Information about Tunneling Protocol
A tunneling protocol is a network protocol which encapsulates a payload protocol, acting as a payload protocol. Reasons to tunnel include carrying a payload over an incompatible delivery network, or to provide a secure path through an untrusted network.
Tunneling does not always fit a layered protocol model such as those of OSI or TCP/IP. To understand a particular protocol stack, both the payload and delivery protocol sets must be understood. Protocol encapsulation that is carried out by conventional layered protocols, in accordance with the OSI model or TCP/IP model, for example HTTP over TCP over IP over PPP over a V.92 modem, should not be considered as tunneling.
As an example of network layer over network layer, Generic Routing Encapsulation (GRE), which is a protocol running over IP ( IP Protocol Number 47), often is used to carry IP packets, with RFC 1918 private addresses, over the Internet using delivery packets with public IP addresses. In this case, the delivery and payload protocols are compatible, but the payload addresses are incompatible with those of the delivery network.
In contrast, an IP payload might believe it sees a data link layer delivery when it is carried inside the Layer 2 Tunneling Protocol, which appears to the payload mechanism as a protocol of the data link layer. L2TP, however, actually runs over the transport layer using User Datagram Protocol (UDP) over IP. The IP in the delivery protocol could run over any data link protocol from IEEE 802.2 over IEEE 802.3 (i.e., standards-based Ethernet) to the Point-to-Point Protocol (PPP) over a dialup modem link.
Tunneling protocols may use data encryption to transport insecure payload protocols over a public network such as the Internet thereby providing VPN functionality. IPSec has an end-to-end Transport Mode, but also can be operate in a Tunneling Mode through a trusted security gateway.
Datagram-based:
So to mount an SMB file system securely, one can establish an SSH tunnel that routes all SMB traffic to the fileserver inside an SSH-encrypted connection. Even though the SMB traffic itself is insecure, because it travels within an encrypted connection it becomes secure.
Another HTTP-based tunneling method uses the HTTP CONNECT method/command. This command tells an HTTP proxy to make a TCP connection to the specified server:port, and relay data back and forth between that connection and the client connection. Therefore, for security reasons, CONNECT-capable HTTP proxies commonly restrict access to the CONNECT method to accessing TLS/SSL-based HTTPS services only.
In information technology, a packet is a formatted block of data carried by a packet mode computer network.
..... Click the link for more information.
Tunneling does not always fit a layered protocol model such as those of OSI or TCP/IP. To understand a particular protocol stack, both the payload and delivery protocol sets must be understood. Protocol encapsulation that is carried out by conventional layered protocols, in accordance with the OSI model or TCP/IP model, for example HTTP over TCP over IP over PPP over a V.92 modem, should not be considered as tunneling.
As an example of network layer over network layer, Generic Routing Encapsulation (GRE), which is a protocol running over IP ( IP Protocol Number 47), often is used to carry IP packets, with RFC 1918 private addresses, over the Internet using delivery packets with public IP addresses. In this case, the delivery and payload protocols are compatible, but the payload addresses are incompatible with those of the delivery network.
In contrast, an IP payload might believe it sees a data link layer delivery when it is carried inside the Layer 2 Tunneling Protocol, which appears to the payload mechanism as a protocol of the data link layer. L2TP, however, actually runs over the transport layer using User Datagram Protocol (UDP) over IP. The IP in the delivery protocol could run over any data link protocol from IEEE 802.2 over IEEE 802.3 (i.e., standards-based Ethernet) to the Point-to-Point Protocol (PPP) over a dialup modem link.
Tunneling protocols may use data encryption to transport insecure payload protocols over a public network such as the Internet thereby providing VPN functionality. IPSec has an end-to-end Transport Mode, but also can be operate in a Tunneling Mode through a trusted security gateway.
Common tunneling protocols
Examples of tunneling protocols include:Datagram-based:
- IPsec
- GRE (Generic Routing Encapsulation) supports multiple protocols and multiplexing
- IP in IP Tunneling [1] Lower overhead than GRE and used when only 1 IP stream is to be tunneled
- L2TP (Layer 2 Tunneling Protocol) [2]
- MPLS (Multi-Protocol Label Switching)
- GTP (GPRS Tunnelling Protocol)
- PPTP (Point-to-Point Tunneling Protocol) [3]
- PPPoE (point-to-point protocol over Ethernet)
- PPPoA (point-to-point protocol over ATM)
- IEEE 802.1Q (Ethernet VLANs)
- DLSw (SNA over IP)
- XOT (X.25 datagrams over TCP)
- IPv6 tunneling: 6to4; 6in4; Teredo
- Anything In Anything (AYIYA; e.g. IPv6 over UDP over IPv4, IPv4 over IPv6, IPv6 over TCP IPv4, etc.)
- TLS
- SSH
- SOCKS
- HTTP CONNECT command
- Various Circuit-level proxy protocols, such as MS Proxy server's Winsock Redirection Protocol, or WinGate Winsock Redirection Service.
SSH tunneling
SSH is frequently used to tunnel insecure traffic over the Internet in a secure way. For example, Windows machines can share files using the SMB protocol, which is not encrypted. If you were to mount a Windows filesystem remotely through the Internet, someone snooping on the connection could see your files.So to mount an SMB file system securely, one can establish an SSH tunnel that routes all SMB traffic to the fileserver inside an SSH-encrypted connection. Even though the SMB traffic itself is insecure, because it travels within an encrypted connection it becomes secure.
Tunneling to circumvent firewall policy
Tunneling can also be used to traverse a firewall (firewall policy permitting). In this case, protocols that are normally blocked by the firewall are encapsulated inside a commonly allowed protocol such as HTTP. If the policy on the firewall does not exercise enough control over HTTP requests, this can sometimes be used to circumvent the intended firewall policy.Another HTTP-based tunneling method uses the HTTP CONNECT method/command. This command tells an HTTP proxy to make a TCP connection to the specified server:port, and relay data back and forth between that connection and the client connection. Therefore, for security reasons, CONNECT-capable HTTP proxies commonly restrict access to the CONNECT method to accessing TLS/SSL-based HTTPS services only.
See also
- Tunnel Broker
- Virtual Private Network (Tunneling)
- HTTP tunnel (software)
References
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.1. ^ IP Encapsulation within IP,RFC2003, C. Perkins,October 1996
2. ^ Layer Two Tunneling Protocol "L2TP",RFC 2661, W. Townsley et al.,August 1999
3. ^ Point-to-Point Tunneling Protocol (PPTP),RFC 2637, K. Hamzeh et al.,July 1999
2. ^ Layer Two Tunneling Protocol "L2TP",RFC 2661, W. Townsley et al.,August 1999
3. ^ Point-to-Point Tunneling Protocol (PPTP),RFC 2637, K. Hamzeh et al.,July 1999
External links
- SSH Tunnels explained by example
- Tunneling SSH from behind an HTTP proxy server
- SSH Tunneling FAQ Professional Frequently Asked Questions example
- HOWTO: Set up a Windows SSH server for VNC tunneling
protocol is a convention or standard that controls or enables the connection, communication, and data transfer between two computing endpoints. In its simplest form, a protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication.
..... Click the link for more information.
..... Click the link for more information.
encapsulation is to include data from an upper layer protocol into a lower layer protocol. This is a method of abstraction for networking by allowing different layers to add features/functionality.
..... Click the link for more information.
..... Click the link for more information.
The Open Systems Interconnection (usually abbreviated to OSI) was an effort to standardize networking that was started in 1982 by the International Organization for Standardization (ISO), along with the ITU-T.
..... Click the link for more information.
..... Click the link for more information.
The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it:
..... Click the link for more information.
..... Click the link for more information.
Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model for short) is a layered, abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection (OSI) initiative.
..... Click the link for more information.
..... Click the link for more information.
The TCP/IP model or Internet reference model, sometimes called the DoD model (DoD, Department of Defense) ARPANET reference model, is a layered abstract description for communications and computer network protocol design.
..... Click the link for more information.
..... Click the link for more information.
Generic Routing Encapsulation (GRE) is a tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets. The original packet is the payload for the final packet. The protocol is used on the Internet to secure virtual private networks.
..... Click the link for more information.
..... Click the link for more information.
This is a list of IP protocol numbers that defines the number used in the protocol field of IPv4 packets and the Next Header field of IPv6 packets.
Decimal Keyword Protocol References
0 HOPOPT IPv6 Hop-by-Hop Option RFC 1883
..... Click the link for more information.
Decimal Keyword Protocol References
0 HOPOPT IPv6 Hop-by-Hop Option RFC 1883
..... Click the link for more information.
User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short messages sometimes known as datagrams (using Datagram Sockets) to one another.
..... Click the link for more information.
..... Click the link for more information.
IEEE 802.2 is the IEEE 802 standard defining Logical Link Control (LLC), which is the upper portion of the data link layer for local area networks. The LLC sublayer presents a uniform interface to the user of the data link service, usually the network layer.
..... Click the link for more information.
..... Click the link for more information.
IEEE 802.3 is a collection of IEEE standards defining the Physical Layer and the media access control (MAC) sublayer of the data link layer of wired Ethernet. This is generally a LAN technology with some WAN applications.
..... Click the link for more information.
..... Click the link for more information.
Ethernet is a family of frame-based computer networking technologies for local area networks (LANs). The name comes from the physical concept of the ether. It defines a number of wiring and signaling standards for the physical layer, through means of network access at the Media
..... Click the link for more information.
..... Click the link for more information.
In networking, the Point-to-Point Protocol, or PPP, is a data link protocol commonly used to establish a direct connection between two nodes over serial cable, phone line, trunk line, cellular telephone, specialized radio links, or fiber optic links.
..... Click the link for more information.
..... Click the link for more information.
virtual private network (VPN) is a communications network tunneled through another network, and dedicated for a specific network. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as
..... Click the link for more information.
..... Click the link for more information.
IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each in a data stream. IPsec also includes protocols for cryptographic key establishment.
..... Click the link for more information.
..... Click the link for more information.
- :::For uses of the word "Packet" outside Information Technology, see Packet
In information technology, a packet is a formatted block of data carried by a packet mode computer network.
..... Click the link for more information.
IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each in a data stream. IPsec also includes protocols for cryptographic key establishment.
..... Click the link for more information.
..... Click the link for more information.
Generic Routing Encapsulation (GRE) is a tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets. The original packet is the payload for the final packet. The protocol is used on the Internet to secure virtual private networks.
..... Click the link for more information.
..... Click the link for more information.
In computer networking, the Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs).
..... Click the link for more information.
History and future
Published in 1999 as proposed standard RFC 2661, L2TP has its origins primarily in two older tunneling protocols..... Click the link for more information.
data link layer is layer two of the seven-layer OSI model as well as of the five-layer TCP/IP reference model. It responds to service requests from the network layer and issues service requests to the physical layer.
..... Click the link for more information.
..... Click the link for more information.
In computer networking and telecommunications, Multi Protocol Label Switching (MPLS) is a data-carrying mechanism that belongs to the family of packet-switched networks.
..... Click the link for more information.
..... Click the link for more information.
GPRS Tunneling Protocol (or GTP) is an IP based protocol used within GSM and UMTS networks. The GTP protocol is layered on top of UDP. There are in fact three separate protocols, GTP-C, GTP-U and GTP'.
..... Click the link for more information.
..... Click the link for more information.
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Layer 2 Tunneling Protocol (L2TP)[1] or IPSec are the standards-based replacements for PPTP.
..... Click the link for more information.
PPTP specification
A specification for PPTP was published as RFC 2637...... Click the link for more information.
PPPoE, Point-to-Point Protocol over Ethernet, is a network protocol for encapsulating PPP frames inside Ethernet frames. It is used mainly with ADSL services where individual users connect to the ADSL transceiver (modem) over ethernet.
..... Click the link for more information.
..... Click the link for more information.
In networking, the Point-to-Point Protocol, or PPP, is a data link protocol commonly used to establish a direct connection between two nodes over serial cable, phone line, trunk line, cellular telephone, specialized radio links, or fiber optic links.
..... Click the link for more information.
..... Click the link for more information.
Ethernet is a family of frame-based computer networking technologies for local area networks (LANs). The name comes from the physical concept of the ether. It defines a number of wiring and signaling standards for the physical layer, through means of network access at the Media
..... Click the link for more information.
..... Click the link for more information.
PPPOA or PPPoA, Point-to-Point Protocol (PPP) over ATM, is a network protocol for encapsulating PPP frames in ATM AAL5. It is used mainly with cable modem, DSL and ADSL services.
..... Click the link for more information.
..... Click the link for more information.
Asynchronous Transfer Mode (ATM) is a cell relay, packet switching network and data link layer protocol which encodes data traffic into small (53 bytes; 48 bytes of data and 5 bytes of header information) fixed-sized cells.
..... Click the link for more information.
..... Click the link for more information.
IEEE 802.1Q (also known as VLAN Tagging) was a project in the IEEE 802 standards process to develop a mechanism to allow multiple bridged networks to transparently share the same physical network link without leakage of information between networks (i.e. trunking). IEEE 802.
..... Click the link for more information.
..... Click the link for more information.
Data-link switching (DLSw) is a tunneling protocol designed to tunnel non-IP based protocols such as IBM Systems Network Architecture (SNA) and NBF over an IP network.
DLSw was initially documented in IETF RFC 1434 in 1993.
..... Click the link for more information.
DLSw was initially documented in IETF RFC 1434 in 1993.
..... Click the link for more information.
This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus
