Ockam.ioOckam on GithubGet HelpRust Library | docs.rs
Search
⌃K
Links

Routing and Transports

Ockam Routing and Transports enable other Ockam protocols to provide end-to-end guarantees like trust, security, privacy, reliable delivery, and ordering at the application layer.
Data, within modern applications, routinely flows over complex, multi-hop, multi-protocol routes before reaching its end destination. It’s common for application layer requests and data to move across network boundaries, beyond data centers, via shared or public networks, through queues and caches, from gateways and brokers to reach remote services and other distributed parts of an application.
Our goal is to enable end-to-end application layer guarantees in any communication topology. For example Ockam Secure Channels can provide end-to-end guarantees of data authenticity, integrity, and confidentiality in any of the above communication topologies.
In contrast, traditional secure communication protocol implementations are typically tightly coupled with transport protocols in a way that all their security is limited to the length and duration of the underlying transport connections.
For example, most TLS implementations are coupled the underlying TCP connection. If your application’s data and requests travel over two TCP connection hops TCP -> TCP then all TLS guarantees break at the bridge between the two networks. This bridge, gateway or load balancer then becomes a point of weakness for application data. To makes matters worse, if you don't setup another mutually authenticated TLS connection on the second hop between the gateway and your destination server then the entire second hop network – all applications and machines within it – become attack vectors to your application and its data.
Traditional secure communication protocols are also unable to protect your application’s data if it travels over multiple different transport protocols. They can’t guarantee data authenticity or data integrity if your application’s communication path is UDP -> TCP or BLE -> TCP.
Ockam Routing is a simple and lightweight message based protocol that makes it possible to bidirectionally exchange messages over a large variety of communication topologies: TCP -> TCP or TCP -> TCP -> TCP or BLE -> UDP -> TCP or BLE -> TCP -> TCP or TCP -> Kafka -> TCP and more. Ockam Transports adapt Ockam Routing to various transport protocols.
By layering Ockam Secure Channels and other protocols over Ockam Routing, we can provide end-to-end guarantees over arbitrary transport topologies.

Routing

Let’s start by creating a node and sending a message to a service on that node.
» ockam node create n1
...
» ockam message send hello --to /node/n1/service/echo
hello
We get a reply back and the message flow looked like this.
To achieve this, Ockam Routing Protocols messages carry with them two metadata fields: onward_route and return_route. A
» ockam message send hello --to /node/n1/service/hop/service/echo
hello
» ockam message send hello --to /node/n1/service/hop/service/hop/service/echo
hello
Previous
Nodes and Workers
Next
Identities and Vaults
Last modified 1mo ago