Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info

 

 

Tunnels

Related Entries    Web Links    New/Updated Information

  
Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Tunnels are virtual paths across networks that either deliver encrypted packets or packets that are of a different protocol type than the network itself. When a tunnel is used to delivery foreign packets, it can be compared to a ferry that carries cars across a river or channel. An example of a tunnel is pictured in Figure T-11. The tunneling process involves encapsulating a packet from the source network into a packet of the intermediate network. When the packet arrives at the destination network, it is removed from the packet and forwarded on the network.

An organization that has two IPX networks that are separated by a large TCP/IP network can join the two IPX networks by encapsulating IPX packets into IP packets for delivery across the TCP/IP network. Tunneling is also often used to deliver nonroutable protocols such as SNA (Systems Network Architecture) or NetBEUI (NetBIOS Extended User Interface) across a routed network. Encapsulation is used to transport Ethernet frames across an FDDI backbone network. The Ethernet frame is placed inside an FDDI frame and sent across the FDDI backbone. When the packet reaches the Ethernet/FDDI attached to the destination network, it is unencapsulated and sent to the destination.

Tunneling has become popular in building private secure network links-that is, VPNs (virtual private networks) across public networks such as the Internet. To build a VPN, a company installs encrypting routers at either end of the virtual link. All data traffic sent between the sites, no matter what protocol is used, can be placed in IP packets that are routed to the other site. The data in the packets is encrypted to keep it private. When packets are encrypted (i.e., a virtual private network), they are essentially foreign packets that must be encapsulated because the intermediate networks cannot read the header information. The header is usually encrypted for security reasons; however, the IETF IPSec (IP Security) protocol provides an option for encrypting just the data and not the header.

Tunneling may also provide a form of source routing or constraint-based routing, in which an encrypted path is set up in advance to deliver packets from source to destination in a very efficient manner. This is the approach of MPLS (Multiprotocol Label Switching) in combination with IPSec. Normal routing decisions are bypassed and replaced with fast switching options.

Two other popular tunneling protocols are PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol). PPTP is used to encrypt and encapsulate IP, IPX, or NetBEUI traffic in an IP packet. L2TP extends this concept across X.25, frame relay, or ATM networks. One advantage that PPTP and L2TP have over IPSec tunneling is the ability to easily support dial-up remote access users. The reason is because the protocols support PPP user authentication. This is the same authentication that most ISPs use for dial-up Internet access accounts.

Several Internet RFCs provide more information about encapsulation and encrypted tunnels. Also see "L2TP (Layer 2 Tunneling Protocol)," "IPSec (IP Security)," and "VPN (Virtual Private Network)" for more information about tunnels and related RFCs.

  • RFC 1234 (Tunneling IPX traffic through IP networks, June 1991)

  • RFC 1853 (IP in IP Tunneling, October 1995)

  • RFC 2003 (IP Encapsulation within IP, October 1996)

  • RFC 2004 (Minimal Encapsulation within IP, October 1996)

  • RFC 2983 (Differentiated Services and Tunnels, October 2000)

  • RFC 3053 (IPv6 Tunnel Broker, January 2001)

  • RFC 3077 (A Link-Layer Tunneling Mechanism for Unidirectional Links, March 2001)



Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.