Table of contents
IPv4/IPv6 tunneling is a transition/co-existence mechanism that encapsulates packets from one protocol into the header of another protocol. This could be an IPv4 host and an IPv4 sender going through an IPv6 domain (IPv4>IPv6>IPv4) or an IPv6 host and an IPv6 sender going through an IPv4 domain (IPv6>IPv4>IPv6).
Use cases for Tunneling include:
- Allowing a connection across IPv4-only equipment.
- IPv6 islands are deployed in an organization that still has an IPv4 backbone.
- An organization wants to use IPv6 to connect to another IPv6 network through an IPv4 ISP.
- Slowing IPv6 deployment.
Tunneling should only be used when required. Of the three categories of transition/co-existence technologies Dual Stack should always be considered first. Second consideration should go to Translation. Tunneling should always be considered last and used sparingly.
Disadvantages with Tunneling include:
- Poor scalability
- Overall Performace
- Lack of Multicast Support (Only GRE supports Multicast)
Ideally, network designs should be scalable. The entry point and exit point of a tunnel is seen as one hop regardless of how many devices are in between. Any hierarchy between the termination points of the tunnel is flattened by the tunnel.
Tunneling can be demanding on network resources. Every packet needs to be encapsulated and decapsulated. Packets may also need to be fragmented by the entry point device and then re-sequenced and de-fragmented by the exit point device.Since Tunneling is often used to delay the upgrade of legacy IPv4 technology, it’s possible that the additional workload can cause a significant problem with performance. This should be given consideration before deployment.
Lack of Multicast Support
One of the major objectives for IPv6 was to eliminate Broadcasts and to use Multicasts. Only Generic Routing Encapsulation supports multicast. Otherwise, multicast can not be used. Remember, in IPv6 many technologies use multicast (i.e. routing protocols).
Let’s take a look at an example where a host in an IPv6 network wants to connect to an IPv6 server through an IPv4 only ISP:
Host 1 sends an IPv6 packet to its Default Gateway, R1. R1 is also the entry point for the IPv4 tunnel that connects to the ISP.
When the IPv6 packet reaches R1 (tunnel entry point):
- The IPv6 Hop Limit is decremented by one.
- A frame is created with an IPv4 header.
- The IPv6 packet is encapsulated into the IPv4 packet.
- If the IPv4 packet exceeds the MTU, it will be fragmented
- The IPv4 packet(s) are then sent through the tunnel to R2 (tunnel exit point). Any number of devices may exist within the tunnel itself.
Some notes on encapsulation and fragmentation:
If the IPv4 packet exceeds the Maximum Transmission Unit, it will be fragmented. Note in the diagram above, an encapsulated IPv6 packet is larger than the original IPv6 packet because of the added IPv4 header. This may be important to consider when setting the MTU size. Remember that for every packet that is encapsulated and fragmented, it needs to be re-assembled and de-capsulated on the other side. This could lead to poor performance, as stated above.
Pro Tip: Note that a host configured as a tunnel entry point must support fragmentation.
When the IPv4 packet reaches the exit point: