Getting Networked Computers to Speak the Same Language
When people first started connecting computers together, they had to decide on a common language that computers could understand. Those languages, called network protocols, were developed separately from one another, depending on the types of computers on the network. For example, Microsoft networks used the NetBEUI between systems running Windows, and Apple networks used AppleTalk. When hybrid networks began to emerge, Windows and Apple systems had to add the ability to translate each other's protocols in order to work together. With the growth of the Internet, though, computer hardware and software were redesigned to use the Internet's native communication protocols. Those protocols make up a single protocol stack, meaning several protocols that work together to address different types of communication. The Internet uses the TCP/IP protocol stack, and most computers today are capable of communicating using TCP/IP protocols.
Keeping VPN Traffic in the Tunnel
Most VPNs rely on tunneling to create a private network that reaches across the Internet. In our article "How does the Internet work?" we describe how each data file is broken into a series of packets to be sent and received by computers connected to the Internet. Tunneling is the process of placing an entire packet within another packet before it's transported over the Internet. That outer packet protects the contents from public view and ensures that the packet moves within a virtual tunnel.
This layering of packets is called encapsulation. Computers or other network devices at both ends of the tunnel, called tunnel interfaces, can encapsulate outgoing packets and reopen incoming packets. Users (at one end of the tunnel) and IT personnel (at one or both ends of the tunnel) configure the tunnel interfaces they're responsible for to use a tunneling protocol. Also called an encapsulation protocol, a tunneling protocol is a standardized way to encapsulate packets [source: Microsoft]. Later in this article, you can read about the different tunneling protocols used by VPNs.
The purpose of the tunneling protocol is to add a layer of security that protects each packet on its journey over the Internet. The packet is traveling with the same transport protocol it would have used without the tunnel; this protocol defines how each computer sends and receives data over its ISP. Each inner packet still maintains the passenger protocol, such as Internet protocol (IP) or AppleTalk, which defines how it travels on the LANs at each end of the tunnel. (See the sidebar for more about how computers use common network protocols to communicate.) The tunneling protocol used for encapsulation adds a layer of security to protect the packet on its journey over the Internet.
To better understand the relationships between protocols, think of tunneling as having a computer delivered to you by a shipping company. The vendor who is sending you the computer packs the computer (passenger protocol) in a box (tunneling protocol). Shippers then place that box on a shipping truck (transport protocol) at the vendor's warehouse (one tunnel interface). The truck (transport protocol) travels over the highways (Internet) to your home (the other tunnel interface) and delivers the computer. You open the box (tunneling protocol) and remove the computer (passenger protocol).
Now that we've examined data in the tunnel, let's look at the equipment behind each interface.
