1. Home
  2. Networking
  3. Integrated cisco and unix network architectures

Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures

This chapter discusses various tunnel approaches as building blocks of virtual private networks (VPNs) and special-purpose routing architectures. Some tunnel approaches result in dedicated virtual interfaces at the UNIX level; others that usually reside outside the kernel space do not. In addition, this chapter concisely reviews today's predominant tunnel approaches for gateways and PPP sessions and discusses factors to consider when choosing the appropriate technology to accomplish specific design goals.

NOTE

Although IP Security (IPSec) is discussed thoroughly, neither this chapter nor the entire book elaborates on security aspects and issues per se. Security is too vast a field and justifies an entire publication. If I receive a lot of requests, a second volume (perhaps Integrated Cisco and UNIX Security Architectures) might follow. In addition, please understand that Microsoft PPTP/L2TP implementation issues go beyond both the scope and focus of this book.


This chapter concludes with examples that combine the dynamic routing approaches of the previous chapters with tunnel approaches to add a powerful feature to our toolbox. A significant resource quoted quite frequently in this chapter is the Virtual Private Network Consortium (VPNC, http://www.vpnc.org). VPNC is an association of VPN product manufacturers. It is active in the area of interoperability and compliance testing with regard to VPN Standards established by the Internet Engineering Task Force (IETF, http://www.ietf.org).



    		Command Syntax Conventions
    		Chapter 1. Operating System Issues and Features-The Big Picture
    		Chapter 2. User-Space Routing Software
    		Chapter 3. Kernel Requirements for a Full-Featured Lab
    		Chapter 4. Gateway WAN/Metro Interfaces
    		Chapter 5. Ethernet and VLANs
    		Chapter 6. The Analyzer Toolbox, DHCP, and CDP
    		Chapter 7. The UNIX Routing and ARP Tables
    		Chapter 8. Static Routing Concepts
    		Chapter 9. Dynamic Routing Protocols-Interior Gateway Protocols
    		Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing
    		Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures
    		The Rationale for Tunnels in Routing Environments
    		The VPNC Concept of VPNs
    		The OSI Stack Perspective
    		Internet, Intranet, and Extranet Terminology
    		IP-IP Tunnel
    		Generic Router Encapsulation (GRE) Tunnel
    		Special Multicast and IPv6 Tunneling (RFC 2473, RFC 3053)
    		Cisco L2F (Layer 2 Forwarding)
    		PPTP (Point-to-Point Tunnel Protocol)
    		L2TP (Layer 2 Tunnel Protocol)
    		Mobile IP
    		User-Space Tunneling
    		IPSec Foundation
    		General Tunnel and Specific IPSec Caveats
    		Advice About IPSec Lab Scenarios
    		Road-Warrior Scenarios (Road Warrior-to-OpenBSD/FreeBSD Gateway with IKE)
    		Dynamic Routing Protocols over Point-to-Point Tunnels-Transparent Infrastructure VPN
    		Summary
    		Recommended Reading
    		Endnotes
    		Chapter 12. Designing for High Availability
    		Chapter 13. Policy Routing, Bandwidth Management, and QoS
    		Chapter 14. Multicast Architectures
    		Chapter 15. Network Address Translation
    		Appendix A. UNIX Kernel Configuration Files
    		Appendix B. The FreeBSD Netgraph Facility