Lesson 3
The Protocol Stack
FIPS organizes its protocol into four layers. Each layer does one job and knows nothing about the specifics of the layers above or below it. You can add a new transport (say, satellite) without touching the routing code. You can change the session encryption scheme without any transport being aware.
This separation is strict. Transport plugins know nothing about sessions. The routing layer knows nothing about application addressing. Applications know nothing about which physical media carry their traffic.
Explore the layers
Click any layer to expand it and see what it knows, what it cannot see, and what its wire format looks like.
How they map to traditional networking
If you know the OSI model or TCP/IP, FMP spans what would traditionally be separate link and network layers. This is intentional: in a self-organizing mesh, the same layer that authenticates peers also makes routing decisions, because routing depends on authenticated peer state (spanning tree positions, bloom filters).
| FIPS Layer | OSI Equivalent | Key Protocol |
|---|---|---|
| Application Interface | Application / Presentation | IPv6 TUN, native API |
| FSP | Session / Transport | Noise XK |
| FMP | Network / Data Link | Noise IK, spanning tree, bloom filters |
| Transport | Physical | UDP, Ethernet, Tor, BLE, Serial |
The overhead budget
Each layer adds bytes to every packet. Here is the breakdown for a typical IPv6 packet going through the mesh:
With a standard UDP transport (MTU 1472), that leaves 1395 bytes of effective IPv6 payload per packet. Enough for most TCP segments without fragmentation.
Protocol Stack
1. Which layer handles end-to-end encryption between the original sender and recipient?
2. Why does every link re-encrypt the packet under a fresh Noise IK session (FMP)?
3. What is the net per-packet overhead for IPv6 traffic through FIPS, and how is it computed?