network snippet

network

basic

Common Name (CN)

Alternative Name (SAN)

Transport Layer Security (TLS)

A VS B

SSL VS TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are both cryptographic protocols used for secure communication over the internet. However, they have some key differences:

SSL (Secure Sockets Layer)

  • Developed by Netscape in 1994 as a predecessor to TLS
  • Primarily focused on web browsing security
  • Used for encrypting data between a client’s browser and a server
  • Typically used with port 443 (HTTPS)
  • Considered insecure due to weaknesses in its encryption algorithms and key exchange mechanisms

TLS (Transport Layer Security)

  • Developed by the Internet Engineering Task Force (IETF) as a successor to SSL
  • Focuses on secure communication between any two endpoints, not just web browsing
  • Uses more robust encryption algorithms, such as AES-256, and improved key exchange mechanisms
  • Supports multiple versions of the protocol (TLS 1.0, TLS 1.1, TLS 1.2)
  • Now considered a standard for secure internet communications

Key differences:

  1. Name: SSL was originally used for web browsing security, while TLS is more general-purpose.
  2. Encryption algorithms: TLS uses stronger encryption algorithms than SSL.
  3. Key exchange mechanisms: TLS has improved key exchange mechanisms compared to SSL.
  4. Protocol versions: TLS supports multiple protocol versions (TLS 1.0, TLS 1.1, TLS 1.2), while SSL is typically associated with a single version.

When to use each:

  • Use SSL when you need to maintain compatibility with older systems or browsers that only support the original SSL protocol.
  • Use TLS for new applications and systems where security is paramount.

Keep in mind that most modern systems, including web servers and clients, have already adopted TLS as the standard for secure communication. If you’re developing a new application or system, it’s recommended to use TLS to ensure the highest level of security.

RDMA vs InfiniBand vs RoCE

Feature RDMA InfiniBand RoCE
Type Technology Network standard + hardware Protocol (RDMA over Ethernet)
Runs Over InfiniBand, RoCE, iWARP InfiniBand cables and switches Ethernet (RoCE v1/v2)
Needs RDMA? ✅ Yes ✅ Yes (native) ✅ Yes (via Ethernet NICs with RDMA)
Main Use Case Fast memory transfer HPC, low-latency compute Data centers, storage over Ethernet

In Practical Terms:

  • RDMA is the core mechanism.
  • InfiniBand is a specialized RDMA transport.
  • RoCE is a way to use RDMA over standard Ethernet hardware (with special NIC support).

So, if you have InfiniBand hardware — you’re doing native RDMA.

If you’re using RoCE — you’re doing RDMA over Ethernet (with RDMA-capable NICs like Mellanox).

RDMA

RDMA (Remote Direct Memory Access)

  • RDMA is a technology that allows one computer to directly access the memory of another computer without involving the CPU, OS, or context switching on the remote system.
    • Low latency
    • High throughput
    • Very low CPU usage
  • Used in: HPC clusters, storage systems, distributed databases (like Ceph, NVMe-oF, RDMA-aware MPI, etc.)

InfiniBand

RDMA was first implemented over InfiniBand — so it’s the “classic” RDMA transport

  • InfiniBand is a high-performance network architecture designed specifically for data centers and HPC, and it natively supports RDMA.
    • Specialized hardware (InfiniBand adapters and switches)
    • Very high bandwidth (100 Gbps+)
    • Very low latency
    • Used in supercomputers, HPC clusters, etc.

RoCE

RDMA over Converged Ethernet

  • RoCE allows RDMA to run over standard Ethernet networks instead of specialized InfiniBand hardware.

    • RoCE v1: Requires a lossless Ethernet fabric (same L2 subnet).
    • RoCE v2: Works over routed networks (L3) using UDP encapsulation.

  • RoCE allows RDMA to be deployed using more common Ethernet-based infrastructure, often used in cloud and data center deployments.

Great follow-up! Let’s explore the relationship between RDMA and Mellanox, which is very close and central in the high-performance networking world.

Mellanox

  • Mellanox Technologies (now owned by NVIDIA) is a leading vendor of high-performance network interface cards (NICs), switches, and software — especially for InfiniBand and Ethernet with RDMA capabilities.
  • Mellanox NIC families (like ConnectX-3, 4, 5, 6, 7, etc.) support:
    • InfiniBand RDMA
    • RoCE v1 / v2 RDMA
    • iWARP (less commonly used)
  • Mellanox also provides the driver stack and tools to enable RDMA:
    • mlx5_ib → RDMA over Mellanox NICs
    • mlx4_core, mlx5_core → core NIC drivers
    • ibverbs, rdma-core → user-space RDMA APIs
    • ethtool, ibstat, ibv_devinfo, rdma → debug/config tools
Component Role
RDMA Technology for fast memory access
InfiniBand/RoCE Transport for RDMA
Mellanox NICs Hardware that implements RDMA
Mellanox drivers Software to enable RDMA support on Linux
rdma-core + ibverbs API layer used by apps (e.g., MPI, Ceph)

Mellanox provides the hardware and drivers that make RDMA actually work on your servers.