IP tunnel
From Wikipedia, the free encyclopedia
IP tunneling is the process of embedding one IP packet inside of another, for the purpose of simulating a physical connection between two remote networks across an intermediate network.
IP tunnels are often used in conjunction with IPSec protocol to create a VPN between two or more remote networks across a "hostile" network such as the Internet.
Contents |
[edit] How it Works
The point behind an IP tunnel is to carry existing IP packets across said tunnel inside of IP packets destined for the tunnel endpoints. When a packet reaches either endpoint, the tunnel's IP header and any additional tunnel headers are stripped off, and the original IP packet is injected into the IP stack of the tunnel endpoint.
The encapsulation is done by adding an outer IP header before the original IP header. Between them are any other headers for the path, such as security headers specific to the tunnel configuration. The following image is borrowed from RFC 1853.
+---------------------------+
| Outer IP Header |
+---------------------------+
| Tunnel Headers |
+---------------------------+ +---------------------------+
| IP Header | | Inner IP Header |
+---------------------------+ ====> +---------------------------+
| | | |
| IP Payload | | IP Payload |
| | | |
+---------------------------+ +---------------------------+
Internet protocol 4, sometimes called ipencap or IP within IP, is a concrete example of IP incapsulation within IP and is described by RFC 2003.
