Lesson 4

Transports

A transport in FIPS is a driver for a particular communication medium. A UDP socket. An Ethernet interface. A Tor circuit. A serial line. The transport's job is simple: accept a datagram and an address, deliver the datagram, and push inbound datagrams up to the mesh layer.

The transport layer deals only in transport addresses: IP:port pairs, MAC addresses, .onion identifiers. These addresses are opaque to everything above FMP. Once the Noise IK handshake completes and the peer is authenticated, the transport address is thrown away. From that point on, the peer is identified solely by its cryptographic identity.

Three categories

Click any transport to see its properties. Transports marked "live" are already implemented in the FIPS codebase.

same protocol, same mesh

Overlay

Tunnels FIPS over existing networks

Shared Medium

Broadcast/multicast-capable local media

Point-to-Point

Fixed connections between two endpoints

Multi-transport bridging

A node can run multiple transports at the same time. Peers from all transports feed into a single spanning tree and routing table. If one transport fails, traffic automatically routes through alternatives.

A concrete example: a node with both UDP and Ethernet transports bridges between internet-connected peers and local-only devices on the same LAN. A node with both UDP and Tor transports acts as a bridge between clearnet and anonymous portions of the mesh. No special code is needed. The routing layer handles it.

The TCP-over-TCP problem

FIPS prefers unreliable transports (like UDP) because running TCP application traffic over a reliable transport creates a layering problem. When the inner TCP detects loss (which might be the outer TCP retransmitting), it retransmits too, creating more traffic for the outer TCP, which may itself be retransmitting. This amplification loop gets bad under any real packet loss.

When a reliable transport must be used (Tor, TCP fallback when UDP is blocked), FIPS handles the elevated latency through its metrics system. MMP (Metrics Measurement Protocol) measures the actual link quality, and cost-based parent selection naturally penalizes high-latency links. The mesh adapts.

Why UDP is the primary transport

✓ No TCP-over-TCP: UDP's unreliable delivery avoids retransmission interaction

✓ Low overhead: 8-byte UDP header, no connection state

✓ Natural fit: FIPS is datagram-oriented, and UDP preserves packet boundaries

A note on NAT: FIPS v1 does not try to traverse NAT. A node behind NAT has to be reachable through port forwarding, a publicly addressed peer, or a relay through other mesh nodes. UDP hole punching and relay-assisted traversal are on the roadmap but are not part of the current design.

Transports Quiz

1. Which of the following could NOT reasonably be a FIPS transport?

2. What must two nodes have in common to link over a given transport?

3. A node is on WiFi and Ethernet at the same time. What does FIPS do with these transports?