All of them are networking devices, and each plays a specific role.
In this article, I explained the data diode using the analogy of a dam. Next text will be a bit more technical but aims to clearly explain the difference between each device in simple, human terms — and their typical uses.
A Hub is exactly what the name suggests — “a hub.” Whatever comes into one of its communication ports is copied and sent to all the other ports.
Imagine Computer A wants to send a message to Computer B. However, Computers C and D are also connected to the hub. So, when A sends a message to B, all the others (C and D) receive that same message.
Also, while the message is being sent, no other communication can occur, or the messages would collide. This significantly reduces network performance, which is why hubs are rarely used today.
Think of it like this: All the computers are connected to the same wire — so only one can “speak” at a time. A good analogy is mobile phones that share the same airwaves; if too many try to talk at once, the signal gets jammed.
Now imagine the same scenario with four computers. A Switch does what the name implies — it switches communication paths.
When Computer A wants to send a message to Computer B, the switch checks where B is connected and forwards the message only to that port. It’s like flipping a switch — hence the name.
In simpler terms: Each computer has its own dedicated line, and when they want to talk, the switch connects the right wires, allowing multiple conversations to happen simultaneously without interference.
Now we want to talk to computers outside of our local network, like Google. But how does any computer know where to find Google?
Instead of explaining how the internet works in detail, let’s simplify:
Let’s assume we have a Computer R, which knows how to reach the internet.
Each computer in the local network is configured with a default route (a direction to the Internet):
“If the destination computer is not in our network, send the message to Computer R.”
Computer R then takes the message, forwards it to the right destination, and handles all incoming replies back to the correct internal machine.
The router tells the data where to go.
Now that we can communicate with the internet — bad actors also know where to find us, especially outdated or unpatched computers.
To protect our internal network (computers A, B, C, D), engineers invented the firewall — a Computer F placed between the router and the outside world.
A Firewall is like airport security:
However, just like airport security, firewalls rely on human-defined rules, and mistakes can happen, meaning bad actors might still get through.
In critical infrastructure, we need stronger protection which exclude humans mistakes, bugs, vulnerabilities, supply chain attacks or intentional misconfigurations. We must prevent anyone from entering, but we still need to send information out — for performance monitoring, billing, etc.
So, engineers invented the Data Diode.
They took a switch and cut one wire in such a way that data can flow only in one direction — out.
Computers in the internal network can send data outward, but nothing can come back. It’s like throwing data into a deep shaft — and forgetting about it.
But here come the challenges:
So how to make this work?
We place a computer inside our network called a GTX-gateway. This computer collects the data, and throws it into the black hole — the data diode.
At the bottom of that shaft is another computer, the GRX-gateway, which receives the data stream and reassembles it into a form suitable for the receiver.
In short: A data diode is like a deep pit. We are throwing data in, and we don’t know for sure if it gets delivered. And since internal systems don’t know we want to send data out, we need to install a dedicated computer to push it out intentionally.
And here is how real Billing Gateway looks like