Ipv6 ISATAP tunneling


OVERVIEW

Comparing with other tunneling techniques like 6to4, ISATAP (Intra-site Automatic Tunnel Addressing Protocol) tunneling builds a tunnel for transport of IPv6 traffic over IPv4 within an IPv4 network, not between IPv6 networks.

ISATAP treats IPv4 network as NBMA and determines the destination on a per packet-basis (point-to-multipoint).

There is two ISATAP node behaviors, client and server : Each client builds a static tunnel to the server and requests an IPv6 address. The server (dedicated router or Windows any *nix server) with ipv6 functionalities enabled, will advertise IPv6 network information and allow IPv6 nodes to configure their applications as they were connected to an Ethernet interface.

In this Lab a server 2003 is configured as a ISATAP client node and a Cisco Router as an advertiser, ISATAP server.

The client ISATAP configuration is also applicable to windows XP workstations as well.

ISATAP address scheme is developed as follow:

64-bit link-local or global unicast prefix + 0000:5EFE + <IPv4 of ISATAP link>

0000:5EFE == the ISATAP identifier.

DEPLOYMENT

ISATAP router configuration:


Router Ethernet interface should be configured to communicate with all nodes that want to communicate in IPv4.

interface FastEthernet0/0
ip address 192.168.43.103 255.255.255.0
no sh
ISATAP-srv#
ISATAP-srv#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.43.103 YES manual up up

Tunnel0 unassigned YES unset up up

ISATAP-srv#ping 192.168.43.104

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.43.104, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/22/40 ms

ISATAP-srv#

The interface is up and the ipv4 address connectivity is verified, this allows the communication between IPv6 nodes and the router to automatically configure their ISATAP information.

On the tunnel interface, IPv6 RA (router advertisement) is disabled by default and need to be re-enabled, also the ISATAP is specified under IPv6 over ipv4 tunnel mode.

ipv6 unicast-routing
interface Tunnel0
ipv6 address 2001:DB8:2:1::/64 eui-64
no ipv6 nd suppress-ra
tunnel source FastEthernet0/0

tunnel mode ipv6ip isatap

no sh

IPv6 information are correctly configured and verified:

ISATAP-srv#sh ipv6 int brief
FastEthernet0/0 [up/up]
 Tunnel0 [up/up]

FE80::5EFE:C0A8:2B67

2001:DB8:2:1:0:5EFE:C0A8:2B67

ISATAP-srv#

ISATAP node configuration:

First of all ipv6 protocol must be enabled on windows server 2003 /XP, then within “netsh”  ISATAP ipv6 mode must be specified.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\>netsh interface ipv6 isatap set router \\192.168.43.103
Ok.
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : mngmnt
Primary Dns Suffix . . . . . . . : nouri.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nouri.com

Ethernet adapter loopback:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Loopback Adapter

Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.43.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::4cff:fe4f:4f50%6

Default Gateway . . . . . . . . . : 192.168.43.103

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-2B-68

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.43.104%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

C:\>

ISATAP router and ipv6 node are communicating with success as the node is reached through its dynamically configured address:

ISATAP-srv#ping ipv6 fe80::5efe:c0a8:2b68
Output Interface: tunnel 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::5EFE:C0A8:2B68, timeout is 2 seconds:
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/33/44 ms

ISATAP-srv#

Figure2: IPv6 traffic capture

ROUTER CONFIGURATION

Router ISATAP-srv configuration:

ISATAP-srv#sh run
ipv6 unicast-routing
interface Tunnel0

ipv6 address 2001:DB8:2:1::/64 eui-64

no ipv6 nd suppress-ra

tunnel source FastEthernet0/0

tunnel mode ipv6ip isatap
!
interface FastEthernet0/0
ip address 192.168.43.103 255.255.255.0
%d bloggers like this: