Editing IP tunnel

{{Short description|Communications channel between two networks}}
{{No footnotes|date=March 2021}}

An '''IP tunnel''' is an [[Internet Protocol]] (IP) network communications channel between two networks. It is used to transport another  network protocol by [[Encapsulation (networking)|encapsulation]] of its [[packet (information technology)|packet]]s.

IP tunnels are often used for connecting two disjoint IP networks that don't have a native routing path to each other, via an underlying routable protocol across an intermediate transport network. In conjunction with the [[IPsec]] protocol they may be used to create a [[virtual private network]] between two or more private networks across a public network such as the [[Internet]]. Another prominent use is to connect islands of [[IPv6]] installations across the [[IPv4]] Internet.

[[Image:IPTunnelDiagram 01-12-07.jpg|thumb|right|300px|IP tunnelling encapsulation]]

In IP tunnelling, every IP packet, including addressing information of its source and destination IP networks, is encapsulated within another packet format native to the transit network.

At the borders between the source network and the transit network, as well as the transit network and the destination network, gateways are used that establish the end-points of the IP tunnel across the transit network. Thus, the IP tunnel endpoints become native IP routers that establish a standard IP route between the source and destination networks. Packets traversing these end-points from the transit network are stripped from their transit frame format headers and trailers used in the [[tunnelling protocol]] and thus converted into native IP format and injected into the IP stack of the tunnel endpoints. In addition, any other protocol encapsulations used during transit, such as IPsec or [[Transport Layer Security]], are removed.

[[IP in IP]], sometimes called ''ipencap'', is an example of IP encapsulation within IP and is described in RFC 2003. Other variants of the IP-in-IP variety are IPv6-in-IPv4 (''[[6in4]]'') and IPv4-in-IPv6 (''[[4in6]]'').

IP tunneling often bypasses simple [[Firewall (computing)|firewall]] rules transparently since the specific nature and addressing of the original datagrams are hidden. [[Content-control software]] is usually required to block IP tunnels.

== History ==
The first specification of IP tunneling was in RFC 1075, which described [[Distance Vector Multicast Routing Protocol|DVMRP]], the first IP multicast routing protocol.  Because multicast used special IPv4 addresses, testing DVMRP required a way to get IP datagrams across portions of the Internet that did not yet recognize multicast addresses.  This was solved by IP tunneling.  The first approach to IP tunneling used an IP Loose Source Route and Record (LSRR) Option to hide the multicast address from the non-multicast aware routers.  A multicast-aware destination router would remove the LSRR option from the packet and restore the multicast IP address to the packet's IP destination field.  The other approach in the DVMRP specification was IP in IP, as described above. IP in IP soon became the preferred approach, and was later put to use in the [[Mbone]].

==See also==
*[[Tunnel Setup Protocol]]
*[[Tunnel Broker]]
*[[Generic Routing Encapsulation]]

==References==
* {{IETF RFC|1075}}
* {{IETF RFC|1853|link=no}}
* {{IETF RFC|2003|link=no}}
* {{IETF RFC|2473|link=no}}
* {{IETF RFC|4213|link=no}}

[[Category:Networking standards]]
[[Category:Tunneling protocols]]