IPv6 tunnel: GRE versus tunnel

I read a white paper on the explanation of IPv6 tunneling with GRE and ipv6-in-ipv4 tunnel and what I am trying to understand is the pros and cons of GRE and ipv6-to-ipv4 tunneling. Also, I see that you can also run the VPN tunnel. Can the experts elaborate on that? Thx
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Actually most of the time ppl go for "Simpler" approach such as the manual tunnel configure to connect two “islands” of IPv6 separated by IPv4-only devices e.g. IPv4 encapsulate the IPv6 packet directly for tunneling across the v4 cloud. Or as you stated as "Ipv6 to ipv4 tunneling" or the common term used are manual tunnel or 6in4.

 Configured tunnels connect two systems in point-to-point fashion using protocol 41 encapsulation.  The configuration that the name of the mechanism alludes to consists of a remote "tunnel endpoint". This is the IPv4 address of the system on the other side of the tunnel.  When a system (potentially) has multiple IPv4 addresses, the local tunnel endpoint address may also need to be configured.

 The need to explicitly set up a configured tunnel makes them more difficult to deploy than automatic mechanisms.  However, because there is a fixed, single remote tunnel endpoint, performance is predictable and easy to debug.

 Configured tunnels are widely implemented.  Common operating systems can terminate  configured tunnels, as well as IPv6-capable routers and home gateways.  The mechanism is versatile, but is mostly used between isolated smaller IPv6-capable networks and the IPv6 internet, often through a "tunnel broker"

So then why do we even need this additional method that adds GRE encapsulation to the process? Well, most of the time, the answer leads to that this method is required within integrated IS-IS and IPv6 tunnel environments. If you plan on sending both IS-IS traffic and IPv6 traffic over the tunnel, you need the protocol field of the GRE header that allows identification of the passenger protocol.

The main benefit of GRE is that it can not only encapsulate IPv6 packets but any protocol.  The GRE header causes an extra overhead of 8 to 16 bytes depending on which options are used.  GRE sets the Protocol field in the IP header to 47.

 The GRE header can optionally contain a checksum, a key to separate different traffic flows (for example, different tunnels) between the same end points and a sequence number that can be used to prevent packets from being processed out of order.

this is good reading material for more details

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
There is a brief comparison table inside which is alluding to prev post too

Also can catch info specific on tunnel and VPN IPSec


Generic routing encapsulation (GRE) tunnels sometimes are combined with IPSec, because IPSec does not support IPv6 multicast packets. This function prevents dynamic routing protocols from running successfully over an IPSec VPN network. Because GRE tunnels do support IPv6 multicast , a dynamic routing protocol can be run over a GRE tunnel. Once a dynamic routing protocol is configured over a GRE tunnel, you can encrypt the GRE IPv6 multicast packets using IPSec.

IPSec can encrypt GRE packets using a crypto map or tunnel protection. Both methods specify that IPSec encryption is performed after GRE encapsulation is configured. When a crypto map is used, encryption is applied to the outbound physical interfaces for the GRE tunnel packets. When tunnel protection is used, encryption is configured on the GRE tunnel interface.

Likewise know about tunneling or encapsulation applies to all tunnels

Because of the extra IPv4 header and possible additional headers between the IPv4 and IPv6 headers, tunnels experience a reduced maximum packet size (MTU) compared to native IPv6 communication. Path MTU discovery (PMTUD) should handle this in nearly all cases, but filtering of ICMPv6 “packet too big” messages may lead to an inability to communicate because senders of large packets fail to perform PMTUD successfully.

The process of encapsulation is not inherently slow, but in some implementations, it may be. Larger routers that normally forward packets using special-purpose hardware often don’t have high-performance CPUs. If tunnel encapsulation must then be done by that relatively slow CPU, performance will be worse than regular hardware-based packet forwarding.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.