IPv6 tunnel: GRE versus tunnel

Posted on 2013-12-24
Last Modified: 2014-01-08
I read a white paper on the explanation of IPv6 tunneling with GRE and ipv6-in-ipv4 tunnel and what I am trying to understand is the pros and cons of GRE and ipv6-to-ipv4 tunneling. Also, I see that you can also run the VPN tunnel. Can the experts elaborate on that? Thx
Question by:leblanc
  • 2
LVL 62

Accepted Solution

btan earned 500 total points
ID: 39738878
Actually most of the time ppl go for "Simpler" approach such as the manual tunnel configure to connect two “islands” of IPv6 separated by IPv4-only devices e.g. IPv4 encapsulate the IPv6 packet directly for tunneling across the v4 cloud. Or as you stated as "Ipv6 to ipv4 tunneling" or the common term used are manual tunnel or 6in4.

 Configured tunnels connect two systems in point-to-point fashion using protocol 41 encapsulation.  The configuration that the name of the mechanism alludes to consists of a remote "tunnel endpoint". This is the IPv4 address of the system on the other side of the tunnel.  When a system (potentially) has multiple IPv4 addresses, the local tunnel endpoint address may also need to be configured.

 The need to explicitly set up a configured tunnel makes them more difficult to deploy than automatic mechanisms.  However, because there is a fixed, single remote tunnel endpoint, performance is predictable and easy to debug.

 Configured tunnels are widely implemented.  Common operating systems can terminate  configured tunnels, as well as IPv6-capable routers and home gateways.  The mechanism is versatile, but is mostly used between isolated smaller IPv6-capable networks and the IPv6 internet, often through a "tunnel broker"

So then why do we even need this additional method that adds GRE encapsulation to the process? Well, most of the time, the answer leads to that this method is required within integrated IS-IS and IPv6 tunnel environments. If you plan on sending both IS-IS traffic and IPv6 traffic over the tunnel, you need the protocol field of the GRE header that allows identification of the passenger protocol.

The main benefit of GRE is that it can not only encapsulate IPv6 packets but any protocol.  The GRE header causes an extra overhead of 8 to 16 bytes depending on which options are used.  GRE sets the Protocol field in the IP header to 47.

 The GRE header can optionally contain a checksum, a key to separate different traffic flows (for example, different tunnels) between the same end points and a sequence number that can be used to prevent packets from being processed out of order.

this is good reading material for more details
LVL 62

Assisted Solution

btan earned 500 total points
ID: 39738879
There is a brief comparison table inside which is alluding to prev post too

Also can catch info specific on tunnel and VPN IPSec

Generic routing encapsulation (GRE) tunnels sometimes are combined with IPSec, because IPSec does not support IPv6 multicast packets. This function prevents dynamic routing protocols from running successfully over an IPSec VPN network. Because GRE tunnels do support IPv6 multicast , a dynamic routing protocol can be run over a GRE tunnel. Once a dynamic routing protocol is configured over a GRE tunnel, you can encrypt the GRE IPv6 multicast packets using IPSec.

IPSec can encrypt GRE packets using a crypto map or tunnel protection. Both methods specify that IPSec encryption is performed after GRE encapsulation is configured. When a crypto map is used, encryption is applied to the outbound physical interfaces for the GRE tunnel packets. When tunnel protection is used, encryption is configured on the GRE tunnel interface.

Likewise know about tunneling or encapsulation applies to all tunnels

Because of the extra IPv4 header and possible additional headers between the IPv4 and IPv6 headers, tunnels experience a reduced maximum packet size (MTU) compared to native IPv6 communication. Path MTU discovery (PMTUD) should handle this in nearly all cases, but filtering of ICMPv6 “packet too big” messages may lead to an inability to communicate because senders of large packets fail to perform PMTUD successfully.

The process of encapsulation is not inherently slow, but in some implementations, it may be. Larger routers that normally forward packets using special-purpose hardware often don’t have high-performance CPUs. If tunnel encapsulation must then be done by that relatively slow CPU, performance will be worse than regular hardware-based packet forwarding.

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now