JOIN   IPv6 Reference Center   JOIN
Mainpage deutsch
Projects
6BONE
6WiN
6NET
Testtools
Documents
»RFCs and Internet-Drafts
»Search for RFCs and Internet-Drafts
»Howtos
»FAQs
»Slides
»Books
»Internet-Drafts
»RFCs
Implementations
Articles
Links
Services
Mailing Lists
Contact
Search:

ISATAP (Intra-Site Automatic Tunnel Access Protocol)

Copyright © 2003 by Tina Strauf and Christian Schild

0. Introduction

0.1 What is ISATAP?

ISATAP (draft-ietf-ngtrans-isatap-20.txt) is a transition mechanism which can be used within a site to connect isolated IPv6/IPv4-dualstack hosts to the IPv6 internet. It contains the word "automatic" in its name because once an ISATAP server/router has been set up only the clients must be configured to connect to it.

"0. Introduction"

0.2 ISATAP servers and clients

Within a site usually only one ISATAP router is needed. The host/router functioning as an ISATAP server should be dualstack and have a connection to the IPv6 internet in order for it to become a gateway for all clients in the ISATAP subnet it serves.

An ISATAP client using a certain server as gateway also needs a valid global-scope IPv6 prefix to build its address with. This prefix should therfore be advertised by the router which also needs to have this prefix routed to it from the outside. With ISATAP the length of this prefix has to be /64.

While an ISATAP subnet is really just an NBMA (Non Broadcast Multiple Access) area, real periodic Router Advertisements on the link don't make much sense as they wouldn't reach anyone. The link-local scope and addressing are also vaild with ISATAP though, so when a new client wants to connect to the server it can just go through the normal process of Router Solicitation/Discovery (RS/RD) and receive the advertised prefix from the router upon its request.

"0. Introduction"

0.3 ISATAP Addresses

ISATAP addresses have a special modified EUI-64 format:

<ISATAP prefix/64>:0:5efe:<IPv4 address in hex format>
The IPv4 address here refers to the address of the physical interfaced used for the tunnelling.

"0. Introduction"

0.4 Important Notice!

Please note that once an ISATAP router has been set up virtually every host (also outside the site) can connect to it as long as the IPv4 address of the server is known. One should therefore consider to configure IPv4 filtering rules as needed.

"0. Introduction"

0.5 ISATAP Implementations

We know of the following support for ISATAP on different platforms:

Platform Client Server JOIN-Howto Remarks
1. Linux (2.4) JA JA JA Included in the USAGI kernel patches.
2. BSD JA JA NEIN Since January 2003 included in the KAME-Patches, also a special patch for FreeBSD available. For now please refer to a Howto at KAME.
3. Cisco IOS NEIN JA JA Officially included in the ED-Releases 12.2(15)ZJ,12.2(15)T2, 12.2(14)SY, 12.2(14)SX1, 12.2(14)S2 and in the LD-Release 12.3(1).
4. Windows XP JA NEIN JA Howto available for Windows XP with SP1 (netsh)
5. .NET JA JA JA Client- and Server-Howto available.
6. 6WIND SixOS NEIN JA JA Included out of the box.
7. Juniper JunOS NEIN NEIN NEIN AFAIK not yet implemented.

"0. Introduction"

Back to TopSeitenanfang

1. Linux

1.1 General Preparations

Linux hosts can be used both as ISATAP servers and clients. For both uses ISATAP functionality has to be added to the kernel and the iproute2 package.

1.1.1 Patching the Kernel

Due to its ongoing standardization process ISATAP has not yet been merged into the standard kernel. It has therefore to be added manually. USAGI has been developing IPv6 support for linux for many years and includes ISATAP in its kernel patches since 2002.

You can find the patch you need on our FTP server. Note that it is better to use a stable version than snap.

After downloading you have to first unpack the sources. After that they can be applied to the kernel (mostly found in /usr/src/linux).

patch -p1 < usagi-linux24-stable-<version>.diff
There should be no errors.

When configuring the kernel now you should make sure that you want to be promted for including experimental features in your kernel. You can do that by selecting the corresponding feature in the code maturity section. After that you'll find new IPv6 features under Networking Options. Please select IPv6: ISATAP interface support (EXPERIMENTAL).

After compiling and installing the new kernel you should reboot the machine.

"1. Linux"

1.1.2 Exchanging iproute2

Now that the kernel includes ISATAP functionality you have to see to it that the neccessary binaries (most importantly /sbin/ip) include ISATAP, too. For that you have to install the USAGI version of the iproute2 package which is included in the package usagi-tool-*. You can also find this package on our FTP server. The usagi-tool package includes a lot of software next to iproute2. We recommend to compile it entirely and then just to install the binaries corresponding to the sources in usagi/src/iproute2 for now.

"1. Linux"

1.2 Configuring a Linux host as an ISATAP router

In the following description we sometimes refer to an example setup at our site:

ISATAP router: lemy (Linux 2.4.18)
IPv4 address: 128.176.184.238
ISATAP prefix: 2001:638:500:201::/64

"1. Linux"

1.2.1 Setting up an ISATAP interface

For configuring the host as router one first has to set up the special ISATAP interface (is0) and switch it on:

# /sbin/ip tunnel add is0 mode isatap local <IPv4 address> ttl 64
# /sbin/ip link set is0 up
With "IPv4 address" we refer to the address of the physical interface used for the outgoing (tunneled) packets.

Now the interface has to be assingned an ISATAP address corresponding to the format described above. In our example this address is:

2001:638:500:201::5efe:80b0:f53a/64
To assign the address again the command ip is used:
# /sbin/ip addr add <ISATAP address> dev is0
(Nearly) done.

"1. Linux"

1.2.2 Configuring Router Advertisements (RA) for the ISATAP interface

To send out RAs on the interface one usually uses the routing daemon radvd, which can be found at http://v6web.litech.org/radvd/. You can also use Zebra (http://www.zebra.org/) if this software is running for other routing purposes anyway.

If you are using radvd you have to edit the configuration file (usually /etc/radvd.conf). In our example the file containes the following lines:

interface is0
{
  AdvSendAdvert on;
  UnicastOnly on;
  AdvHomeAgentFlag off;
  prefix 2001:638:500:201::0/64
  {
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr off;
  };
};
Done. After starting radvd the host should be working properly as an ISATAP router.

If you want this configuration to be saved beyond the next reboot you should add the ip-commands as well as the start-command for radvd to /etc/rc.local or any other script executed at system startup.

"1. Linux"

1.3 Configuring a Linux host as an ISATAP client

After the kernel is patched and iproute2 updated (see above) it is rather easy to configure a Linux host as an ISATAP client. You just have to configure the interface as follows and switch it on.

# /sbin/ip tunnel add is0 mode isatap local <local IPv4 address> \\
       v4any <Server IPv4 address> ttl 64
# /sbin/ip link set is0 up
"local IPv4 address" again refers to the physical interface to use for the tunneled packets.

Done. The host should now have global IPv6 connectivity.

You can also add the ip-commands to /etc/rc.local to have the client set up like this after each reboot.

"1. Linux"

Back to TopSeitenanfang

2. BSD

For now just a link to a Howto at KAME

Back to TopSeitenanfang

3. Cisco

(Dualstack-)Cisco routers with an ISATAP supporting IOS version (see above) can be configured as ISATAP servers. For that a tunnel interface has to be configured specifying the special tunnel mode ipv6ip isatap.

For our tests we used the prefix 2001:638:500:11::/64. With that the corresponding part of our configuration concerning the tunnel looked like:

!
interface Tunnel1
  no ip address
  no ip redirects
  ipv6 address 2001:638:500:11::/64 eui-64
  no ipv6 nd suppress-ra
  tunnel source Ethernet0
  tunnel mode ipv6ip isatap
!
The ethernet interface used as tunnel source had the IPv4 address 128.176.191.76. By specifying the tunnel mode as ipv6ip isatap and the IPv6 address as 2001:638:500:11::/64 eui-64 the router configures itself with the valid ISATAP address 2001:638:500:11:0:5EFE:80B0:BF4C. It also automatically sets up the route 2001:638:500:11::/64 for the tunnel.

Please note that by explicitly specifying no ipv6 nd suppress-ra the router was told to indeed send out router advertisements on this interface which is not the default setting for a tunnel.

Done. The router can now be used as ISATAP server for clients of any kind.

Back to TopSeitenanfang

4. Windows XP

4.1 Manual configuration as ISATAP client

Since SP1 ISATAP like all IPv6 functionality is configured with the netsh command. One only needs the IPv4 address of the ISATAP server. (Of course another requirement is that IPv6 has been installed beforehand.) The command to switch on ISATAP is:
c:\ netsh interface ipv6 isatap set router \\
      <IPv4 address of the ISATAP router>
This is it. With "ipconfig /all" one can verify that the host has indeed received router advertisements from the server and configured its interface with an ISATAP IPv6 address. Using tracert or typing
c:\ netsh interface ipv6 show route
further shows that the default route is now also configured for the ISATAP interface (number 4), even though 6to4 is still configured.

"4. Windows XP"

4.2 Automatic configuration as ISATAP client

When the IPv6 protocol is started (e.g. at boot or installation) and finds that there is no native IPv6 connectivity available, the host tries to resolve the hostname "ISATAP" (on Windows XP without SP1 "_ISATAP"). If it receives an IPv4 address to this name the host will configure itself as an ISATAP client to this server and sets the default route accordingly. Please note that the host will also configure 6to4 but just as a backup or to communicate with 6to4-hosts.

"4. Windows XP"

Back to TopBack to Top

5. .NET/Windows 2003-Server

 Windows 2003-server can be configured both as an ISATAP client and server.

5.1 .NET/Windows 2003-server as ISATAP client

Configuring a .NET/2003-server as an ISATAP client works just like with Windows XP either manually with the command netsh or automatically by resolving the name "ISATAP". The only difference is that once ISATAP is installed the 6to4 configuration is deleted.

"5. .NET/Windows 2003-Server"

5.2 .NET/Windows 2003-server as ISATAP server

For a Windows2003-server to become an ISATAP router it is of course neccessary for the advertised ISATAP prefix to be routed to the server. Additionally the default route of the host needs to be configured to be published. Otherwise Windows clients will not automatically set their default route to their ISATAP interface.

To configure the default route to be published the following command is used:

c:\ netsh interface ipv6 set route ::/0 \\
       "<name or number of default interface>" publish=yes
If the Windows server is a dualstack host integrated in a native IPv6 subnet, the default interface will most likely be the normal LAN interface (4). Otherwise it might be a configured tunnel or 6to4 interface.

The interface used for the default route also needs to be configured to forward packets if that's not already the case:

c:\ netsh interface ipv6 set interface \\
       "<interface name or number>" forwarding=enabled
Now the ISATAP interface has to be configured. In order to do so however it first needs to be enabled. This is achieved by configuring the Windows server as an ISATAP client for itself:
c:\ netsh interface ipv6 set router <IPv4 adress>
IPv4 address refers to the physical interface used for the tunneling.

The ISATAP interface now also has to be set to forward packets. Additionally it has to be configured do send out router advertisements:

c:\ netsh interface ipv6 set interface 2 \\
       forwarding=enabled advertise=enabled
At last the route and thus the prefix to be advertised on the ISATAP interface is configured. Like the default route this route has to be explicitly configured to be published.
c:\ netsh interface ipv6 add route \\
       <ISATAP prefix/64> 2 publish=yes \\
       validlifetime=<valid lifetime of route > \\       preferredlifetime=<period for which this route is preferred>
The time periods can be specified in seconds (s), minutes (m), hours (h) or days (d) (e.g 1d2h3m4s). The default for validlifetime is eternity. If now preferredlifetime is given, the default is the value for validlifetime.

"5. .NET/Windows 2003-Server"

Back to TopSeitenanfang

6. 6WIND

Setting up a 6WIND machine (6WIND-Gate) as an ISATAP router is rather easy and is mainly achievd with only two commands.

A 6WIND router comes with its on CLI (Command Line Interface). This is structured in different sections and subsections quite similar to for example the Cisco IOS.

  1. First one has to enter the section to edit the "running" configuration:

    sixwind{} edit running
    Here one can enter the "migration" mode to configure all the transition mecanisms the 6WIND router is capable of (next to ISATAP also manually configured tunnels, 6to4 or DSTM):

    sixwind{running} mig
  2. Now follows the actual ISATAP configuration. First one has to set up the router process. In order to do so one needs the IPv4 address of the outgoing physical interface and a number. Using a 6WIND router one has the possibility to set up different ISATAP routing processes. This number gives everyone a unique ID.
    The command to set up the routing process is:
    sixwind{running-mig} isatap_router <number> <IPv4 address> \\
          [<state>]
    Specifying a state is optional and can be set as either "up" or "down". "Up" tells the router to really activate the routing process while "down" shuts it down. If no state is given the default ist "down". Later one can change the state by a seperate comand:
    sixwind{running-mig} isatap_router <number> <state>
    As an example the command in our test setup was:

    sixwind{running-mig} isatap_router 1 128.176.191.74 up
  3. For both clients and server to configure themselves with a valid global scope ISATAP address one has now to specify the prefix to use for that. This prefix has to be of length /64.
    This is the syntax for the corresponding command:

    sixwind{running-mig} isatap_prefix <number> <prefix/length>
    The "number" refers to the corresponding routing process set up above. In our example the command was:

    sixwind{running-mig} isatap_prefix 1 3ffe:400:10:110::/64
  4. At last the configuration has to be actually applied to the running configuration. On can also copy the running configuration to the startup configuration to make it bootable.

    sixwind{running-mig} exit
    sixwind{running} addrunning
    sixwind{running} exit
    sixwind{} copy running start
  5. The commands

    sixwind{running-mig} delete isatap_router <number>
    sixwind{running-mig} delete isatap_prefix <number> <prefix/length>
    sixwind{running-mig} delete isatap_prefix <number> all
    can later be used to undo or change any of the previously configured setups.

    Back to TopBack to Top
Your IPv4-address is 38.107.191.88
JOIN project team | contact: join@uni-muenster.de | IPv4: http://www.join.uni-muenster.de | IPv6: http://www.ipv6.uni-muenster.de
Impressum | Last update: March 5th 2004, 10:45am | Sprache auf deutsch wechseln
If not stated otherwise: all contents and pictures are Copyright © 1994-2005 by JOIN
Valid CSS!Valid HTML 4.0!