Can you explain what a "Network Tunnel" does❓ | Time to Level Up now.

It's very common nowadays for us to use vpn virtual private

network

tunnel

s, but if someone asks us, hey,

what

exactly

does

a

tunnel

mean? What would we say? Well, in this video we are going to demystify

what

a tunnel is and that is going to open the door to a lot of additional possibilities as we work with

network

s in general and to better

explain

the concept of tunnels, let's start with a story, let's imagine that we have two houses, we have house 50 which is on street 1010 in city one and I have another city and it has a house 50 but it is on street 10 2.0 and let's imagine that the person in this house on the left in the city wants to send a package and a box to the city also for the person here to sit at their kitchen table they got a box, they put all the things they wanted to send to that second house in city 2 and they put them in the box, they sealed it and then they labeled that box in that box, they put their own source address as the return address and for the destination address where we are going to send this package, they put the house information in city 2.

Then they would send it via your local carrier, but let's imagine that that package will actually be delivered, the local carrier will have to take help from the jungle transport, so I'll call this, uh, the shipping company responsible for the jungle transport and let's also imagine that you have You have to go from jungle point one to jungle point two logically. That's where it needs to go, so if this box gets to jungle point one, the jungle shipping company will say, "Okay, great." Our goal, I see where the original information is, but our goal is to get this from jungle point one to jungle point one. two and there could be many other stopping points along the way that have to happen, but they will forward it based on the source being jungle one and jungle two being the destination, so they use a new slot and just take the old one. box with all its original information and they put it in a bigger box and in that bigger box the outside label says the source is j1 it needs to go to j2 and then all these devices and stopping points along the way will help forward that box to j2, so the original message is inside in the smaller box and the outer box with the new label is just for that jungle transport and then someone would have to pick up that package from jungle point two, open it and say oh, here's the original. information comes from this house here on the left going to this house on the right I would throw away the old box because it no longer needs the jungle transport going from left to right and then I would continue forwarding that package until it reaches the correct house on the city ​​2.

So think of that transportation through the jungle network as getting a new box with new information as to the origin and destination you had to go to get from jungle point one to jungle point two. The jungle, and so the question may arise, hey, well, that's a great story, Keith, but what the hell

does

that have to do with creating tunnels? on street 10.1.0 that's the network, its host address is 50 and it has a default gateway of r1, so if PC1 were to send a packet to PC2, it would forward it and it would arrive at this router here now instead of to this router.

Also imagine this is the jungle instead of this router forwarding it only based on the original source and destination IP addresses if we have a tunnel configured and I'll put a logical tunnel here in that same jungle color to represent the new box and if router 1 has been trained to use the tunnel, it will take the original message including payload, layer 4 header, source and destination IP addresses of layer 3 as one frame and place it in one more frame big, that's what this tunnel represents, it's a new bigger one. container that will contain the entire original message, but if it weren't for the IP addresses, it would use Jungle .1 to Jungle .2 or in this case, of these two routers, it would use the tunnel source and tunnel destination like that. new addresses that it's going to use, then we're going to forward this entire packet across the network, so each of these routers on this jungle network here there may be 5, 6, or eight routers that have to forward it, but they're all forwarding it in function the ip addresses of r1 are the source and r2 is the destination and then when r2 sees that packet because it is the end of this tunnel it would throw away the outer box because it no longer needs it and then it would continue forwarding that packet based on the ip addresses original source and destination and would then reach 10.2.0.50, but as it crossed the tunnel, the traffic was placed inside a new box with new IP addresses on the outer label and with the source being r1 and the destination now r2 one.

A great way to reinforce this concept of passing a packet and then re-encapsulating it with a new external label is to see it in action, so let's look at a protocol capture of the traffic going from pc1 to pc2 and we'll see the traffic before the tunnel during the tunnel and then after the tunnel, so this is a packet that is sent before it reaches r1, so if we look at the layer 3 information, the source is 101050, that is the IP address of pc1, the destination is 10 2.0.50 which is pc2 and that layer 4 is using tcp and the payload is http.

Now let's take a look at what happens after r1 receives it, re-encapsulates it and uses itself as the source address and the destination is the other side of the jungle, which is r2. the other end of the tunnel, so once r1 receives the packet and sends it, it will put a new IP header with itself as the source and the destination will be r2 at the other end of the tunnel and then that indicates inside this IP header. the next protocol is a generic routing encapsulation of tunneling protocol instead of being tcp and if we look at the gre header that was added it now points to the next protocol being 800 which is ipv4 so everything from here down in these last three rows think of them as the original box which was then placed in a larger box and that larger box has the labels of the source and the end of the tunnel and then once r2 receives this packet and d encapsulates it , let's take a look at what that package looks like. now that it no longer has that larger outer box because it's already gone through the tunnel, this is the packet as seen on network 10.2 after r2 has unencapsulated it and then forwarded it normally on its way so that the source and the destination are ips. are the original ones inside that ip header now it points to protocol 6 tcp as the next protocol so there is the layer 4 header and then there is the final payload so the bottom line is this every

time

we have a tunnel which simply implies that we are taking the traffic and putting it in a larger box and that larger box will have new labels or new addresses for transport through the network that supports that tunnel and then once it reaches the other side of the tunnel, encapsulation occurs and the packet is forwarded normally, so we beef it up a bit with some visualization.

Let's imagine that pc1 is sending an http request to pc2. Well there will be a payload which will be the http request and the tcp header associated with that and the client will include the correct source. and the destination IP address, so the source address of pc1 and the destination address of pc2 once the router gets that, if it has instructions to use the tunnel, it will include a new header, in the case of gre, will be a gre header. ipsec could be an ipsec header, in any case it will be a layer 4 header, so at the beginning of the tunnel we will take the original packet and all the addresses, encapsulate it and put it in a larger box for when you think of a layer to encapsulation, think of a bigger box with its own addresses and then we're going to add a new IP header so that for the tunnel is the source IP address of the local end of the tunnel in our In case it was r1 and the address of destination would be r2 and we can think of that as transporting through the jungle in the bigger box and then when r2 sees that traffic it can say oh, this IP packet is for me and it decapsulates oh, it's gre traffic oh, I'm going to remove that because it's at the end of the tunnel and then I can say oh, here's the destination address that I need to send this to and continue forwarding, so whenever you think about tunneling, think about taking the original content and putting it in a larger container, a larger box before shooting it or sending it to a part of the network, so we will continue our discussion about tunnels and why they are beneficial and also some very creative things we can do with them, including using them. ipsec to protect the packets as they are sent through that logical tunnel and we will do that as we go through these videos, so until then, be happy and stay, you would watch the safe go to waste.

It was out of use.