History Of Why Implement Tunnelling

Published Date: 02 Nov 2017

University of the West of Scotland

COMP09022 Network Design – Coursework 1

Introduction

In this report I aim to provide an understanding of Tunnelling by outlining and providing and in depth discussion of when, where and why tunnelling would be used. I will also discuss a number of tunnelling protocols that are used in today’s networks, outlining their strengths and weaknesses and comparing them off against one and other.

Tunnelling

Tunnelling is a computer networking technology/protocol that enables data from on network to be securely moved to another network. Tunnelling enables private connections on a network to travel across public networks like the internet. This is made possible by the use of encapsulation.

Tunnelling uses the existing infrastructure of networks to provide an encapsulation process to packets to be sent over networks. The tunnelling/encapsulation process is specifically used to send a payload (the payload being a packet, or frames of a packet) of a different protocol across a network or indeed to another network. Tunnelling takes the frames that are to be transmitted, encapsulates them and adds a new additional header, instead of transmitting the packets in their original form. These additional headers are added to supply any routing information so that the encapsulated packets can navigate through a transit network. After the encapsulation, routing takes place and the packets are routed over the transit network using what’s called "tunnel endpoints". De-encapsulation and decryption then take place and the frame is sent on to its specified destination.

By implementing tunnelling and the whole encapsulation process data is able to disguise itself and appear as if it is from a public network, when in actual fact it is private data packets.

To summarize this, Tunnelling is the encapsulation, transmission and de-encapsulation of packets over a network using the infrastructure and protocols that are present.

Why implement Tunnelling?

In most cases the use of Tunnelling and its protocols are implemented for the creation of Virtual Private Networks (VPNs) over public data networks. Virtual Private Networks provide a cost saving solution for end users, reducing the need for the creation of dedicated networks as well as for Internet Service Providers who can leverage their investments to a number of VPN customers. Thus, allowing users to gain remote access and connect to network resources using VPNs via these public data networks.

Virtual Private Networks are possibly the most significant reason for implementing the use of Tunnels, but that being said they are just one of the many reasons for their implementation.

Tunnelling and the use of tunnels is also utilized by networks for connecting to and resolving discontiguous subnet issues without the use of VLSM. By the term "Discontiguous subnets" we mean multiple portions of a network that are divided by another network. See below.

http://docstore.mik.ua/cisco/CCNP-CCDP/C

Other situations where tunnelling would be used would be to provide networks that are limited to a number of hop counts due to their protocols with a suitable workaround and also to allow local networks with multi-protocols on a backbone with a single-protocol.

Tunnelling Protocols

Point-to-Point Transfer Protocol (PPTP)

One of the most vastly used tunnelling protocols is the Point-to-Point Tunnelling Protocol or PPTP for short. PPTP is responsible for enabling and allowing data to be transferred securely from remote clients onto a private network by utilizing the use of Virtual Private Networks (VPNs), by creating these over data networks based on TCP/IP. The use of PPTP adds support multi-protocols and VPNs over the internet and other public networks.

PPTP was developed by Ascend Communications, a vendor company of Microsoft and was developed as a more advanced, industrialized version of the Point-to-Point Protocol (PPP). PPTP was mainly developed by taking PPP and adding support for multi-protocols over networks as well as adding new, more enhanced levels of security. The new, stronger authentication methods such as certificates and the transferring of data via VPN connections are just as secure as those that feature on a local area network at a single corporate site.

IP and/or IPX protocols within datagrams of PPP are encapsulated using PPTP, meaning applications that rely on specific network protocols can be run remotely. With PPTP all validations and security checks take place on a specified "Tunnel Server", allowing the encryption of the data and making the transmission of data across non-secure networks safer.

PPTP Main Application Areas

By allowing multi-protocol encapsulation, PPTP allows PPP packets to be routed and sent over an IP network. This being said packets of any kind can be sent over a network.

PPTP uses existing commercial networks and infrastructure as an ISDN, PSTN or X.25 network and virtual WAN’s can be supported using the internet as public carriers.

In other WAN protocols that don’t use PPTP on ISDN, PSTN or X.25 networks, a PPP connection between a remote access client and a Remote Access Server (RAS) across a switched network can be established. PPP packets are transmitted to the RAS server across the switched connection and then routed to their final LAN destination.

Contrasting above, when PPTP is implemented instead of transmitting packets over a switched connection via the WAN, the TCP/IP transport protocol can be used to transmit PPP packets via the virtual WAN to the RAS server.

PPTP over the internet provides a way to save on transmission costs and benefits the end user and business, reducing the need for long distance dial-up connections.

PPTP can be used for:

Outsourcing dial-up networks

Establishing client connections via the internet

Establishing client connections via an Internet Service Provider

PPTP Security Issues

After many vulnerabilities during the analysis of the PPTP protocols’ security were found, Microsoft no longer use nor do they recommend using this protocol as they consider it to be "cryptographically broken". The vulnerabilities which were found during PPTP’s analysis relate to the authentication protocols that are used by PPP and the issues between PPP authentication and Microsoft’s Point-to-Point Encryption (MPPE) protocol for establishing session keys.

PPTP Advantages and Disadvantages