In an odd turn of events, some of the most vocal anti-tunneling companies are now advocating the use of tunnels again. At the beginning of the month, application acceleration vendor Riverbed added UDP tunneling in the newest releases of its RiOS 7.0 operating system. This comes at a time when Cisco’s Overlay Transport Virtualization (OTV), a method of tunneling layer 2 networks between data centers, is gaining greater traction within IT.Both are encouraging signs that tunneling will play a greater role within network design. Tunneling technologies enable IT to rapidly deploy new protocols and innovations into its network and to gain incredibly deep insights into the performance of their traffic - even across publicly shared networks. At the same time, though, vendors must think through four management and deployment challenges if their customers are to reap the benefits of tunneling.
Tunnels: The Good and the Bad
While tunneling can occur in many environments for many purpose, the principle remains the same: insert one protocol within another protocol (the delivery protocol) of the same or lower-layer of the OSI model. More specifically, this is done in part by changing the source and destination address of the delivery protocol from originating station and the final destination to those of the tunneling devices. By contrast, header transparency, aka “normal” traffic, preserves the original addressing.
For years, this slight discrepancy has inspired heated arguments among IT vendors. Amongst WAN optimization vendors, Cisco and Riverbed have argued for header transparency. Tunneling, they’ve said, makes applying security policies impossible because the optimization process obscures the payload and the temporary ports commonly used by many VOIP and FTP clients . It can also introduce other networking issues as well, such as “…sub-optimal routing, MTU issues, and hardware/software scalability issues,”blogs Mike Morris over at “Back to Cisco Subnet.”
Proponents, like Silver Peak Systems, have pointed out that many of these issues apply whether or not tunneling is applied to WAN optimization. Optimizing the traffic obscures the traffic flow regardless, requiring security policies to be applied before optimizing. Going further, they argue that tunneling provides enormous value in terms of deterministic behaviour and enables value added features, like packet by packet optimization and analysis. There’s a great comparison of tunneling vs. header transparency solutions here.
Use Cases for Tunnels
The reality is that even before OTV and RiOS 7, we’ve seen tunneling used extensively in our networks. We traverse firewalls by tunneling through them, interconnect islands of private IP addresses across the Internet using GRE tunnels, and pass secured information in IPsec tunnels across otherwise unsecured networks.
As we deploy new technologies, tunnels are also essential. The adoption of IPv6, for example, is being simplified by tunnels. Workgroups are being converted to the new protocol and then interconnected via IPv6 tunnels across IPv4 backbones.
What’s interesting about tunnels in WAN optimization and data center interconnects in particular is the sheer number of tunnels that have to be configured, which can introduce significant operational complexity into the network. Long time tunnel proponents, like Silver Peak, have spent quite invested heavily in the innovations required to address these challenges. These items include:
- Automated tunnel creation where devices automatically create tunnels when new protocols or applications are detected.
- Automated tunnel assignments where protocols and applications are dynamically assigned to new tunnels.
- Group management where IT can define various parameters across tunnels, such as the actions to take in the event tunnels drop and / or whether encryption should be enabled.
- Cross-tunnel functionality that enables the tunnel management system to aggregate information across tunnels and then act on that information. With WAN optimization, for example, that could mean reporting and acting upon changes in network conditions like the amount of available bandwidth or latency and loss characteristics .
Tunnel adoption is a significant step forward for the industry. It should enable organizations to respond quicker to networking requirements. However, without thinking through these management and implementation issues, tunneling can end up introducing significant operational complexity into the enterprise.
