An IP tunnel is an
Internet Protocol
The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
IP h ...
(IP) network communications channel between two networks. It is used to transport another network protocol by
encapsulation of its
packet
Packet may refer to:
* A small container or pouch
** Packet (container), a small single use container
** Cigarette packet
** Sugar packet
* Network packet, a formatted unit of data carried by a packet-mode computer network
* Packet radio, a form ...
s.
IP tunnels are often used for connecting two disjoint IP networks that don't have a native routing path to each other, via an underlying routable protocol across an intermediate transport network. In conjunction with the
IPsec
In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
protocol they may be used to create a
virtual private network
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
between two or more private networks across a public network such as the
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
. Another prominent use is to connect islands of
IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
installations across the
IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
Internet.
In IP tunnelling, every IP packet, including addressing information of its source and destination IP networks, is encapsulated within another packet format native to the transit network.
At the borders between the source network and the transit network, as well as the transit network and the destination network, gateways are used that establish the end-points of the IP tunnel across the transit network. Thus, the IP tunnel endpoints become native IP routers that establish a standard IP route between the source and destination networks. Packets traversing these end-points from the transit network are stripped from their transit frame format headers and trailers used in the
tunnelling protocol and thus converted into native IP format and injected into the IP stack of the tunnel endpoints. In addition, any other protocol encapsulations used during transit, such as IPsec or
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
, are removed.
IP in IP IP in IP is an IP tunneling protocol that encapsulates one IP packet in another IP packet. To encapsulate an IP packet in another IP packet, an outer header is added with Source IP, the entry point of the tunnel, and Destination IP, the exit point ...
, sometimes called ''ipencap'', is an example of IP encapsulation within IP and is described in RFC 2003. Other variants of the IP-in-IP variety are IPv6-in-IPv4 (''
6in4
6in4 is an IPv6 transition mechanism for migrating from Internet Protocol version 4 (IPv4) to IPv6. It is a tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of . The IP protocol ...
'') and IPv4-in-IPv6 (''
4in6'').
IP tunneling often bypasses simple
firewall
Firewall may refer to:
* Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts
* Firewall (construction), a barrier inside a building, designed to limit the spre ...
rules transparently since the specific nature and addressing of the original datagrams are hidden.
Content-control software
An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software det ...
is usually required to block IP tunnels.
History
The first specification of IP tunneling was in RFC 1075, which described
DVMRP, the first IP multicast routing protocol. Because multicast used special IPv4 addresses, testing DVMRP required a way to get IP datagrams across portions of the Internet that did not yet recognize multicast addresses. This was solved by IP tunneling. The first approach to IP tunneling used an IP Loose Source Route and Record (LSRR) Option to hide the multicast address from the non-multicast aware routers. A multicast-aware destination router would remove the LSRR option from the packet and restore the multicast IP address to the packet's IP destination field. The other approach in the DVMRP specification was IP in IP, as described above. IP in IP soon became the preferred approach, and was later put to use in the
Mbone
Mbone (short for "multicast backbone") was an experimental backbone and virtual network built on top of the Internet for carrying IP multicast traffic on the Internet. It was developed in the early 1990s and required specialized hardware and soft ...
.
See also
*
Tunnel Setup Protocol
In computer networking, the Tunnel Setup Protocol (TSP) is an experimental networking control protocol used to negotiate IP tunnel setup parameters between a tunnel client host and a tunnel broker server, the tunnel end-points. A major use of TSP ...
*
Tunnel Broker
*
Generic Routing Encapsulation
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol netw ...
References
*
*
*
*
* {{IETF RFC, 4213, link=no
Networking standards
Tunneling protocols