![Page 1: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/1.jpg)
Jumping Bean
Tunnels of LoveJozi LUG 16th Feb 2015
![Page 2: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/2.jpg)
Jumping Bean
What is a tunnel?
● Encapsulate packets from one network protocol to another,
● At source passenger protocol wrapped in “carrier” protocol,
● At destination carrier protocol stripped off and original packet processed,
● Allow IP packets to pass between networks with incompatible address spaces or protocols
●
![Page 3: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/3.jpg)
Jumping Bean
Type of Tunnels
● IPIP – IP in IP – IPv4 in IPv4,
● GRE – Generic Routing Encapsulation– IPV4/IPV6/AppleTalk/DECNet over IPv4,
● SIT – Simple Internet Transition – IPv6 over IPv4
● ISATAP – Intra-Site Automatic Addressing Protocol– IPV6 over IPV4
● Note: Above tunnels are unencrypted
![Page 4: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/4.jpg)
Jumping Bean
Tunnel Interface
● A tunnel has a logical interface,– tun0
– tunl0
● Can be used in – Routing,
– Firewall,
– NAT
![Page 5: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/5.jpg)
Jumping Bean
IPIP Tunnels
● A 2nd ip header is inserted in from of encapsulated IP packet,
● When packet exits tunnel outer ip header is stripped off,● Simple and robust● Does not support broadcast traffic,● Does not support IPv6 encapsulation
![Page 6: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/6.jpg)
Jumping Bean
GRE Tunnels
● Created by CISCO,● Passenger packet
wrapped in GRE packet,
● Then wrapped in delivery protocol– IP,
– IPSec
– etc
![Page 7: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/7.jpg)
Jumping Bean
GRE Tunnels
● When to use?– Connect non-ip networks over public IP network,
– Connect non-routable protocols over WAN,
– Create one network range across different physical networks,
– Encrypt multicast traffic by GRE encapsulation and then sending over Ipsec tunnel
● GRE tunnels stateless,● Can be monitored with keep-alive messages
![Page 8: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/8.jpg)
Jumping Bean
SIT Protocol
● Mechanism to transition networks from IPv4 to IPv6,
● Link IPv6 networks over IPv4
![Page 9: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/9.jpg)
Jumping Bean
Linux Tunnel Utilities
● iproute2 suite of networking utilities,● Replacing ifconfig,● “ip tunnel add”● “ip tunnel show”● “ip address add xxx dev tun”
![Page 11: Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015](https://reader035.vdocuments.mx/reader035/viewer/2022071705/55a92f361a28ab34578b47b7/html5/thumbnails/11.jpg)
Jumping Bean
Jumping Bean
● Linux Training– LPIC-1 – Linux Server Professional Certification,
– LPIC-2 – Linux Network Professional Certification,
– LPIC-3 – Linux Enterprise Professional Certification