Mastering Tunnel Modes: A Comprehensive Guide

Table of Contents

1. Introduction
2. Bridge Tunnel Mode
   • Bridge Tunnel Mode App
   • Bridge Tunnel Configuration
   • Bridge Tunnel Application
3. Router Tunnel Mode
   • Router Tunnel App Note
   • Router Tunnel Configuration
   • Typical Applications
4. IP Sharing
   • Benefits of IP Sharing
   • Typical Applications
   • How Networks are Put Together
   • How Packets are Routed
5. IP Filtering
   • Understanding IP Filtering
   • Filtering Options
   • Input, Pass, and Static Rules
   • Stateful Packet Inspection
   • Rule Targets and Actions
   • Redirect and Source/Destination NAT
   • Rule Marking and NetFlow
   • Routed Interfaces Filtering
6. Fast Link Tunnels
   • Features and Capabilities
   • Setting Up Fast Link Tunnels
   • Bridged and Routed Connection
   • Additional Features

Bridge Tunnel Mode

In the bridge tunnel mode, all interfaces connected to the system bridge can communicate with each other as if they were on an Ethernet switch. This mode allows for easy access to a server network without the need for rewiring or making major changes to the existing network infrastructure. The devices can be set up in stub mode, where a single Ethernet connection is made to the network, or in a more common setup, where access to the server network is provided through a system bridge.

One application of the bridge tunnel mode is the extension of networks using an Ethernet cable over the internet. This can be useful in scenarios where there are multiple remote networks that need to be connected. The configuration for a bridge tunnel mode is explained in detail in the Bridge Tunnel App Note available on the Doc Central website. This app note provides step-by-step instructions on how to configure a bridge tunnel point-to-point network.

Router Tunnel Mode

The router tunnel mode operates similarly to a traditional IPSec tunnel. It allows for routing of traffic between two different networks. The server-side configuration is handled by setting up server-side routes and remote routes. The server device pushes this information to the client devices, which install the routes in their routing tables. This mode is helpful in situations where there are two different networks on each side of the link.

The router tunnel mode provides more flexibility in terms of routing and allows for different networks to be connected. The configuration process for setting up a router tunnel mode is described in the Router Tunnel App Note available on the Doc Central website. This app note provides detailed guidance on configuring the server and client devices and setting up the necessary routing.

IP Sharing

IP sharing provides a way to hide a remote network and access it based on an IP address from the server-side network. It enables the establishment of a routed tunnel mode without the need for additional routing on the network. IP sharing is especially useful in scenarios where there are overlapping IP addresses between remote networks or when specific devices need to have access to the server network.

By using IP sharing, the server-side network only sees traffic coming from the IP address of the tunnel interface, thus hiding the actual remote IP address. The client device becomes a 3-port router, routing traffic from its local network to the server-side network through the tunnel interface. The configuration for IP sharing can be found in the respective section of the device's interface.

IP Filtering

The IP filtering feature of the device allows for fine-grained control over traffic flowing through it. It can filter traffic based on various criteria such as source/destination IP addresses, interfaces, port numbers, MAC addresses, and VLANs. The IP filtering operates at layer 2 and layer 3, and it can also filter based on layer 7 string matching.

The IP filtering is divided into several blocks: input, pass, static, stateful packet inspection, and route filters. The input block filters traffic as it enters the device, the pass block filters traffic as it passes through, and the static block allows for configuring static rules. Stateful packet inspection provides the ability to filter based on the state of the packet, and route filters are used for interfaces that are routed or detoured.

Fast Link Tunnels

Fast link tunnels are a newer technology that provides all the features and capabilities of the standard tunnel mode but with increased speed and performance. They consist of a control channel and a data channel and support bonded client failover and real-time resource utilization.

One advantage of fast link tunnels is the ability to run bridged and routed connections simultaneously. This allows for more flexibility in configuring networks and can be useful in scenarios where different types of traffic need to be treated differently. The fast link tunnel configuration is similar to the standard tunnel mode, and documentation on their setup can be found on the Doc Central website.

Conclusion

In this article, we explored different tunnel modes available in the device, including bridge tunnel mode, router tunnel mode, IP sharing, IP filtering, and fast link tunnels. Each mode offers unique features and capabilities to meet various networking requirements. By understanding these modes and their configurations, users can optimize their network setups and ensure efficient and secure data transmission.

🔗 Resources:

• Bridge Tunnel App Note
• Router Tunnel App Note
• IP Sharing Documentation
• IP Filtering Guide
• Fast Link Tunnels Documentation

Highlights

• Bridge tunnel mode allows for easy access to server networks without major network changes.
• Router tunnel mode enables routing between different networks and requires server-side and client-side configurations.
• IP sharing hides remote networks and provides access based on IP addresses.
• IP filtering offers fine-grained control over traffic based on various criteria.
• Fast link tunnels provide high-speed performance and support bridged and routed connections simultaneously.

FAQ

Q: Can I use IP sharing with overlapping IP addresses? A: Yes, IP sharing is designed to handle overlapping IP addresses between remote networks.

Q: Can I configure different filtering rules for each client in a fast link tunnel? A: Yes, each client in a fast link tunnel has its own unique interface, allowing for customized filtering rules.

Q: Can I combine bridge and routed connections in a single tunnel? A: Yes, fast link tunnels support both bridged and routed connections simultaneously.

Q: Is IP filtering possible on detached or routed interfaces? A: Yes, IP filtering can be applied to detached or routed interfaces using the appropriate rule blocks.

Q: Are fast link tunnels suitable for high-speed data backup applications? A: Yes, fast link tunnels provide the performance required for high-speed data backup applications.

Q: Can I enable different tunnel modes for different clients in a single network? A: Yes, the devices allow for different tunnel modes to be configured for different clients within the same network.

This article provided an overview of the different tunnel modes available in the device, including their features, configurations, and typical applications. It also discussed the benefits and considerations of IP sharing, the functionality and flexibility of IP filtering, and the advantages of fast link tunnels. By understanding and utilizing these features effectively, users can optimize their network setups and enhance their data transmission capabilities.