All clear IPv6 tunneling technologies

    Hooray, there is an IPv6 hub!
    In this article, I would like to consider all the relevant methods for tunneling IPv6 through the off-the-shelf IPv4 infrastructure described in RFC 7059 . One of the few RFCs written in understandable human language, by the way.
    Do you still doubt if you need IPv6?
    • All devices have a white IP. No NAT, No Port Forwarding
    • Faster download torrents at the expense of peers that have an IPv6 address, but with a "gray" IPv4.
    • In some cases, faster access to sites (YouTube via IPv6 does not slow down in the evenings)
    • Access to sites blocked in the Russian Federation with an IPv6 address (nnm-club, for example)
    But that is not all. Imagine a situation where your DHCP server has broken down and you need to go to a computer on this network faster. It does not receive an IP address, you cannot access it. Trouble. However, if you just had IPv6 turned on - not even configured - then you can just ping the magic address ff02 :: 1, get a response from this computer (because it will have a link-local IPv6 address anyway!) and go over it.

    Oh well, let's move on to tunneling.

    6in4
    One of the oldest tunneling methods, invented already in 1996, and is still very popular. Large tunnel brokers like Hurricane Electric , gogo6, and SIXXS use it. Uses protocol 41 (do not confuse with the port!) And does not work through NAT. Supported by all modern OS out of the box.

    6over4
    In fact, 6over4 cannot be called a tunnel in the usual sense of the word. It uses IPv4 as a virtual ethernet for IPv6, for example, the multicast address ff02 :: 1 becomes IPv4 multicast address 239.192.0.1. The protocol supports Link-Local address generation, Neighbor Discovery, and is configured automatically. Due to the fact that all routers on the network must support Multicast, the protocol has not become popular. Support in modern OS is missing or limited.

    6to4
    6to4 will turn your IPv4 address into an IPv6 / 48 subnet. In fact, this is the same 6in4, but with a fixed anycast IPv4 address: 192.88.99.1. The protocol is fully auto-configurable, manual configuration is not possible. Easy to set up. The downside is that your IPv4 address can be learned from the IPv6 address, and that you cannot select the server through which tunneling takes place. In some cases, you may not be able to find out to whom this server belongs. Uses the special prefix 2002 :: / 16. It does not work through NAT.

    6rd
    This protocol is based on 6to4 and is only intended for deployment within a large organization or ISP. It does not use the 2002 :: / 16 prefix, but uses the usual range of addresses given to your ISP. It can be automatically configured in different ways, the most popular one through DHCPv4 with a special parameter.

    Ayiya
    Decrypted as Anything In Anything, this protocol can encapsulate, in fact, something in anything. The protocol was invented by the SIXXS tunnel broker and is used by him. Currently, IPv4-UDP-AYIYA-IPv6 is mainly used. There is support for checksums and authorization. It works through NAT.

    ISATAP
    This protocol is somewhat similar to 6over4, but does not use Multicast. ISATAP does not support Multicast at all. IPv6 addresses are generated based on the IPv4 address. It is assumed that the IPv4 address will be unique, so it does not work with NAT. Communication with ISATAP hosts is only possible if you also have ISATAP configured. It is supported by modern OS.

    Teredo
    An extremely popular tunneling method that does not require special settings. On Windows (starting with Vista) it is configured and enabled by default, on Linux it rises in a few seconds using Miredo. You are required to specify a Teredo server (or use the default server), everything else is configured automatically. It works through NAT, however, with nuances (it depends on both the type of NAT and the implementation on the Teredo server side).

    6a44
    The protocol is made under the influence of Teredo, but is intended for deployment by means of ISP. Like 6rd and 6to4, clients are given the IPv6 prefix of the provider, not the IPv6 prefix Teredo. It seems like it’s not yet supported anywhere.

    6bed4
    Peer-to-Peer IPv6 on Any Internetwork. 6bed4 is designed to create a p2p IPv6 network inside an IPv4 network that does not prohibit p2p connections between hosts. The protocol is a hybrid of 6to4 and Teredo: an IPv6 address is formed from an IPv4 and UDP port, if a p2p connection is not possible, a relay is used, which can be started by ISP or just a third-party organization. It works through NAT, supports both auto-configuration and manual configuration.

    Lisp
    The Locator / ID Separation Protocol aims to separate the dependence of the IPv6 address on the location of the client. Using this protocol, you can use your (say, home) IPv6 address outside your network, without traffic proxying. In concept, similar to Proxy Mobile IPv6 . The protocol itself is quite complex and using it exclusively for tunneling is rather stupid. It does not work through NAT. Supported by Cisco, Linux, and FreeBSD.

    SEAL
    Subnetwork Encapsulation and Adaptation Layer. A very recent protocol, draft appeared in October 2013. It supports several IPv4 links, and, accordingly, multihoming. There is authentication and anti-replay mechanism. SEAL Control Message Protocol is used to exchange service data between hosts.

    Nameplate


    ProtocolTunnels to IPv4 AddressIPv6 hosts per tunnelPublic IPv4NAT CompatibilityP2PGateway owned
    6to4OneManyIs requiredNotGlobalISP or public
    LispOneManyIs requiredNotCustomizableISP or Tunnel Broker
    6rdOneManyNot requiredNotInside domainISP
    6in4OneManyNot required**LimitedNotISP or Tunnel Broker
    TeredoManyOneNot requiredYes*GlobalPublic relay
    6bed4ManyManyNot requiredYesGlobalISP, Tunnel Broker or Public Relay
    6a44ManyManyNot requiredYesInside domainISP
    AyiyaManyManyNot requiredYesNotISP or Tunnel Broker
    SEALManyManyNot requiredYesCustomizableISP or Tunnel Broker

    * Limited support, with some types of NAT may not work
    ** external IPv4 is not required if the relay raised ISP

    Also popular now: