6in4

6in4, sometimes referred to as SIT, is an IPv6 transition mechanism for migrating from Internet Protocol version 4 (IPv4) to IPv6. It is a tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of. The IP protocol number for 6in4 is 41, per IANA reservation.

The 6in4 packet format consists of the IPv6 packet preceded by an IPv4 packet header. Thus, the encapsulation overhead is the size of the IPv4 header of 20 bytes. On Ethernet with a maximum transmission unit (MTU) of 1500 bytes, IPv6 packets of 1480 bytes may therefore be transmitted without fragmentation.

6in4 tunneling is also referred to as proto-41 static because the endpoints are configured statically. Although 6in4 tunnels are generally manually configured, the utility AICCU can configure tunnel parameters automatically after retrieving information from a Tunnel Information and Control Protocol (TIC) server.

The similarly named methods 6to4 or 6over4 describe a different mechanism. The 6to4 method also makes use of proto-41, but the endpoint IPv4 address information is derived from the IPv6 addresses within the IPv6 packet header, instead of from static configuration of the endpoints.

Network address translators
When an endpoint of a 6in4 tunnel is inside a network that uses network address translation (NAT) to external networks, the DMZ feature of a NAT router may be used to enable the service. Some NAT devices automatically permit transparent operation of 6in4.

Dynamic 6in4 tunnels and heartbeat
Even though 6in4 tunnels are static in nature, with the help of for example the heartbeat protocol one can still have dynamic tunnel endpoints. The heartbeat protocol signals the other side of the tunnel with its current endpoint location. A tool such as AICCU can then update the endpoints, in effect making the endpoint dynamic while still using the 6in4 protocol. Tunnels of this kind are generally called 'proto-41 heartbeat' tunnels.

Security issues
The 6in4 protocol has no security features, thus one can inject IPv6 packets by spoofing the source IPv4 address of a tunnel endpoint and sending it to the other endpoint. This problem can partially be solved by implementing network ingress filtering (not near the exit point but close to the true source) or with IPsec.

The mentioned packet injection loophole of 6in4 was exploited for a research benefit in a method called IPv6 Tunnel Discovery which allowed the researchers to discover operating IPv6 tunnels around the world.

Specifications

 * , Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 1996
 * , Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 2000
 * , Basic Transition Mechanisms for IPv6 Hosts and Routers, R. Gilligan and E. Nordmark, 2005