What is Tunneling?
Tunneling encapsulates one type of network traffic within another protocol to transmit it securely across different networks. Think of it as creating a private, protected pipeline within a larger, often untrusted network. This technique enables traffic to traverse networks that might not support the original protocol or require enhanced security measures.
How Tunneling works:
At the heart of tunneling lies encapsulation and decapsulation:
- Encapsulation: Data is wrapped within an additional layer of protocol, creating a secure packet for transit.
- Decapsulation: The tunnel is terminated at the endpoint, and the data is extracted and forwarded to its final destination.
This ensures controlled access, where only authorized devices can connect to the tunnel termination points, preventing unauthorized access or data interception.
Tunneling for network monitoring
Organizations that operate in both physical and virtual environments want to monitor both to ensure complete observability. Tunneling bridges this gap by creating secure pathways to transport traffic from virtual TAPs to physical monitoring tools or vice versa. For example, Virtual TAPs send traffic for monitoring through a tunnel to a Network Packet Broker (NPB) that locally filters and optimizes the traffic before distributing the relevant traffic to a monitoring tool.
Tunneling in Action
Profitap NPBs use tunneling to streamline network traffic management. Here are two common examples:
1. Tunneling Traffic Directly to a Probe
The NPB acts as the tunnel endpoint. It decapsulates incoming traffic (e.g., VXLAN or GRE) and distributes it to connected probes. By offloading decapsulation tasks from the probes, the NPB conserves processing resources, enabling the probes to focus on critical analysis tasks.
2. Tunnel Termination on an NPB
Traffic from virtualized servers is often encapsulated for transmission to a physical NPB. The NPB terminates the tunnel, decapsulates the traffic, and enables centralized management. This is especially useful in virtual-to-physical environments, enhancing operational efficiency and visibility.
The example above illustrates how the virtual and physical network monitoring tools interoperate to deliver network data from all network segments to the VoIP monitoring system. Virtual TAPs (vTAP) are deployed to TAP VoIP traffic across different virtual machines (VMs). This TAPped data is sent to the Profitap X2-2000G Network Packet Broker (NPB) through a GRE/ERSPAN tunnel.
The X2-2000G NPB functions as the tunnel endpoint, decapsulating the traffic and performing additional filtering and optimization. From the NPB, a new tunnel is created to send the optimized traffic to the virtual VoIP monitoring system. Additionally, traffic of choice can be forwarded to the IOTA to support network troubleshooting and performance monitoring activities. The use of tunneling in this setup ensures high-performance monitoring, security, and complete visibility across hybrid network infrastructures.
Capabilities of our NPBs
|
|
 |
 |
|
Tunnel |
ERSPAN (type 2 and 3), |
ERSPAN (type 2 and 3), VXLAN GRE-TAP, IP GRE, |
| Tunnel Termination |
ERSPAN (type 2 and 3), GRE-TAP, VXLAN |
ERSPAN (type 2 and 3), GRE-TAP, IP GRE, VXLAN, CFP, GTP |
| Tunnel Stripping |
ingress: ERSPAN (type 2 egress: ERSPAN (type 2 |
ingress: ASICS, ERSPAN (type 2 and 3), GRE-TAP, VXLAN, CFP, GTP egress: CPU: VXLAN, GRE-TAP, IP GRE, DCE |
|
|
|
Tunneling and tunnel termination are indispensable for secure and flexible network monitoring in hybrid environments. By leveraging these capabilities, NPBs provide seamless traffic handling, enhanced security, and protocol interoperability. Whether managing virtual-to-physical traffic or enabling remote access, tunneling remains a cornerstone technology for modern networking.
