IPv6 tunnel: GRE versus tunnel

Posted on 2013-12-24
Last Modified: 2014-01-08
I read a white paper on the explanation of IPv6 tunneling with GRE and ipv6-in-ipv4 tunnel and what I am trying to understand is the pros and cons of GRE and ipv6-to-ipv4 tunneling. Also, I see that you can also run the VPN tunnel. Can the experts elaborate on that? Thx
Question by:leblanc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 64

Accepted Solution

btan earned 500 total points
ID: 39738878
Actually most of the time ppl go for "Simpler" approach such as the manual tunnel configure to connect two “islands” of IPv6 separated by IPv4-only devices e.g. IPv4 encapsulate the IPv6 packet directly for tunneling across the v4 cloud. Or as you stated as "Ipv6 to ipv4 tunneling" or the common term used are manual tunnel or 6in4.

 Configured tunnels connect two systems in point-to-point fashion using protocol 41 encapsulation.  The configuration that the name of the mechanism alludes to consists of a remote "tunnel endpoint". This is the IPv4 address of the system on the other side of the tunnel.  When a system (potentially) has multiple IPv4 addresses, the local tunnel endpoint address may also need to be configured.

 The need to explicitly set up a configured tunnel makes them more difficult to deploy than automatic mechanisms.  However, because there is a fixed, single remote tunnel endpoint, performance is predictable and easy to debug.

 Configured tunnels are widely implemented.  Common operating systems can terminate  configured tunnels, as well as IPv6-capable routers and home gateways.  The mechanism is versatile, but is mostly used between isolated smaller IPv6-capable networks and the IPv6 internet, often through a "tunnel broker"

So then why do we even need this additional method that adds GRE encapsulation to the process? Well, most of the time, the answer leads to that this method is required within integrated IS-IS and IPv6 tunnel environments. If you plan on sending both IS-IS traffic and IPv6 traffic over the tunnel, you need the protocol field of the GRE header that allows identification of the passenger protocol.

The main benefit of GRE is that it can not only encapsulate IPv6 packets but any protocol.  The GRE header causes an extra overhead of 8 to 16 bytes depending on which options are used.  GRE sets the Protocol field in the IP header to 47.

 The GRE header can optionally contain a checksum, a key to separate different traffic flows (for example, different tunnels) between the same end points and a sequence number that can be used to prevent packets from being processed out of order.

this is good reading material for more details
LVL 64

Assisted Solution

btan earned 500 total points
ID: 39738879
There is a brief comparison table inside which is alluding to prev post too

Also can catch info specific on tunnel and VPN IPSec

Generic routing encapsulation (GRE) tunnels sometimes are combined with IPSec, because IPSec does not support IPv6 multicast packets. This function prevents dynamic routing protocols from running successfully over an IPSec VPN network. Because GRE tunnels do support IPv6 multicast , a dynamic routing protocol can be run over a GRE tunnel. Once a dynamic routing protocol is configured over a GRE tunnel, you can encrypt the GRE IPv6 multicast packets using IPSec.

IPSec can encrypt GRE packets using a crypto map or tunnel protection. Both methods specify that IPSec encryption is performed after GRE encapsulation is configured. When a crypto map is used, encryption is applied to the outbound physical interfaces for the GRE tunnel packets. When tunnel protection is used, encryption is configured on the GRE tunnel interface.

Likewise know about tunneling or encapsulation applies to all tunnels

Because of the extra IPv4 header and possible additional headers between the IPv4 and IPv6 headers, tunnels experience a reduced maximum packet size (MTU) compared to native IPv6 communication. Path MTU discovery (PMTUD) should handle this in nearly all cases, but filtering of ICMPv6 “packet too big” messages may lead to an inability to communicate because senders of large packets fail to perform PMTUD successfully.

The process of encapsulation is not inherently slow, but in some implementations, it may be. Larger routers that normally forward packets using special-purpose hardware often don’t have high-performance CPUs. If tunnel encapsulation must then be done by that relatively slow CPU, performance will be worse than regular hardware-based packet forwarding.

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question