6in4

Last updated June 16, 2024

6in4, sometimes referred to as SIT,^{[lower-alpha 1]} is an IPv6 transition mechanism for migrating from Internet Protocol version 4 (IPv4) to IPv6. It is a tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of RFC 4213. The IP protocol number for 6in4 is 41, per IANA reservation.^[1]

The 6in4 packet format consists of the IPv6 packet preceded by an IPv4 packet header. Thus, the encapsulation overhead is the size of the IPv4 header of 20 bytes. On Ethernet with a maximum transmission unit (MTU) of 1500 bytes, IPv6 packets of 1480 bytes may therefore be transmitted without fragmentation.

6in4 tunneling is also referred to as proto-41 static because the endpoints are configured statically. Although 6in4 tunnels are generally manually configured, the utility AICCU can configure tunnel parameters automatically after retrieving information from a Tunnel Information and Control Protocol (TIC) server.

The similarly named methods 6to4 or 6over4 describe a different mechanism. The 6to4 method also makes use of proto-41, but the endpoint IPv4 address information is derived from the IPv6 addresses within the IPv6 packet header, instead of from static configuration of the endpoints.

Network address translators

When an endpoint of a 6in4 tunnel is inside a network that uses network address translation (NAT) to external networks, the DMZ feature of a NAT router may be used to enable the service.^{[ citation needed ]} Some NAT devices automatically permit transparent operation of 6in4.

Dynamic 6in4 tunnels and heartbeat

Even though 6in4 tunnels are static in nature, with the help of for example the heartbeat protocol^[2] one can still have dynamic tunnel endpoints. The heartbeat protocol signals the other side of the tunnel with its current endpoint location. A tool such as AICCU can then update the endpoints, in effect making the endpoint dynamic while still using the 6in4 protocol. Tunnels of this kind are generally called 'proto-41 heartbeat' tunnels.

Security issues

The 6in4 protocol has no security features, thus one can inject IPv6 packets by spoofing the source IPv4 address of a tunnel endpoint and sending it to the other endpoint. This problem can partially be solved by implementing network ingress filtering (not near the exit point but close to the true source) or with IPsec.

The mentioned packet injection loophole of 6in4 was exploited for a research benefit in a method called IPv6 Tunnel Discovery^[3] which allowed the researchers to discover operating IPv6 tunnels around the world.

Specifications

RFC 1933, Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 1996
RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 2000
RFC 4213, Basic Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 2005

Notes

↑ SIT, which stands for Simple Internet Transition, is an earlier name that can be seen in late 1994 drafts of the IPv6 transition mechanisms. The term was dropped in newer drafts but some systems still use it to refer to the tunneling mechanism, particularly Linux. SIT is not to be confused with SIIT, which is a translation mechanism.

Related Research Articles

Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

In computer networking, the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction. The MTU relates to, but is not identical to the maximum frame size that can be transported on the data link layer, e.g., Ethernet frame.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host.

6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6) and a system that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks.

Mobile IP is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile device users to move from one network to another while maintaining a permanent IP address. Mobile IP for IPv4 is described in IETF RFC 5944, and extensions are defined in IETF RFC 4721. Mobile IPv6, the IP mobility implementation for the next generation of the Internet Protocol, IPv6, is described in RFC 6275.

In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. Unlike similar protocols such as 6to4, it can perform its function even from behind network address translation (NAT) devices such as home routers.

An IP tunnel is an Internet Protocol (IP) network communications channel between two networks. It is used to transport another network protocol by encapsulation of its packets.

In the context of computer networking, a tunnel broker is a service which provides a network tunnel. These tunnels can provide encapsulated connectivity over existing infrastructure to another infrastructure.

Anything In Anything (AYIYA) is a computer networking protocol for managing IP tunneling protocols in use between separated Internet Protocol networks. It is most often used to provide IPv6 transit over an IPv4 network link when network address translation masquerades a private network with a single IP address that may change frequently because of DHCP provisioning by Internet service providers.

In computer networking, Internet Protocol Control Protocol (IPCP) is a Network Control Protocol (NCP) for establishing and configuring Internet Protocol over a Point-to-Point Protocol link. IPCP is responsible for configuring the IP addresses as well as for enabling and disabling the IP protocol modules on both ends of the point-to-point link. IPCP uses the same packet exchange mechanism as the Link Control Protocol. IPCP packets may not be exchanged until PPP has reached the Network-Layer Protocol phase, and any IPCP packets received before this phase is reached should be silently discarded. IPCP has the NCP protocol code number 0x8021.

In computer networking, the Tunnel Setup Protocol (TSP) is an experimental networking control protocol used to negotiate IP tunnel setup parameters between a tunnel client host and a tunnel broker server, the tunnel end-points. A major use of TSP is in IPv6 transition mechanisms.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

IPv4 Residual Deployment (4rd) is an IPv6 transition mechanism for Internet service providers for deployment of Internet Protocol version 6 (IPv6), while maintaining IPv4 service to customers. The protocol and sample applications are specified in RFC 7600.

References

↑ "Protocol Numbers".
↑ Heartbeat Protocol, J. Massar and P. van Pelt
↑ IPv6 Tunnel Discovery, L. Colitti, G. Di Battista, and M. Patrignani

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] SIT, which stands for Simple Internet Transition, is an earlier name that can be seen in late 1994 drafts of the IPv6 transition mechanisms. The term was dropped in newer drafts but some systems still use it to refer to the tunneling mechanism, particularly Linux. SIT is not to be confused with SIIT, which is a translation mechanism.

[2] "Protocol Numbers".

[heartbeat-3] Heartbeat Protocol, J. Massar and P. van Pelt

[tundisco-4] IPv6 Tunnel Discovery, L. Colitti, G. Di Battista, and M. Patrignani

[lower-alpha 1]

[1]

[2]

[3]