• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

6in4 vs 4in6

Started by evantkh, January 27, 2015, 06:54:41 AM

Previous topic - Next topic

evantkh

Are the two protocols the same? Just reversing the uses?

In fact, can sit tunnels be used to make virtual dual stack lines which are layer 3 transparent over either IPv4 and IPv6 network?

cholzhauer


broquea

#2
Not the same protocol, but definitely similar and inverse usage. http://en.wikipedia.org/wiki/4in6

I'd be wary of making a tunnel turducken though (native ipv4 + 6in4 over that + 4in6 over 6in4 tunnel). The overhead might make the throughput a Bad Experience.

evantkh

#3
Quote from: broquea on January 27, 2015, 09:00:30 AM
Not the same protocol, but definitely similar and inverse usage. http://en.wikipedia.org/wiki/4in6

I'd be wary of making a tunnel turducken though (native ipv4 + 6in4 over that + 4in6 over 6in4 tunnel). The overhead might make the throughput a Bad Experience.

Do you mean I cannot use either protocol to transmit duak stack packets inside? I mean transmitting both IPv6 and IPv4 through a single tunnel without building another tunnel over it.

broquea

#4
You can, I simply recommended against it, since the overhead of each tunnel has overhead. 6in4 has 20 bytes, taking 1500 down to 1480. if that goes over pppoe, thats another 8 bytes, taking that 6in4 down to 1472. then if you try and run a 4in6 over that 1472 sized 6in4 tunnel, you have to subtract the overhead for that tunnel, to get your new largest size that can transition that 4in6-6in4 tunnel.

If you've got native ipv4, and are using a 6in4 tunnel to access ipv6, why would you tunnel ipv4 over a ipv6 tunnel when you have native? At that point why not run an IPv4 GRE tunnel from your same machine to that far side, and skip making a tunnel-in-tunnel headache with lowered mtu sizes? Or openVPN between sites, and dualstack the ovpn tunnel?

evantkh

#5
Quote from: broquea on January 27, 2015, 04:03:11 PM
You can, I simply recommended against it, since the overhead of each tunnel has overhead. 6in4 has 20 bytes, taking 1500 down to 1480. if that goes over pppoe, thats another 8 bytes, taking that 6in4 down to 1472. then if you try and run a 4in6 over that 1472 sized 6in4 tunnel, you have to subtract the overhead for that tunnel, to get your new largest size that can transition that 4in6-6in4 tunnel.

If you've got native ipv4, and are using a 6in4 tunnel to access ipv6, why would you tunnel ipv4 over a ipv6 tunnel when you have native? At that point why not run an IPv4 GRE tunnel from your same machine to that far side, and skip making a tunnel-in-tunnel headache with lowered mtu sizes? Or openVPN between sites, and dualstack the ovpn tunnel?

Maybe you misunderstand my meaning.
I mean can I do something like 6in4 and 4in4 over the same tunnel? Getting a dual stack and layer 3 transparent line with protocol 41.

broquea

uh, no. now think about why.

Your IPv6 tunnel is over IPv4. That is a Protocol 41 tunnel.

Now you want to tunnel IPv4 over IPV6. That is a whatever-protocol tunnel. it isn't a protocol 41 tunnel.

If your IPv6 is over a tunnel, how would you propose to NOT run a 4in6 tunnel over your tunneled IPv6 connection.

A sane solution, is terminate the 6in4 tunnel on some VPS somewhere, then set up OpenVPN on that server, to give OpenVPN clients both IPv4/IPv6, and forget you ever thought or considered 4in6.

evantkh

#7
Quote from: broquea on January 27, 2015, 09:26:09 PM
uh, no. now think about why.

Your IPv6 tunnel is over IPv4. That is a Protocol 41 tunnel.

Now you want to tunnel IPv4 over IPV6. That is a whatever-protocol tunnel. it isn't a protocol 41 tunnel.

If your IPv6 is over a tunnel, how would you propose to NOT run a 4in6 tunnel over your tunneled IPv6 connection.

A sane solution, is terminate the 6in4 tunnel on some VPS somewhere, then set up OpenVPN on that server, to give OpenVPN clients both IPv4/IPv6, and forget you ever thought or considered 4in6.

Encryption takes CPU resources, but MPLS/EVPLS is too expensive.

Finally, I tried adding IPv4 to the tunnel.

Take ip6tunnel as the 6in4 tunnel.
I tried the following command.
ifconfig ip6tunnel 192.168.10.0 pointopoint 192.168.10.1 netmask 255.255.255.254
Doing similar thing on the other endpoint.
Finally, the two IPv4 cannot connect to each other.
It seems that sit tunnel is only transparent to IPv6.

Actually, is there anyway to make the tunnel work for IPv4 also?

broquea

QuoteActually, is there anyway to make the tunnel work for IPv4 also?

the HE tunnel? no, not at all.

evantkh

Quote from: broquea on January 28, 2015, 12:39:30 AM
QuoteActually, is there anyway to make the tunnel work for IPv4 also?

the HE tunnel? no, not at all.

Not HE tunnel. It is a home-made tunnel.

broquea

then sure, use something like openvpn as the tunnel mechanism, and run that as dual-stack.

evantkh

Quote from: broquea on January 28, 2015, 12:47:12 AM
then sure, use something like openvpn as the tunnel mechanism, and run that as dual-stack.

Is there any protocol that can transmit packets as simple as 6in4/simply putting a smaller packet into a bigger packet but allow dual stack packets to pass through it?

broquea

nope. 2 stacks, single tunnel source/method? dual-stacked VPN solution. get crackin!

evantkh

Quote from: broquea on January 28, 2015, 04:23:30 AM
nope. 2 stacks, single tunnel source/method? dual-stacked VPN solution. get crackin!

Maybe openvpn is the only solution.

broquea

it certainly isn't a bad one!