A gateway is a device in a telecommunications network used to connect to another network. In other words, it links two networks that use different protocols and architectures. The main function of a gateway is to translate traffic from one protocol to another, generally by using Network Address Translation (NAT). This allows for IP masquerading when one connection and one public IP address is shared between several devices connecting to the Internet from a LAN.
Sometimes, a computer in a simple LAN can be configured as a gateway to access an outside network, in which case two different network cards or interfaces are required.
For network devices with a default gateway configured, a data packet unknown to the recipient in the network and not defined in the routing tables will be forwarded to this gateway by default.
Gateways are basically hardware and/or software designed to enable communication between different networks. For this reason, they are located at the network border or entry and exit points and can provide an extra layer of security, since all the information is thoroughly inspected and sometimes saved to an event log.
To enable data exchange, gateways perform translation between the following protocols: TCP/IP, IPX, ATM, Ethernet, ISDN, SONET, Token Ring, xDSL, ARCNET, etc.
The main function of a gateway is to enable a connection between different networks by translating IP addresses, so it has a dual OSI protocol stack to transfer data packets from one network to another.
Functioning at the top layer of the OSI model (application), a gateway converts data from the source network to accommodate the syntax of the destination network. Networks with completely different architectures can be linked in this way.
Gateways simply enable transmission of data packets. When a gateway receives a packet, it translates it from the source network format to the one used for transmission between gateways and sends it to another gateway, then the second gateway translates it from this format to the one used in the destination network and finally forwards it to it.
In other words, a gateway is responsible for decapsulating data packets it receives via a network interface up to the top layer of the OSI model. Then, having translated the IP address, it reformats the packets to meet the other network’s requirements, going through all the OSI model layers in reverse.
Gateways may also perform some additional functions such as:
- Web application firewall: Since a gateway is a point of entry for data from outside networks, having a firewall helps protect all web applications by filtering and monitoring HTTP traffic, preventing different attacks, and blocking malicious code before it is passed to the destination network.
- Proxy server: Acting as a proxy server, a gateway facilitates access to external resources when requested by devices located within a network. The gateway obtains the necessary resources and provides them to relevant users.
- Domain name server (DNS): This functionality facilitates communication when a network computer requests information from a logical address belonging to a server located outside this network. The gateway maps this address to the corresponding physical address.
- Virtual private network (VPN): This gateway function creates a point-to-point connection in a widely distributed network using tunneling, providing the appearance and multiple benefits of this type of connection, even though some structures may be incompatible.
- Email security: This type of gateway helps protect emails and prevent transmission of messages that violate the company’s security policy, distribute code or data with malicious intent, ensuring data loss prevention, email encryption, and protection of the device against both known and unknown malware.
There are many types of gateways and many criteria to classify them. Based on the form of their implementation, they can be divided into:
- Software gateway: Software that translates between protocols of the entire OSI model stack. The devices it is installed on must have the hardware necessary for the gateway to transmit data.
- Hardware gateway: Usually a small device designed specifically to perform conversion of protocols. Most hardware gateways are readily rack-mountable and can be connected to and configured on another device.
- Gateway appliance: Combining software and hardware components, this device (typically a computer) has the interfaces necessary to link at least two networks and the software necessary to perform protocol translation. Gateway appliances do not need a separate operating system.
Gateways are task-specific devices that support only one type of connection. It means that gateways can be classified by the types of networks they connect and are usually referred to by the name of the respective network technology:
- TCP/IP gateway: Connects a LAN with an outside network and functions as a client interface providing standard TCP/IP application services.
- SNA gateway: Interconnects mainframe computers with a SNA (System Network Architecture) acting as terminals for file transfer and remote printing.
- Asynchronous gateway: Allows PC users to access mainframe computers with an asynchronous design via a communications server by using dial-up or point-to-point links. Asynchronous gateways are generally designed for a very specific transport infrastructure, so they are network dependent.
- X.25 PAD gateway: Similar to asynchronous gateways, but services are accessed via X.25 packet-switching networks.
The network types connected by gateways differ in their technology, namely, such data communication properties as the structure of packets and the information they contain. Similarly, the protocols can also specify all or some of the operational characteristics of the devices they run on.
Some of the most common technologies that can be connected are TCP/IP or IPX protocols, such standards as ATM (Asynchronous Transfer Mode) and SONET (Synchronous Optical Networking), such architectures as ARCNET, IBM SNA, Ethernet, ISDN, Token Ring, xDSL, VoIP, fax, fiber-optic communication, electric data transmission network, serial communication.
Similarly, the port types gateways use correspond to the architecture of the networks they link. The most common ones include AUI (Thicknet, for 10Base57 connections), BNC (Thinnet, for coaxial cable networks), IEEE 1394 (FireWire high-speed port), GBIC (for 1000BaseX connections), MIC (multiple interface connector), RJ-45, RJ-11, SC (fiber), serial (RS232, RS485, RS422), ISDN and USB, etc.
Gateways vs. Routers
The terms router and gateway are often mixed up. Let us consider the differences and similarities between these devices. Both are designed to ensure transmission of data packets between two or more networks.
A router is a networking device that integrates two or more networks while controlling data traffic over the Internet. Among other things, it controls input and output ports and makes sure data packets are delivered correctly. In network terms, it operates at layer 3 (network) and is very useful for segment routing when network congestion has to be managed.
Whereas a gateway is a connection point or node in a network acting as a bridge between two different networks. Although it can be used to direct network traffic just like a router, it is more often employed as an external output connection to link different environments, protocols, or architectures.
The main difference between them is that gateways manage traffic between networks with different protocols and architectures, while routers manage traffic between networks based on the same technology.
Another important distinction is that conventional routers tend to operate at layer 3 (network), while gateways operate at layer 7 (application) of the OSI reference model.
As this technology has many different applications, various products available on the market contain the term gateway in their name, even though they may not in fact be gateways at all, but, for example, routers.