More Internet traffic is expected to be carried via tunnels as the Internet infrastructure migrates from IPv4, the current version of the Internet protocol, to the long-anticipated upgrade known as IPv6.
IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports a virtually unlimited number of devices -- 2 to the 128th power.
The regional Internet registries said in April 2010 that less than 8% of IPv4 addresses remain unallocated. The remaining IPv4 addresses are expected to run out in 2011 or 2012.
Here are the basics you need to know about the most popular tunneling and encapsulation mechanisms that are available to help transition your network from IPv4 to IPv6.
IPv6 traffic statistics
As of March 2010, only 1% of Internet traffic was based on IPv6, according to Geoff Huston, Chief Scientist at APNIC.
Huston noted that the 90% of IPv6 traffic was native, while 10% was using a tunneling mechanism to carry IPv6 traffic over IPv4 links.
Of the various tunneling mechanisms, the so-called 6to4 technique appears to be gaining in popularity, while the alternative Teredo is becoming less common, Huston says.
"The number of folks doing 6to4 as a percentage of IPv6 folks is increasingly rapidly," Huston told the audience at an Internet Society IPv6 panel in Anaheim, Calif. "The number of folks doing Teredo is really low. I'm not sure we need it."
6to4 is a method of connecting IPv6 hosts or networks to each other over an IPv4 backbone. It doesn't require explicit tunnel set-up, and instead uses relay routers to forward encapsulated IPv6 packets over IPv4 links. It uses unicast to create point-to-point links over the IPv4 backbone for transmission.
6to4 is the method of choice for users or networks that want to connect to the IPv6 Internet using an IPv4 connection. It allows these users to communicate with other 6to4 users as well as users of native IPv6 connections.
One benefit of 6to4 is that it doesn't require configured tunnels. It can be implemented in border routers without a great deal of router configuration.
Hurricane Electric, the world's most interconnected IPv6 network, operates a global 6to4 relay service as well as a relay service for an alternative tunneling mechanism known as Teredo. Hurricane Electric said its IPv6 traffic doubled in 2009, thanks to the free IPv6 tunnel broker that it began providing in April 2009.
Jason Livingood, executive director of Internet Systems Engineering at Comcast, said in March 2010 that Comcast had seen a 500% increase in 6to4 traffic in the last 60 days.
6rd -- for IPv6 Rapid Deployment on IPv4 Infrastructure -- is a method of encapsulating IPv6 packets for transmission over IPv4 backbone networks. It was used by the French ISP Free to rapidly deploy IPv6 to its 1.5 million residential customers in 2007.
The 6rd approach requires customers to have home gateways/routers that can support 6rd and can do the encapsulation of IPv6 packets inside IPv4 and forward them across the Internet backbone. The ISP, in turn, operates 6rd gateways to handle the tunneled IPv6 traffic.
6rd is a modification of the 6to4 technique that allows ISPs to handle native IPv6 traffic headed towards their customers. The modifications allow ISPs to accept only tunneled IPv6 traffic that is headed towards their customers, and all of this traffic goes through 6rd gateways operated by the ISP.
6rd is one of the transition mechanisms that Comcast is testing as part of its ongoing public trial of IPv6.
Teredo is a tunneling protocol that provides IPv6 connectivity to users that are behind network-address translation (NAT) devices that support only IPv4. Teredo encapsulates IPv6 packets inside IPv4 packets for transversal across these IPv4-based NAT devices and the IPv4 backbone.
One supporter of Teredo is Microsoft, which ships Vista and Windows 7 with Teredo enabled by default.
Hurricane Electric began operating a worldwide Teredo relay service in 2009 that has given a boost to this tunneling technique. Hurricane Electric enabled 14 Teredo relays in Seattle, Fremont, Los Angeles, Chicago, Dallas, Toronto, New York, Ashburn, Miami, London, Paris, Amsterdam, Frankfurt and Hong Kong.
"Hurricane Electric's Teredo service significantly improved the IPv6 goodput for the average Internet end user over night," said Craig Labovitz, Chief Scientist of Arbor Networks in a blog post. "In particular, Microsoft Windows users got a big boost."
ISATAP refers to the Intra-Site Automatic Tunnel Addressing Protocol, which can encapsulate and transmit IPv6 packets over IPv4 networks or IPv4 packets over IPv4 networks. It is targeted at IPv6 deployment in enterprise networks.
ISATAP provides automatic encapsulation by using a virtual IPv6 overlay on top of an IPv4 network using IPv4 routers. Recently, ISATAP was enhanced to allow automatic IPv4-in-IPV4 encapsulation, which may be necessary for the co-existence of IPv4 and IPv6 in enterprise networks.
Several tunnel brokers have been developed along with a Tunnel Setup Protocol (TSP).
TSP allows IPv4 or IPv6 packets to be encapsulated and carried over IPv4, IPv6 or IPv4 NATs. TSP is used by the tunnel client to negotiate the tunnel with the tunnel broker, which can terminate the tunnel.
TSP sets up the tunnel parameters between a user and a server. It handles authentication, encapsulation, IP address assignment and DNS functionality. It creates static tunnels, rather than automated tunnels, which has some security advantages.
All of the popular IPv6 tunneling techniques for carrying IPv6 packets over IPv4 networks raise security concerns.
The problem with these tunneling mechanisms is that most networks have IPv6 traffic running over them that they can't see because it is disguised as IPv4 traffic. This exposes networks to IPv6-based attacks such as botnet command and control. Network operators need IPv6-aware firewalls, intrusion-detection systems and network management tools in order to have visibility into encapsulated IPv6 packets.
Read more about lans and wans in Network World's LANs & WANs section.
This story, "IPv6 tunnel basics" was originally published by Network World.