3Com 3C13636 Configuration Manual page 1205

3Com Router 3000 Ethernet Family
Configuration Guide
Tunnels are implemented using tunneling protocols. Tunneling protocols are divided
into layer 2 tunneling protocols and layer 3 tunneling protocols depending on at which
layer of OSI model tunnel is implemented.
1) Layer 2 tunneling protocols
Layer 2 tunneling protocols encapsulate PPP frames entirely into internal tunnels. The
existing layer 2 tunneling protocols include:
PPTP (Point to Point Tunneling Protocol): Supported by companies like Microsoft,
Ascend, and 3COM and in OS of Windows NT 4.0 and its later versions. This
protocol supports tunneling encapsulation of PPP in IP networks. As a call control
and management protocol, PPTP uses an enhanced Generic Routing
Encapsulation (GRE) technology to provide the encapsulation service with flow
control and congestion control for transmitted PPP packets.
L2F (Layer 2 Forwarding): Supported by Nortel and some other companies. It
supports the tunnel encapsulation for the higher-level link layer and physically
separates dial-up server and dial-up connection.
L2TP (Layer 2 Tunneling Protocol): Drafted by IETF, Microsoft and other
companies. Absorbing the advantages of above two protocols, it is accepted by
most companies and has become a standard RFC. L2TP provides both dial-up
VPN service and leased line VPN service.
2) Layer 3 tunneling protocols
Both start point and end point of layer 3 tunneling protocol are in ISP. PPP session
terminates at NAS. Only layer 3 packets are carried in tunnels. The existing layer 3
tunneling protocols include:
GRE (Generic Routing Encapsulation), which is used to encapsulate a network
layer protocol into another one.
IPSec (IP Security), which provides a complete architecture of data security on IP
networks by using several protocols rather than a single one, such as AH
(Authentication Header), ESP (Encapsulating Security Payload), and IKE (Internet
Key Exchange).
GRE and IPSec mainly apply in private line VPN.
3) Contrast between layer 2 tunneling protocols and layer 3 tunneling protocols
Compared with layer 2 tunneling protocols, the advantages of layer 3 tunneling
protocols are their security, scalability and reliability. In terms of security, layer 2 tunnel
imposes great challenges to security of user networks and firewall technologies while
layer 3 tunnel does not, because layer 2 tunnel generally terminates at customer
premise equipment and layer 3 tunnel at ISP gateway.
Concerning scalability, layer 2 tunnel is not as efficient as layer 3 tunnel in transmission
due to the encapsulation of entire PPP frames. Besides, its PPP session runs through
the entire tunnel and terminates at customer premise equipment, and thus requires the
user-side gateway to store a large amount of PPP session status and information,
3Com Corporation
1-4
Chapter 1 VPN Overview