In my reading about different technologies, I keep running across the term, “tuple”. I’ve ran into it on multiple occasions, in different networking topics. The authors of these documents seem to believe I already know what a tuple is, and use the term quite frequently. Unfortunately for me, somewhere along the way in all of the study I’ve done over the last few years, I apparently failed to notice when the term came in to popular use. So, being the good geek that I am, I decided to do a bit of research to make sure I know what a tuple is, and how its used.
My first stop was Wikipedia, where I learned that a Tuple is “an ordered list of elements”. I also learned that there can be something called an “N” tuple. The N is used to tell me how many “things” are in the tuple. For example, a 5-tuple would have five elements, and a 10-tuple would have 10 elements. The term originated as a abbreviation of the sequence: single, double, triple, quadruple, quintuple, … n-tuple.
The most common use of “tuple” is the 5-tuple used to describe a TCP connection;
- Source IP address (the address you’re coming from)
- Source port (usually any, but could be changed if needed)
- Destination IP address (the address you’re going to)
- Destination port (typically 80, 443 or 25, but could be anything)
- Destination protocol (TCP or UDP)
Example: (192.168.1.1, 172.16.200.4, 12345, 53, 6) to indicate the source and destination addresses, 12345 is the source port, 53 is the destination port, and 6 indicates a TCP connection.
Next, I went back to some of the items I had read before where the term “tuple” had been used to see if, based on my new knowledge, I would better understand what is was all about.
Firewall administration deals quite a bit in 5-tuples. The 5-tuple is used to denote a conversation, or flow, through the firewall, and is used to set a policy based on the values of the Tuple. Allow traffic from source IP, source port, to destination address, destination port, when the protocol is TCP.
I went back to reading about the OpenFlow Protocol, which uses a 10-tuple to describe a network flow.
Openflow designates the following items to used to describe a flow;
- Source port (physical port on the device)
- Ethernet Source Address (Source MAC Address, or SMAC)
- Ethernet Destination Address (Destination MAC, or DMAC)
- Ethertype (IEEE maintains this list of assignments)
- VLAN ID (from IEEE 802.1Q)
- VLAN Priority (Customer VLAN Tag Type, also from 802.1Q)
- IP Source address (SIP)
- IP Destination Address (DIP)
- IP Protocol (RFC 791, IANA controls the assignment of these numbers)
- IP Type of Service bits (for Quality of Service)
- TCP/UDP Source port
- TCP/UDP Destination port
Using this 10-tuple gives quite a bit of granularity in determining what is a “Flow” in OpenFlow. Additionally, some of the items can be replaced by a wildcard (*), to denote, “do not care”, which makes describing a flow quite a bit more flexible and simple.
It seems to me, that I already knew what a tuple was, and how its used, I must have somehow missed when the term came into popular usage in networking documentation. Its simply an ordered set of items used to identify a networking construct, like a flow.