Why is a tunnel called a "tunnel"?

52

12

I don't understand why is the "tunnel" metaphor used to describe a networking tunnel.

At first I thought the reason was because the data sent is encrypted, and so an eavesdropper will not be able to see the data (he sees the data wrapped in a tunnel!).

But what about the tunneling protocols that do not use encryption, why are they also called a "tunnel"!

user7681202

Posted 2017-03-19T22:27:31.890

Reputation: 561

21The data sent through a tunnel is encapsulated. It may or may not be encrypted. – DavidPostill – 2017-03-19T22:32:43.807

Answers

81

In the case of roads, a real world tunnel is a constructed passage that allows you to pass directly from A to B instead of taking a route that is longer and/or has more things to slow you down. Examples include tunnels through mountains that you might otherwise have to go round, underpasses that let you get to the other side of the road without walking across it, and subway tunnels that let trains move around a city without contending with roads and buildings.

In each of these cases, a tunnel provides a direct path that avoids some type of complexity you'd otherwise have to deal with. In networking it is used in the same way.

An IPv4 over IPv6 tunnel allows IPv4 to pass through an IPv6 network into another IPv4 network, something that would otherwise not be possible without the originating computer understanding the IPv6 network.

A VPN is a tunnel specifically intended for connecting two private networks without the overhead of translating the IP addresses between private and public addresses at each end.

An example that combines the two is game VPN software like Hamachi that could be used to play over the internet games which used old protocols like IPX or relied on local discovery to find other players.

Mokubai

Posted 2017-03-19T22:27:31.890

Reputation: 64 434

2I've added an edit that expands on your examples to make it more general. It felt more polite in this case to do a slightly heavy edit rather than post a separate answer or spew in the comments. Apologies if I'm out of line with the edit size. – Kaithar – 2017-03-20T05:05:24.913

5@Kaithar while the edit is substantial it does follow the point I was trying to get across and I was torn between keeping it short and simple and editing in the way that you did. Thank you for the edit. – Mokubai – 2017-03-20T07:18:47.827

38

Why is a tunnel called a "tunnel"?

The phrase was first used (as far as I can tell) in RFC 1075 Distance Vector Multicast Routing Protocol, where it is defined as follows:

In addition, to allow experiments to traverse networks that do not support multicasting, a mechanism called "tunneling" was developed.

...

  1. Tunnels

A tunnel is a method for sending datagrams between routers separated by gateways that do not support multicasting routing. It acts as a virtual network between two routers. For instance, a router running at Stanford, and a router running at BBN might be connected with a tunnel to allow multicast datagrams to traverse the Internet. We consider tunnels to be a transitional hack.

Tunneling is done with a weakly encapsulated normal multicasted datagram. The weak encapsulation uses a special two element IP loose source route [5]. (This form of encapsulation is preferable to "strong" encapsulation, i.e., prepending an entire new IP header, because it does not require the tunnel end-points to know each other's maximum reassembly buffer size. It also has the benefit of correct behavior of the originator's time-to-live value and any other IP options present.)

A tunnel has a local end-point, remote end-point, metric, and threshold associated with it. The routers at each end of the tunnel need only agree upon the local and remote end-points. See section 8 for information on how tunnels are configured. Because the number of intermediate gateways between the end-points of a tunnel is unknown, additional research is needed to determine appropriate metrics and thresholds.

Although the above states "We consider tunnels to be a transitional hack." tunneling is still used today, with essentially the same meaning - the data sent through a tunnel is encapsulated so it can be tranmitted via a protocol that would otherwise not support the transmission:

A tunnel is a mechanism used to ship a foreign protocol across a network that normally wouldn't support it. Tunneling protocols allow you to use, for example, IP to send another protocol in the "data" portion of the IP datagram. Most tunneling protocols operate at layer 4, which means they are implemented as a protocol that replaces something like TCP or UDP.

Source Networking 101: Understanding Tunneling

DavidPostill

Posted 2017-03-19T22:27:31.890

Reputation: 118 938

20"We consider tunnels to be a transitional hack" — there truly is nothing so permanent as a temporary solution. – Wildcard – 2017-03-21T03:03:04.417

21

Because whatever you put in one end of the tunnel comes out the other end.

David Schwartz

Posted 2017-03-19T22:27:31.890

Reputation: 58 310

22Not everything. I tried putting my drink in one end of a VPN tunnel once, and not only was it not waiting for me at work, but my computer stopped working for some reason. – HopelessN00b – 2017-03-20T08:35:25.453

17@HopelessN00b: probably because your drink wasn't properly formatted as TCP/IP – Stephan – 2017-03-20T09:40:48.573

8@HopelessN00b Drinks are implemented in Layer 1 while most VPNs are implemented in Layer 4. You must use software to somehow translate the drink to the proper layer for any hope. Also, be sure to have software on the receiving end or there may be unforeseen consequences. – pcnate – 2017-03-20T20:16:59.680

5@pcnate hm - Layer 1 is hardware. Not sure it it can handle softdrinks at all. – Stephan – 2017-03-21T11:36:15.477

3You clearly do not know HopelessN00b, He's a proponent of go hard or go home. – Journeyman Geek – 2017-03-21T12:42:16.893

5

for wine you need an USBwine adapter, I'm not sure if you can hack it do do beer or vodka.

– satibel – 2017-03-21T12:47:27.527