Software-defined tunneling

Dull needed to be a remote access engine foundation without limits that everyone could commit to longterm; this necessitated the creation of this new computer science domain.

Software-defined tunnelling (SDT) is the use of software for collaborative management, control, and composition of dynamic virtual private networks and endpoints

Such management and composition is made possible by working with new levels of abstraction:

Decentralized control

The software-defined tunnelling capabilities of Dull let two separate organisations manage their resources completely independantly, but still interconnect.


A tunnel is a composition made up of ducts. See Tunnels below for a fuller definition. Software-defined tunnelling manages tunnels and their composition.


A duct is a cohesive and complete protocol design. See Ducts below for a fuller definition. Software-defined tunnelling provides an array of types of ducts to be coordinated and composed into tunnels.

Protocol Design

This is dotted in the diagram above, because it isn't a direct concept of software-defined tunnelling.

Custom protocols may be packaged as ducts to be used with SDT. They could be existing protocol libraries that are packaged as new duct types; or new protocols built in a fixed but configurable way and packaged as new duct types.

Protocols are composed of a range of lower-level elements and concepts from networking and encryption, such as Virtual Network Adaptor (TAP/TUN), forward error correction, multiplexing, checksum, perfect forward secrecy, flow control, congestion control, error detection, and more. These lower-level concepts don't work as duct-types alone, although some lines may be blurred.


SDT is not Virtual Private Networking (VPN). A VPN completely interconnects the hosts of two private networks together, site to site, with a single protocol and shared configuration. SDT is different: it interconnects endpoints, not entire hosts; rather than a single protocol, it enables customisable path and protocol stacking for any given endpoint; and, it has distributed configuration, not shared. SDT can be used in VPN software as the tunnel, and SDT software can completely mimic a VPN system, but VPN software cannot be used to create an SDT system.

SDT is not Software-Defined Networking (SDN). SDN is about "management and configuration of networking infrastructure, with the goal of improving network performance and monitoring". Some aspects of SDT might involve SDN, to create tunnels based on MPLS or such router and switch based features. SDN might leverage SDT to secure access to network infrastructure devices.