ISATAP- Intra-Site Automatic Tunnel Addressing Protocol
ISATAP is a mechanism that allows to deploy IPv6 over existing IPv4 infrastructure. ISATAP connects dual-stack nodes over IPv4 networks. ISATAP views the IPv4 network as a link-layer for IPv6 and supports automatic tunneling similar to NBMA model. IPv6 packets are encapsulated with an IPv4 header.
With ISATAP, an entire IPv4 network emulates a single IPv6 subnet to a set of ISATAP hosts. This allows all ISATAP nodes to automatically tunnel to each other for IPv6 connectivity.
In ISATAP, the IPv4 address (private or public) is stored as part of the IPv6 address. The ISATAP format is as follows-
64-bit_Unicast_Prefix: 0: 5EFE: d.d.d.d
- 64-bit Unicast Prefix¬†can be link-local, site-local or global unicast address prefix.
- d.d.d.d¬†is the private or public IPv4 address of the host.
An example of a link-local ISATAP address is¬†FE80::5EFE:172.16.10.2
ISATAP nodes communicate by tunneling IPv6 packets within IPv4 header. The sending ISATAP nodes automatically performs the encapsulation for each packet as it is sent. The sending ISATAP node determines the tunnel endpoint- the destination address in the IPv4 header of the tunneled packet- from the last 32-bits of the next-hop address corresponding to the IPv6 destination address. For traffic to ISATAP hosts that are on the same logical ISATAP subnet, the IPv4 address of the tunnel endpoint is the last 32-bits of the destination IPv6 address. However, for traffic to ISATAP hosts that are NOT on the same logical ISATAP subnet, the IPv4 address of the tunnel endpoint is the last 32-bits of the next-hop ISATAP address corresponding to the ISATAP router.
The IPv6 packet is encapsulated in the payload of an IPv4 packet. This is indicated by setting the Protocol field in the IPv4 header to decimal value 41 (or 0x29 in hexadecimal).
Functions of ISATAP Router:
An ISATAP router does the following-
- Advertise subnet prefix information to ISATAP hosts for additional ISATAP address configuration.
- Optionally advertise a default-route to ISATAP hosts so that they can exchange traffic with other hosts in the same logical ISATAP subnet or in native IPv6 subnets. The next-hop address of the default-route is the link-local address of the ISATAP router.
How does an ISATAP host determine the ISATAP Router?
A host running Windows Server 2003/XP (SP2)/Vista by default determines the IPv4 address of the ISATAP router by attempting to resolve the name “ISATAP” using following name resolution techniques-
- Check the local host name
- Check the DNS client resolver cache, which includes the entries in the¬†Hosts¬†file present in¬†SystemRoot/System32/drivers/etc¬†folder.
- Form the FQDN (Fully- Qualified Domain Name) and send DNS queries to DNS server. The Windows computer by default send the queries for FQDNisatap.example.microsoft.com¬†or¬†isatap.microsoft.com.
Once the name resolution is successful, the ISATAP host sends IPv4-encapsulated Router Solicitation (RS) messages to the ISATAP Router. The ISATAP router responds with a unicast IPv4-encapsulated Router Advertisement (RA) message. The RA message contains prefix information, and optionally, a default-route with itself as the next-hop.
Once the host obtains a proper IPv6 address, it is able to reach IPv6 domains through the ISATAP tunnel, while it can also reach IPv4 domains as normal.