1. Home
  2. Networking
  3. Integrated cisco and unix network architectures

The Rationale for Tunnels in Routing Environments

Some tunnels are authenticated, some are compressed, and some are even encrypted; some lack all these capabilities and primarily support signaling, transport, and connectivity. The primary goal of the IPSec framework or suite of protocols is the provisioning and setup of authenticated and encrypted tunnels. It is a complex suite because it has to deal with complex tasks.

IPSec is an extension of IPv4 and intrinsically included in IPv6. Tunnels are virtual point-to-point overlay links that consist of only two endpoints; there is nothing in between, just plain nondeterministic best-effort IP delivery. Two endpoints need to be configured. With the exception of Multiprotocol Label Switching (MPLS), tunnels form the foundation of most VPNs.

Virtual private dial-up networks (VPDNs) have different requirements to transport PPP connections securely over Digital Subscriber Line (DSL), Integrated Services Digital Network (ISDN), or Public Switched Telephone Network (PSTN) architectures. Figure 11-1 offers an overview of common tunnel scenarios.

Figure 11-1. Tunnel Applications

graphics/11fig01.jpg




    		Command Syntax Conventions
    		Chapter 1. Operating System Issues and Features-The Big Picture
    		Chapter 2. User-Space Routing Software
    		Chapter 3. Kernel Requirements for a Full-Featured Lab
    		Chapter 4. Gateway WAN/Metro Interfaces
    		Chapter 5. Ethernet and VLANs
    		Chapter 6. The Analyzer Toolbox, DHCP, and CDP
    		Chapter 7. The UNIX Routing and ARP Tables
    		Chapter 8. Static Routing Concepts
    		Chapter 9. Dynamic Routing Protocols-Interior Gateway Protocols
    		Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing
    		Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures
    		The Rationale for Tunnels in Routing Environments
    		The VPNC Concept of VPNs
    		The OSI Stack Perspective
    		Internet, Intranet, and Extranet Terminology
    		IP-IP Tunnel
    		Generic Router Encapsulation (GRE) Tunnel
    		Special Multicast and IPv6 Tunneling (RFC 2473, RFC 3053)
    		Cisco L2F (Layer 2 Forwarding)
    		PPTP (Point-to-Point Tunnel Protocol)
    		L2TP (Layer 2 Tunnel Protocol)
    		Mobile IP
    		User-Space Tunneling
    		IPSec Foundation
    		General Tunnel and Specific IPSec Caveats
    		Advice About IPSec Lab Scenarios
    		Road-Warrior Scenarios (Road Warrior-to-OpenBSD/FreeBSD Gateway with IKE)
    		Dynamic Routing Protocols over Point-to-Point Tunnels-Transparent Infrastructure VPN
    		Summary
    		Recommended Reading
    		Endnotes
    		Chapter 12. Designing for High Availability
    		Chapter 13. Policy Routing, Bandwidth Management, and QoS
    		Chapter 14. Multicast Architectures
    		Chapter 15. Network Address Translation
    		Appendix A. UNIX Kernel Configuration Files
    		Appendix B. The FreeBSD Netgraph Facility