Blog | Profitap

Tunnel Creation / Termination

Written by Profitap | Feb 25, 2025 10:18:38 AM

What is Tunneling?

Tunneling encapsulates one type of network traffic within another protocol to transmit it securely across different networks. Think of it as creating a private, protected pipeline within a larger, often untrusted network. This technique enables traffic to traverse networks that might not support the original protocol or require enhanced security measures.

How Tunneling works:

At the heart of tunneling lies encapsulation and decapsulation:

  • Encapsulation: Data is wrapped within an additional layer of protocol, creating a secure packet for transit.
  • Decapsulation: The tunnel is terminated at the endpoint, and the data is extracted and forwarded to its final destination.

This ensures controlled access, where only authorized devices can connect to the tunnel termination points, preventing unauthorized access or data interception.

Tunneling for network monitoring

Organizations that operate in both physical and virtual environments want to monitor both to ensure complete observability. Tunneling bridges this gap by creating secure pathways to transport traffic from virtual TAPs to physical monitoring tools or vice versa. For example, Virtual TAPs send traffic for monitoring through a tunnel to a Network Packet Broker (NPB) that locally filters and optimizes the traffic before distributing the relevant traffic to a monitoring tool.

Tunneling in Action

Profitap NPBs use tunneling to streamline network traffic management. Here are two common examples:

1. Tunneling Traffic Directly to a Probe

The NPB acts as the tunnel endpoint. It decapsulates incoming traffic (e.g., VXLAN or GRE) and distributes it to connected probes. By offloading decapsulation tasks from the probes, the NPB conserves processing resources, enabling the probes to focus on critical analysis tasks.

2. Tunnel Termination on an NPB

Traffic from virtualized servers is often encapsulated for transmission to a physical NPB. The NPB terminates the tunnel, decapsulates the traffic, and enables centralized management. This is especially useful in virtual-to-physical environments, enhancing operational efficiency and visibility.

The example above illustrates how the virtual and physical network monitoring tools interoperate to deliver network data from all network segments to the VoIP monitoring system. Virtual TAPs (vTAP) are deployed to TAP VoIP traffic across different virtual machines (VMs). This TAPped data is sent to the Profitap X2-2000G Network Packet Broker (NPB) through a GRE/ERSPAN tunnel.

The X2-2000G NPB functions as the tunnel endpoint, decapsulating the traffic and performing additional filtering and optimization. From the NPB, a new tunnel is created to send the optimized traffic to the virtual VoIP monitoring system. Additionally, traffic of choice can be forwarded to the IOTA to support network troubleshooting and performance monitoring activities. The use of tunneling in this setup ensures high-performance monitoring, security, and complete visibility across hybrid network infrastructures.

 

Capabilities of our NPBs

   

 


Tunnel
Creation

ERSPAN (type 2 and 3),
GRE-TAP

ERSPAN (type 2 and 3), VXLAN
GRE-TAP, IP GRE,
Tunnel
Termination
ERSPAN (type 2 and 3),
GRE-TAP, VXLAN
ERSPAN (type 2 and 3), GRE-TAP, IP GRE, VXLAN, CFP, GTP
Tunnel
Stripping
 

ingress: ERSPAN (type 2
and 3), GRE-TAP, VXLAN

egress: ERSPAN (type 2
and 3), GRE-TAP, VXLAN, IP in IP, Teredo

ingress: ASICS, ERSPAN (type 2 and 3), GRE-TAP, VXLAN, CFP, GTP

egress: CPU: VXLAN, GRE-TAP, IP GRE, DCE

 

 

Tunneling and tunnel termination are indispensable for secure and flexible network monitoring in hybrid environments. By leveraging these capabilities, NPBs provide seamless traffic handling, enhanced security, and protocol interoperability. Whether managing virtual-to-physical traffic or enabling remote access, tunneling remains a cornerstone technology for modern networking.