1
00:00:01,020 --> 00:00:07,640
In this video we're going to discuss generic writing encapsulation tunneling or GRV tunneling in its

2
00:00:07,640 --> 00:00:14,780
most basic form a geography tunnel is a point to point tunnel that allows you to transport multiple

3
00:00:14,780 --> 00:00:22,610
Hialeah protocols such as IP version for IP version 6 as well as older protocols such as IPX and others

4
00:00:22,940 --> 00:00:25,020
across a point to point tunnel.

5
00:00:25,280 --> 00:00:30,800
It's important to remember that GRV does not provide a theni cation an encryption.

6
00:00:31,040 --> 00:00:38,170
It provides a point to point connection between two routers that emulates or looks like a point to point

7
00:00:38,210 --> 00:00:41,320
tunnel or point to point serial link.

8
00:00:41,630 --> 00:00:46,340
Another advantage of Geordie is the support for multicast routing protocols.

9
00:00:46,520 --> 00:00:54,560
In the past what was often done is that GRV tunnels were encapsulated inside IP SEC tunnels for encryption

10
00:00:54,620 --> 00:01:00,650
and authentication so surgery would provide a simple point to point link that emulates what looks like

11
00:01:00,650 --> 00:01:07,610
a serial link but because it provides no encryption and no syndication that GRV tunnel would then be

12
00:01:07,610 --> 00:01:13,340
put inside an IP CEQ tunnel to provide the encryption and offene cation.

13
00:01:13,430 --> 00:01:19,040
Now before going any further I want to point out that you have access to some features of the VPN config

14
00:01:19,040 --> 00:01:21,480
generator as part of your course.

15
00:01:21,710 --> 00:01:25,940
One of the VPN config generator options is to set up a GOP tunnel.

16
00:01:26,210 --> 00:01:32,350
The software allows you very easily to create the configuration required for a point to point Jeery

17
00:01:32,390 --> 00:01:34,920
tunnel.

18
00:01:34,960 --> 00:01:41,230
So as an example by clicking on the show result button the configuration is automatically generated

19
00:01:41,230 --> 00:01:49,790
for two routers his router to and his router one you could simply copy and paste that configuration

20
00:01:50,150 --> 00:01:59,420
into your routers to set up a GOP tunnel Jeery encapsulates other traffic inside a 20 byte IP header

21
00:01:59,900 --> 00:02:07,720
and 4 byte GRV header the details of GRB can be found in RAFC 2 7 8 4.

22
00:02:07,870 --> 00:02:15,620
And as you can see here this is for generic routing and kept isolation or GRV I wouldn't bore you going

23
00:02:15,620 --> 00:02:21,590
through all the details but if you're interested have a look at the star of see but notice a payload

24
00:02:21,620 --> 00:02:29,240
packet which is the data is sent by user PCs would being kept isolated inside the GOP tunnel using a

25
00:02:29,240 --> 00:02:33,040
delivery header as well as GRV header.

26
00:02:33,140 --> 00:02:36,520
You know Jean is Threet apology which I'm going to demonstrate in a moment.

27
00:02:36,620 --> 00:02:44,780
That means that traffic sent from or one acting as PC one two or five acting as PC to in this typology

28
00:02:45,260 --> 00:02:51,270
using keps elated by Rodda to as mentioned I'll show you this configuration in a moment and all.

29
00:02:51,370 --> 00:02:58,100
Well so do washup captures that you can see the packets but in brief traffic sent by our one they sent

30
00:02:58,100 --> 00:03:00,530
as normal and it frame's across the link.

31
00:03:00,560 --> 00:03:08,210
But when it hits Rodda to it's encapsulated in a tunnel for transmission to Rotto for we're going to

32
00:03:08,210 --> 00:03:16,730
build a tunnel from our two to our four and are three in this case is going to act as an internet router.

33
00:03:18,930 --> 00:03:24,040
Or three is going to forward traffic based on the hour a header or delivery header.

34
00:03:25,480 --> 00:03:34,210
Because the tunnel is established from two to four Azzurri only sees traffic going from our tu's IP

35
00:03:34,210 --> 00:03:36,500
address to our foreign IP address.

36
00:03:36,820 --> 00:03:43,390
It rots based on the hour ahead or delivery header and doesn't look at the traffic that originated from

37
00:03:43,390 --> 00:03:44,510
our one.

38
00:03:44,530 --> 00:03:47,700
Be careful however Jori doesn't encrypt.

39
00:03:47,740 --> 00:03:54,580
So I'm going to demonstrate how you could run wireshark on this link and capture the internal traffic

40
00:03:54,610 --> 00:03:57,710
that was sent from our one to our five.

41
00:03:57,740 --> 00:04:04,210
So even though you encapsulating the traffic in a tunnel be aware that that tunnel is not encrypted.

42
00:04:04,280 --> 00:04:11,380
So someone running wireshark or a hacking tool could see the internal traffic as sent in the payload

43
00:04:11,390 --> 00:04:12,460
packet.

44
00:04:12,710 --> 00:04:19,050
So the original data is encapsulated in the GOP header with a delivery header.

45
00:04:19,120 --> 00:04:25,270
The route is on the Internet would route traffic based on the delivery header when traffic is received

46
00:04:25,300 --> 00:04:30,520
by rodded to which is the source of the GOP tunnel in this case from Router one.

47
00:04:30,670 --> 00:04:37,060
It's encapsulated injury sent across this tunnel to Rotto for which Dean capitulates the traffic and

48
00:04:37,060 --> 00:04:43,780
sends it to ratify as the original packet as if this was a point to point link between Ratatouille and

49
00:04:43,780 --> 00:04:50,440
Rato for example I've only got a single router being the Internet that remember you could have many

50
00:04:50,440 --> 00:04:51,870
many devices here.

51
00:04:54,050 --> 00:04:55,130
Forming the Internet

52
00:04:59,430 --> 00:05:07,260
and the idea is that the tunnel is formed from one tunnel end point to another across many devices the

53
00:05:07,260 --> 00:05:12,420
devices on the Internet rock based on the out ahead a router to is an example when receiving traffic

54
00:05:12,420 --> 00:05:17,490
from router one will encapsulate those packets with injury headers.

55
00:05:17,550 --> 00:05:24,120
Senators for reform will remove the headers and for the packet across to ratifiers as if there was a

56
00:05:24,120 --> 00:05:29,420
point to point the link between two and wrote for the same thing will happen in the reverse.

57
00:05:29,570 --> 00:05:35,550
Right a five will send a stented Ethan I-frame across this link to Rato for a form will encapsulate

58
00:05:35,550 --> 00:05:42,210
the packet send it through the tunnel to rodded to which will then decapitate the packet and forward

59
00:05:42,210 --> 00:05:48,700
the packet on to Roger one as if there was a point to point serial link between rodded to en route.

60
00:05:49,320 --> 00:05:56,910
As mentioned all demonstrate the set up of this typology and we assume that this picture is GRV tunnel

61
00:05:56,910 --> 00:05:58,630
from rhotic to Toronto.

62
00:05:59,100 --> 00:06:06,330
It's simply a section that's established using the Jari protocol from Rodda to to rockfall but logically

63
00:06:06,330 --> 00:06:15,920
it's as if you've got this extra serial interface on the roads which in our example will configure as

64
00:06:15,920 --> 00:06:20,150
tunnels zero on both routers.