What is Tunnelling in Computer Networks?

Tunnelling is a protocol for transferring data securely from one network to another. Using a method known as encapsulation, Tunnelling allows private network communications to be sent across a public network, such as the Internet. Encapsulation enables data packets to appear general to a public network when they are private data packets, allowing them to pass unnoticed.

Note − Port forwarding is another name for Tunnelling.

When data is tunnelled, it is split into smaller parts called packets, as it travels through the tunnel. The packets are encrypted via the tunnel, and another process known as encapsulation takes place. For transmission, private network data and protocol details are encased in public network transmission units. The units have the appearance of public data, allowing them to be sent via the Internet. Encapsulation enables packets to reach their intended destination. De-capsulation and decryption take place at the final destination.

Tunnelling is possible thanks to a variety of procedures, including −

  • Point-to-Point Tunnelling Protocol (PPTP)
  • Layer Two Tunnelling Protocol (L2TP)

PPTP (Point-to-Point Tunnelling Protocol)

PPTP protects confidential information even when transmitted via public networks. An Internet service provider can provide authorized users with access to a private network called a virtual private network. Because it was built in a tunnelled environment, this is a "virtual" private network.

Layer Two Tunnelling Protocol (L2TP)

This tunnelling protocol combines PPTP with Layer 2 Forwarding.

Tunnelling is a technique for communicating over a public network while going through a private network. This is especially beneficial in a corporate situation, and it also includes security measures like encryption.

The IP packet in this scenario does not have to deal with the WAN, and neither do the hosts A and B. IP, and WAN packets will be understood by the multiprotocol routers M1 and M2. As a result, the WAN can be compared to a large tunnel connecting multiprotocol routers M1 and M2, and the process is known as Tunnelling.

Tunnelling makes use of a layered protocol paradigm like the OSI or TCP/IP protocol suite. In other words, when data travels from host A to host B, it traverses all levels of the specified protocol (OSI, TCP/IP, and so on), and data conversion (encapsulation) to suit different interfaces of the particular layer is referred to as Tunnelling.

Applications of Tunnelling

Several protocols use a public network, such as the Internet, to transfer private network data by establishing a VPN (Virtual Private Network), making data transmissions more secure, especially when using unencrypted data.

IPsec (GPRS tunnelling protocol), SSH (Secure Socket Tunnelling Protocol), PPTP (Point-to-Point Tunnelling Protocol), and others are standard protocols, each designed for a specific tunnelling task or purpose.

Some examples of how tunnelling protocols are used are as follows −

  • Although a foreign protocol is not supported to run over a specific network, a tunnelling protocol can run IP-v6 over IP-v4.

  • When the corporate network does not include the user's physical network address, it is also used to deliver unfeasible fundamental network services, such as a corporate network address) to a remote user.

  • Tunnelling allows users to get around a firewall by using an unblocked protocol such as HTTP and the technique of "wrapping" to piggyback/ slip past the firewall rules.

  • Another option is to use the HTTP CONNECT tunnel's command/ technique. The HTTP proxy establishes a TCP connection to a specific server when the client issues an HTTP CONNECT command to the proxy server. This security flaw is exploited to use the HTTP proxy to transmit data between the client connection and the designated port. Usually, HTTP proxies enable connections like 443 but deny other proxy servers' access to the CONNECT command.