Solved

IPv6 tunnel: GRE versus tunnel

Posted on 2013-12-24
2
508 Views
Last Modified: 2014-01-08
I read a white paper on the explanation of IPv6 tunneling with GRE and ipv6-in-ipv4 tunnel and what I am trying to understand is the pros and cons of GRE and ipv6-to-ipv4 tunneling. Also, I see that you can also run the VPN tunnel. Can the experts elaborate on that? Thx
0
Comment
Question by:leblanc
  • 2
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39738878
Actually most of the time ppl go for "Simpler" approach such as the manual tunnel configure to connect two “islands” of IPv6 separated by IPv4-only devices e.g. IPv4 encapsulate the IPv6 packet directly for tunneling across the v4 cloud. Or as you stated as "Ipv6 to ipv4 tunneling" or the common term used are manual tunnel or 6in4.

 Configured tunnels connect two systems in point-to-point fashion using protocol 41 encapsulation.  The configuration that the name of the mechanism alludes to consists of a remote "tunnel endpoint". This is the IPv4 address of the system on the other side of the tunnel.  When a system (potentially) has multiple IPv4 addresses, the local tunnel endpoint address may also need to be configured.

 The need to explicitly set up a configured tunnel makes them more difficult to deploy than automatic mechanisms.  However, because there is a fixed, single remote tunnel endpoint, performance is predictable and easy to debug.

 Configured tunnels are widely implemented.  Common operating systems can terminate  configured tunnels, as well as IPv6-capable routers and home gateways.  The mechanism is versatile, but is mostly used between isolated smaller IPv6-capable networks and the IPv6 internet, often through a "tunnel broker"

So then why do we even need this additional method that adds GRE encapsulation to the process? Well, most of the time, the answer leads to that this method is required within integrated IS-IS and IPv6 tunnel environments. If you plan on sending both IS-IS traffic and IPv6 traffic over the tunnel, you need the protocol field of the GRE header that allows identification of the passenger protocol.

The main benefit of GRE is that it can not only encapsulate IPv6 packets but any protocol.  The GRE header causes an extra overhead of 8 to 16 bytes depending on which options are used.  GRE sets the Protocol field in the IP header to 47.

 The GRE header can optionally contain a checksum, a key to separate different traffic flows (for example, different tunnels) between the same end points and a sequence number that can be used to prevent packets from being processed out of order.

this is good reading material for more details
http://tools.ietf.org/search/draft-steffann-tunnels-03
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points
ID: 39738879
There is a brief comparison table inside which is alluding to prev post too
http://www.cisco.com/en/US/docs/ios-xml/ios/interface/configuration/15-sy/ip6-ip4-gre-tunls.html#GUID-3BF8B0C1-2B20-46D0-A53D-4F320B5B67C7

Also can catch info specific on tunnel and VPN IPSec

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-ipv6-ipv4-gre.html

Generic routing encapsulation (GRE) tunnels sometimes are combined with IPSec, because IPSec does not support IPv6 multicast packets. This function prevents dynamic routing protocols from running successfully over an IPSec VPN network. Because GRE tunnels do support IPv6 multicast , a dynamic routing protocol can be run over a GRE tunnel. Once a dynamic routing protocol is configured over a GRE tunnel, you can encrypt the GRE IPv6 multicast packets using IPSec.

IPSec can encrypt GRE packets using a crypto map or tunnel protection. Both methods specify that IPSec encryption is performed after GRE encapsulation is configured. When a crypto map is used, encryption is applied to the outbound physical interfaces for the GRE tunnel packets. When tunnel protection is used, encryption is configured on the GRE tunnel interface.


Likewise know about tunneling or encapsulation applies to all tunnels

Because of the extra IPv4 header and possible additional headers between the IPv4 and IPv6 headers, tunnels experience a reduced maximum packet size (MTU) compared to native IPv6 communication. Path MTU discovery (PMTUD) should handle this in nearly all cases, but filtering of ICMPv6 “packet too big” messages may lead to an inability to communicate because senders of large packets fail to perform PMTUD successfully.

The process of encapsulation is not inherently slow, but in some implementations, it may be. Larger routers that normally forward packets using special-purpose hardware often don’t have high-performance CPUs. If tunnel encapsulation must then be done by that relatively slow CPU, performance will be worse than regular hardware-based packet forwarding.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now