Oct
17

For those of you that have been following the previous parts of this blog series (they are located in the IPv6 subcategory of the CCIE R&S category to the left), get ready for a major paradigm shift. So far, we have been experimenting with transition techniques (tunnels) that have focused on connecting remote “island” networks of IPv6 over an IPv4-only infrastructure. Now we are going to discuss a mechanism that was designed to help IPv4-only hosts communicate to other native IPv6 devices.

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is most recently specified in RFC 5214. Notice the topology below that we will use to detail the workings of this transition approach. This internal network has RouterB in place that is not IPv6 capable :-( . ISATAP provides a solution for the hosts behind this device! Dynamic tunneling will be done from these hosts to the ISATAP router (RouterA). Obviously, your job in the CCIE R&S Lab Exam might be to configure or troubleshoot this important device.

IPv6ISATAP

Here is how ISATAP actually works. The networks DNS server is updated with a well-known name entry of “ISATAP” that resolves to the IPv4 address used in the tunnel on the ISATAP router (RouterA). HostA initializes and notes that it has been configured with ISATAP capabilities for IPv6. HostA then sends a request to the DNS server for the address associated with “ISATAP”. DNS responds with the IPv4 address of the ISATAP router. HostA tunnels a router discovery packet (using an IPv6-in-IPv4 encapsulation approach) and sends this packet to the ISATAP router. RouterA responds with a router advertisement that includes the IPv6 prefix the host (HostA) should use. HostA takes this prefix and automatically constructs its own unique IPv6 address. It uses a reserved identifier for ISATAP (0:5efe) and its own IPv4 address to do this. Now the host is fully able to communicate beyond its local network using IPv6 and ISATAP.

One of the exciting things about the ISATAP soltuion is the fact that HostA will automatically transition to native IPv6 communications once the network is upgraded (in our case, once RouterB is replaced or upgraded). The minute HostA begins receiving unsolicited, native router advertisements, it ignores its ISATAP capabilities.

The configuration of the ISATAP router is very simple. Here is an example:

RouterA:
configure terminal
!
interface Tunnel 0
ip address 2001:80f0:4:300::/64 eui-64
no ipv6 nd suppress-ra
tunnel source 172.16.1.20
tunnel mode ipv6ip isatap

The prefix assigned to the tunnel interface is the prefix that will be assigned to hosts. Notice the no ipv6 nd suppress-ra command is required to ensure that router advertisements are sent over the tunnel to hosts. By default, these messages are not used on tunnel interfaces.

After setting the tunnel mode, your tunnel interface should launch. To verify that your tunnel has been assigned the appropriate ISATAP IPv6 address space, you can use show ipv6 interface brief as follows:

RouterA#show ipv6 interface brief
FastEthernet0/0            [up/up]
FastEthernet0/1            [administratively down/down]
Tunnel0                    [up/up]
 FE80::5EFE:AC10:114
 2001:80F0:4:300:0:5EFE:AC10:114

Awesome! We will investigate another transition option in the next part of this series. Thanks for tuning in! If you want more training targeted at this subject, check out any CCIE R&S product! You should have your Tier 1 understanding of this feature now, so you should target Tier 2 or Tier 3 products. Tier 2 would be workbook practice, while Tier 3 would be Poly-labs or Graded Mock Labs.


You can leave a response, or trackback from your own site.

5 Responses to “IPv6 Transition Mechanisms Part 4: ISATAP Tunnels”

 
  1. gtex99 says:

    Hi-
    You mentioned in the comments following Part 3 that you had not found a way to convert the ipv4 address to hex other than the manual calculation. I guess if one was really not confident about the manual conversion he could configure a quick dummy tunnel interface like

    interface Tunnel28
    ipv6 address 1::1/64
    tunnel source 192.63.33.17
    tunnel mode ipv6ip isatap

    then
    Router#sh ipv6 int br
    Tunnel28 [up/up]
    FE80::5EFE:C03F:2111
    1::1

    and the part after the 5EFE is the tunnel source in hex.

    -gtex

  2. Paulo Roque says:

    Great series of post!

    I just want to add something …
    As of IOS 12.4(2)T, the command ‘ipv6 nd supress-ra’ was replaced by the new format ‘ipv6 nd ra supress’.

    Paulo Roque

  3. RP says:

    Thanks 4 the post !! It explains really well.

  4. saurabh says:

    something like this about MPLS that can be easy to understand……….

 

Leave a Reply

Categories

CCIE Bloggers