An IP tunneling protocol is a mechanism for encapsulating a packet from one network protocol into a packet from another protocol, thereby creating a “tunnel.” The transported protocol (the “passenger” protocol) is encapsulated by wrapping around it packet information for the tunneling protocol (the “carrier” protocol). The encapsulated packet is then forwarded to some destination and stripped of the encapsulating information, and the original packet is delivered.
The Vyatta router supports three commonly used tunneling protocols.
- Generic Routing Encapsulation (GRE) tunnels can be used to carry non-IP protocols, such as Novell IPX, Banyan VINES, AppleTalk, and DECNet. They can also be used to carry multicast, broadcast, and IPv6 traffic.
- IP-in-IP tunnels can be used to carry only IPv4 traffic.
- Simple Internet Transition (SIT) tunnels can be used to transport IPv6 packets over IPv4 routing infrastructures.
A logical interface that sends IP packets in a tunneled mode is called a tunnel interface. A tunnel interface behaves just like any other system interface: you can configure routing protocols, firewall, NAT, and other features on them, and you can manage them by using standard operational tools and commands.
Note that GRE, IP-in-IP, and SIT tunnels are unencrypted.