Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
919293949596979899100
100 CHAPTER 7: VPN OVERVIEW
Layer 2 Tunneling protocols
Layer 2 Tunneling protocols encapsulate PPP frames entirely into internal Tunnels.
The existing layer 2 Tunneling protocols include:
PPTP (Point to Point Tunneling Protocol): Supported by companies like
Microsoft, Ascend, and 3COM and in OS of Windows NT 4.0 and its later
versions. This protocol supports Tunneling encapsulation of PPP in IP networks.
As a call control and management protocol, PPTP uses an enhanced Generic
Routing Encapsulation (GRE) technology to provide the encapsulation service
with flow control and congestion control for transmitted PPP packets.
L2F (Layer 2 Forwarding): Supported by Nortel and some other companies. It
supports the Tunnel encapsulation for the higher-level link layer and physically
separates dial-up server and dial-up connection.
L2TP (Layer 2 Tunneling Protocol): Drafted by IETF, Microsoft and other
companies. Absorbing the advantages of above two protocols, it is accepted by
most companies and has become a standard RFC. L2TP provides both dial-up
VPN service and leased line VPN service.
Layer 3 Tunneling protocols
Both start point and end point of layer 3 Tunneling protocol are in ISP. PPP session
terminates at NAS. Only layer 3 packets are carried in Tunnels. The existing layer 3
Tunneling protocols include:
GRE (Generic Routing Encapsulation), which is used to encapsulate a network
layer protocol into another one.
IPsec (IP Security), which provides a complete architecture of data security on IP
networks by using several protocols rather than a single one, such as AH
(Authentication Header), ESP (Encapsulating Security Payload), and IKE
(Internet Key Exchange).
GRE and IPsec mainly apply in private line VPN.
Contrast between layer 2 Tunneling protocols and layer 3 Tunneling
protocols
Compared with layer 2 Tunneling protocols, the advantages of layer 3 Tunneling
protocols are their security, scalability and reliability. In terms of security, layer 2
Tunnel imposes great challenges to security of user networks and firewall
technologies while layer 3 Tunnel does not, because layer 2 Tunnel generally
terminates at customer premise equipment and layer 3 Tunnel at ISP gateway.
Concerning scalability, layer 2 Tunnel is not as efficient as layer 3 Tunnel in
transmission due to the encapsulation of entire PPP frames. Besides, its PPP session
runs through the entire Tunnel and terminates at customer premise equipment,
and thus requires the user-side gateway to store a large amount of PPP session
status and information, which may not only overload the system but also decrease
the scalability. The introduction of Tunneling latency may incur such problems as
PPP session timeout in time sensitive LCP and NCP negotiations of PPP. On the
contrary, layer 3 Tunnel terminates within ISP gateway, and PPP session terminates
at NAS; thus user gateway needs not to manage and maintain status of each PPP
session, and thereby reduces system load.