Table of contents

1.4 VPN Processing Principle and Communication Method

    Table of contents
    You are currently comparing two old versions - only when you are comparing against the latest version can you revert. Return to version archive.

    Combined revision comparison

    Comparing version 02:43, 2 Mar 2013 by yagi with version 02:58, 2 Mar 2013 by yagi.

    ...

     

    Fig. 1-4-1 Switching Hub and network adapter for Ethernet.

    ...

    AFig. 1-4-2 Ethernet frame (MAC frame).)

    ...

    The switching Hub used by Ethernet (layer 2 switch) constructs a network by Ethernet and is an important peripheral device for communication. Switching HubsHUBs have multiple ports (usually 8 ports, but can have from tens to hundreds. By connecting a compute to the Ethernet by network cable, etc., a physical network is connected between the switching Hub and computer's network adapter, thus enabling Ethernet communications by layer 2.

    The ports of a switching Hub can also be connected to the ports of another switching Hub. Even though the connected switching HubsHUBs were originally separate Ethernet networks, by connecting them by network cable, they work like a single Ethernet network. This is called "cascade connection".

    The computers connected to the switching HubsHUBs on the left and right in the following figure can communicate freely with each other.

    ...

    Fig. 1-4-3 Segment junction by cascade connection of switching hubs.HUBs

    ...

    Switching HubsHUBs constantly recognize in advance which computers with what sort of MAC address are connected to the respective ports and maintain the information in an internal database. This is called a "MAC address table".

    ...

    As was previously mentioned, the method of connecting two segments configured of two switching HubsHUBs and using as a single segment is called "cascade connection". Cascade connection can consist of an unlimited number of cascades provided the physical limit established for Ethernet is not exceeded. The fact that cascade connection can be accomplished easily is one of the greatest features of using Ethernet. By cascade connecting another switching Hub to one for which the number of ports has become insufficient, you can increase the number of available ports and increase the number of computers that can be connected to the network.

    ...

    Cascade connection and bridge connection are technically similar connection methods, but whereas cascade connection indicates connecting switching HubsHUBs to construct a single large segment from the beginning, bridge connection means connecting networks to be used as two segments that are physically separate and are administered separately.

    ...

    Virtual Hub is one of the most important functions of SoftEther VPN. Virtual Hub implements the same level of functions as the existing common layer 2 switching Hub as software. Virtual Hub has a MAC address learning function and frame exchange/delivery functions based on learning. Whereas conventional switching HubsHUBs used to handle this processing as hardware, with Virtual Hub of SoftEther VPN, the processing is handled as software.

    ...

    SoftEther VPN Server can create multiple Virtual HubsHUBs. You can create as many Virtual HubsHUBs as memory space, CPU speed and specifications will permit. Each respective Virtual Hub conducts MAC address learning for virtual Ethernet frames flowing through the VPN. As a result virtual layer 2 Ethernet segments are realized by sending Ethernet frames to computers participating in other VPNs.

    ...

    Connection between Virtual HubsFig. 1-4-4 Connection between Virtual HUBs or between Virtual Network Adapters.

    Creation and Administration of Multiple Virtual HubsHUBs

    If multiple Virtual HubsHUBs are created within a single VPN server, those Virtual HubsHUBs cannot communicate with each other. Consequently if multiple Virtual HubsHUBs are created, it means multiple Ethernet segments are formed within the VPN Server.

    ...

    Fig. 1-4-5 Segment separation by Virtual Hub within VPN Server.

    ...

    These setting contents are completely independent for each Virtual Hub, and administration is divided into units so each individual administrator can administrate separately. Administrators of VPN Servers at large can manage all Virtual HubsHUBs, but administrators granted authority concerning some Virtual HubsHUBs from the VPN Server administrator can manage only those Virtual HubsHUBs and are unable to manage other Virtual HubsHUBs.

    ...

    Method of Connecting Virtual HubsHUBs to each other

    Virtual HubsHUBs can be cascade connected to Virtual HubsHUBs operating on the same VPN Server or VPN Server operating on another computer, and the cascade connected Virtual HubsHUBs that were originally separate segments are joined to work as a single segment.

    For Virtual HubsHUBs operating on the same VPN Server, via virtual layer 3 switch by IP routing, network among Virtual HubsHUBs can be connected by layer 3.

    ...

    Fig. 1-4-6 SoftEther VPN Virtual Network Adapter recognized as a network adapter by the operating system.

    ...

    Fig. 1-4-7 Property window of Virtual Network Adapter  .

    ...

    With SoftEther VPN Server, you can create multiple Virtual HubsHUBs and operate them together. In the initial state however Virtual HubsHUBs have only independent layer 2 segments, and although computers connected to the same Virtual Hub can communicate freely, computers connected to separate Virtual HubsHUBs cannot communicate with each other.

    ...

    Using the virtual layer 3 switch function of SoftEther VPN Server enables IP routing among multiple Virtual HubsHUBs. If conducting IP routing among multiple Virtual HubsHUBs with the previous version of SoftEther 1.0, etc., you had to conduct IP routing with a physical layer 3 switch or special router by bridge connecting each respective Virtual Hub segment to a physical Ethernet segment. SoftEther VPN Server's support of virtual layer 3 switch function enables network administrators to easily realize communication among Virtual HubsHUBs by IP routing among multiple Virtual HubsHUBs.

    ...

    Fig. 1-4-8 IP routing among Virtual HubsHUBs by virtual layer 3 switch.

    ...

     

    By connecting Virtual Hub and physical existing LAN by multiple bases and by furthermore cascade connecting Virtual HubsHUBs existing physical LAN of multiple bases can be easily made a single segment via Internet to realize base-to-base VPN.

    ...

    Fig. 1-4-9 Example of base-to-base connection by SoftEther VPN  .

    ...

    Fig. 1-4-10 Computer-to-computer VPN  .

    ...

    Fig. 1-4-11 Remote access VPN  .

    ...

    Fig. 1-4-12 Base-to-base VPN of ordinary scale  .

    ...

    Fig. 1-4-13 Base-to-base VPN of large scale.

    Other changes:

    1. /body/p[6]/a/@class: " external" ⇒ nothing
    2. /body/p[6]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-1.gif""http://www.softether.org/@api/deki/files/107/=1-4-1.png"
    3. /body/p[6]/a/@title: nothing ⇒ "1-4-1.png"
    4. /body/p[6]/a/img/@alt: "Click to enlarge.""1-4-1.png"
    5. /body/p[6]/a/img/@border: "2" ⇒ nothing
    6. /body/p[6]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-1_small.jpg""/@api/deki/files/107/=1-4-1.png?size=webview"
    7. /body/p[6]/a/img/@class: nothing ⇒ "internal default"
    8. /body/p[6]/a/img/@style: nothing ⇒ "width: 550px; height: 304px;"
    9. /body/p[7]/@style: nothing ⇒ "text-align: center; "
    10. /body/p[10]/a/@class: " external" ⇒ nothing
    11. /body/p[10]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-2.gif""http://www.softether.org/@api/deki/files/108/=1-4-2.png"
    12. /body/p[10]/a/@title: nothing ⇒ "1-4-2.png"
    13. /body/p[10]/a/img/@alt: "Click to enlarge.""1-4-2.png"
    14. /body/p[10]/a/img/@border: "2" ⇒ nothing
    15. /body/p[10]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-2_small.jpg""/@api/deki/files/108/=1-4-2.png?size=webview"
    16. /body/p[10]/a/img/@class: nothing ⇒ "internal default"
    17. /body/p[10]/a/img/@style: nothing ⇒ "width: 550px; height: 81px;"
    18. /body/p[11]/@style: nothing ⇒ "text-align: center; "
    19. /body/p[21]/a/@class: " external" ⇒ nothing
    20. /body/p[21]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-3.gif""http://www.softether.org/@api/deki/files/109/=1-4-3.png"
    21. /body/p[21]/a/@title: nothing ⇒ "1-4-3.png"
    22. /body/p[21]/a/img/@alt: "Click to enlarge.""1-4-3.png"
    23. /body/p[21]/a/img/@border: "2" ⇒ nothing
    24. /body/p[21]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-3_small.jpg""/@api/deki/files/109/=1-4-3.png?size=webview"
    25. /body/p[21]/a/img/@class: nothing ⇒ "internal default"
    26. /body/p[21]/a/img/@style: nothing ⇒ "width: 550px; height: 217px;"
    27. /body/p[22]/@style: nothing ⇒ "text-align: center; "
    28. /body/p[36]/a/@class: " external" ⇒ nothing
    29. /body/p[36]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-4.gif""http://www.softether.org/@api/deki/files/110/=1-4-4.png"
    30. /body/p[36]/a/@title: nothing ⇒ "1-4-4.png"
    31. /body/p[36]/a/img/@alt: "Click to enlarge.""1-4-4.png"
    32. /body/p[36]/a/img/@border: "2" ⇒ nothing
    33. /body/p[36]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-4_small.jpg""/@api/deki/files/110/=1-4-4.png?size=webview"
    34. /body/p[36]/a/img/@class: nothing ⇒ "internal default"
    35. /body/p[36]/a/img/@style: nothing ⇒ "width: 550px; height: 262px;"
    36. /body/p[37]/@style: nothing ⇒ "text-align: center; "
    37. /body/p[40]/a/img/@alt: "File:C:/TMP/130301vpn4man/VPN4_Manual_(English)/html/images/1-4-5.gif""1-4-5.png"
    38. /body/p[40]/a/img/@border: "0" ⇒ nothing
    39. /body/p[40]/a/img/@height: "272" ⇒ nothing
    40. /body/p[40]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-5.gif""/@api/deki/files/111/=1-4-5.png?size=webview"
    41. /body/p[40]/a/img/@width: "377" ⇒ nothing
    42. /body/p[40]/a/img/@class: nothing ⇒ "internal default"
    43. /body/p[40]/a/img/@style: nothing ⇒ "width: 350px; height: 243px;"
    44. /body/p[41]/@style: nothing ⇒ "text-align: center; "
    45. /body/p[50]/a/@class: " external" ⇒ nothing
    46. /body/p[50]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-6.gif""http://www.softether.org/@api/deki/files/112/=1-4-6.png"
    47. /body/p[50]/a/@title: nothing ⇒ "1-4-6.png"
    48. /body/p[50]/a/img/@alt: "Click to enlarge.""1-4-6.png"
    49. /body/p[50]/a/img/@border: "2" ⇒ nothing
    50. /body/p[50]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-6_small.jpg""/@api/deki/files/112/=1-4-6.png?size=webview"
    51. /body/p[50]/a/img/@class: nothing ⇒ "internal default"
    52. /body/p[50]/a/img/@style: nothing ⇒ "width: 313px; height: 350px;"
    53. /body/p[51]/@style: nothing ⇒ "text-align: center; "
    54. /body/p[53]/a/@class: " external" ⇒ nothing
    55. /body/p[53]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-7.gif""http://www.softether.org/@api/deki/files/113/=1-4-7.png"
    56. /body/p[53]/a/@title: nothing ⇒ "1-4-7.png"
    57. /body/p[53]/a/img/@alt: "Click to enlarge.""1-4-7.png"
    58. /body/p[53]/a/img/@border: "2" ⇒ nothing
    59. /body/p[53]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-7_small.jpg""/@api/deki/files/113/=1-4-7.png?size=webview"
    60. /body/p[53]/a/img/@class: nothing ⇒ "internal default"
    61. /body/p[53]/a/img/@style: nothing ⇒ "width: 277px; height: 350px;"
    62. /body/p[54]/@style: nothing ⇒ "text-align: center; "
    63. /body/p[60]/a/@class: " external" ⇒ nothing
    64. /body/p[60]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-8.gif""http://www.softether.org/@api/deki/files/114/=1-4-8.png"
    65. /body/p[60]/a/@title: nothing ⇒ "1-4-8.png"
    66. /body/p[60]/a/img/@alt: "Click to enlarge.""1-4-8.png"
    67. /body/p[60]/a/img/@border: "2" ⇒ nothing
    68. /body/p[60]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-8_small.jpg""/@api/deki/files/114/=1-4-8.png?size=webview"
    69. /body/p[60]/a/img/@class: nothing ⇒ "internal default"
    70. /body/p[60]/a/img/@style: nothing ⇒ "width: 350px; height: 283px;"
    71. /body/p[61]/@style: nothing ⇒ "text-align: center; "
    72. /body/p[65]/a/@class: " external" ⇒ nothing
    73. /body/p[65]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-9.gif""http://www.softether.org/@api/deki/files/115/=1-4-9.png"
    74. /body/p[65]/a/@title: nothing ⇒ "1-4-9.png"
    75. /body/p[65]/a/img/@alt: "Click to enlarge.""1-4-9.png"
    76. /body/p[65]/a/img/@border: "2" ⇒ nothing
    77. /body/p[65]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-9_small.jpg""/@api/deki/files/115/=1-4-9.png?size=webview"
    78. /body/p[65]/a/img/@class: nothing ⇒ "internal default"
    79. /body/p[65]/a/img/@style: nothing ⇒ "width: 550px; height: 152px;"
    80. /body/p[66]/@style: nothing ⇒ "text-align: center; "
    81. /body/p[73]/a/@class: " external" ⇒ nothing
    82. /body/p[73]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-10.gif""http://www.softether.org/@api/deki/files/116/=1-4-10.png"
    83. /body/p[73]/a/@title: nothing ⇒ "1-4-10.png"
    84. /body/p[73]/a/img/@alt: "Click to enlarge.""1-4-10.png"
    85. /body/p[73]/a/img/@border: "2" ⇒ nothing
    86. /body/p[73]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-10_small.jpg""/@api/deki/files/116/=1-4-10.png?size=webview"
    87. /body/p[73]/a/img/@class: nothing ⇒ "internal default"
    88. /body/p[73]/a/img/@style: nothing ⇒ "width: 550px; height: 370px;"
    89. /body/p[74]/@style: nothing ⇒ "text-align: center; "
    90. /body/p[81]/a/@class: " external" ⇒ nothing
    91. /body/p[81]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-11.gif""http://www.softether.org/@api/deki/files/117/=1-4-11.png"
    92. /body/p[81]/a/@title: nothing ⇒ "1-4-11.png"
    93. /body/p[81]/a/img/@alt: "Click to enlarge.""1-4-11.png"
    94. /body/p[81]/a/img/@border: "2" ⇒ nothing
    95. /body/p[81]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-11_small.jpg""/@api/deki/files/117/=1-4-11.png?size=webview"
    96. /body/p[81]/a/img/@class: nothing ⇒ "internal default"
    97. /body/p[81]/a/img/@style: nothing ⇒ "width: 550px; height: 272px;"
    98. /body/p[82]/@style: nothing ⇒ "text-align: center; "
    99. /body/p[88]/a/@class: " external" ⇒ nothing
    100. /body/p[88]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-12.gif""http://www.softether.org/@api/deki/files/118/=1-4-12.png"
    101. /body/p[88]/a/@title: nothing ⇒ "1-4-12.png"
    102. /body/p[88]/a/img/@alt: "Click to enlarge.""1-4-12.png"
    103. /body/p[88]/a/img/@border: "2" ⇒ nothing
    104. /body/p[88]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-12_small.jpg""/@api/deki/files/118/=1-4-12.png?size=webview"
    105. /body/p[88]/a/img/@class: nothing ⇒ "internal default"
    106. /body/p[88]/a/img/@style: nothing ⇒ "width: 550px; height: 365px;"
    107. /body/p[89]/@style: nothing ⇒ "text-align: center; "
    108. /body/p[93]/a/@class: " external" ⇒ nothing
    109. /body/p[93]/a/@href: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images/1-4-13.gif""http://www.softether.org/@api/deki/files/119/=1-4-13.png"
    110. /body/p[93]/a/@title: nothing ⇒ "1-4-13.png"
    111. /body/p[93]/a/img/@alt: "Click to enlarge.""1-4-13.png"
    112. /body/p[93]/a/img/@border: "2" ⇒ nothing
    113. /body/p[93]/a/img/@src: "file:///C:/TMP/130301vpn4man/VPN4%20Manual%20(English)/html/images_small/1-4-13_small.jpg""/@api/deki/files/119/=1-4-13.png?size=webview"
    114. /body/p[93]/a/img/@class: nothing ⇒ "internal default"
    115. /body/p[93]/a/img/@style: nothing ⇒ "width: 550px; height: 321px;"
    116. /body/p[94]/@style: nothing ⇒ "text-align: center; "

    Version from 02:43, 2 Mar 2013

    This revision modified by yagi (Ban)

    ...

    Click to enlarge.

    Fig. 1-4-1 Switching Hub and network adapter for Ethernet

    ...

    Click to enlarge.

    Fig. 1-4-2Ethernet frame (MAC frame)

    ...

    The switching Hub used by Ethernet (layer 2 switch) constructs a network by Ethernet and is an important peripheral device for communication. Switching HUBs have multiple ports (usually 8 ports, but can have from tens to hundreds. By connecting a compute to the Ethernet by network cable, etc., a physical network is connected between the switching Hub and computer's network adapter, thus enabling Ethernet communications by layer 2.

    The ports of a switching Hub can also be connected to the ports of another switching Hub. Even though the connected switching HUBs were originally separate Ethernet networks, by connecting them by network cable, they work like a single Ethernet network. This is called "cascade connection".

    The computers connected to the switching HUBs on the left and right in the following figure can communicate freely with each other.

    Click to enlarge.

    Fig. 1-4-3 Segment junction by cascade connection of switching HUBs

    ...

    Switching HUBs constantly recognize in advance which computers with what sort of MAC address are connected to the respective ports and maintain the information in an internal database. This is called a "MAC address table".

    ...

    As was previously mentioned, the method of connecting two segments configured of two switching HUBs and using as a single segment is called "cascade connection". Cascade connection can consist of an unlimited number of cascades provided the physical limit established for Ethernet is not exceeded. The fact that cascade connection can be accomplished easily is one of the greatest features of using Ethernet. By cascade connecting another switching Hub to one for which the number of ports has become insufficient, you can increase the number of available ports and increase the number of computers that can be connected to the network.

    ...

    Cascade connection and bridge connection are technically similar connection methods, but whereas cascade connection indicates connecting switching HUBs to construct a single large segment from the beginning, bridge connection means connecting networks to be used as two segments that are physically separate and are administered separately.

    ...

    Virtual Hub is one of the most important functions of SoftEther VPN. Virtual Hub implements the same level of functions as the existing common layer 2 switching Hub as software. Virtual Hub has a MAC address learning function and frame exchange/delivery functions based on learning. Whereas conventional switching HUBs used to handle this processing as hardware, with Virtual Hub of SoftEther VPN, the processing is handled as software.

    ...

    SoftEther VPN Server can create multiple Virtual HUBs. You can create as many Virtual HUBs as memory space, CPU speed and specifications will permit. Each respective Virtual Hub conducts MAC address learning for virtual Ethernet frames flowing through the VPN. As a result virtual layer 2 Ethernet segments are realized by sending Ethernet frames to computers participating in other VPNs.

    Click to enlarge.

    Fig. 1-4-4 Connection between Virtual HUBs or between Virtual Network Adapters

    Creation and Administration of Multiple Virtual HUBs

    If multiple Virtual HUBs are created within a single VPN server, those Virtual HUBs cannot communicate with each other. Consequently if multiple Virtual HUBs are created, it means multiple Ethernet segments are formed within the VPN Server.

    ...

    File:C:/TMP/130301vpn4man/VPN4_Manual_(English)/html/images/1-4-5.gif

    Fig. 1-4-5 Segment separation by Virtual Hub within VPN Server

    ...

    These setting contents are completely independent for each Virtual Hub, and administration is divided into units so each individual administrator can administrate separately. Administrators of VPN Servers at large can manage all Virtual HUBs, but administrators granted authority concerning some Virtual HUBs from the VPN Server administrator can manage only those Virtual HUBs and are unable to manage other Virtual HUBs.

    ...

    Method of Connecting Virtual HUBs to each other

    Virtual HUBs can be cascade connected to Virtual HUBs operating on the same VPN Server or VPN Server operating on another computer, and the cascade connected Virtual HUBs that were originally separate segments are joined to work as a single segment.

    For Virtual HUBs operating on the same VPN Server, via virtual layer 3 switch by IP routing, network among Virtual HUBs can be connected by layer 3.

    ...

    Click to enlarge.

    Fig. 1-4-6 SoftEther VPN Virtual Network Adapter recognized as a network adapter by the operating system

    ...

    Click to enlarge.

    Fig. 1-4-7 Property window of Virtual Network Adapter

    ...

    With SoftEther VPN Server, you can create multiple Virtual HUBs and operate them together. In the initial state however Virtual HUBs have only independent layer 2 segments, and although computers connected to the same Virtual Hub can communicate freely, computers connected to separate Virtual HUBs cannot communicate with each other.

    ...

    Using the virtual layer 3 switch function of SoftEther VPN Server enables IP routing among multiple Virtual HUBs. If conducting IP routing among multiple Virtual HUBs with the previous version of SoftEther 1.0, etc., you had to conduct IP routing with a physical layer 3 switch or special router by bridge connecting each respective Virtual Hub segment to a physical Ethernet segment. SoftEther VPN Server's support of virtual layer 3 switch function enables network administrators to easily realize communication among Virtual HUBs by IP routing among multiple Virtual HUBs.

    Click to enlarge.

    Fig. 1-4-8 IP routing among Virtual HUBs by virtual layer 3 switch

    ...

    By connecting Virtual Hub and physical existing LAN by multiple bases and by furthermore cascade connecting Virtual HUBs existing physical LAN of multiple bases can be easily made a single segment via Internet to realize base-to-base VPN.

    Click to enlarge.

    Fig. 1-4-9 Example of base-to-base connection by SoftEther VPN

    ...

    Click to enlarge.

    Fig. 1-4-10 Computer-to-computer VPN

    ...

    Click to enlarge.

    Fig. 1-4-11 Remote access VPN

    ...

    Click to enlarge.

    Fig. 1-4-12 Base-to-base VPN of ordinary scale

    ...

    Click to enlarge.

    Fig. 1-4-13 Base-to-base VPN of large scale

    Version as of 02:58, 2 Mar 2013

    This revision modified by yagi (Ban)

    ...

    Switching Hub and network adapter for Ethernet.

    ...

    A Ethernet frame (MAC frame).

    ...

    The switching Hub used by Ethernet (layer 2 switch) constructs a network by Ethernet and is an important peripheral device for communication. Switching Hubs have multiple ports (usually 8 ports, but can have from tens to hundreds. By connecting a compute to the Ethernet by network cable, etc., a physical network is connected between the switching Hub and computer's network adapter, thus enabling Ethernet communications by layer 2.

    The ports of a switching Hub can also be connected to the ports of another switching Hub. Even though the connected switching Hubs were originally separate Ethernet networks, by connecting them by network cable, they work like a single Ethernet network. This is called "cascade connection".

    The computers connected to the switching Hubs on the left and right in the following figure can communicate freely with each other.

    ...

    Segment junction by cascade connection of switching hubs.

    ...

    Switching Hubs constantly recognize in advance which computers with what sort of MAC address are connected to the respective ports and maintain the information in an internal database. This is called a "MAC address table".

    ...

    As was previously mentioned, the method of connecting two segments configured of two switching Hubs and using as a single segment is called "cascade connection". Cascade connection can consist of an unlimited number of cascades provided the physical limit established for Ethernet is not exceeded. The fact that cascade connection can be accomplished easily is one of the greatest features of using Ethernet. By cascade connecting another switching Hub to one for which the number of ports has become insufficient, you can increase the number of available ports and increase the number of computers that can be connected to the network.

    ...

    Cascade connection and bridge connection are technically similar connection methods, but whereas cascade connection indicates connecting switching Hubs to construct a single large segment from the beginning, bridge connection means connecting networks to be used as two segments that are physically separate and are administered separately.

    ...

    Virtual Hub is one of the most important functions of SoftEther VPN. Virtual Hub implements the same level of functions as the existing common layer 2 switching Hub as software. Virtual Hub has a MAC address learning function and frame exchange/delivery functions based on learning. Whereas conventional switching Hubs used to handle this processing as hardware, with Virtual Hub of SoftEther VPN, the processing is handled as software.

    ...

    SoftEther VPN Server can create multiple Virtual Hubs. You can create as many Virtual Hubs as memory space, CPU speed and specifications will permit. Each respective Virtual Hub conducts MAC address learning for virtual Ethernet frames flowing through the VPN. As a result virtual layer 2 Ethernet segments are realized by sending Ethernet frames to computers participating in other VPNs.

    ...

    Connection between Virtual Hubs or between Virtual Network Adapters.

    Creation and Administration of Multiple Virtual Hubs

    If multiple Virtual Hubs are created within a single VPN server, those Virtual Hubs cannot communicate with each other. Consequently if multiple Virtual Hubs are created, it means multiple Ethernet segments are formed within the VPN Server.

    ...

    Segment separation by Virtual Hub within VPN Server.

    ...

    These setting contents are completely independent for each Virtual Hub, and administration is divided into units so each individual administrator can administrate separately. Administrators of VPN Servers at large can manage all Virtual Hubs, but administrators granted authority concerning some Virtual Hubs from the VPN Server administrator can manage only those Virtual Hubs and are unable to manage other Virtual Hubs.

    ...

    Method of Connecting Virtual Hubs to each other

    Virtual Hubs can be cascade connected to Virtual Hubs operating on the same VPN Server or VPN Server operating on another computer, and the cascade connected Virtual Hubs that were originally separate segments are joined to work as a single segment.

    For Virtual Hubs operating on the same VPN Server, via virtual layer 3 switch by IP routing, network among Virtual Hubs can be connected by layer 3.

    ...

    SoftEther VPN Virtual Network Adapter recognized as a network adapter by the operating system.

    ...

    Property window of Virtual Network Adapter.

    ...

    With SoftEther VPN Server, you can create multiple Virtual Hubs and operate them together. In the initial state however Virtual Hubs have only independent layer 2 segments, and although computers connected to the same Virtual Hub can communicate freely, computers connected to separate Virtual Hubs cannot communicate with each other.

    ...

    Using the virtual layer 3 switch function of SoftEther VPN Server enables IP routing among multiple Virtual Hubs. If conducting IP routing among multiple Virtual Hubs with the previous version of SoftEther 1.0, etc., you had to conduct IP routing with a physical layer 3 switch or special router by bridge connecting each respective Virtual Hub segment to a physical Ethernet segment. SoftEther VPN Server's support of virtual layer 3 switch function enables network administrators to easily realize communication among Virtual Hubs by IP routing among multiple Virtual Hubs.

    ...

    IP routing among Virtual Hubs by virtual layer 3 switch.

    ...

    By connecting Virtual Hub and physical existing LAN by multiple bases and by furthermore cascade connecting Virtual Hubs existing physical LAN of multiple bases can be easily made a single segment via Internet to realize base-to-base VPN.

    ...

    Example of base-to-base connection by SoftEther VPN.

    ...

    Computer-to-computer VPN.

    ...

    Remote access VPN.

    ...

    Base-to-base VPN of ordinary scale.

    ...

    Base-to-base VPN of large scale.