1. Department of Computer Science Southern Illinois University Edwardsville Spring, 2010 Dr. Hiroshi Fujinoki E-mail: hfujino@siue.edu Tunneling & Virtual Private Networks CS 547/CS490-002 Advanced Network Programming Tunneling/001

2. CS 547/CS490-002 Advanced Network Programming Tunneling/002 What is “Tunneling”? Creating a logical pipe between two network nodes in a network Networks Nodes:  Routers  Host computers  Switches (not many switches are capable of creating tunnels) To give an illusion of some network nodes to look like a your neighbor node  To emulate a private network using a public network  To emulate some transmission services not available in a network We will come back these details later

3. CS 547/CS490-002 Advanced Network Programming Tunneling/003 What is “Tunneling”? To transmit layer-N traffic using any layer other than layer-(N-1) Layer 1 Layer 2 Layer 3 Layer 4 Application User-Payload Data Layer-4 Header Layer-3 Header Layer-2 Header Layer-1 Header Layer-1 Trailer Tunneling intentionally deviates from this assumption

4. CS 547/CS490-002 Advanced Network Programming Tunneling/0017 Example of Tunneling Layer 1 Layer 2 Layer 3 Layer 4 Application User-Payload Data Layer-4 Header Layer-3 Header Layer-2 Header Layer-1 Header Layer-1 Trailer Transmitted Handle this as user payload

5. CS 547/CS490-002 Advanced Network Programming Tunneling/003 Layer 1 Layer 2 Layer 3 Layer 4 Application Payload Data Transmitter Side Receiver Side Application Network LAN

6. CS 547/CS490-002 Advanced Network Programming Tunneling/004  To emulate a private network using a public network - VPN (Virtual Private Network) - VPDN (Virtual Private Dial-up Network) - L2TP (Layer 2 Tunneling Protocol) - PPPoA (PPP over ATM) - SoftEther - Mbone (Multicast Backbone) - 6Bone  To emulate transmission services not available in a network (IPv6 Backbone) - PPPoE (Point to Point Protocol over Ethernet) What is “Tunneling”? Two motivations What are the deviations for?

7. CS 547/CS490-002 Advanced Network Programming Tunneling/005 Packet switching network (e.g. the Internet) Edge Router Host Computer Host Computer Edge Router Without using tunneling (default networking) Core Routers Construct a packet switching network to connect host computers at multiple corporate branches possible thousands of miles away Given mission Branch A Branch B

8. CS 547/CS490-002 Advanced Network Programming Tunneling/006 Without using tunneling (default networking) Packet switching network (e.g. the Internet) From administrator’s point of view, each hop is seen Branch A Branch B

9. CS 547/CS490-002 Advanced Network Programming Tunneling/007 Packet switching network (e.g. the Internet) Logical Pipe (or Tunnel) Emulate a private network using a public network by tunneling

10. CS 547/CS490-002 Advanced Network Programming A B Domain V Domain X C D Domain Z Domain Y Tunneling/008 Emulate a private network using a public network by tunneling

11. Domain V Domain Y Domain Z Domain X CS 547/CS490-002 Advanced Network Programming A B C D Tunneling/009 Emulate a private network using a public network by tunneling

12. Domain X Domain Z Domain Y Domain V CS 547/CS490-002 Advanced Network Programming A B C D Tunneling/010 Emulate a private network using a public network by tunneling Virtual Private Network

13. CS 547/CS490-002 Advanced Network Programming Tunneling/011 Advantages in using VPN -You don’t have to install long-distance wires -You will not be charged by the amount of data traffic -Your hosts are always connected to each other Cost

14. Branch X Branch Z Branch Y Branch V CS 547/CS490-002 Advanced Network Programming A B C D Tunneling/012 A privately-owned closed network Without using tunneling (default networking) Privately-owned Wires/cables

15. CS 547/CS490-002 Advanced Network Programming Tunneling/013 Problems Cost: You need to construct your private network - Initial investment will be expensive - Maintenance cost will be also high - Only for large corporate users Still expensive - For medium to small corporate users Prohibitively expensive

16. A nation-wide long-distance carrier Branch X Branch Z Branch Y Branch V CS 547/CS490-002 Advanced Network Programming A B C D Tunneling/014 AT&T, Sprint, UUNET, Charter … Without using tunneling (default networking)

17. CS 547/CS490-002 Advanced Network Programming Tunneling/0017 Is this “tunneling”? Multicast Application Multicast Data UDP IP (Multicast IP) UDP Header MAC IP (Unicast IP) Ethernet Frame Multicast IP Header MAC Frame Header Ethernet Frame Header Ethernet Frame Trailer (N + N) capsulation Layers 1 2 3 3 4 Layer-3 Tunneling Unicast IP Header

18. The Internet CS 547/CS490-002 Advanced Network Programming Tunneling/015 Multicast Sender Multicast Receiver 1 Multicast Receiver 5 Multicast Receiver 3 Multicast Receiver 4 Multicast Receiver 2 M M M U U M M M U M M M To emulate transmission services not available in a network M= Multicast Packet U = Unicast Packet = Multicast Router = Unicast Router IP Multicast Tunnel

19. The Internet CS 547/CS490-002 Advanced Network Programming Tunneling/016 Multicast Sender Multicast Receiver 1 Multicast Receiver 5 Multicast Receiver 3 Multicast Receiver 4 Multicast Receiver 2 M M U M U M U M M U To emulate transmission services not available in a network