4.9. Summary

In this chapter, we've studied tunneling technology in depth. We began with a tentative definition of tunneling; after looking at an example, we refined it to be the encapsulation of a protocol's data in the payload of another protocol at the same or higher layer.

We looked at two common examples: IP-in-IP and PPPoE tunnels. We saw how they encapsulate the tunneled data and, in the case of PPPoE, how the tunnel endpoints can negotiate tunnel parameters.

Next, we looked at GRE tunnels as a way of decreasing the complexity of implementing tunnels. Instead of the X x Y implementations required to tunnel X protocols in Y protocols, GRE serves as a generalized mechanism allowing one protocol to be tunneled in another.

We examined the PPTP and L2TP protocols and observed how they serve as a generalization of the traditional telco-/modem-based RAS system. Although users think of PPTP and L2TP as VPN technologies, we examined only their tunnel aspects and left their security features for later investigation. We noted that PPTP, essentially a Microsoft product, is being replaced by L2TP. Both PPTP and L2TP depend on PPP to frame the tunneled packets.

We discussed MPLS, first as an efficient routing mechanism and then as a way of providing a kind of VPN. MPLS uses a small labelor stack of labelsprepended to packets in order to make efficient routing decisions. We observed that MPLS is useful mainly within an autonomous system but that it can be used across autonomous systems if their directors agree and coordinate labels.

Finally, we saw how we can use the gtunnel skeleton to build our own tunnels, whether or not they are supported natively by the operating system. We used gtunnel to build another version of the IP-in-IP tunnel.