7.7 Tunnel Interfaces

Previous page
Table of content
Next page

Tunnel interfaces are another type of nonphysical interface. They exist as a process in the router's memory for performing certain routing functions. Tunnels create virtual paths through networks that have an entrance point and an exit point. When a packet travels through a tunnel that spans many routers, it still thinks that it has only traveled through one. Think of it as driving through the mountains in a long tunnel. You are not aware of how many mountains and valleys you are driving under. You are only aware that you went in one side and came out the other.

Tunnels can be used to connect two networks that, perhaps, you wish to have directly attached, but for cost, security, or technical reasons, you have to connect through another network. These two networks can have their IP traffic tunneled to each other so they can act as if they are connected to the same router. Since tunnels can be encrypted, this can greatly decrease the cost of WAN connections for branch offices because they can use Internet connections. Instead of having an extremely expensive WAN connection over thousands of miles, a company can connect branch offices to a local service provider that will give the offices a connection the Internet. The branch offices can then set their IP traffic to travel to each other in tunnels through the Internet, which alleviates the cost of having to connect the branch offices directly to each other with Frame Relay or ATM.

Two tunnel types that are supported by Juniper Networks routers are GRE and IP encapsulated in IP-only (IP-IP). GRE is a type of standardized tunnel encapsulation that allows different protocols to be encapsulated inside one another. GRE standards are defined in RFC 2784. IP-IP tunneling predates the GRE standard. The main difference between GRE and IP-IP is that IP-IP doesn't have any extra encapsulation header information. The inside IP header follows right after the outside.

An IP packet, when entering the tunnel, will be packaged in another IP header with a different destination address. When the double packet gets to the destination of the tunnel IP packet, the outer IP encapsulation is stripped away and the original IP packet is forwarded on.

In Figure 7-18, Company XYZ has its headquarters located in Chicago. When a branch office in London is opened and needs to be connected to the headquarters network, Company XYZ could pay extremely high fees to get a direct connection from London back to Chicago, or the company could find a service provider that has connections in both cities and will provide XYZ with a tunnel.

Figure 7-18. Tunnel Configuration

graphics/07fig18.gif

In Figure 7-18, the service provider administers routers Chicago, New York, and London. A GRE interface is configured using the gr- x/y/z , where x/y/z is the position of the Tunnel PIC (for an IP-IP tunnel, use ip- x/y/z ). The service provider wishes to set up the tunnel and then route any packets destined for the London office to use that tunnel. The tunnel is configured so that the service-provider-administered interfaces on routers Chicago and London are the endpoints. These IP addresses will be the source and destination . Following is the Chicago GRE interface configuration; router London's configuration will be the same, but with reversed source and destination , as follows (with abbreviated output for brevity). 

 [edit interfaces]  lab@Chicago# set gr-4/0/0 unit 0 tunnel source 10.0.16.1 [edit interfaces] lab@Chicago# set gr-4/0/0 unit 0 tunnel destination 10.0.32.1 [edit interfaces] lab@Chicago# show gr-4/0/0 {     unit 0 {         tunnel {             source 10.0.16.1;             destination 10.0.32.1;         }         family inet;     } } <<<output omitted for brevity>>>

To get the packets destined for the London network to go through the tunnel, a static route for that network with a next -hop of the tunnel interface is added. 

 [edit routing-options]  lab@Chicago# show static {     route 10.0.16.0/24 next-hop gr-4/0/0.0; } [edit routing-options] lab@Chicago#

Now, anytime a packet from the headquarters network is destined for the London branch network, it will take the tunnel.

Tunnels are virtual connections that allow routers to think they are directly connected to another network when, in fact, they are not. The requirement to be directly connected can be bypassed by encapsulating one set of IP packets in another as they enter the tunnel. Upon tunnel egress, the outside encapsulation is stripped, and the original packet continues on.


Previous page
Table of content
Next page
Juniper Networks Reference Guide. JUNOS Routing, Configuration, and Architecture
Juniper Networks Reference Guide: JUNOS Routing, Configuration, and Architecture: JUNOS Routing, Configuration, and Architecture
ISBN: 0201775921
EAN: 2147483647
Year: 2002
Pages: 176
Authors: Thomas M. Thomas, Doris Pavlichek, Lawrence H. Dwyer, Rajah Chowbay, Wayne W. Downing, James Sonderegger
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Java I/O
SQL Hacks
C & Data Structures (Charles River Media Computer Engineering)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy