Docstoc

Application Note 2002_ GRE and Virtual Private Networks

Document Sample
Application Note 2002_ GRE and Virtual Private Networks Powered By Docstoc
					     Simply
connecting the
       world
                 Application Note 2002



                 GRE and Virtual Private
                 Networks


                 Network iQ routers from Allied Telesyn can utilise Generic Routing
                 Encapsulation to provide virtual private networks across the Internet.
                 Organisations intending to connect to the Internet may have private or illegal
                 IP addresses or they may simply wish to connect across the Internet without
                 changing their systems and yet construct a virtual private network within
                 another public network. Allied Telesyn provides Generic Routing
                 Encapsulation (GRE) in the Network iQ family of multi-protocol routers as a
                 mechanism to do this.


                 NOTE: Following the acquisition of the Network iQ product range from Teltrend, Inc.,
                 Allied Telesyn have renamed the Network iQ Router as the AR Router.




                 Background
                 The Internet is a global network comprising some 50,000 member networks in
                 100 countries. Estimates put the total user population at 30 million, with
                 thousands of new users being connected every day.

                 Generic Routing Encapsulation (GRE) is a mechanism for encapsulating
                 network layer protocols over any other network layer protocol. The general
                 specification is described in RFC 1701, and the encapsulation of IP packets over
                 IP is defined in RFC 1702 as a specific implementation of GRE.

                 In the general case, a network layer packet, called the payload packet, is
                 encapsulated with a GRE packet, which may also include source route
                 information. The resulting GRE packet is then encapsulated in some other
                 network layer protocol, called the delivery protocol, and then forwarded.

                 The only currently specified standard for GRE encapsulation is IP over IP (RFC
                 1702) and this is the standard supported by all Network iQNetwork iQ router
                 models. The main purpose of the RFC 1702 standard is to enable routing of IP
                 packets between private IP networks across an Internet that uses globally
                 assigned IP addresses. Private IP networks may either use IP addresses from
                 the ranges of IP addresses reserved for private networks in RFC 1597 (Table 1),
                 or worse, any randomly selected range of IP addresses.
2                             Application Note 2002: GRE and Virtual Private Networks


    Table 1: IP address ranges reserved for private IP networks (As specified in RFC 1597).

           Network Class          Reserved IP Address Range
                  A               10.0.0.0–10.255.255.255
                  B               172.16.0.0–172.31.255.255
                  C               192.168.0.0–192.168.255.255



    In either of the above situations it is imperative that the administrator of a
    private IP network ensure that packets using such IP addresses are not
    transmitted to external networks, to prevent the possibility of routing conflicts.
    The GRE protocol allows hosts in one private IP network to communicate with
    hosts in another private IP network by effectively providing a communication
    tunnel between two routers across an Internet.

    In the example shown in Figure 1 below, IP packets from the private IP
    network 10.2.1.0 destined for a host in the private IP network 10.3.1.0 are
    encapsulated by Router A and forwarded to Router B. Intermediate routers
    route the packets using addresses in the delivery protocol header. Router B
    extracts the original payload packet and routes it to the appropriate destination
    within network 10.3.1.0.

    Additionally, a workstation or host at location A may have an assigned public
    host address, so it can communicate with a host using a valid address in the
    public network, or conversely be encapsulated with GRE and be forwarded to
    location B.




    Support for GRE
    Network iQ routers support RFC 1702, which defines the encapsulation of IP
    packets over IP. This configuration is flexible and supports inclusion or
    exclusion host as well as network lists. The use of GRE in combination with
    packet filters firewalling available on all Network iQ routers allows network
    managers to construct effective virtual private networks over existing public
    networks. Thus they are able to provide internet access without unnecessary
    compromise of the security of corporate data and yet to maintain a high level
    of cost efficiency.




    Other Features
    Network iQ routers offer a total solution for secure LAN internetworking and
    LAN access using both primary rate and basic rate ISDN, PSTN, frame relay,
    X.25 and leased lines. The Network iQ router also supports channel
    aggregation using the PPP multilink protocol, bridging, data compression,
    bandwidth-on-demand, communications server and terminal/printer server
    capabilities, and many more features for cost-effective connectivity.




                                                                             Software Release 7.6
                                                                                       May 1999
Application Note 2002: GRE and Virtual Private Networks                                                           3


Figure 2: An example internetwork utilising GRE.


                                                      Public Network



                                                       The Internet
              PC                                                                                        PC




        TCP/IP host
                                                                                                    TCP/IP host

                                     Router A                               Router B
                                 (IP=194.20.12.1)                       (IP=194.20.12.2)


                         LAN A                                                             LAN B
                         (Private Network=10.2.1.0)                    (Private Network=10.3.1.0)
        Workstation
       (Public network
          address)                                                                                      PC




Software Release 7.6
May 1999

				
DOCUMENT INFO
Shared By:
Tags: Private
Stats:
views:17
posted:4/9/2011
language:English
pages:3
Description: Private IP is the IP on the local LAN is a corresponding public IP (the Internet IP). With the development of private IP networks, savings can be allocated for the registration of IP addresses, IP addresses are a group of devoted out In the private IP network, known as private IP addresses.