"Hurricane Electric's Teredo service significantly improved the IPv6 goodput for the average Internet end user over night," said Craig Labovitz, Chief Scientist of Arbor Networks in a blog post. "In particular, Microsoft Windows users got a big boost."
ISATAP refers to the Intra-Site Automatic Tunnel Addressing Protocol, which can encapsulate and transmit IPv6 packets over IPv4 networks or IPv4 packets over IPv4 networks. It is targeted at IPv6 deployment in enterprise networks.
ISATAP provides automatic encapsulation by using a virtual IPv6 overlay on top of an IPv4 network using IPv4 routers. Recently, ISATAP was enhanced to allow automatic IPv4-in-IPV4 encapsulation, which may be necessary for the co-existence of IPv4 and IPv6 in enterprise networks.
Several tunnel brokers have been developed along with a Tunnel Setup Protocol (TSP).
TSP allows IPv4 or IPv6 packets to be encapsulated and carried over IPv4, IPv6 or IPv4 NATs. TSP is used by the tunnel client to negotiate the tunnel with the tunnel broker, which can terminate the tunnel.
TSP sets up the tunnel parameters between a user and a server. It handles authentication, encapsulation, IP address assignment and DNS functionality. It creates static tunnels, rather than automated tunnels, which has some security advantages.
All of the popular IPv6 tunneling techniques for carrying IPv6 packets over IPv4 networks raise security concerns.
The problem with these tunneling mechanisms is that most networks have IPv6 traffic running over them that they can't see because it is disguised as IPv4 traffic. This exposes networks to IPv6-based attacks such as botnet command and control. Network operators need IPv6-aware firewalls, intrusion-detection systems and network management tools in order to have visibility into encapsulated IPv6 packets.
Read more about lans and wans in Network World's LANs & WANs section.