Layer 3 Tunneling and Layer 2 Tunneling
IETF proposals for tunneling traffic over
Dial VPNs can be sorted into two groups:
Layer 3 tunneling (like IPSEC or Mobile IP)
and Layer 2 tunneling (like L2TP).The major
differences between Layer 3 tunneling and
Layer 2 tunneling are in the locations where
the tunnels are initiated and terminated,
and in the nature of the payload.
Figure 2 shows that tunnel endpoints are in
different locations depending on whether
Layer 3 or Layer 2 tunneling is used.Using
Layer 3 tunneling,the tunnel is both created
and terminated in the service provider’s
network with the terminating device acting
as a gateway to the customer premise.
Also, the remote user’s Point-to-Point
Protocol (PPP) session is terminated at the
Remote Access Server (RAS).Using Layer 2
tunneling,the tunnel is created either in
the service provider’s network at the RAS,
or at the remote client.In a Layer 2 imple-
mentation the tunnel is terminated at the
customer premise in a router or a general
purpose server.
Layer 3 tunneling terminates the Layer 2
connection at the RAS.It carries only the
Layer 3 payload through the tunnel to the
tunnel endpoint in either the enterprise
network or a router residing somewhere
in the service provider’s network. Layer 2
tunneling,on the other hand, carries the
entire PPP frame over the service provider’s
backbone to a predetermined endpoint.
Table 1 compares the two tunneling types.
Layer 3 tunneling has other advantages for
corporations.Network managers,employing
Layer 3 tunneling,need not install special
software on either their remote nodes or on
their Customer Premise Equipment (CPE).
Since PPP and tunnel terminations are
made on the service provider’s equipment,
the CPE is not burdened by these functions
and is used simply as a router.Layer 3
tunneling can be implemented using a
CPE from any vendor.
Corporate networks using Layer 3 tunneling
don’t require registered Internet addresses.
This tunneling implementation also has a
security advantage.Corporate network and
remote node addresses are hidden from the
service provider’s network and also from
other corporate networks connected to the
service provider.
Service providers,implementing Layer 3
tunneling,do not participate in corporate
networks’routing.Instead,the service
provider handles the enterprise traffic as
data packet traffic over their network.
Service providers can scale their services
more easily when they choose to imple-
ment Layer 3 tunneling in lieu of Layer 2
tunneling.Using Layer 3 tunneling,aTunnel
Management System may be based on a
distributed database engine so that tunnel
maintenance and packet encapsulation
overhead are distributed across the service
provider’s equipment.
Figure 2 Layer 3 and Layer 2 Tunneling Implementations
White Paper Understanding and Implementing Dial VPN Services 7
(197 strony)
(76 strony)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji