By | July 8, 2009

Tunneling Overview!

Tunneling is the basis of VPN .  Almost all the VPN works on the method called tunneling.Tunneling is the method of used to transfer data from one network over another network in Network Infrastructure. The data to be transferred can be in frames of another protocol.

Tunneling encapsulates the data send by the sending node on its format i.e it adds its header, which contains routing information so that the data is traveresd in the network properly.The encapsulated packets are routed through the endpoint of the tunnel over the network. Tunnel is the logical path through which the packets encapsulated are traversed to reach the destination. when the frames reaches the destination the packet is de-encapsulated and the frames are forwarded to the final destination.

In short tunneling is the process of outlined below

Frames ——> Encapsulation ——> Transmission ——>  De-encapsulation ——> Destination

Protocols used by tunneling.

Tunneling uses one type of protocol to encapsulate the frames from the datagram of protocol. VPN uses PPTP protocol to encapsulate the frame over the internet(public network). Alternative  protocol which can be used is L2TP. This protocols depends upon the features specified by the PPP. PPP was the basic protocol used to send data across dedicated or dial-up connections. PPP encapsulates the IP packets with the PPP frames and transmits the data across the network. It was specifically designe to be used over NAS ( Network Access Server).

Tunneling requires three protocols.

Carrier – The protocol used by the network to tranfer the data.

Encapsulating protocol — the protocol to wrap the data.(PPTP,L2TP,GRE,IPSec)

Passenger protocol – protocol to carry the original data(IPX, Netbeui,IP).

What is split tunneling?

split tunneling is the method which enables the Remote access VPN CLIENTS to route the corporate traffic over the network(VPN connection),while sends the Internet based traffic using the local Internet connection. This is great method to split the traffic, use of corporate bandwidth for access to internet sitesis prevented.

This adds the extra security to the network. If the remote access client has the reachability to both Internet and private Organisation network simultaneously, there is the possiblity that the Internet connection can be exploited to access to private organisation network through the remote access client.

The companies which are more security sensitive can choose to use the default routing method which ensures that every traffic by the VPN client passes by the corporate firewall.