Tunnels

Tunnels, in which packets are encapsulated inside other packets, are a feature of today's Internet, since they provide a way of creating a Virtual Private Network (VPN) over the Internet. Two machines are setup as the tunnel endpoints, and when traffic is to be sent to the sites from inside one of the other sites, it is redirected to the tunnel end-point, encapsulated inside IP (protocol version 4) or inside a UDP packet, possibly encrypted and sent to the other machine over the Internet.

However, although tunnels provide the VPN, managing them within the framework of multicast IP routing prevents some complex problems. The Mbone has grown as a Virtual Network using tunnels, but there have been a number of problems related to the fact that all the tunnels have to be manually administered. If a metric is badly set then a site can disappear and appear unreachable. If tunnels are used to connect sites together as a single domain for multicast, then a lot of work must be done to ensure that the domain remains convex; i.e. there is no better route to the sites than through the tunnels.^10.5 If there is, then administratively scoped traffic won't be able to reach the other site. If the traffic doesn't reach the site then it is useless.