Can you explain what a "Network Tunnel" does❓ | Time to Level Up now.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it is very common these days for us to use vpn virtual private network tunnels but if somebody asks us hey what exactly does that mean a tunnel what would we say well in this video we're going to demystify what a tunnel is and that's going to open the door to a bunch of additional possibilities as we work with networking in general [Music] and to best explain the concept of tunnels let's start off with a story let's imagine we have two houses we have house 50 which is on street 1010 in city one and we have another city and it has a house 50 but it's on street 10 2.0 and let's imagine for the person at this house on the left in city one wants to send a package a box over to city too so the person here would sit down at their kitchen table get a box put all the stuff that they want to ship over to that second house at city 2 and they put in the box they'd seal it and then they would label that box in that box they'd put their own source address like the return address and for the destination address for where we're going to send this package to they put the information for the house at city 2. so then they would ship that off via their local carrier but let's imagine for that package to actually be delivered the local carrier is gonna have to get some help from the jungle transport so i'll call this uh the transportation company that's responsible for jungle transportation and let's also imagine that it has to go from jungle point one to jungle point two logically that's where it has to get to so if this box makes it to jungle point one the jungle transport company is gonna say okay great uh our goal i see where the original information is but our goal is to get this from jungle point one to jungle point two and there could be like lots of other stop points along the way that has to happen but they're gonna forward it based on the source being jungle one and jungle two being the destination so they use a new box and they simply take the old box with all of its original information and they put it into a bigger box and that bigger box the outside label says source is j1 needs to go to j2 and then all these devices and stop points along the way are going to help in forwarding that box over to j2 so the original message is inside in the smaller box and the outside box with the new label is just for that jungle transport and then someone would have to pick up that package from jungle point two open it up and say oh here's the original information it's coming from this house over here on the left going to this house on the right it would throw away the old box because it no longer needs the jungle transport going from left to right and it would then continue to have that package forwarded until it hit the correct house at city 2. so think of that transport across the jungle network as getting a new box with new information as far as the source and destination where it needed to go to get from jungle point one to jungle point two and so the question may come up hey well that's a great story keith but uh what the heck does that have to do with tunneling and the answer is that's exactly how tunneling works in an ip network let me show you so let's imagine it's pc1 acting as house one it's on street 10.1.0 that's the network its host address is 50 and it has a default gateway of r1 so if pc1 was going to send a packet to pc2 it would forward it it would get to this router right here now instead of this router let's also imagine this is the jungle instead of this router forwarding it just based on the original source and destination ip addresses if we have a tunnel set up and i will put a logical tunnel here in that same jungle color to represent the new box and if router 1 has been trained to use the tunnel it'll take the original message that includes the payload the layer 4 header the layer 3 source and destination ip addresses like a box and put it into a bigger box that's what this tunnel represents it's a new bigger container that's going to hold the entire original message but but for the ip addresses it's going to use jungle .1 to jungle .2 or in this case of these two routers it would use the source of the tunnel and the destination of the tunnel as those new addresses it's going to use then we'd forward this whole package over the network so each of these routers in this jungle network here there might be 5 or 6 or eight routers that have to forward it but they're all forwarding it based on the ip addresses of r1 being the source and r2 being the destination and then when r2 sees that packet because it's the end of this tunnel it would then throw away the outside box because it no longer needs it and then continue forwarding that packet based on the original source and destination ip addresses and that would then get to 10.2.0.50 but as it crossed the tunnel that traffic was placed inside a new box with new ip addresses on the outside label and with the source being r1 and the destination being r2 now one great way of reinforcing this concept of having a packet go through and then getting re-encapsulated with a new outside label is to see it in action so let's look at a protocol capture of traffic going from pc1 to pc2 and we'll look at the traffic before the tunnel during the tunnel and then after the tunnel so this is a packet being sent before it hits r1 so if we look at the layer 3 information the source is 101050 that's the ip address of pc1 the destination is 10 2.0.50 which is pc2 and that layer 4 it's using tcp and the payload is http now let's take a look at what happens after r1 receives it re-encapsulates it and uses itself as the source address and the destination the other side of the jungle being r2 which is the other end of the tunnel so once r1 gets the packet and sends it it's going to put on a new ip header with itself as a source and the destination being r2 the other end of the tunnel and then that indicates inside this ip header it indicates the next protocol is a tunneling protocol generic routing encapsulation as opposed to being tcp and if we look at that gre header which has been added it now points to the next protocol being 800 which is ipv4 so everything from here down these last three rows think of them like the original box that has then been put into a bigger box and that bigger box has the labels of the source and end of the tunnel and then once r2 receives this packet and d encapsulates it let's take a look at what that packet looks like now that it no longer has that bigger outside box because it's done going through the tunnel so this is the packet as seen over on the 10.2 network after r2 has de-encapsulated it and then forward it normally on its way so the source and destination ips are the original ones inside that ip header it's now pointing to protocol 6 tcp as the next protocol so there's the layer 4 header and then there's the final payload so the takeaway is this anytime we have a tunnel that simply implies that we're taking the traffic and we're putting it into a bigger box and that bigger box is going to have new labels or new addresses for the transport across the network that's supporting that tunnel and then once it reaches the other side of the tunnel the d encapsulation happens and the packet is forwarded normally so let's do some reinforcement with some visualization let's imagine pc1 is sending an http request to pc2 well there's gonna be payload that's gonna be the http request and tcp header associated with that and the client is going to include the correct source and destination ip address so the source address of pc1 and the destination address of pc2 once the router gets that if it has instructions oh use the tunnel it will then include a brand new header in the case of gre it'll be a gre header it's ipsec it could be an ipsec header in either case it'll be a layer 4 header so at the beginning of the tunnel we're going to take the original package and all the addressing and encapsulate that and put it into a bigger box so when you think about a layer for encapsulation think of a bigger box with its own addresses and so that's we're going to add on a new ip header so for the tunnel it would be the source ip address of the local end of the tunnel in our case it was r1 and the destination address would be r2 and we can think of that like the transport across the jungle in the bigger box and then when r2 sees that traffic it can say oh this ip packet's for me and it de-encapsulates oh it's gre traffic oh i'm going to strip that away because on the end of the tunnel and then i can say oh here's the destination address i need to send this to and continue forwarding so anytime you think of tunneling think of taking the original contents and putting it into a bigger container a bigger box before shooting it or sending it over a portion of the network so we'll continue our discussion regarding tunnels and why they're beneficial and also some very creative things that we can do with them including using ipsec to protect the packets as they're being sent over that logical tunnel and we'll do that as we continue through these videos so until then be well be happy and stay [Music] would watch the safe go by wasted [Music] i was out of use

Info

Channel: Keith Barker

Views: 8,663

Rating: 4.9804878 out of 5

Keywords: ccna, cisco, 200-301, Cisco CCNA, Cisco Certification, ogit, Keith Barker, IPsec, ipsec tunnel, ip tunneling, vpn

Id: Dw-SQ48jbGY

Channel Id: undefined

Length: 8min 37sec (517 seconds)

Published: Thu Oct 01 2020