Geekly Articles each Day
📜 ⬆️ ⬇️

All IPv6 Tunneling Technologies in Clear Language

Hurray-hurray, the IPv6 hub has appeared!
In this article, I would like to consider all the current ways of tunneling IPv6 through the ready-made IPv4 infrastructure described in RFC 7059 . One of the few RFCs written in plain human language, by the way.
Are you still in doubt if you need IPv6?
But that is not all. Imagine a situation where you have a broken DHCP server, and you need to quickly go to a computer on this network. He does not get an IP address, you can not access it. Trouble However, if you just had IPv6 on - not even configured - then you can simply ping the magic address ff02 :: 1, get a response from this computer (since it will always have a link-local IPv6 address!) and go to him.

Well, okay, let's move on to tunneling.

6in4
One of the oldest methods of tunneling, invented already in 1996, is still very popular. Large tunnel brokers such as Hurricane Electric , gogo6 and SIXXS use it. It uses protocol 41 (do not confuse with the port!) And does not work through NAT. Supported by all modern OS out of the box.
')
6over4
In fact, 6over4 cannot be called a tunnel in the usual sense of the word. It uses IPv4 as a virtual ethernet for IPv6, for example, the multicast address ff02 :: 1 turns into an IPv4 multicast address 239.192.0.1. The protocol supports the generation of Link-Local addresses, Neighbor Discovery and is configured automatically. Due to the fact that all routers on the network must support Multicast, the protocol did not become popular. Support in modern OS is missing or limited.

6to4
6to4 will turn your IPv4 address into an IPv6 / 48 subnet. In fact, this is the same 6in4, but with a fixed anycast IPv4 address: 192.88.99.1. The protocol is fully auto-configurable, manual configuration is not possible. Easy to set up. The disadvantage is that your IPv4 address can be obtained from the IPv6 address, and that you cannot select the server through which tunneling takes place. In some cases, you generally won’t know who owns this server. Uses special prefix 2002 :: / 16. Does not work through NAT.

6rd
This protocol is based on 6to4, only intended for deployment inside a large organization or ISP. Does not use the prefix 2002 :: / 16, but uses the usual address range given to your provider. It can be automatically configured in different ways, the most popular is through DHCPv4 with a special parameter.

AYIYA
It stands for Anything In Anything, this protocol can encapsulate, actually, something into something. The protocol is invented by the SIXXS tunnel broker and is used by him. Currently, mainly IPv4-UDP-AYIYA-IPv6 is used. There is support for cheksumm and authorization. Works through NAT.

ISATAP
This protocol is somewhat similar to 6over4, but does not use Multicast. ISATAP does not support Multicast at all. IPv6 addresses are generated based on IPv4 addresses. It is assumed that the IPv4 address will be unique, therefore it does not work with NAT. Communication with ISATAP hosts is only possible if you also have ISATAP configured. Supported by modern OS.

Teredo
An extremely popular tunneling method that does not require special settings. On Windows (starting with Vista) it is configured and enabled by default, on Linux it rises in a few seconds using Miredo. You are required to specify the Teredo server (or use the default server), everything else is configured automatically. It works through NAT, however, with nuances (it depends on the type of NAT, and on the implementation on the side of the Teredo server).

6a44
The protocol is made under the influence of Teredo, but is intended for deployment by means of ISP. Similar to 6rd and 6to4, customers are given an IPv6 provider prefix, not a Teredo IPv6 prefix. It looks like it is not supported anywhere.

6bed4
Peer-to-Peer IPv6 on Any Internetwork. 6bed4 is designed to create a p2p IPv6 network within an IPv4 network that does not prohibit p2p connections between hosts. The protocol is a hybrid of 6to4 and Teredo: an IPv6 address is formed from an IPv4 and UDP port, if a p2p connection is not possible, a relay is used, which can be started by an ISP or simply by a third-party organization. It works through NAT, supports both autoconfiguration and manual configuration.

Lisp
The Locator / ID Separation Protocol aims to separate the dependence of the IPv6 address on the client’s location. Using this protocol, you can use your (suppose home) IPv6 address outside your network, without traffic proxying. By concept, similar to Proxy Mobile IPv6 . The protocol itself is rather complicated and using it exclusively for tunneling is rather silly. Does not work through NAT. Supported by Cisco, Linux and FreeBSD.

SEAL
Subnetwork Encapsulation and Adaptation Layer. A completely new protocol, draft appeared in October 2013. It supports several IPv4 links, and, accordingly, multihoming. There is an authentication and anti-replay mechanism. SEAL Control Message Protocol is used to exchange service data between hosts.

Nameplate


ProtocolTunnels to IPv4 addressIPv6 hosts per tunnelPublic IPv4NAT compatibilityP2PGateway belongs
6to4OneLotIs requiredNotGlobalISP or public
LispOneLotIs requiredNotCustomizableISP or Tunnel Broker
6rdOneLotNot requiredNotInside domainISP
6in4OneLotNot required**LimitedNotISP or Tunnel Broker
TeredoLotOneNot requiredYes*GlobalPublic relay
6bed4LotLotNot requiredYesGlobalISP, Tunnel Broker or public relay
6a44LotLotNot requiredYesInside domainISP
AYIYALotLotNot requiredYesNotISP or Tunnel Broker
SEALLotLotNot requiredYesCustomizableISP or Tunnel Broker

* limited support, with some types of NAT may not work
** external IPv4 is not required if the relay is ISP raised

Source: https://habr.com/ru/post/207562/

More articles:


All Articles