my participation, our fellowship manager quickly became my primary point of contact. This was particularly valuable for newcomers like me. They played a vital role in helping us navigate the intricacies of the ICANN Fellowship program, serving as a friendly and knowledgeable guide to steer us through this thrilling opportunity.

But that wasn’t the end of the adventure. Getting a Schengen visa, which allows you to travel within certain European countries, turned out to be a journey in itself. It involved a whirlwind of activities – gathering documents, going through verifications, handling passports, and taking care of all those visa-related requirements. 

And let me tell you, it was no walk in the park. My first attempt at getting the visa didn’t go as planned. It was rejected, and the reason they gave was a bit perplexing – they said the “source of sustenance” was missing. I couldn’t help but wonder why the German government had turned down my application. After all, I was just going to be in their country for the duration of the fellowship, and I had everything I needed to support myself during that time.

So, my journey as an ICANN fellow has had its fair share of unexpected twists and turns. It’s been a lesson in patience, perseverance, and the importance of having a supportive fellowship manager to guide the way. And as I embark on this incredible opportunity, I can’t help but look forward to the adventures and discoveries that lie ahead. Who knows what other surprises were in store??

As a strong believer in God, I experienced a week filled with ups and downs. It was a week of rejection and acceptance and a pivotal moment that led me to discover an incredible opportunity. I had just been rejected, but in the same week, I was introduced to my mentor for a prestigious fellowship. Our very first Zoom meeting took place on that same day, and I decided to share my concerns with my mentor. To my amazement, he not only provided me with a solution but also offered guidance on how to ensure a successful second attempt. Miraculously, my visa application was approved.

Our mentor had a profound message for us: “ICANN is an ocean of opportunities. Your journey may not be easy, but the challenges you face will ultimately lead you to fruitful destinations.” This resonated deeply with me. Alongside seven fellow mentees, I embarked on a journey into the world of ICANN (Internet Corporation for Assigned Names and Numbers) and found myself in the At-Large Advisory Committee (ALAC). Our mentor continued to guide us throughout this incredible journey.

During our mentorship, we had the privilege of e-meeting individuals who had dedicated a significant portion of their lives to ICANN, with 10 or even 20+ years of experience. It was an inspiring experience that emphasized the depth and vastness of the ICANN community. As October arrived, we entered into the month of our fellowship. The first week was dedicated to “Prep-week,” where we were introduced to various community stakeholders in face-to-face e-meetings. These meetings provided us with a comprehensive overview of the different communities and their functions within ICANN. Living in India, I faced the challenge of dealing with a significant time difference. After long days at the office, I would rush back home, grab a quick meal, and then dive into the prep-week activities. It required not only physical presence but also a sharp and focused mind. This was an opportunity that I could not afford to take for granted.

The last day of our prep-week was a remarkable one, as all the fellows, accompanied by our fellowship manager, had the opportunity to connect with a multitude of individuals representing diverse corners of the globe. It was a truly enlightening experience that greatly broadened our comprehension of the global ICANN community.

Then came the long-awaited D-day, October 21, 2023, at Hamburg’s CCH. We were all dressed up and heading to the venue for our very first day of the event. The initial two days were nothing short of overwhelming. We found ourselves amidst a sea of acronyms, and quite honestly, even now, it can be a bit bewildering, to make choices about which sessions to attend. Sometimes it feels like trying to remember all those acronyms would put our neurons under too much stress.

However, the turning point arrived on day three. It was a day of warm welcome by the Government of Germany. The experience was simply enchanting as we walked into a hall filled with vibrant colors and the smiles of attendees, both new and seasoned, with eyes filled with the sparkle of dreams. It was a momentous experience that will be cherished for a lifetime. Over the next two days, we engaged in sessions, interactive parties, DNS Woman gatherings, and much more. One of the most exceptional aspects of ICANN is the incredible networking opportunities it offers. No matter how introverted a person may be, spending time here for these six days will likely turn them into an extrovert. It’s not so much about you stepping out of your introverted shell; it’s the supportive and inclusive environment at ICANN that makes you feel so comfortable that engaging with people becomes a delightful experience, rather than something to be hesitant about.

You build friendships, find constant companionship, and gain knowledge. ICANN embraces the ethos of working diligently and celebrating heartily. I encountered a multitude of individuals during my time there, too numerous to mention here in one blog post. However, one principle remains paramount: trust the process of networking, immerse yourself in social interactions, and embrace the learning opportunities. As my journey within ICANN unfolds, I am brimming with excitement to discover where this path will ultimately take me. The trials and prospects on the horizon serve as a testament to the adage that what initially appears to be a challenging journey often leads to the most gratifying destinations.

For those individuals who are considering becoming a part of ICANN, you can explore the following URL: https://www.icann.org/fellowshipprogram. This website provides a concise and informative overview of the fellowship. As for others, you are welcome to reach out to me through this LinkedIn link: https://www.linkedin.com/in/barkha-manral/

Never think that you are done with fellowship now it is the end, No instead it is the beginning because ‘ONCE A FELLOW,  ALWAYS A FELLOW’.