6in4

6in4 is an Internet transition methodology for migrating from Internet Protocol (IP) version 4 (IPv4) to version 6 (IPv6). The term refers to the encapsulation of IPv6 traffic within explicitly-configured IPv4 tunnels as defined in RFC 2893 (Obsoletes RFC 1933). It is also referred to as 'proto-41 static', due to the IP protocol number it uses and the fact that endpoints are configured statically. One should not mistake this method for 6to4 or 6over4 which have similar names but are different.

6in4 puts an entire IPv6 packet directly behind the IPv4 packet header in which the 'protocol' field is set to value 41, which indicates IPv6-in-IPv4. As such 6in4 minimizes the encapsulation overhead to 20 bytes (IPv4 header size), as there is no additional layer in between. With an Ethernet maximum transmission unit (MTU) of 1500 bytes one can thus still send unfragmented IPv6 packets of 1480 bytes.

6in4 tunnels are generally manually configured, but for instance the utility AICCU can configure it automatically after retrieving the tunnel parameters are from a TIC server.

The method 6to4 makes use of proto-41 too, but instead of static configuration of the endpoints, the endpoint IPv4 address information is derived from the IPv6 addresses within the IPv6 packet header.

Network Address Translators (NAT)

When an endpoint of a 6in4 tunnel is behind a NAT, one can in some cases still make use of the DMZ feature of their NAT 'router'. The NAT 'router' will then forward all incoming proto-41 packets to the configured host, thus making the tunnel work. Some NAT devices even allow transparent operation of 6in4.

Dynamic 6in4 tunnels and heartbeat

Even though 6in4 tunnels are static in nature, with the help of a protocol like the heartbeat protocol [http://www.sixxs.net/tools/heartbeat/ Heartbeat Protocol] , J. Massar and P. van Pelt] one can still have dynamic tunnel endpoints. The heartbeat protocol signals the other side of the tunnel with its current endpoint location. A tool like AICCU can then update the endpoints, in effect making the endpoint dynamic while still using the 6in4 protocol. These kind of tunnels are generally called 'proto-41 heartbeat' tunnels.

ecurity Issues

The 6in4 protocol has no security features, thus one can easily inject IPv6 packets by spoofing the source IPv4 address of a tunnel endpoint and sending it to the other endpoint. This problem can partially be solved by implementing Network ingress filtering or with IPSEC. Another solution is to use a secure protocol like AYIYA or other tunneling methods that compute digital signatures for each packet thus facilitating verification of packet authenticity.

The mentioned packet injection loophole of 6in4 was exploited for a research benefit in a method called "IPv6 Tunnel Discovery" [http://www.dia.uniroma3.it/~compunet/tunneldiscovery IPv6 Tunnel Discovery] , L. Colitti, G. Di Battista, and M. Patrignani] which allowed the researchers to discover operating IPv6 tunnels around the world.

References

* RFC 1933, Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 1996

External links

* [http://www.sixxs.net/faq/connectivity/?faq=ossetup How do I configure my machine to setup an IPv6 in IPv4 tunnel]
* [http://wiki.debian.org/DebianIPv6 6in4 and other tunnel setups on Debian]
* [http://www.cs.bell-labs.com/magic/man2html/8/6in4 6in4 setup on Plan9 OS]