Go Premium for a chance to win a PS4. Enter to Win


IPv6 tunnel: GRE versus tunnel

Posted on 2013-12-24
Medium Priority
Last Modified: 2014-01-08
I read a white paper on the explanation of IPv6 tunneling with GRE and ipv6-in-ipv4 tunnel and what I am trying to understand is the pros and cons of GRE and ipv6-to-ipv4 tunneling. Also, I see that you can also run the VPN tunnel. Can the experts elaborate on that? Thx
Question by:leblanc
  • 2
LVL 65

Accepted Solution

btan earned 2000 total points
ID: 39738878
Actually most of the time ppl go for "Simpler" approach such as the manual tunnel configure to connect two “islands” of IPv6 separated by IPv4-only devices e.g. IPv4 encapsulate the IPv6 packet directly for tunneling across the v4 cloud. Or as you stated as "Ipv6 to ipv4 tunneling" or the common term used are manual tunnel or 6in4.

 Configured tunnels connect two systems in point-to-point fashion using protocol 41 encapsulation.  The configuration that the name of the mechanism alludes to consists of a remote "tunnel endpoint". This is the IPv4 address of the system on the other side of the tunnel.  When a system (potentially) has multiple IPv4 addresses, the local tunnel endpoint address may also need to be configured.

 The need to explicitly set up a configured tunnel makes them more difficult to deploy than automatic mechanisms.  However, because there is a fixed, single remote tunnel endpoint, performance is predictable and easy to debug.

 Configured tunnels are widely implemented.  Common operating systems can terminate  configured tunnels, as well as IPv6-capable routers and home gateways.  The mechanism is versatile, but is mostly used between isolated smaller IPv6-capable networks and the IPv6 internet, often through a "tunnel broker"

So then why do we even need this additional method that adds GRE encapsulation to the process? Well, most of the time, the answer leads to that this method is required within integrated IS-IS and IPv6 tunnel environments. If you plan on sending both IS-IS traffic and IPv6 traffic over the tunnel, you need the protocol field of the GRE header that allows identification of the passenger protocol.

The main benefit of GRE is that it can not only encapsulate IPv6 packets but any protocol.  The GRE header causes an extra overhead of 8 to 16 bytes depending on which options are used.  GRE sets the Protocol field in the IP header to 47.

 The GRE header can optionally contain a checksum, a key to separate different traffic flows (for example, different tunnels) between the same end points and a sequence number that can be used to prevent packets from being processed out of order.

this is good reading material for more details
LVL 65

Assisted Solution

btan earned 2000 total points
ID: 39738879
There is a brief comparison table inside which is alluding to prev post too

Also can catch info specific on tunnel and VPN IPSec


Generic routing encapsulation (GRE) tunnels sometimes are combined with IPSec, because IPSec does not support IPv6 multicast packets. This function prevents dynamic routing protocols from running successfully over an IPSec VPN network. Because GRE tunnels do support IPv6 multicast , a dynamic routing protocol can be run over a GRE tunnel. Once a dynamic routing protocol is configured over a GRE tunnel, you can encrypt the GRE IPv6 multicast packets using IPSec.

IPSec can encrypt GRE packets using a crypto map or tunnel protection. Both methods specify that IPSec encryption is performed after GRE encapsulation is configured. When a crypto map is used, encryption is applied to the outbound physical interfaces for the GRE tunnel packets. When tunnel protection is used, encryption is configured on the GRE tunnel interface.

Likewise know about tunneling or encapsulation applies to all tunnels

Because of the extra IPv4 header and possible additional headers between the IPv4 and IPv6 headers, tunnels experience a reduced maximum packet size (MTU) compared to native IPv6 communication. Path MTU discovery (PMTUD) should handle this in nearly all cases, but filtering of ICMPv6 “packet too big” messages may lead to an inability to communicate because senders of large packets fail to perform PMTUD successfully.

The process of encapsulation is not inherently slow, but in some implementations, it may be. Larger routers that normally forward packets using special-purpose hardware often don’t have high-performance CPUs. If tunnel encapsulation must then be done by that relatively slow CPU, performance will be worse than regular hardware-based packet forwarding.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question