IP tunnels

True point-to-point networks are not always possible in corporate networking environment. Many networks deploy nontraditional methods of connection (for example, DSL or broadband) at remote sites or branch offices. The branch office, telecommuter, or business traveler then becomes separated from the corporate network. Some method of tunneling becomes imperative to connect all the network sites together.

Virtual Private Networking (VPN) is often deployed to create private tunnels through the public network system for passing data to remote sites. While VPN is sufficient for the average business traveler, it is not a good solution for branch site connectivity. VPN configurations must include statically maintained access lists to identify traffic through the tunnel. These access lists are often tedious to configure for larger networks and are prone to errors.

VPNs do not permit multicast traffic to pass; therefore routing protocols such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are no longer options for dynamic routing updates. All new additions to the network topology must be manually added to the various configured access lists. Without dynamic routing from one site to another, network management is severely hampered. Network managers need their non-heterogeneous networks to function like traditional point-to-point networks so that traditional management methods (once available only on point-to-point circuits) can apply to the entire network.

The solution to these challenges is to use IP tunnels. An IP tunnel provides a virtual link between endpoints on two different networks enabling data to be exchanged as if the endpoints were directly connected on the same network. Traffic between the devices is isolated from the intervening networks that the tunnel spans.

For example, the following diagram shows an IP tunnel (using GRE) that connects two IPv4 networks over an IPv4 network.

If network 1 and network 3 are using IPv6 addressing, the tunnel connects them by encapsulating the IPv6 traffic in IPv4 packets to traverse network 2. The intermediate network devices do not know about Network 1 and Network 2 because the packets are encapsulated.

An IP tunnel can also be used to create a point-to-point link for IPv6 traffic over an IPv6 network.

IP tunnels supported features

  • Up to 127 tunnels can be defined on a switch shared between different tunnel types: GRE, IPv6 in IPv4, and IPv6 in IPv6.
  • A maximum of 16 source IP addresses are supported. Tunnels can have the same source IP address and different destination IP addresses. The source IP, destination IP, and VRF combine to uniquely identify a tunnel.

Unsupported features

  • GRE IPv4 over IPv6.
  • QoS cannot be applied to a GRE tunnel interface.
  • Key support can be added for security and identification purposes when there are multiple applications.
  • VPN across public IP network.
  • MPLS over GRE.
  • Multipoint GRE for scalable network to reach multiple remote sites.