3Com 10014299 Network Router User Manual


 
Classification of IP VPN 599
Tunnel Protocols The tunnel protocols can be divided into layer 2 tunneling protocols and layer 3
tunneling protocols depending on the layer at which the tunneling is implemented
based on OSI model.
Layer 2 tunneling protocol
The Layer 2 tunneling protocol encapsulates the whole PPP frame in the internal
tunnel. The current layer 2 tunneling protocols mainly include:
Point-to-Point Tunneling Protocol (PPTP): supported by Microsoft Corporation,
Lucent Technologies and 3Com Corporation, and supported in Windows NT
4.0 version and above. This protocol supports the tunneling encapsulation of
PPP protocols on IP networks. Being a calling control and management
protocol, PPTP adopts the enhanced Generic Routing Encapsulation (GRE)
technique to provide the encapsulation service of flow and congestion control
for the transmitted PPP packets.
Layer 2 Forwarding Protocol (L2F): As for the physical location, it supports the
tunneling encapsulation of higher level protocols at the link layer and achieves
the separation of dial-up server and dial-up protocol connection.
Layer 2 Tunneling Protocol (L2TP): drafted by IETF and aided by companies such
as Microsoft Corporation. It integrates the advantages of the above two
protocols, and thus is accepted by the most enterprises as standard RFC. L2TP
can be used not only for dial-up VPN (VPDN accessing) services but also leased
line VPN services.
Layer 3 tunneling protocol
Layer 3 tunneling protocol starts from and ends in ISP. PPP session ends in NAS and
only layer 3 messages are carried over the tunnel. The current layer 3 tunneling
protocols include:
General Routing Encapsulation (GRE) protocol: used to implement the
encapsulation of any network layer protocol on another network layer
protocol.
IP Security (IPSec) protocols:The IPSec protocol is composed of multiple
protocols, such as Authentication Header (AH), Encapsulating Security Payload
(ESP), Internet Key Exchange (IKE). They build a complete data security
architecture on IP networks.
GRE and IPSec are mainly used for VPN leased line services.
Comparison of layer 2 and layer 3 tunnel protocols
Layer 3 tunnel is more secure, scalable, and reliable. In terms of security, because
layer 2 tunnel usually ends on the equipment at the user side, there is a high
demand for security and firewall technology over a user network. Layer 3 tunnel
usually ends at an ISP gateway and does not impose any threat to the security of
the user's network
In terms of scalability, transmission efficiency may be degraded on a Layer 2 IP
tunnel because all the PPP frames are encapsulated. And PPP session will run
through the entire tunnel and end on the equipment at user side. So the gateway
at the user side must store status and information about the PPP session, which
affects the load and scalability of the system. In addition, because LCP and NCP
negotiations of PPP are very time sensitive, the efficiency of IP tunnel results in a
series of problems, such as PPP session timeout. Fortunately, layer 3 tunnel ends at