IPv6-in-IPv4 tunnel discovery: methods and experimental results

Tunnels are widely used to improve security and to expand networks without having to deploy native infrastructure. They play an important role in the migration to IPv6, which relies on IPv6-in-IPv4 tunnels where native connectivity is not available. However, tunnels offer lower performance and are less reliable than native links. In this paper we introduce a number of techniques to detect, and collect information about, IPv6- in-IPv4 tunnels, and show how a known tunnel can be used as a “vantage point” to launch third-party tunnel-discovery explorations, scaling up the discovery process. We describe our Tunneltrace tool, which implements the proposed techniques, and validate them by means of a wide experimentation on the 6bone tunneled network, on native networks in Italy, the Netherlands, and Japan, and through the test boxes deployed worldwide by the RIPE NCC as part of the Test Traffic Measurements Service. We assess to what extent 6bone registry information is coherent with the actual network topology, and we provide the first experimental results on the current distribution of IPv6-in-IPv4 tunnels in the Internet, showing that even “native” networks reach more than 60 percent of all IPv6 prefixes through tunnels. Furthermore, we provide historical data on the migration to native IPv6, showing that the impact of tunnels in the IPv6 Internet did not significantly decrease over a six-month period. Finally, we briefly touch on the security issues posed by IPv6-in-IPv4 tunnels, discussing possible threats and countermeasures. -