The term tunneling protocol is used to describe when one network protocol called the payload protocol is encapsulated within a different delivery protocol. Reasons to use tunnelling include carrying a payload over an incompatible delivery network, or to provide a secure path through an untrusted network.
Tunneling typically contrasts with a layered protocol model such as those of OSI or TCP/IP. The tunnel protocol is usually (but not always) at a higher level than the payload protocol, or at the same level. To understand a particular protocol stack, both the payload and delivery protocol sets must be understood. Protocol encapsulation that is carried out by conventional layered protocols, in accordance with the OSI model or TCP/IP model, for example HTTP over TCP over IP over PPP over a V.92 modem, should not be considered as tunneling.
As an example of network layer over network layer, Generic Routing Encapsulation (GRE), which is a protocol running over IP (IP Protocol Number 47), often is used to carry IP packets, with RFC 1918 private addresses, over the Internet using delivery packets with public IP addresses. In this case, the delivery and payload protocols are compatible, but the payload addresses are incompatible with those of the delivery network.
In contrast, an IP payload might believe it sees a data link layer delivery when it is carried inside the Layer 2 Tunneling Protocol, which appears to the payload mechanism as a protocol of the data link layer. L2TP, however, actually runs over the transport layer using User Datagram Protocol (UDP) over IP. The IP in the delivery protocol could run over any data link protocol from IEEE 802.2 over IEEE 802.3 (i.e., standards-based Ethernet) to the Point-to-Point Protocol (PPP) over a dialup modem link.
Tunneling protocols may use data encryption to transport insecure payload protocols over a public network such as the Internet thereby providing VPN functionality. IPSec has an end-to-end Transport Mode, but also can be operated in a Tunneling Mode through a trusted security gateway.
Common tunneling protocols
Examples of tunneling protocols include:
Datagram-based:
* IPsec
* GRE (Generic Routing Encapsulation) supports multiple protocols and multiplexing
* IP in IP Tunneling Lower overhead than GRE and used when only 1 IP stream is to be tunneled
* L2TP (Layer 2 Tunneling Protocol)
* MPLS (Multi-Protocol Label Switching)
* GTP (GPRS Tunnelling Protocol)
* PPTP (Point-to-Point Tunneling Protocol)
* PPPoE (point-to-point protocol over Ethernet)
* PPPoA (point-to-point protocol over ATM)
* IEEE 802.1Q (Ethernet VLANs)
* DLSw (SNA over IP)
* XOT (X.25 datagrams over TCP)
* IPv6 tunneling: 6to4; 6in4; Teredo
* Anything In Anything (AYIYA; e.g. IPv6 over UDP over IPv4, IPv4 over IPv6, IPv6 over TCP IPv4, etc.)
Stream-based:
* TLS
* SSH
* SOCKS
* HTTP CONNECT command
* Various circuit-level proxy protocols, such as Microsoft Proxy Server's Winsock Redirection Protocol, or WinGate Winsock Redirection Service.
If you want to see graphical representation for Tunneling protocal means check out the recent posts....
Tunneling typically contrasts with a layered protocol model such as those of OSI or TCP/IP. The tunnel protocol is usually (but not always) at a higher level than the payload protocol, or at the same level. To understand a particular protocol stack, both the payload and delivery protocol sets must be understood. Protocol encapsulation that is carried out by conventional layered protocols, in accordance with the OSI model or TCP/IP model, for example HTTP over TCP over IP over PPP over a V.92 modem, should not be considered as tunneling.
As an example of network layer over network layer, Generic Routing Encapsulation (GRE), which is a protocol running over IP (IP Protocol Number 47), often is used to carry IP packets, with RFC 1918 private addresses, over the Internet using delivery packets with public IP addresses. In this case, the delivery and payload protocols are compatible, but the payload addresses are incompatible with those of the delivery network.
In contrast, an IP payload might believe it sees a data link layer delivery when it is carried inside the Layer 2 Tunneling Protocol, which appears to the payload mechanism as a protocol of the data link layer. L2TP, however, actually runs over the transport layer using User Datagram Protocol (UDP) over IP. The IP in the delivery protocol could run over any data link protocol from IEEE 802.2 over IEEE 802.3 (i.e., standards-based Ethernet) to the Point-to-Point Protocol (PPP) over a dialup modem link.
Tunneling protocols may use data encryption to transport insecure payload protocols over a public network such as the Internet thereby providing VPN functionality. IPSec has an end-to-end Transport Mode, but also can be operated in a Tunneling Mode through a trusted security gateway.
Common tunneling protocols
Examples of tunneling protocols include:
Datagram-based:
* IPsec
* GRE (Generic Routing Encapsulation) supports multiple protocols and multiplexing
* IP in IP Tunneling Lower overhead than GRE and used when only 1 IP stream is to be tunneled
* L2TP (Layer 2 Tunneling Protocol)
* MPLS (Multi-Protocol Label Switching)
* GTP (GPRS Tunnelling Protocol)
* PPTP (Point-to-Point Tunneling Protocol)
* PPPoE (point-to-point protocol over Ethernet)
* PPPoA (point-to-point protocol over ATM)
* IEEE 802.1Q (Ethernet VLANs)
* DLSw (SNA over IP)
* XOT (X.25 datagrams over TCP)
* IPv6 tunneling: 6to4; 6in4; Teredo
* Anything In Anything (AYIYA; e.g. IPv6 over UDP over IPv4, IPv4 over IPv6, IPv6 over TCP IPv4, etc.)
Stream-based:
* TLS
* SSH
* SOCKS
* HTTP CONNECT command
* Various circuit-level proxy protocols, such as Microsoft Proxy Server's Winsock Redirection Protocol, or WinGate Winsock Redirection Service.
If you want to see graphical representation for Tunneling protocal means check out the recent posts....
No comments:
Post a Comment