Tunneling, also known as encapsulation, is a method of using an internetwork infrastructure of one protocol to transfer a payload. Typically, the payload is the frames (or packets) of another protocol (see Figure 1.8). Instead of being sent as it is produced by the originating host, the frame is encapsulated with an additional header. The additional header provides routing information so the encapsulated payload can traverse an intermediate internetwork (also known as a transit internetwork). The encapsulated packets are then routed between tunnel endpoints over the transit internetwork. Once the encapsulated payload packets reach their destination on the transit internetwork, the frame is de-encapsulated and forwarded to its final destination.
The entire process of encapsulation, transmission, and de-encapsulation of packets is known as tunneling. The logical path through which the encapsulated packets travel through the transit internetwork is called a tunnel.
Figure 1.8 Tunneling
The transit internetwork can be any internetwork. The Internet is a good example as the most widely known public internetwork. There are also many examples of tunnels that are carried over corporate internetworks.
Some common types of tunneling:
SNA Tunneling over IP Internetworks To send System Network Architecture (SNA) traffic across a corporate IP internetwork, the SNA frame is encapsulated with a User Datagram Protocol (UDP) and IP header. This is known as Data Link Switching (DLSw) and is described in RFC 1795.
IPX Tunneling for Novell NetWare IPX packets are sent to a NetWare server or IPX router that wraps the IPX packet with a UDP and IP header and sends them across an IP internetwork. The destination IP router removes the UDP and IP header and forwards them to the appropriate IPX destination.
Point-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol (PPTP) allows IP, IPX, or NetBEUI traffic to be encrypted and encapsulated in an IP header to be sent across a corporate IP internetwork or public internetworks like the Internet. For more information, see "Virtual Private Networking" in this book.
Layer 2 Tunneling Protocol Layer Two Tunneling Protocol (L2TP) allows IP, IPX, or NetBEUI traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery such as IP, X.25, Frame Relay, or ATM. For more information, see "Virtual Private Networking" in this book.
IP Security (IPSec) Tunnel Mode IPSec Tunnel Mode allows IP payloads to be encrypted and then encapsulated in an IP header to be sent across a corporate IP internetwork or public internetworks like the Internet. For more information about IPSec, see "Internet Protocol Security" in the TCP/IP Core Networking Guide .
Windows 2000 Server only ships with support for PPTP, L2TP, and IPSec tunneling.