Radar has landed - discover the latest DDoS attack trends. Get ahead, stay protected.Get the report
Under attack?

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Contact us
Contact us Sign up for free
  1. Home
  2. Developers
  3. What Is Tunneling? Tunneling in Networking

What Is Tunneling? Tunneling in Networking

  • By Gcore
  • September 20, 2023
  • 9 min read
What Is Tunneling? Tunneling in Networking

Table of content

Try Gcore Security

Try for free

Tunneling helps your private data travel securely on the internet. Understanding tunneling can help you understand how internet data security works, enabling you to better safeguard your data and privacy.

What Is Tunneling?

Tunneling—also referred to as port forwarding or network tunneling—is the process of transmitting private network data through a public network securely and efficiently. Imagine a protected tunnel, stretching from your house (private network) to your favorite store (destination/local network) amidst a bustling city (public network.) Your train (data) carries valuable cargo (your information) that needs to be protected from prying eyes.

Tunneling process illustrated

With tunneling, this train enters the protected tunnel from your home, travels securely across the city via a tunnel, and finally arrives at the store, escaping the notice of city residents other than yourself. Tunneling keeps your data safe and protected from prying eyes as it travels to its destination.

Why Tunneling Matters: Tunneling as Part of Networking

A network is a system of two or more connected devices, and networking is the practice of connecting these devices together so they can share resources and information. Tunneling is the part of networking that facilitates secure and efficient data transmission. It allows connected systems to communicate and collaborate safely and securely over public networks.

One major benefit of tunneling is that it allows remote workers and field teams to safely work offsite without compromising personal or organizational security. A remote worker can safely access a private corporate network via the internet. For example, they can safely connect to HQ and then access, submit, and download sensitive files by using secure tunnel connections provided by the company.

The tunneling process

Network Tunneling Use Cases

Tunneling has a wide range of applications including:

Use CaseDescription
Multi-site collaborationCollaborate in real time and securely share data across remote physical locations—important for geographically distributed companies and remote workforces.
Remote supportSafely provide technical support and troubleshooting assistance to remote users, customers, and systems.
Network monitoringMonitor and enforce network segmentation compliance for safe and secure transmission of sensitive business data.
Disaster recoveryEasily regain access to and control of your IT infrastructure after an incident by establishing backup channels between data centers.
Responsible healthcare record handlingSafely share healthcare records between and among providers. Healthcare records are among the most targeted records in data breaches.
Safe supply chain managementSecurely manage your supply chain interactions and communications with vendors, suppliers, and partners.
Secure ecommerce transactionsEstablish secure channels for processing ecommerce payments, gaining customer trust and loyalty.
Bypass geo-restrictions and censorshipEasily bypass unfavorable geo-restrictions and censorship to safely access business-critical services. (By encapsulating your internet traffic within another layer of data that is encrypted, it’s difficult for ISPs or government agencies to determine the actual content or destination of your data. Your original IP is masked, making it appear as if you are accessing the internet from a location without restrictions.)
Improved VoIP call quality and safetyOvercome poor voice quality, dropped calls, and security breaches when using Voice over Internet Protocol (VoIP) to make calls over the internet. (Tunneling reduces the risk of packet loss, latency, and jitter, as the encapsulated data can be prioritized for efficient transmission. Encryption provided by the tunnel ensures that the call is secure from eavesdropping.)
Enhanced gaming securityImprove security, especially for peer-to-peer (P2P) games such as Fortnite, where one player sets up the server and others connect remotely.

How Does Tunneling Work?

Tunneling involves six key processes: encryption, encapsulation, header addition, transmission, decapsulation, and decryption. These processes occur for both outgoing and incoming traffic.

  1. Encryption: Bits of data known as “packets” are encrypted to ensure security and privacy during transmission.
  2. Encapsulation: Encrypted data packets are encapsulated within a public network protocol, a set of rules that govern communication and data transmission on a network, and become the “payload”—the data being securely transmitted.
  3. Header addition: A header specifies one end of the secure tunnel as the originating point and the other as the destination. During encapsulation, a packet of encrypted data is enveloped by a wrapping protocol which adds a header. In simple terms, this step means that the header tells the data where to go.
  4. Transmission: The encapsulated (disguised) packet traverses the public network unnoticed.
  5. Decapsulation: On reaching the local network, the data undergoes decapsulation. Decapsulation is the process where the added header is removed, and the original encrypted data packet is extracted.
  6. Decryption: The extracted data packet is decrypted and then delivered to its intended destination IP address.
How tunneling works

What Is Packet Encapsulation?

In step two of the tunneling process, above, we encountered packet encapsulation. This is a key aspect of tunneling, so let’s explore it in depth.

Packet encapsulation involves adding supplementary header (and sometimes also trailer) information to the original packet. This is referred to as “wrapping” one data packet within another data packet.

Encapsulation ensures proper routing and protocol compatibility and interoperability. When data is transmitted through a network, it is broken into smaller units referred to as packets, datagrams, segments, blocks, cells, or frames.

Packet encapsulation

Each data packet comprises a header and a payload. The header contains essential information such as the source address, destination address, protocol type, and packet number, allowing routers and switches to route the packet efficiently to its intended destination. The payload contains the actual content or original data. The trailer provides additional data integrity and error-checking information.

How Does Packet Encapsulation Work?

Packet encapsulation in tunneling can be explained using the Open Systems Interconnections (OSI) model, a seven-layer conceptual framework that describes how data moves through a network.

The OSI Model
Encapsulation per the OSI Model
Decapsulation per the OSI Model

Here’s how packet encapsulation works in tunneling based on the OSI model:

  1. Application data (Layer 7) gains a TCP header at the transport layer (Layer 4,) turning it into a TCP segment.
  2. This TCP segment receives an IP header at the network layer (Layer 3,) becoming an IP packet with source and destination addresses.
  3. The IP packet is wrapped in an Ethernet frame at the data link layer (Layer 2,) adding MAC addresses and other transmission details.
  4. Finally, this Ethernet frame is converted to bits at the physical layer (Layer 1) for network transmission.
Packet decapsulation

During decapsulation, these layers are peeled off in reverse as the data ascends the OSI layers, restoring the original application data.

Benefits of Packet Encapsulation

Packet encapsulation serves purposes such as:

  • Promoting network compatibility: By encapsulating data packets at different layers, packet encapsulation facilitates network/protocol coexistence.
  • Enhancing data security and privacy: Encapsulation protects private network data from unauthorized access and potential threats, enhancing data security and privacy.
  • Bypassing network restrictions: Encapsulation allows data to evade network nodes and bypass firewalls, effectively overcoming known network restrictions.
  • Logical separation and network performance optimization: Encapsulation aids logical separation and segmentation within a network, leading to improved network performance, and simplified network monitoring and analysis.
  • Simplifying network monitoring and analysis: Encapsulation provides structured headers and metadata, facilitating network monitoring and analysis for efficient troubleshooting and maintenance.

However, adding additional headers and metadata increases data packet size, leading to higher bandwidth consumption and transmission times, which may cause latency or lags.

Types of Tunneling

Tunneling refers to the entire process of encryption, encapsulation, and transmission. There are three main types of tunneling: GRE tunneling, split tunneling, and VPN tunneling.

GRE Tunneling

Generic Routing Encapsulation (GRE) tunnels enable secure, virtual point-to-point connections across diverse networks using two endpoint routers. Compatible with various network layer protocols in the OSI model, they easily integrate with existing networks and public clouds. They support multicast, broadcast, and dynamic routing protocols like OSPF and EIGRP, making them versatile for different network configurations.

How GRE Tunneling Works

Here’s how GRE tunneling works; you’ll notice it follows the basic network tunneling process described above.

  1. Establishment of GRE tunnel: Two endpoints, typically routers, establish a GRE tunnel while maintaining a physical or logical connection to the host network.
  2. Packet encapsulation: Data packets for transmission from point A to point B are encapsulated, or wrapped, within GRE packets. The original packet becomes the payload of the GRE packet.
  3. Header addition: The GRE packet adds a new header containing essential metadata such as the protocol type and routing information.
  4. Routing: The encapsulated packet is routed through the intermediate network (such as the internet) to reach the other endpoint of the tunnel.
  5. Decapsulation: At the other endpoint of the tunnel, the GRE packet header is removed (decapsulated) and the original packet extracted.
  6. Delivery: The original data packet is sent to the local network, where a destination device can read the original data.

Pros and Cons of GRE Tunneling

The advantages of GRE lie in its versatility and adaptability.

  • Protocol agnostic: Carry packets from multiple different network layer protocols, making them highly versatile.
  • Easy Integration: Seamlessly integrate with existing network setups, including legacy systems, private networks, and public clouds.
  • Routing support: Compatible with dynamic routing protocols like OSPF and EIGRP, allowing for more intelligent and efficient routing decisions.
  • Multicast and broadcast support: Handle multicast and broadcast traffic, facilitating efficient data transmission to multiple network nodes.
  • Simple setup: Typically requires less configuration and administrative overhead compared to other tunneling protocols.
  • Flexibility: Can be combined with other protocols for added security and functionality.

However, GRE tunneling lacks built-in encryption, making it vulnerable to potential threats such as eavesdropping, tampering and modification, and replaying attacks. To address such security concerns, GRE tunneling can be integrated with additional security protocols. GRE packets that exceed Maximum Transmission Unit (MTU) and Maximum Segment Size (MSS) may require fragmentation before transmission. These processes require extra compute power, which can result in increased latency and slower packet delivery times.

Split Tunneling

Split Tunneling, or Split VPN Tunneling, is another network routing technique that allows the division of network traffic between a secure connection and the open internet, via a VPN. Split tunneling helps to optimize security, performance, and resource allocation.

Typically, a VPN routes all its traffic through its encrypted connection, ensuring higher level security but potentially increased latency due to the additional encryption process. Split tunneling addresses this by offering businesses a secure VPN connection and direct access to the open internet.

How Split Tunneling Works

Here is how split tunneling works:

  1. VPN setup: A secure connection to a private network is established using a VPN client.
  2. Traffic split: Some network traffic is directed through the encrypted VPN tunnel, while other traffic accesses the internet directly.
    • Encryption: The traffic going through the VPN tunnel is encrypted for security.
    • Direct access: Non-sensitive activities like internet browsing bypass the encrypted tunnel for faster speeds.
Split tunneling process

Pros and Cons of Split Tunneling

Split tunneling offers both benefits and security risks. It enhances network efficiency by allowing users to access both secure and non-secure resources simultaneously, reducing the load on the VPN server. By doing so, it improves connection speeds for non-sensitive tasks, as this traffic bypasses the encrypted VPN tunnel, leading to faster internet browsing and lower latency.

However, it can potentially create backdoors for threats by allowing users to bypass network controls. Proxy tampering and VPN bypass also weaken corporate traffic monitoring. To mitigate risks, organizations should enforce strict traffic filtering, encryption, and robust access controls. Proper security measures strike a balance between performance and security, safeguarding both the network and user activities.

VPN Tunneling

A VPN tunnel provides a secure, encrypted connection over a public network, enabling users to access private network content safely through the Internet. VPN tunneling is widely used by companies to connect with remote teams or branch offices securely.

How VPN Tunneling Works

Here is how VPN tunneling works:

  1. Connection request: A VPN client software or device sends a connection request to a VPN server, which is usually part of a distributed private network.
  2. Tunnel creation: After successful authentication, a secure virtual tunnel is established between the client and server, allowing them to communicate and transmit data securely.
  3. Encryption: The VPN client encrypts the user’s network traffic.
  4. Encapsulation: The encrypted network traffic is encapsulated within another packet/protocol, which includes a header and payload.
  5. Tunneling: The encapsulated packet is then tunneled through the public network, such as the Internet, to reach the VPN server.
  6. Decapsulation and decryption: Upon reaching the VPN server, the encapsulated packet is decapsulated and decrypted, revealing the original data.

Pros and Cons of VPN Tunneling

VPN tunneling is beneficial for security, privacy, remote access, bypassing geographical restrictions, and network segmentation. Nevertheless, it has limitations. Resource intensive tasks like encryption/decryption and encapsulation/decapsulation can result in latency, leading to reduced speed and performance, especially when VPN servers are located afar.

While VPNs offer a high level of privacy and anonymity, they do not guarantee 100% tracking protection. Browsing behavior and social media activity can still be monitored, and some VPN may keep access logs, potentially compromising user data if pressured by authorities. Trusted VPN services with a zero-logs policy may come at a cost, and VPN usage is restricted or banned in some countries and by certain essential services like banking.

Comparing GRE, Split, and VPN Tunneling

This table compares GRE tunneling, split tunneling, and VPN tunneling.

CriteriaGRE tunnelingSplit tunnelingVPN tunneling
SetupStraightforwardVarying complexityMay involve more complex setup and management
SecurityLacks built-in security features but can integrate with security protocol like IPsec, SSL, TLSSecure tunnel-only encryptionSecure with full encryption
ProtocolGRE protocol for encapsulationBased on routing configurationCan use IPsec, SSL, or TLS for encryption and encapsulation
Traffic handlingAll network traffic sent through tunnelTraffic is split between tunnel and the InternetAll traffic encrypted and sent through tunnel
Network visibilityLimited visibility into local network trafficLocal network resources visible while connected to tunnelPrivate network resources are accessible
ImpactMinimal overhead with some latencyDepends on number of split tunnels, can result in increased latencyAdditional processing needed, resulting in increased latency
Use casePoint-to-point VPNBalancing network performance and resource optimizationRemote access, bypassing restrictions, enhanced privacy

Whatever your preferred tunneling technique, tunneling is an effective measure in shielding servers and networks from incoming malicious traffic.

How to Protect Against Tunneling Attacks

Tunneling techniques can be exploited in attacks like DNS tunneling to create covert channels that bypass security measures, compromising network integrity. To safeguard against these multi-layer attacks, various effective mitigation measures are essential:

  • Web application firewall (WAF): Implementing a WAF provides comprehensive application layer and API protection against tunneling-based threats. WAFs scan and filter incoming traffic, blocking malicious traffic and protecting your web server. Gcore’s advanced WAF utilizes machine-learning techniques and real-time monitoring to defend applications and APIs, acting as a first line of defense against tunneling-based attacks. It also scans resources in real time to find potential vulnerabilities.
  • Bot protection: Botnets and malicious bots can exploit encrypted tunnels to execute DDoS attacks and other malicious activities. Gcore offers comprehensive Bot Protection, effectively detecting and mitigating aggressive bot activity, across the network, transport, and application layers, including web scraping, API scraping, account takeover, TLS session attacks, and form submission abuse.
  • GRE tunnel: A GRE tunnel establishes a secure, private connection between network endpoints or routers, providing protection against brute force and GRE DDoS attacks in cases where there’s no point of presence (PoP) in client server location. Gcore’s global server network and scrubbing centers power GRE tunnels, offering fast and highly secure connections.
  • DNS protection: DNS-based attacks, such as DNS tunneling, can be difficult to detect, as DNS resolvers may be compromised and exploited for tunneling attacks. Gcore’s free, public DNS resolvers offer fast, secure, low-latency services, leveraging our 150+ node Anycast network for robust DNS protection. Combined with Gcore’s DNS hosting service, we provide reliable protection against DNS-related tunneling threats.

Conclusion

Tunneling plays a crucial role in establishing secure network connections, enabling organizations to maintain the confidentiality, integrity, and availability of their key data. Whether for remote teams or overall network security, the right tunneling solution is essential to ensure a robust and protected networking environment.

Gcore’s tunneling services offer a comprehensive approach to network protection, leveraging the advantages of a public network’s wide coverage while ensuring the security and privacy of a local network. By utilizing Gcore’s WAF and Bot Protection, and GRE tunneling, businesses can provide safe and uninterrupted 24/7 access to critical company resources, enabling seamless and secure communication across the network.

Sign up to get started for free!

Table of content

Try Gcore Security

Try for free

Related Articles

How do CDNs work?

Picture this: A visitor lands on your website excited to watch a video, buy an item, or explore your content. If your page loads too slowly, they may leave before it even loads completely. Every second matters when it comes to customer retention, engagement, and purchasing patterns.This is where a content delivery network (CDN) comes in, operating in the background to help end users access digital content quickly, securely, and without interruption. In this article, we’ll explain how a CDN works to optimize the delivery of websites, applications, media, and other online content, even during high-traffic spikes and cyberattacks. If you’re new to CDNs, you might want to check out our introductory article first.Key components of a CDNA CDN is a network of interconnected servers that work together to optimize content delivery. These servers communicate to guarantee that data reaches users as quickly and efficiently as possible. The core of a CDN consists of globally distributed edge servers, also known as points of presence (PoPs):Origin server: The central server where website data is stored. Content is distributed from the origin to other servers in the CDN to improve availability and performance.Points of presence (PoPs): A globally distributed network of edge servers. PoPs store cached content—pre-saved copies of web pages, images, videos, and other assets. By serving cached content from the nearest PoP to the user, the CDN reduces the distance data needs to travel, improving load times and minimizing strain on the origin server. The more PoPs a network has, the faster content is served globally.How a CDN delivers contentCDNs rely on edge servers to store content in a cache, enabling faster delivery to end users. The delivery process differs depending on whether the content is already cached or needs to be fetched from the origin server.A cache hit occurs when the requested content is already stored on a CDN’s edge server. Here’s the process:User requests content: When a user visits a website, their device sends a request to load the necessary content.Closest edge server responds: The CDN routes the request to the nearest edge server to the user, minimizing travel time.Content delivered: The edge server delivers the cached content directly to the user. This is faster because:The distance between the user and the server is shorter.The edge server has already optimized the content for delivery.What happens during a cache miss?A cache miss occurs when the requested content is not yet stored on the edge server. In this case, the CDN fetches the content from the origin server and then updates its cache:User requests content: The process begins when a user’s device sends a request to load website content.The closest server responds: As usual, the CDN routes the request to the nearest edge server.Request to the origin server: If the content isn’t cached, the CDN fetches it from the origin server, which houses the original website data. The edge server then delivers it to the user.Content cached on edge servers: After retrieving the content, the edge server stores a copy in its cache. This ensures that future requests for the same content can be delivered quickly without returning to the origin server.Do you need a CDN?Behind every fast, reliable website is a series of split-second processes working to optimize content delivery. A CDN caches content closer to users, balances traffic across multiple servers, and intelligently routes requests to deliver smooth performance. This reduces latency, prevents downtime, and strengthens security—all critical for businesses serving global audiences.Whether you’re running an e-commerce platform, a streaming service, or a high-traffic website, a CDN ensures your content is delivered quickly, securely, and without interruption, no matter where your users are or how much demand your site experiences.Take your website’s performance to the next level with Gcore CDN. Powered by a global network of over 180+ points of presence, our CDN enables lightning-fast content delivery, robust security, and unparalleled reliability. Don’t let slow load times or security risks hold you back. Contact our team today to learn how Gcore can elevate your online presence.Discover Gcore CDN

What is a CDN?

Whether you’re running an e-commerce store, streaming videos, or managing an app, delivering content quickly and reliably is essential to keeping users satisfied. This is where a content delivery network (CDN) comes into play. A CDN is a globally distributed network of servers that work together to deliver content to users quickly, minimizing latency. Instead of relying on a single server, a CDN uses edge servers—called points of presence (PoPs)—to cache or temporarily store copies of your content closer to the user. This optimizes website performance, drastically cuts down on load times, and improves the user experience. Research suggests that a one-second lag in page loading speed can significantly decrease engagement, citing a 7% decline in conversions and an 11% decrease in page visits. CDNs considerably speed up load times by reducing latency through content caching closer to the user. By splitting up your website’s traffic over several servers, CDNs also protect it from online threats. Distributed denial-of-service (DDoS) attacks are lessened by CDNs because they spread traffic among a network of servers, improving security and availability. What Challenges Do CDNs Address?CDNs tackle two key challenges to improve website and application performance: Slow load times: Users sometimes experience frustratingly slow-loading websites and applications. This is because data must travel from a server to the end user’s device, causing latency. CDNs move servers closer to end users, reducing the distance that data has to travel and speeding up load times.  High traffic volumes: High traffic volumes during peak times or cyberattacks can overwhelm your website and lead to latency or site unavailability. Since CDNs distribute traffic across multiple servers, no single server is overwhelmed. This helps prevent crashes and delivers smooth performance for all users.Common Use Cases for CDNsCDNs are vital across a range of industries, providing measurable improvements in content delivery and user experience. E-commerce websites use CDNs to guarantee quick page loading and frictionless shopping experiences, even during periods of high traffic. Speed is crucial for online businesses. A study found that the average cost of downtime for e-commerce websites is around $500,000 per hour. This includes lost sales, operational costs, and long-term damage to brand reputation Streaming services rely on CDNs to deliver high-quality video content while minimizing buffering. Netflix states that its CDN contributes to the daily delivery of over 125 million hours of streaming content, guaranteeing a seamless experience for customers worldwide. Gaming companies use CDNs to lower latency and provide a consistent real-time user experience, especially during live multiplayer matches, where it is essential to preserve an engaging and fair gameplay experience. News outlets and blogs benefit from CDNs by ensuring their content loads quickly for readers around the world, during large-scale traffic surges, especially during major events like elections or breaking news.  The Benefits of a CDNFaster Website PerformanceEvery second counts when delivering content online. Slow websites frustrate users and harm your business. CDNs speed up content delivery by caching data closer to users, reducing page and file load times. Whether you’re delivering static content (such as CSS, HTML or JPG files) or dynamic content (like data generated by user interactions or API calls), a CDN ensures optimal performance regardless of user location. While factors like DNS settings, server configurations, and code optimization all play a role, the physical distance between your origin server and your users is a factor that only a CDN can solve. Increased Availability and ReliabilityDowntime can seriously affect online businesses. Hardware failures, traffic surges, and cyberattacks can reduce your website’s availability, harming your customers’ experience and causing financial or reputational damage. In fact, around 98% of organizations report that just one hour of downtime costs over $100,000. A CDN ensures that your website remains available, fast, and reliable by leveraging essential features such as: Load balancing: This process dynamically distributes traffic across multiple servers to optimize performance and prevent overload.Intelligent failover: Automatically redirects traffic if a server goes offline, ensuring continuity with minimal disruption.Anycast routing: Directs users to the closest or most efficient server, further reducing latency and enhancing response times.Security FeaturesAs cyber threats continue to grow in sophistication and frequency, securing your website or application is more critical than ever. According to recent statistics from Cobalt’s 2024 Cybersecurity Report, weekly attacks worldwide increased by 8% in 2023, while attackers used more sophisticated strategies to exploit vulnerabilities. Strong security measures that not only safeguard your website but also guarantee optimal performance are necessary in light of these evolving threats. CDN security features not only improve website performance but also defend against a wide range of attacks by distributing traffic across multiple servers, which mitigates DDoS attacks and filters out malicious traffic before it reaches your website. These features, from DDoS protection to safeguarding APIs, help maintain uptime, protect sensitive data, and guarantee a seamless user experience. Most modern solutions like Gcore CDN integrate robust security measures into content delivery, such as:SSL/TLS encryption facilitates secure data transmission by encrypting traffic, protecting sensitive information from being intercepted.L3/L4 DDoS protection blocks large-scale cyberattacks designed to flood your network and disrupt services.L7 DDoS protection guards your website from more complex attacks targeting how the website functions, helping it continue to operate smoothly.Web application firewall (WAF) acts as a shield, blocking harmful traffic such as hacking attempts or malicious scripts before they can affect your site.API security protects the communication between your application and other software, preventing unauthorized access or data theft.Bot protection identifies harmful automated traffic (bots), preventing activities like data scraping or login attempts with stolen credentials while allowing useful bots (like search engine crawlers) to function normally. Elevate Your Online Experience With a CDNA CDN is no longer a luxury—it’s a necessity for businesses that want to deliver fast, reliable, and secure online experiences. Whether your goal is to optimize performance, manage high traffic, or protect your site from attacks, a well-configured CDN makes all the difference.Ready to enhance your website’s performance? Our futureproof CDN runs on a global network of over 180 points of presence, so your customers get outstanding performance no matter where in the world they’re located. Get in touch with our team today to learn how our CDN can benefit your business.Discover Gcore CDN

How to Migrate Your Video Files to Gcore Video Streaming

Migrating large volumes of video files from different platforms can be daunting and time-consuming, often discouraging companies from moving to a superior provider. But it doesn’t have to be this way. We’ve created this three-step guide to help you efficiently migrate your video files to Gcore from other popular streaming platforms.Step 1: Get Links to Your VideosFirst, obtain links to your videos and download them. Look for your provider in the list below, or refer to the general SFTP/S3 storage section if applicable. After completing the steps for your provider, go straight to step 2.Google DriveShare the file: Open Google Drive and locate the MP4 file you want to download. Right-click on the file and select “Share.”Get the shareable link: In the sharing settings, click “Get link.” Ensure the link-sharing option is turned on.Set sharing permissions: Adjust the sharing permissions so “Anyone with the link” can view or download the file. Copy the generated link.Amazon S3Edit S3 block public access settings: Go to the S3 management console, select the bucket containing your MP4 file, and edit the Block Public Access settings if necessary.Add a bucket policy: Implement a bucket policy that grants public read access to your files.Get the list of objects: Navigate to the Objects tab, find your MP4 file, and click on the file to obtain the Object URL, which will be your download link.VimeoAccess the video: Log in to your Vimeo account and go to the video you wish to download.Select options: Click on the “Settings” button (gear icon) below the video player.Get video file link: In the settings menu, go to the “Video File” tab, where you can find the download link for your MP4 file.MUXEnable master access: Log in to your MUX account, navigate to the video asset, and enable master access if it’s not already enabled.Retrieve URL to master: Once master access is enabled, the URL to the master file will be available in the video asset details. Copy this URL for downloading the file.DropboxCreate a shareable link: Log in to your Dropbox account and locate the MP4 file you want to share. Click on the “Share” button next to the file.Set access permissions: In the sharing settings, create a link and set the permissions to “Anyone with the link.” Copy the generated link to download the file.General SFTP or S3 StorageAccess storage: Log in to your SFTP or S3 storage service control panel.Manage buckets/directories: Navigate to the appropriate bucket or directory containing your MP4 files.Retrieve download links: Generate HTTP/S links for the files you want to download. You can then use these links to download the files directly.Step 2: Check Availability to DownloadEnsure that your video files are available and ready for download, preventing any interruptions or issues during the migration process.Open HTTP/S link in a browser: Copy the HTTP/S link for the MP4 file and paste it into your browser’s address bar. Press Enter to navigate to the link.Check the video plays correctly in the browser: Verify that the video starts playing once the link is opened. This step ensures that the file is accessible and the link is functioning properly.Right-click to download: While the video is playing, right-click on the video player. Select “Save video as…” from the context menu. Choose a destination on your local disk to save the MP4 file.Step 3: Upload to Gcore Video StreamingNo matter which provider you’re migrating from, you need to upload your videos to Gcore Video Streaming storage. There are three primary methods to upload videos to Gcore storage:Copy from external storage: If your videos are available via public HTTPS URLs, you can directly copy the video files from external storage to Gcore. This method efficiently transfers files without downloading them to your local device first.Upload from a local device: Videos can be uploaded from your local host, backend, browser, or mobile app using the TUS resumable upload protocol. This method is resilient to interruptions, ensuring a smooth upload process by resuming from the point of failure.Batch upload: This method will soon be available to migrate extensive collections of videos, allowing you to transfer vast numbers of video files efficiently.The simplest migration option is to obtain video URLs and copy them to Gcore Video Hosting, eliminating the need to download and reupload videos.Example API Request to Copy Video from External StorageTo copy a video from another server, specify the origin_url attribute in the POST API request. The original video will be downloaded for video hosting on our server. Here is an example of the API request to set a task for copying a video from external storage:curl -L 'https://api.gcore.com/streaming/videos/' \-H 'Content-Type: application/json' \-H 'Authorization: APIKey 1234$0d16599c' \-d '{ "video": { "name": "Gcore Demo", "description": "Video copied from an external S3 Storage", "origin_url": "https://s-ed1.cloud.gcore.lu/demo-video/gcore.mp4" } }Refer to the complete documentation for detailed steps and examples of API requests. The original file must be in MP4 format or one of the following formats: 3g2, 3gp, asf, avi, dif, dv, flv, f4v, m4v, mov, mp4, mpeg, mpg, mts, m2t, m2ts, qt, wmv, vob, mkv, ogv, webm, vob, ogg, mxf, quicktime, x-ms-wmv, mpeg-tts, vnd.dlna.mpeg-tts. Streaming formats like HLS (.m3u8/.ts) and DASH (.mpd/.m4v) are intended for final video distribution and cannot be used as original file formats. Here are examples of good and bad links:Good link: https://demo-files.gvideo.io/gcore.mp4Bad link (chunked HLS format): https://demo-files.gvideo.io/hls/master.m3u8Note: Currently, only one video can be uploaded per request, so transferring your library in batches will require automation.Migrate to Gcore Video Streaming TodayGcore Video Streaming makes video migration easy with support for multiple sources and automatic transcoding. Whether you’re moving files from cloud storage, hosting platforms, or API-based services, Gcore streamlines video administration. Store, process, and distribute videos in various formats, complete with features like subtitles and timeline previews.With seamless migration and automatic transcoding, Gcore ensures your videos are optimized and ready for distribution, saving you time and effort. Simplify your video management and ensure your content is always accessible and in the best format for your audience with Gcore’s robust video streaming solutions.

5 Ways to Improve Website Speed for E-Commerce

In part 1 of this guide, we explained why site speed matters for e-commerce and how you can track your current speed.Now, speed up your page load times with these five techniques.#1 Assess Your Current Site SpeedFirst, check your site’s current performance. Use tools like Google PageSpeed Insights or real user monitoring (RUM) tools. PageSpeed Insights evaluates individual web pages for mobile and desktop performance, providing actionable insights to improve speed and user experience.Here’s an example of how your metrics might look:#2 Adopt Code and Image Optimization TechniquesE-commerce websites often have a huge number of images, videos, and/or animations, which can slow down load times. Since these media are essential, the key is to optimize all heavy components.Compress images and use lazy loading via your website host. Minimize redirects and remove broken links, consulting a technical SEO expert if required. These actions can significantly reduce page weight.#3 Adopt CDNs and Edge ComputingThe majority of online shoppers have purchased from an e-commerce store in another country and an additional 22% plan to in the future. Hosting location impacts speed. The further your servers are physically located from your customers, the higher the latency. So, having servers distributed globally improves your load speed and allows you to deliver great customer experiences, no matter where your customers are located.Imagine that your e-commerce website is hosted on a web server in the US, but you have shoppers from the EU. When shoppers from the US browse your store, they may not experience much latency. But shoppers from Germany will, because of the time it takes their browser to send requests to your US server, wait for the server to process them, and deliver a response. A reliable CDN and edge computing provider caching your website content—images, videos, payment portals and all—at the edge makes for speedy content delivery globally.In addition to shortening the distance between your servers and buyers, CDNs also enable load balancing. Say you’re running a Black Friday sale with traffic surges far beyond your normal quantities. Your CDN provider can distribute the traffic evenly between its network of available servers, preventing any one server from being overworked, thereby improving server response times. So, if your Black Friday surge comes mostly from the New York area, a CDN can push some of that traffic from the New York, NY server to the nearby Manassas, VA and Boston, CT servers. Customers won’t notice a difference since both servers are nearby, but spreading the load means all servers continue to perform optimally.#4 Use Fast Authoritative DNSDNS is like the internet’s phone book, translating human-friendly domain names (like www.example.com) into IP addresses that computers use to find each other. When this translation happens quickly, it reduces the time it takes for a user’s browser to locate your website, leading to faster page load times.#5 Rinse and RepeatSite speed optimization is continuous. The internet changes daily; technology advances and competitors emerge. Don’t get comfortable with your site speed. Continuously track speed scores and make improvements.Website Speed Solutions in One Intuitive PlatformWebsite speed is a game-changer for e-commerce success. A website that loads in under a second is the magic number to boost user experience, slash bounce rates, and skyrocket your e-commerce business’ conversion rates.Stay ahead of your e-commerce competitors by choosing tools and platforms designed with your e-commerce website speed in mind. With 180+ PoPs worldwide and a 200+ Tbps network capacity, Gcore CDN and DNS are ideal speed optimization solutions for global e-commerce sites. Contact us today to discover how we can supercharge your site speed.Explore CDN for e-commerce

What Website Speed Is and Why It Matters for E-commerce Success

Website visitors are more impatient than ever—websites that take longer than three seconds to load lose more than half their visitors. For an e-commerce business, that translates to losing half its potential sales, which is bad news for revenue. In this article, we explain what e-commerce website speed is, how it’s measured, and how you can improve it for better customer retention and higher sales.Why Does Site Speed Matter?Website speed measures the time from when visitors click your link to when they see a fully functioning page. With the surge in e-commerce businesses around the world, buyers have many choices and will quickly abandon slow-loading websites out of frustration. Most customers won’t return to a slow website, and 89% will turn to a faster competitor. Satisfied customers are more likely to recommend your website to others, making high user satisfaction an effective marketing strategy.Just a second—or less—of load time can make the difference between a potential customer purchasing from you or your competitor. Conversion rates drop markedly with every additional second of load time. If your site loads in one second or less, you’re looking at a 3% conversion rate. That almost halves when you add just one second of wait time.That’s not surprising, since churn and bounce rates increase with slower load times, meaning potential buyers either leave your site before interacting and/or don’t return.Page load times also affect search engine optimization (SEO) rankings—your spot on search engine results pages. When buyers search for your products, if you don’t appear at the top, your competitors will—and your customers are more likely to visit their site instead of yours.Evidently, optimizing page load time is a non-negotiable for any e-commerce business.Metrics and Indicators to TrackSpeed can be measured and reflected by either technical or business metrics.Technical IndicatorsGoogle Core Web Vitals are metrics that measure various features contributing to a high-quality page experience. They’re an industry-standard way to measure your technical website load speed.Largest contentful paint (LCP) is the time it takes for the largest content on your site to load. An ideal LCP value is below 2.5 seconds, while above 4 seconds signals a poor page experience.First input delay (FID) is the delay between a user’s interaction (e.g., clicking a button) and the browser’s response. Google considers any FID value below 100 ms good, and above 300 ms poor.Cumulative layout shift (CLS) measures how much your content moves around while loading. Poor CLS can cause users to accidentally click on the wrong buttons.Keep track of the following additional technical metrics:Time to first byte (TTFB) is the time between a browser requesting your webpage and the first byte of data arriving. It often triggers the “reduce initial server response time” message in page speed diagnostics.Time to interactive (TTI) measures the time it takes for your website to become fully interactive. Google considers a TTI of below 5 seconds good, and above 7.3 seconds poor.Round-trip time (RTT) is the time it takes for requests to reach the origin server, be processed, and return to the client.Business MetricsThese metrics give you insights into how your website’s speed impacts sales. Although they’re not a direct speed measurement, speed has a direct impact on them.Conversion rate measures the percentage of your website’s visitors who make a purchase.Engagement time measures how much time customers actively spend on your website, such as browsing products or making a purchase. It’s connected to bounce rate, which is the opposite—how many customers leave your site without engaging at all, often caused by slow loading.Search ranking affects your site’s visibility, traffic, and revenue. Fast load times contribute to better SEO rankings.Explore part 2 of this guide to discover 5 practical tips to speed up your e-commerce website performance.

Improve Your Privacy and Data Security with TLS Encryption on CDN

The web is a public infrastructure: Anyone can use it. Encryption is a must to ensure that communications over this public infrastructure are secure and private. You don’t want anyone to read or modify the data you send or receive, like credit card information when paying for an online service.TLS encryption is a basic yet crucial safeguard that ensures only the client (the user’s device, like a laptop) and server can read your request and response data; third parties are locked out. You can run TLS on a CDN for improved performance, caching, and TLS management. If you want to learn more about TLS and how running it on a CDN can improve your infrastructure, this is the right place to start.What Is TLS Encryption and Why Does It Matter?TLS, transport layer security, encrypts data sent via the web to prevent it from being seen or changed while it’s in transit. For that reason, it’s called encryption in-transit technology. TLS is also commonly called HTTPS when used with HTTP or SSL, as previous versions of the technology were based on it. TLS ensures high encryption performance and forward secrecy. To learn more about encryption, check out our dedicated article.TLS is a vital part of the web because it ensures trust for end users and search engines alike. End users can rest assured that their data—like online banking information or photos of their children—can’t be accessed. Search engines know that information protected by TLS is trustworthy, so they rate it higher than non-protected content.What’s the Connection Between TLS and CDN?A CDN, or content delivery network, helps improve your website’s performance by handling the delivery of your content from its own servers rather than your website’s server. When a CDN uses TLS, it ensures that your content is encrypted as it travels from your server to the CDN and from the CDN to your users.With TLS offloading, your server only needs to encrypt the content for each CDN node, not for every individual user. This reduces the workload on your server.Here’s a simple breakdown of how it works:Your server encrypts the content once and sends it to the CDN.The CDN caches this encrypted content.When a user requests the content, the CDN serves it directly to them, handling all encryption and reducing the need to repeatedly contact your server.Without a CDN, your server would have to encrypt and send content to each user individually, which can slow things down. With a CDN, your server encrypts the content once for the CDN. The CDN then takes over, encrypting and serving the content to all users, speeding up the process and reducing the load on your server.Figure 1: Comparison of how content is served with TLS on the web server (left) vs on CDN (right)Benefits of “Offloading” TLS to a CDNOffloading TLS to a CDN can improve your infrastructure with improved performance, better caching, and simplified TLS management.Increased PerformanceWhen establishing a TLS connection, the client and server must exchange information to negotiate a session key. This exchange involves four messages being sent over the network, as shown in Figure 2. The higher the latency between the two participants, the longer it takes to establish the connection. CDN nodes are typically closer to the client, resulting in lower latency and faster connection establishment.As mentioned above, CDN nodes handle all the encryption tasks. This frees up your server’s resources for other tasks and allows you to simplify its code base.Figure 2: TLS handshakeImproved CachingIf your data is encrypted, the CDN can’t cache it. A single file will look different from the CDN nodes for every new TLS connection, eliminating the CDN benefits (Figure 3). If the CDN holds the certificates, it can negotiate encryption with the clients and collect the files from your server in plaintext. This allows the CDN to cache the content efficiently and serve it faster to users.Figure 3: TLS and CDN caching comparedSimplified TLS ManagementThe CDN takes care of maintenance tasks such as certificate issuing, rotation, and auto-renewal. With the CDN managing TLS, your server’s code base can be simplified, and you no longer need to worry about potential TLS updates in the future.TLS Encryption with Gcore CDNWith the Gcore CDN we don’t just take care of your TLS encryption, but also file compression and DNS lookups. This way, you can unburden your servers from non-functional requirements, which leads to smaller, easier-to-maintain code bases, lower CPU, memory, and traffic impact, and a lower workload for the teams managing those servers.Gcore CDN offers two TLS offloading options:Free Let’s Encrypt certificates with automatic validation, an effective and efficient choice for simple security needsPaid custom certificates, ideal if your TLS setup has more complex requirementsHow to Enable HTTPS with a Free Let’s Encrypt CertificateSetting up HTTPS for your website is quick, easy, and free. First, make sure you have a Gcore CDN resource for your website. If you haven’t created one yet, you can do so in the Gcore Customer Portal by clicking Create CDN resource in the top-right of the window (Figure 4) and following the setup wizard. You’ll be asked to update your DNS records so they point to the Gcore CDN, allowing Gcore to issue the certificates later.Figure 4: Create CDN resourceNext, open the resource settings by selecting your CDN resource from the list in the center (Figure 5).Figure 5: Select the CDN resourceEnable HTTPS in the resource settings, as shown in Figure 6:Select SSL in the left navigationClick the Enable HTTPS checkboxClick Get SSL certificateFigure 6: Get an SSL certificateYour certificate will usually be issued within 30 minutes.Our Commitment to Online SecurityAt Gcore, we’re committed to making the internet secure for everyone. As part of this mission, we offer free CDN and free TLS certificates. Take advantage and protect your resources efficiently for free!Get TLS encryption on Gcore CDN free

Subscribe
to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe