Diagnostics are how a vehicle reports faults, how a technician reads them, and how new software reaches an ECU. UDS defines the request/response services; DoIP carries them over Ethernet and IP. The gateway sits in the middle, deciding who may talk to which ECU.
OBD-II standardizes emissions-related diagnostics for regulators. UDS (ISO 14229) goes much further: reading and clearing fault codes, accessing live data, running routines, and — crucially — reprogramming ECUs through sessions and security access. Most manufacturer service and flashing operations are UDS operations.
As payloads grow — full ECU images, large data sets — CAN-based diagnostics become slow. DoIP (ISO 13400) tunnels UDS over TCP/IP and automotive Ethernet, giving far higher throughput for flashing and data capture. It defines vehicle discovery, routing activation and the connection between an external tester and in-vehicle ECUs.
Because diagnostics can reflash safety ECUs, access must be tightly controlled. The central gateway authenticates testers, enforces UDS security access, rate-limits requests and isolates domains so a workshop tool cannot reach a brake controller without authorization. In modern vehicles the diagnostic path is a primary attack surface — and the gateway is where it is defended.