Classification of IP VPN 599

Tunnel Protocols The tunnel protocols can be divided into layer 2 tunneling protocols and layer 3 tunneling protocols depending on the layer at which the tunneling is implemented based on OSI model.

Layer 2 tunneling protocol

The Layer 2 tunneling protocol encapsulates the whole PPP frame in the internal tunnel. The current layer 2 tunneling protocols mainly include:

Point-to-Point Tunneling Protocol (PPTP): supported by Microsoft Corporation, Lucent Technologies and 3Com Corporation, and supported in Windows NT 4.0 version and above. This protocol supports the tunneling encapsulation of PPP protocols on IP networks. Being a calling control and management protocol, PPTP adopts the enhanced Generic Routing Encapsulation (GRE) technique to provide the encapsulation service of flow and congestion control for the transmitted PPP packets.

Layer 2 Forwarding Protocol (L2F): As for the physical location, it supports the tunneling encapsulation of higher level protocols at the link layer and achieves the separation of dial-up server and dial-up protocol connection.

Layer 2 Tunneling Protocol (L2TP): drafted by IETF and aided by companies such as Microsoft Corporation. It integrates the advantages of the above two protocols, and thus is accepted by the most enterprises as standard RFC. L2TP can be used not only for dial-up VPN (VPDN accessing) services but also leased line VPN services.

Layer 3 tunneling protocol

Layer 3 tunneling protocol starts from and ends in ISP. PPP session ends in NAS and only layer 3 messages are carried over the tunnel. The current layer 3 tunneling protocols include:

General Routing Encapsulation (GRE) protocol: used to implement the encapsulation of any network layer protocol on another network layer protocol.

IP Security (IPSec) protocols:The IPSec protocol is composed of multiple protocols, such as Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE). They build a complete data security architecture on IP networks.

GRE and IPSec are mainly used for VPN leased line services.

Comparison of layer 2 and layer 3 tunnel protocols

Layer 3 tunnel is more secure, scalable, and reliable. In terms of security, because layer 2 tunnel usually ends on the equipment at the user side, there is a high demand for security and firewall technology over a user network. Layer 3 tunnel usually ends at an ISP gateway and does not impose any threat to the security of the user's network

In terms of scalability, transmission efficiency may be degraded on a Layer 2 IP tunnel because all the PPP frames are encapsulated. And PPP session will run through the entire tunnel and end on the equipment at user side. So the gateway at the user side must store status and information about the PPP session, which affects the load and scalability of the system. In addition, because LCP and NCP negotiations of PPP are very time sensitive, the efficiency of IP tunnel results in a series of problems, such as PPP session timeout. Fortunately, layer 3 tunnel ends at

Page 603
Image 603
3Com 10014299 Layer 2 tunneling protocol, Layer 3 tunneling protocol, Comparison of layer 2 and layer 3 tunnel protocols