animind - Fotolia
From a high-level technological perspective, the difference between stateful vs. stateless is essentially whether or not an application or process stores data over time. Stateful applications store data, while stateless applications do not. The terms stateful vs. stateless as they relate to networking are most commonly used when talking about network firewalls.
Original firewalls were stateless in nature. Standard access control lists configured on routers and Layer 3 switches are also stateless. This means, when packets flow from one stateless interface to another, the interface inspects each packet and then either permits or denies the packet based on its source and destination IP address, as well as protocol or port information contained within the packet header. This is the basic filter for every packet, as each one goes through the same inspections and treatments.
Stateful vs. stateless firewalls
Modern firewalls, as well as dedicated firewall software installed on routers and Layer 3 switches, are considered stateful. These devices track source and destination IP addresses, as well as protocol or port information in an active connections table, which handles statistics of a network's active connections.
Stateful devices also inspect the packet payload to verify that the device contains the appropriate data. Payload inspection might monitor a TCP handshake between devices, for example. Because stateful devices save the connection information, the devices can reference that data when subsequent packets pass through the same connection. Thus, the firewall can recognize packets that are part of existing and permitted connections, while also easily differentiating between legitimate and nonlegitimate connections.
The saved data in the connections table continuously updates as connections form, age and expire. If a stateful firewall no longer sees packets passing over an established connection, after a while, that connection will time out and drop from the established connections state table. Additionally, if communications restarted after the connection dropped from the table, the connection would need to go through the setup process over again.
Dig Deeper on Network Infrastructure
Related Q&A from Andrew Froehlich
AIOps can take various tasks -- such as data collection and analysis -- off the plates of network teams. This can provide organizations with better ... Continue Reading
Software-defined WAN, DMVPN and IPsec tunnels each have a place among enterprises. Our network expert compares each one and explains where they can ... Continue Reading
In your organization's search for the best network automation platform for business operations, compare the pros and cons of proprietary and open ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.